Using Android Enterprise with Harmony Mobile

Android Enterprise is a Google-led initiative that enables the operation of Android devices and apps in the workplace. The program offers APIs and other tools for developers to integrate support for Android into their enterprise mobility management (EMMClosed Enterprise Mobility Management. A set of tools and processes to secure and manage company-owned or employee-owned (BYOD) devices irrespective of their locations.) solutions.

For example, through one or more API(s) your UEMClosed Unified Endpoint Management. An architecture and approach that controls different types of devices such as computers, smartphones and IoT devices from a centralized command point. platform can disable a camera, Bluetooth, or prevent an access to system settings.

For information about configuring Android Enterprise with Workspace ONE UEM, see here.

Profiles

Single profile configuration is supported out-of-the-box. No additional setup is needed.

In the Work / Personal Profile, the Administrator registers and sees the protected part of the device.

Note - If you protect only part(s) of the device, you must limit the Harmony Mobile on your UEM to only Work or only Personal.

Android Enterprise Deployment Scenarios

Android Enterprise supports these deployment scenarios:

  • Company-owned fully managed devices (COBO)

  • Company-owned fully managed devices with a work profile (COPE)

  • Company-owned devices for dedicated use (COSU)

  • Employee-owned devices (BYOD)

COBO and COSU devices have a single profile. Follow integration guide instructions for Android Enterprise devices to deploy Harmony Mobile Protect app on your devices. For more information, see the Android Enterprise online guide.

COPE and BYOD devices have Work and Personal profiles. With Harmony Mobile Protect app you can protect one profile or both profiles.

For the highest protection level we recommend to protect both Work and Personal Profiles. See Configuring Harmony Mobile Protect app to Protect your Devices.

Note - If you protect only the Work profile, skip the next section.

Configuring Harmony Mobile Protect app to Protect your Devices

Note - The deployment of the Harmony Mobile Protect app on the Personal profile of BYOD device cannot be automated by Android design (Personal profile of BYOD device is not managed).

With the Android Enterprise, you can protect the whole device or part(s) of it.

If you protect the whole device, install the Harmony Mobile Protect app to both Work and Personal Profiles.

Note - If you protect only the Work profile, skip this section.

Deploying Android Enterprise on your Devices

To protect the whole device:

  1. On the Harmony Mobile dashboard, go to Settings > Integrations.

    • For a new UEM configuration:

      1. Go to Settings > Integrations > Add > UEMs and select the UEM type.

      2. In the Synchronization tab, enter these:

        • Groups - Select the groups for synchronization.

        • Android Enterprise Groups - Select and add the group(s) which contain users/devices that have both work and personal profiles.

    • For existing UEM configurations:

      1. Go to Settings > Integrations.

      2. In the UEM to be configured, click Edit.

      3. In Synchronization > Android Enterprise Groups, select and add groups which contain users/devices that have both work and personal profiles.

  2. Click Verify.

  3. Click Save.

  4. (Optional) Send an email or SMS to all the users with installation instructions.

  5. Click Sync Now to fetch the data from the UEM.

    Notes:

    • Only groups existing under Synchronization > Groups are available in the Android Enterprise Groups list.

    • If one or more devices in the selected group have Harmony Mobile Protect App version earlier than 3.6.4.4348, the operation stops until the devices are upgraded.

    • If you add a group of devices in Android Enterprise Groups, make sure to configure the devices with both Personal and Work profiles.

    • If you remove a group of devices from Android Enterprise Groups, the solution deletes the personal device record on every device in this group from the Harmony Mobile dashboard.

    • iOS devices are ignored in the Android Enterprise context.

    • If a device belongs to more than one group and, only one group is selected in Android Enterprise Groups, then the deployment will be both for Work and Personal profiles.

To view and filter the devices:

  1. On the Harmony Mobile dashboard, go to Devices.

  2. In the OS column, filter the devices in the list according to their protection profile.

    Profile

    Icon

    Filter

    Work

    OS - Android Enterprise

    Personal

    OS - Android

Policies

To change policy for inactive personal profile:

  1. On the Harmony Mobile dashboard, go to Policy > Global > Device > Android Enterprise Security Settings.

  2. From the drop-down list, select a risk level.

Risk Handling

  • If the Harmony Mobile protection is inactive on the Personal profile, the risk level is raised to according to the Android Enterprise Security Settings policy on the Work profile (see Policies)

    Example:

  • If the Personal profile has the High Risk status, the risk level is raised to High on the Work profile. The Harmony Mobile informs the user that the personal profile is at risk.

    You can enable mitigation by UEM on the work profile, if you tag a risk on the device. To configure mitigation tags, see Creating a Mitigation Process on page Configuring the Harmony Mobile Dashboard UEM Integration Settings.