Using Android Enterprise with Harmony Mobile

Android Enterprise is a Google-led initiative that enables the operation of Android devices and apps in the workplace. The program offers APIs and other tools for developers to integrate support for Android into their enterprise mobility management (EMM Enterprise Mobility Management. A set of tools and processes to secure and manage company-owned or employee-owned (BYOD) devices irrespective of their locations.) solutions. For more information, see here.

For example, through one or more API(s) your UEM Unified Endpoint Management. An architecture and approach that controls different types of devices such as computers, smartphones and IoT devices from a centralized command point. platform can disable a camera, Bluetooth or prevent access to system settings.

Profiles

Single profile configuration is supported out-of-the-box. No additional setup is needed.

In the Work / Personal Profile, the Administrator registers and sees the protected part of the device.

Note - If you protect only part(s) of the device, you must limit the Harmony Mobile on your UEM to only Work or only Personal.

Deploying Android Enterprise on your Devices

With the Android Enterprise, you can protect the whole device or part(s) of it.

If you protect the whole device, install the Harmony Mobile Protect app to both Work and Personal Profiles.

To protect the whole device:

On the Harmony Mobile dashboard, go to Settings > Integrations.
- For a new UEM configuration:
  1. Go to Settings > Integrations > Add > UEMs and select the UEM type.
  2. In the Synchronization tab, enter these:
    - Groups - Select the groups for synchronization.
    - Android Enterprise Groups - Select and add the group(s) which contain users/devices that have both work and personal profiles.

For existing UEM configurations:
1. Go to Settings > Integrations.
2. In the UEM to be configured, click Edit.
3. In Synchronization > Android Enterprise Groups, select and add groups which contain users/devices that have both work and personal profiles.

Click Verify.
Click Save.
(Optional) Send an email or SMS to all the users with installation instructions.

Click Sync Now to fetch the data from the UEM.

Notes:

Only groups existing under Synchronization > Groups are available in the Android Enterprise Groups list.
If one or more devices in the selected group have Harmony Mobile Protect App version earlier than 3.6.4.4348, the operation stops until the devices are upgraded.
If you add a group of devices in Android Enterprise Groups, make sure to configure the devices with both Personal and Work profiles.
If you remove a group of devices from Android Enterprise Groups, the solution deletes the personal device record on every device in this group from the Harmony Mobile dashboard.
iOS devices are ignored in the Android Enterprise context.
If a device belongs to more than one group and, only one group is selected in Android Enterprise Groups, then the deployment will be both for Work and Personal profiles.

To view and filter the devices:

On the Harmony Mobile dashboard, go to Devices.

In the OS column, filter the devices in the list according to their protection profile.

Profile	Icon	Filter
Work		OS - Android Enterprise
Personal		OS - Android

Policies

To change policy for inactive personal profile:

On the Harmony Mobile dashboard, go to Policy > Global > Device > Android Enterprise Security Settings.
From the drop-down list, select a risk level.

Risk Handling

If the Harmony Mobile protection is inactive on the Personal profile, the risk level is raised according to the Android Enterprise Security Settings policy on the Work profile.

Example:

If the Personal profile has the High Risk status, the risk level is raised to High on the Work profile. The Harmony Mobile informs the user that the personal profile is at risk.

Example:

You can enable mitigation by UEM on the personal profile, if you tag a risk on the work profile.