Android Enterprise Mobility Management (EMM) enhances control over your organisation's Android devices. This includes comprehensive device management and the ability to silently install or remove applications.
Preparing Your Organisation for EMM
Google Workspace Account Enrollment
To set up an Android Enterprise using Google Accounts, your organisation must:
Have a Managed Google Domain: Refer to Get Started with Google Workspace for Education. Each domain can only be linked to one EMM console, and the organisation must follow a verification process to prove domain ownership.
Leverage Existing Google Workspace Infrastructure: For organisations using Google Workspace, existing domains and identities can be utilized. Google Workspace customers already have enterprise IDs, and users are set up with managed Google Accounts.
Let's go through the steps to set up Android EMM for your organisation.
Steps:
Access Mobile Guardian:
- Go to the Mobile Guardian school dashboard and sign in.
- On the school dashboard, click on the "Settings" menu in the left panel.
- Select "Android Settings" from the dropdown menu.
- Click on the "Google Workspace Account Enrollment" button.
Sign In to Google Admin Console:
In another tab, sign in to the Google Admin console at admin.google.com as a super administrator for your domain.
Configure Third-Party Integrations:
- Click "Devices" > "Mobile & endpoints" > "Settings" > "Third-Party integrations".
- Select the organisational Unit (OU) you wish to use for the EMM enrollments.
- Check the box labelled "Enable third-party Android mobile management".
- Click on "Add EMM provider" / “Manage EMM providers”
Generate or Copy Token:
- Copy the token (a string of characters) or click "Generate Token" to create a new one and then copy it.
#Note: If you're already using Android for Work, you can't view or generate a token. Ensure you select the correct EMM provider.
Update Mobile Guardian Dashboard:
- On the Mobile Guardian dashboard, add your Google domain admin email address used for the Google Admin Console.
- Enter the authentication token generated in the previous step.
Finalize Settings:
- Save the Android EMM settings.
#Note: Note the Mobile Guardian Dashboard Enterprise ID and navigate back to the Google Workspace Admin screen. The Enterprise ID on the dashboard should correspond with the ID shown in the EMM Third-party Integrations window.
- If it does not appear, refresh the browser for the page to update.
- Select the correct Enterprise ID from the dropdown and click "Save".
- This will bind Mobile Guardian to your Google Workspace organisational Unit.
Completion
After completing the steps, you will be redirected to the Mobile Guardian settings page showing the details of the enterprise created. On this page, you will have access to global settings for Android devices, such as default application runtime permissions and your system update policy.
Here you can enforce settings to Fully Managed Enrolled devices such as, setting devices into COSU Mode.
COSU Mode: COSU (Corporate-Owned Single-Use) mode is a kiosk mode for Android devices that locks the device to display only the Mobile Guardian interface. The user will only be able to access third-party applications that are added to the Mobile Guardian Launcher or the My Catalogue section on the device.
Possible Blocks for enrolment:
When performing an EMM enrollment, it is crucial to be aware of potential issues that might prevent or complicate the process. By addressing these potential blocks beforehand, you can ensure a smoother and more efficient EMM enrollment process. Below are two key factors to consider:
Configure Universal Settings:
- Ensure there are no Universal Settings enabled in your Google Workspace Console by navigating to "Devices" > "Mobile & endpoints" > "Settings" > "Universal settings" > "General" and turning off the "General" setting.
Existing EMM Provider:
- Ensure that there are no other EMM providers currently configured for your Organizational Units. If Google Mobile Management or any third-party MDM provider is already set up, you must remove it before proceeding with the enrollment.
Further Settings:
All other Android settings are managed through your profiles. With your enterprise now enrolled, you can navigate to the "Restrictions" > "Android" tab of any profile to view all settings available and Configure Android EMM Restrictions for devices.
EMM also supports silent installation and removal of applications. To add an application from the Google Play Store, use the search feature on the Applications page. Once added, the application must be approved from the application details page before it can be configured for installation on your device groups. For more information, see Configuring Android applications for silent install.
Please let us know if you found this helpful!
Thanks for reading! 🙂
Comments
0 comments
Article is closed for comments.