Using Android Enterprise with Harmony Mobile
Android Enterprise is a Google-led initiative that enables the operation of Android devices and apps in the workplace. The program offers APIs and other tools for developers to integrate support for Android into their enterprise mobility management (EMM Enterprise Mobility Management. A set of tools and processes to secure and manage company-owned or employee-owned (BYOD) devices irrespective of their locations.) solutions.
For example, through one or more API(s) your UEM Unified Endpoint Management. An architecture and approach that controls different types of devices such as computers, smartphones and IoT devices from a centralized command point. platform can disable a camera, Bluetooth, or prevent an access to system settings.
For information about configuring Android Enterprise on your device, see here.
Profiles
Single profile configuration is supported out-of-the-box. No additional setup is needed.
In the Work / Personal Profile, the Administrator registers and sees the protected part of the device.
|
Note - If you protect only part(s) of the device, you must limit the Harmony Mobile on your UEM to only Work or only Personal. |
Android Enterprise Deployment Scenarios
Android Enterprise supports these deployment scenarios:
-
Company-owned fully managed devices (COBO)
-
Company-owned fully managed devices with a work profile (COPE)
-
Company-owned devices for dedicated use (COSU)
-
Employee-owned devices (BYOD)
COBO and COSU devices have a single profile. Follow integration guide instructions for Android Enterprise devices to deploy Harmony Mobile Protect app on your devices. For more information see the online guide.
COPE and BYOD devices have Work and Personal profiles. With Harmony Mobile Protect app you can protect one profile or both profiles.
For the highest protection level we recommend to protect both Work and Personal Profiles. See "Configuring Harmony Mobile Protect app to Protect your Devices".
|
Note - If you protect only the Work profile, skip the next section. |
Configuring Harmony Mobile Protect app to Protect your Devices
|
Note - The deployment of the Harmony Mobile Protect App on the Personal profile of BYOD device cannot be automated by Android design (Personal profile of BYOD device is not managed). |
With the Android Enterprise, you can protect the whole device or part(s) of it.
If you protect the whole device, install the Harmony Mobile Protect app to both Work and Personal Profiles.
|
Note - If you protect only the Personal profile, skip this section. |
Deploying Android Enterprise on your Devices
With the Android Enterprise, you can protect the whole device or part(s) of it.
If you protect the whole device, install the Harmony Mobile Protect App to both Work and Personal Profiles.
To protect the whole device:
-
On the Harmony Mobile dashboard, go to Settings > Integrations.
-
For a new UEM configuration:
-
-
For existing UEM configurations:
-
Go to Settings > Integrations.
-
In the UEM to be configured, click Edit.
-
In Synchronization > Android Enterprise Groups, select and add groups which contain users/devices that have both work and personal profiles.
-
-
Click Verify.
-
Click Save.
-
(Optional) Send an email or SMS to all the users with installation instructions.
-
Click Sync Now to fetch the data from the UEM.
Notes:
-
Only groups existing under Synchronization > Groups are available in the Android Enterprise Groups list.
-
If one or more devices in the selected group have Harmony Mobile Protect App version earlier than 3.6.4.4348, the operation stops until the devices are upgraded.
-
If you add a group of devices in Android Enterprise Groups, make sure to configure the devices with both Personal and Work profiles.
-
If you remove a group of devices from Android Enterprise Groups, the solution deletes the personal device record on every device in this group from the Harmony Mobile dashboard.
-
iOS devices are ignored in the Android Enterprise context.
-
If a device belongs to more than one group and, only one group is selected in Android Enterprise Groups, then the deployment will be both for Work and Personal profiles.
-
To view and filter the devices:
-
On the Harmony Mobile dashboard, go to Devices.
-
In the OS column, filter the devices in the list according to their protection profile.
Profile
Icon
Filter
Work
OS - Android Enterprise
Personal
OS - Android
Policies
To change policy for inactive personal profile:
-
On the Harmony Mobile dashboard, go to Policy > Global > Device > Android Enterprise Security Settings.
-
Select a risk level.
Risk Handling
-
If the Harmony Mobile protection is inactive on the Personal profile, the risk level is raised according to the Android Enterprise Security Settings policy on the Work profile (see Policies ).
-
If the Personal profile has the High Risk status, the risk level is raised to High on the Work profile. The Harmony Mobile informs the user that the personal profile is at risk.
-
You can enable mitigation by UEM on the personal profile, if you tag a risk on the work profile. To configure mitigation tags, see Connecting the Harmony Mobile Protect app to your Device.