4. Setting up Android EMM for your organisation

Android Enterprise Mobility Management (EMM) allows further control of your organisation's Android devices by allowing full device control and silent application installation and removal.

There are two options for preparing your organisation for EMM

Managed Google Play Account

Managed Google Play Accounts provide a lightweight identity model for organisations that don't use G Suite. Managed Google Play Accounts is a set of user, device, and admin accounts that are linked via Mobile Guardian. User validation requires Active Directory integration in order to create the managed Google account and link this to a device.

• Go to the Mobile Guardian school dashboard and either register or sign in.
• On the school dashboard, click on Settings > Android Settings menu from the left panel.
• Click on the G Suite Account Enrolment button.
• Click on Mobile Guardian Managed Account Enrolment button
• Click on Enrol button. You will be redirected to the "Bring Android to Work" page. Click through the form to complete and create your Account.
  • Remember to sign in with your desired google account (Not a G Suite domain).
  • Enter an organisation name. Go next
  • Click on COMPLETE REGISTRATION button.

Google Account

To set up Android enterprise using Google Accounts, an organisation must have a managed Google domain (Get started with G Suite for Education). Each domain can be linked to only one EMM console, and the organisation must follow a verification process to prove that they own the domain.

For organisations that use G Suite, you can leverage their existing domain and identities—G Suite customers already have enterprise IDs, and users are already set up with managed Google Accounts.

• Go to the Mobile Guardian school dashboard and either register or sign in.
• On the school dashboard, click on Settings > Android Settings menu from the left panel.
• Click on the G Suite Account Enrolment button.
• In another tab, sign into the Google Admin console at admin.google.com as a super administrator for your domain.
• Click Devices > Setup > Mobile Management  and ensure that it is turned off.

Please Note!  The step below is no longer available on Google Admin console (Updated 30/09/2019)

• Click Device management > Setup > Android App Management and ensure that Google Mobile Management has been removed as your EMM provider. Check the box to understand and accept the changes, and click Disabled.

• Click Security > Manage EMM provider for Android.
• Copy the token (a string of characters) or click Generate Token to generate a new token and then copy it. Note: If you're already using Android for Work, you can't view or generate a token.
• On the Mobile Guardian dashboard, add your Google domain admin email address used in Google Admin Console and your authentication token generated in the previous step.
• Once activated, go back to Google Admin, Security > Manage EMM provider for Android and check Enforce EMM policies on Android devices.

Completion

After either of these flows have been followed, you will be redirected to the Mobile Guardian settings page showing the details of the enterprise created. On this page, you will have access to global settings for Android devices like default applications runtime permissions and your system update policy.

Further settings

All other Android settings are controlled by your profiles. Now that you have your enterprise enrolled, navigating to the Restrictions > Android tab of any profile will display all the settings available to EMM enrolled devices.

EMM also enables the silent installation (and removal) of applications. You may add an application available via the Google Play Store by using the search on the Applications page. Once added the application must be approved from the application details page before you will be allowed to configure it for installation for your device groups. See more at Configuring Android applications for silent install.