What is EMM?
EMM stands for Enterprise Mobility Management.
Android EMM solution is an umbrella that separates the MDM into 4 different sets vis-a-vis,
COSU - Corporate Owned Single Use
WM - Work Managed Device
MAM - Mobile Application Management
BYOD - Bring Your Own Device
The solution is referred to as AfW - Android for Work.
What solution set does MobiLock Pro Support?
MobiLock supports the WM - Work Managed Device solution set.
A device enrolled using the Work Managed methods will be referred to as Work Managed device or an AfW device. The normal devices registered using regular MobiLock methods will be called MLP managed device. This is internal terminology that we can use for ourselves.
What feature set does MLP offer with it’s EMM-WM solution set?
We support the mandatory features at this point that Google mandates us to implement to be certified. The following are supported at the time of writing this document,
Enrolling and Un-Enrolling an enterprise with MLP.
Deploying applications directly from Play Store to Work Managed device.
Enforcing App Permission policies for the applications approved from Managed Google Play Store.
Enforcing App Configuration policies for the applications approved from Managed Google Play Store.
Enforcing Password policies on Work Managed device.
Ability to remotely Screen Lock and Factory reset the device.
Additionally we have provided one feature from our side so that user can leverage this solution set better on Work Managed devices
We have given the user the ability to configure Chrome with the defined Whitelist websites
We have given the user the ability to configure Chrome to be the default browser for these Whitelist websites instead of MobiLock browser.
Do these features in 3 work with all the devices?
NO. No the above features work with Work Managed devices only!! Normal devices continue to work as before.
The device needs to have a minimum of Android 6.0 and above.
The first step to start using the EMM features is to enroll your enterprise with MobiLock Pro. For this you would require a GMail account. We strongly recommend using a corporate account for this purposes. You would have to follow the below steps (Refer Enrollment Flow illustration below),
Request Access for the “EMM > Android” feature and fill out basic details.
Click on “Configure Android”, which would take you to the Google Android for Work page.
Choose or Create a GMail account to be used and click on “GET STARTED”
Fill out the Organization Details and Accept the Terms after reading and Complete Registration.
Once you are done with Enrollment, you can start enrolling your devices. The devices that can be used are,
Devices running Android 6.0 and Higher that are fresh OOB or are factory reset.
These Devices should follow standard Android OOB experience, that is allow you to enter GMail account during device setup.
On the device follow the below steps to enroll (Refer Device Enrollment illustration below)
Power On the device.
Select your language and configure a WiFi. A WiFi connection is needed to download MobiLock Pro client.
When you see the screen asking you to configure GMail account, enter “afw#mobilock”
Wait for the MobiLock Pro client to be downloaded.
Click Install when prompted.
Once done you should see the MobiLock Pro landing screen, where you can Login using your Dashboard account or a License Key.
On the Permissions Page, Set MobiLock Pro as Device Owner.
Complete the Setup by choosing to Create an AfW account.
MobiLock Pro performs silent setup in the background to make the device managed, which usually takes 10-15 minutes.
If everything is setup properly you would see a Briefcase icon next to the device on Dashboard.
The Contacts App crashes on first time setup. This is a Known issue on Android devices enrolled via this methods.
If you exit the Setup process before Completing the SetUp the device needs to be factory reset again.
With EMM for Android, you can now search and publish applications from Google Play Store, on the devices that are enrolled via afw#mobilock.
The process is quite easy, here are some steps and illustrations to get you started,
Navigate to “Enterprise > My Apps”
Go to the “PLAY FOR WORK APPS” Tab.
Click on SEARCH & ADD
Search for the desired application. In our Illustration we have shown how to Approve Google Chrome.
Approve the application.
Publish the Approved application to the desired devices. The application will be silently installed on devices
Tip: With EMM for Android, you can enable Play Store on your devices and the user’s will only see the applications that you have approved. This gives them a quick way to install it themselves as well.
While Approving the application you would see two options as your Approval Preferences.
Keep approved - This means the app will stay approved but NOT silently updated. If you had approved an application, that has an Update available, then you would have to PUBLISH the application again. Please note that at this point we cannot notify you if an Update is available
Review App Approval - This means the application will be Un-Approved. For an application that has been Un-Approved because it requested for new permissions, you would have to Search and Re-Approve the application and PUBLISH it again.
Applications that require runtime permissions, ask the end user to Allow permissions when the application is used on device. For the Work Managed devices, you can manage the Grant state for these permissions at a Global Level or at a Per-App level.Manage Permissions at Global Level
To Manage Permissions at Global Level,
Click on the 3 dots Menu
Select the default state for permissions for all the applications Approved and Installed via Play for Work.
Manage Permissions at Application Level
To Manage Permissions at Application Level,
Click on the app for which you want to set the permissions.
Click on the Permissions button and choose the state for each permission.
For applications Approved via Play for Work Apps, you can create and push configurations. This can be done only if the app’s themselves give support for configurations. Some examples are configuring DropBox with an Auth-Token or TeamViewer with credentials. We have given example on how to configure Chrome, but the same can be done for any application that supports configurations.
If you are using a lot of Whitelist Websites then we have made it easy to configure Chrome to open these shortcuts on MobiLock Pro. Below are the steps and illustration that shows on how to do it,
Click on Chrome > PUBLISH.
Click on the App Configurations tab.
Click to Create a Configuration.
Give the Configuration a Name
Under the BASIC tab > Allows access to a list of URLs, Import from your WhiteList websites.
If you want to block access to all other sites, then In Block access to a list of URLs select “Block All Except WhiteListed”
Navigate to MOBILOCK SETTINGS tab and choose to use Chrome to open Website shortcuts in MobiLock Pro.
You can also choose to auto-whitelist future whitelisted websites.
You can then publish Chrome on the devices and profiles as you like.
You can then Publish the newly created configuration on the devices and profiles.
It takes around 10-15 minutes for the configuration to take effect.
We suggest hiding the Chrome app after publishing it from Device Profile or Devices.
Only the WhiteList Website URLs are imported in Chrome configuration, the other properties of websites cannot be imported.Chrome offers multiple other options, please enable the ones that fit your need.
On the Work Managed devices, you can control how the OS/System updates are applied. Follow the below steps to do the same,
Navigate to Enterprise > Secure Settings
Click on GLOBAL SETTINGS OR Settings icon next to a Work Managed device.
Scroll down to the “System Update Policy” section. You can choose to do the following,
None - This setting has no effect.
Postpone - Postpones the update
Automatic Install Updates - Automatically installs the Update
Install with Maintenance Window - Choose a time during the day to install the updates
Click on SAVE SETTINGS
For the Work Managed devices, you can force your end-users to set a Passcode. To do this do the following,
Navigate to Enterprise > Passcode Policy
Enable Require Passcode
Choose the Strength/Complexity and “SAVE”
Click APPLY and choose Devices or Profiles where you want to apply.
Note the user’s will be enforced to set a passcode and will not be able to use any applications.
At this point we support only one type of policy.
You can choose to Factory Reset the Work Managed devices. Please follow the below steps,
Navigate to the Devices section.
Click on the Device in List view or View Details in Grid view, for the device that you want to Factory Reset.
Once the device is Factory reset, it can no longer be managed from Dashboard.
You would have to Delete the device from Dashboard to stop it from appearing.
Scalefusion MDM allows organizations to secure & manage endpoints including smartphones, tablets, laptops, rugged devices, mPOS, and digital signages, along with apps and content. It supports the management of Android, iOS, macOS and Windows 10 devices and ensures streamlined device management operations with InterOps. Fusion of Endpoints at Scale.
© 2019 Scalefusion. All rights reserved.
Terms & Conditions
Made with from Pune, India