Android Enterprise Customer Community

Lizzie · 2 weeks ago

Hello everyone,

I hope you are having a good week.

A management solution helps you to set up, secure and manage your devices in your organisation. I see it like a comfy hub for you to ensure that your devices are working as you expect (whatever size your company is).

So understandably, one of the biggest decisions when getting started with Android at work is choosing the right EMM (Enterprise Mobility Management) for your needs. There is a solution out there to meet almost every need and use case, and sometimes knowing where to start can be tricky.

We are lucky here in the community, that many people have already been through this decision and there is a huge amount of experience. The Solutions Directory is a useful place to explore partners and solution options, but there are also many questions and things to consider beforehand, so this got me thinking it would be great to share community tips/advice around this.

What tips would you recommend to someone considering and researching EMMs management solutions? Are there any tips you wish you knew at the beginning? Perhaps you have tips on how best to research the different options?

If you are currently going through the process, please do comment too, it would be great to hear from you.

Looking forward to hearing from you.

Thanks so much,

Lizzie

Welcome to the Community everyone!

Have a question or want to start a conversation, click here.

Moombas · 2 weeks ago

First of all note down a (long) list what you expect the EMM should do/cover
Look around which MDM's are available and request from some chosen ones to the developers a comparing list, to see which expectations could be met.
Consider if an EMM is already available to you (Intune for exampe if you are a Microsoft house depending on the licensing etc.) but keep in mind to compare it's functionality as well with the competitors.
Also consider if additional sotware/licenses are needed (to ensure for example a remote control possibility).
Compare pricing and arrange some Demo-Tests.
Have a final decision because of the findings and pricing.

Some points to take into concideration:

availability of Cloud service or on-prem (depending of what you prefer)
how fast do changes take place on the devices if you do them in the EMM
remote control availability
user friendly UI
user management (EntraID integration?)
pricing of course (normally cost/device lowers with enhancing amount of devices)
product support (and maybe additional costs here for extended support)
does it cover all OS you need to maintain (maybe Apple, MAC, MS, Linux or others)
additional licenses needed for servers or software (which could also generate more costs)
...

Lizzie · 2 weeks ago

Wow @Moombas, what an amazing list of tips, thank you for taking the time to share these.

Did you set yourself a set time period to cover this research? How long would you imagine this might take? I suppose it depend a lot on your needs and requirements.

Welcome to the Community everyone!

Have a question or want to start a conversation, click here.

Moombas · 2 weeks ago

Hi @Lizzie,

this was more like a "quick and dirty" list.

There are for sure things missing but i think in general should cover the main part.

As we have done this only once and based on other facts (we had an EMM already in place in another part of the company and choosed that one than to be the one for entire company).

We still have some (all the time) on a list but i think for the first choose, you have a longer process than if you consider to change it as you then look different on the things you need and already have some experiences to benefit from.

mattdermody · 2 weeks ago

For the Fully Managed use case, which is exclusively what I deal with, I look for the following capabilities beyond the lowest common denominator Android Enterprise functions:

- Direct APK installation, not requiring installation through Managed Google Play. This is core because the version control and installation scheduling offered by Managed Play is not sufficient for line-of-business / mission critical device operations. Version control offered with direct APK installation is still superior to Managed Play and I won't be using Managed Play for mission critical business apps until that is addressed.

- Direct file distribution. This is critical for distribution of configuration files which many mission critical business apps still require. Managed Configurations are "neat" but without better version control of the app installation process its effectively a no go.

- "Offline" Managed Config support. The ability for the EMM to read the app config schema and provide configurations of the mobile app without having to go through Managed Play.

- Native Remote Control. Absolutely critical in supporting line-of-business device environments. Remote Control is leveraged not only for remotely observing issues on devices but also for making manual configuration changes in test scenarios, extracting configuration files for inspection or mass deployment, remotely enabling logging on devices, and remotely retrieving logs.
- Advanced Scripting. Sending isolated actions to individual devices is paramount in troubleshooting scenarios. Also being able to combine scripting actions with payload delivery like apps and files.
- Inheritance centric device folder structure / grouping. I do not like EMMs that are user group centric as my use case is shared fleets of devices that don't logically associate to a user group. Physical location and configuration need centricity applied via an inheritance driven folder structure is preferred.
- Support for Zebra MX. And I'm not talking about OEMConfig...

- Custom DPC. You basically can't do any of the above without one.

- Advanced lockdown mode customization and configurability

So effectively any AMAPI aligned Android Enterprise only EMMs without a custom DPC are off the table for me. And yes I understand I am swimming against the current but the Fully Managed use case has otherwise been ignored by Android Enterprise given that it is the most niche of all of the other management use cases. I may sound contrarian in my stance but it is a nightmare trying to optimally manage mission critical devices in an AMAPI aligned EMM that doesn't leverage a Custom DPC or otherwise extend the management capabilities beyond the bare minimum published requirements of Android Enterprise.

Lizzie · 2 weeks ago

Some really interesting points here, specifically around Fully Managed @mattdermody - thanks for sharing.

Out of interest would you recommend these points to think about in all Fully Managed use cases ie. for all industries or number of devices?

Welcome to the Community everyone!

Have a question or want to start a conversation, click here.

Moombas · a week ago

In advance to what @mattdermody wrote and maybe will answer later on your question 🙂 i want to bring one thing up here:

It's always a shame that EMM apps on a fully mangaged device don't get full access (and with that also not being able to grant such access to defined apps and so on) but with each Android version also getting more and more limited as same as apps on a consumer device which is often a pain for managing mobile devices. (again: not talking about BYOD and partially COPE)

mattdermody · a week ago

Completely agree! Device Owner DPCs should have read/write access to other apps scoped storage. It's a fully managed device, owned by a company and not a personal individual so we should not have such a consumer protection feature in place. Similarly agents should be able to grant dangerous permissions silently without manual interaction from the end user. I don't understand manual user granting of run time permissions on shared fleets of devices. If you're arguing that the end user should know about the permission before using the app (they shouldn't) then what about the other 20 users that may us the same device that didn't grant the permission? And please don't get any ideas of having run time permissions prompted every time a new user picks up a shared device.

mattdermody · a week ago

If we are talking about shared fleets of line-of-business, mission critical, dedicated devices, that are corporate owned assets that are used exclusively in business operations and not personally enabled (warehouses, retail stores, gas stations, QSR, factories, etc), then yes.

Alex_Muc · a week ago

In general, an EMM/UEM solution should meet the necessary requirements and offer good value for money.

If you think about the requirements, these points may help:

Have a plan of what your architecture around device management should look like.
Look at the market leaders' solutions and determine your requirements.
Which operating systems do you want to manage? (e.g. Android, iOS, Windows, Mac, Linux)
Is a solution with a pure AMAPI solution currently an option, or are current requirements still based on a CustomDPC?
How flexible are the solutions for the tenant and role concept? What is your requirement here?
Which management features are important to you? (e.g. dynamic groups for assignments, manual app installation of on-demand apps via EMM/UEM via Admin Console, etc.)
Should the platform be used on-premise, SaaS(dedicated) or SaaS(shared)? (If SaaS: Is the performance of the system good?)
Does the EMM/UEM solution have a remote assistance tool for all plattforms?
Can required systems be docked to the EMM/UEM? (LDAP, ActiveDirectory, EntraID, PKIs, etc.)
Do you need business apps in addition to pure device management? Are such apps included in the solution or would you have to buy them separately? (Mail app, app for file shares, VPN app incl. server, etc.)
Which services do you want to provide on the devices? Are these services on-premise or in the cloud? How will the connection be implemented? (e.g. connect intranet via VPN, connect on-premise exchange via VPN or an email gateway, an app for cloud drives, etc.)
Do you need other components in addition to the EMM/UEM for a holistic solution? (e.g. for MobileSSO, Mobile Threat Defense, etc.)
Compare the price/value ratio of the manufacturers in your immediate selection. A basic license may be available from one provider, but it may be more expensive with the necessary add-ons than other solutions.
Perform a PoC with the suppliers in the closer selection and identify potential problems.

Lizzie · a week ago

Amazing list here @Alex_Muc, massive thank you for taking the time to share.

When gathering the information to this and researching, do you think there is a good starting point? Ie. if you have the plan of your architecture lined out, do you think it's good to start talking to companies or is it better to have more of the points outlined? I imagine this might differ depending on your need.

Thanks again.

Lizzie

Welcome to the Community everyone!

Have a question or want to start a conversation, click here.

Alex_Muc · a week ago

Once you have thought about your requirements and architecture, the next step is to find out about the available solutions. There are sites with user reviews or comparisons that you can use to inform yourself with a certain amount of caution. (sometimes such pages do not give a comprehensive description of a solution) e.g: https://www.gartner.com/reviews/market/unified-endpoint-management-tools

It can also help to use the official documentation to get an idea of the solutions. As soon as you have a more detailed selection of solutions, it may be worth contacting Pre-Sales and having them show you what a possible implementation could look like. If you are not entirely confident about the evaluation, you can of course also bring in an external consultant who is well experienced in the UEM sector and can advise you.

Android Enterprise Customer Community

Android Enterprise Customer Community

[Community tips] What to consider when choosing an enterprise mobility management solution?