User Profile
JordanOC
Google Team
Joined 2 years ago
User Widgets
Contributions
Benefits of an EMM
What are the benefits of using a device management tool? Device management tools have had many different terms of the years… Mobile Device Management (MDM), Enterprise Mobility Management (EMM), Unified Endpoint Management (UEM). Whatever you prefer, they are undoubtedly the cornerstone of any successful IT project that involves hardware assets. Boiling down the core functionality of these tools, they allow IT admins the ability to use a single tool to view all of the hardware assets within their organisation, distribute applications and apply configurations based on their needs. Let’s start with the basics: Why do you need an EMM? As you have probably been able to discern from the different terms for device management tools, there’s quite a few benefits that are offered by introducing an EMM to your organisation. We can boil them down into three key buckets: Asset enablement and management I love a good spreadsheet as much as the next person, but monitoring what devices are within your organisation and have access to your corporate data simply cannot be done by a static tool. EMMs provide you a great platform to see all the assets within your organisation, who is using them and if they are compliant with your organisation's security policies. IT helpdesks are overwhelmed with inbound tickets and an EMM’s asset management capabilities can really help streamline this process. An EMM, integrated into your LDAP, can help shave minutes off every inbound request. Let’s run through a quick scenario that you may have faced: An end user can’t connect their phone to the WiFi in the office, they’ve followed your guidance and dropped an email into your IT team's support distribution list saying “I’ve come into the office and my phone can’t connect to the WiFi, it worked yesterday!”. Normally the first response will be to ask the user for details about their impacted device such as the device’s serial number, phone number and version of OS. But by simply copying their LDAP and pasting it into your EMM, you’re able to view all of the devices assigned to that user, as well as all of the details you’d usually have to ask for. Your EMM will likely present you with the initial steps to resolve the issue too. In this instance the user’s device is no longer compliant with the security policies, allowing you to respond with actionable information for your end user; update your device! Securing corporate assets and data Let’s start with the big one, is the Android platform secure? Our answer is, absolutely! The 2024 security paper should be able to answer any question you have if this is something you’d like to explore further. Now we’ve established the platform is secure, let’s get into why you need an EMM to secure your assets and data. Android Enterprise is designed to be flexible enough to meet your organisations security needs and EMM’s are the key to unlocking that functionality. In some instances simply enrolling devices into an EMM is enough thanks to Android Work Profile. But we can’t forget those working in regulated industries where data retention and handling is critical. My rule of thumb is, how can we keep devices secure without providing too much friction for end users? EMMs give you all the ingredients you need as an IT decision maker to create policies that meet your organisations requirements while also being considerate to end users. It goes without saying that all organisations should have a password policy applied, and for a lot of folks this may be sufficient. But depending on the type of work your users do there may be a requirement to add additional controls, such as preventing cross profile data sharing in Work Profile. As you go deeper into the realms of keeping your corporate data secure, data loss prevention becomes a real concern and you may need to further understand exactly what is happening on your devices. AI is a real inflection point for IT admins and a great point of reference for this topic. While AI is bringing game changing tools to users, the rapid rate of development and rollout is putting strain on security teams trying to evaluate the functionality to understand what data is being processed on device or in the cloud. Android Enterprise has already rolled out controls for IT admins to control what device features are available in Work Profile or on managed devices, but there are certain OEM native features, such as keyboards, where a global control may not be an option. This is where Android Enterprise’s flexibility really shines, allowing you to use various EMM controls to limit functionality through app configurations or, in this example, setting a different default keyboard. Keep an eye out for future discussions about how to determine if an AI process is being handled on device or in the cloud. Unlock hidden savings Downtime caused by device issues directly impacts workforce productivity. When a user's device fails, productivity grinds to a halt. Not only because they can’t perform their work, but they also need to wait for IT to resolve the issue. By enrolling your devices into an EMM you can transform existing IT support processes and enable the team to resolve more issues remotely. EMMs provide automation capabilities that create reports and alerts. This automation can proactively inform end-users if their devices are about to become non-compliant with corporate policies, reducing access issues and the subsequent support tickets. Beyond these automated alerts, EMM reporting tools also provide valuable insights for strategic decision-making. For example, reports from your EMM can be used to help you to make informed decisions about device refreshes, by reviewing historical data within your EMM you can reliably view the battery health of your devices and the average remaining storage on your devices. Upon reviewing the data you could see that perhaps you can get another year out of the existing hardware or if the amount of device storage needs increasing when it comes to selecting new devices. Now let’s focus on the process transformation enabled by these tools. By deeply integrating an EMM into your support flow you can drastically reduce the time to resolution of most device related issues. I’ve frequently seen IT teams that haven’t done this require end users to “swing by their desk” with an issue, while this comes with the best intentions it is extremely disruptive to end user productivity. Let’s imagine a user has an issue with one of their applications, if the user was in person it is likely that a member of IT staff will try all the basics such as deleting device cache, reinstalling the application and eventually updating the devices firmware. In contrast, with devices enrolled in an EMM, the IT team can quickly identify the user via LDAP within the EMM console. The console will provide immediate insights into the device's compliance status, potentially revealing that the user’s device is non-compliant with security policies and providing a clear path to resolution. Why do your users need you to have an EMM? As an IT admin the goal when rolling out technology to an organisation should be to remove friction and empower our users, an EMM is a fantastic tool to enable this. Seamless access The utility of an EMM starts from the moment a user enrolls their device. If you’ve connected your EMM to your identity provider, the user can use the same login credentials they use on their other devices, coupling this with an SSO provider will allow them to seamlessly sign in to their applications. Immediately online “What's the WiFi password?” While we can’t solve this for you at home, an EMM at least prevents this question from being asked in the workplace. Creating a WiFi policy allows you to push down your WiFi credentials to all devices enrolled into your EMM. Quite a few organisations rely on VPN connectivity for their users to connect to corporate networks, this is also no problem for an EMM. Application distribution Smartphones have a vast amount of functionality out of the box, but I’m yet to come across a phone that ships with every app you need! While there is an element of enjoyment to scrolling through the Play Store and finding the apps you need, it can be very cumbersome when you have to do more than a handful. By using an EMM integrated managed Google Play you can approve applications for use within your organisation, creating a curated list of apps that your users can download. Additionally, you can also decide which applications are pushed to your users. Meaning those apps will automatically install on your users device once they have completed enrollment into your EMM. I would generally recommend limiting this to applications that are critical to your end users, such as email and calendar, but you can always change this based on feedback from your users. How do you choose an EMM? We’ve covered just a handful of the benefits of an EMM here, but there is so much more! This space has been evolving at a rapid pace ever since its inception, every day EMM’s receive dozens of feature requests and each has their own interpretation of how best to present information to IT admins. Go in with a plan Before you engage an EMM for evaluation, build out a plan for what you are trying to achieve with your devices. This will not only help you get a better grasp of the discussion but also ensure you have a clear success criteria for your proof of concept. To help you with your plan, here’s a few questions you’re likely to be asked: How many devices are you looking to enroll? Are you buying the devices for your users (corporately owned) or will they use their own devices (BYOD)? What do your users do with their devices? What apps do your users need? Who is your identity provider? What security policies do you need to comply with? When do you plan on starting this project? How to find an EMM You can’t go wrong with one of our Android Enterprise Recommended EMM partners! Thanks for reading! Are there any other key features that you utilise within your EMM that we haven’t covered here? Let us know!Boost User Adoption: Building Trust in Your Mobility Deployment
Building trust with your users is critical to the success of any IT project We’ve all heard it: “IT can see what is happening on my device”, and this level of distrust from users occurs regardless of the platform being used. Finding that balance between user trust and securing your organisations data & assets is a tightrope that can have catastrophic consequences if the fine balance isn’t met. In most instances lack of end user trust is caused by not having visibility into what is happening, the “black box” of IT policy and processes is a real thing! With the ever increasing number of personal devices being used in the enterprise world, ensuring end users are aware and empowered to understand what is actually visible by their employer will help ease end users' concerns about adopting mobility management. Regardless of the enrolment method your organisation has adopted, Android Enterprise is built from the ground up with a focus on end user privacy and while aiming to ensure that IT admins have the right tools to manage their assets. Build trust through communication Being able to set policies within your organisation's EMM is a powerful responsibility. While simply ticking a box and applying the configuration can feel low impact, even small changes can have inconveniences for your users which may build up frustration and distrust over time. Start a dialog with your users I know, this is easy to say and much harder to execute. There’s a vast number of variables to consider when trying to recommend a best practice for successful dialog with your users. It’s important to consider technical ability, the size of your organisation and location distribution of staff, just to name a few. But the goal of any communication to your users should be to provide a clear understanding of what the change is, why the change is being implemented, and address potential FAQs. There are the obvious communication methods of email (don’t forget to use BCC ) or posting on an internal communication board, but these may be missed or ignored. Something I have seen becoming more common is internal calls where IT decision makers within an organisation talk about upcoming changes. Alongside visibility, this has the added benefit of allowing users to ask questions. Organisations that have committed to these sessions have found it much easier to get their end users to adopt new technologies. While we are focused on Android here, this approach can help with everything from a new device rollout to deploying video conferencing software. It can be pretty daunting to know where to start with a communication plan, so we have an employee adoption kit to help! When should you communicate a change to your users If you have a change coming that’ll have a visual or workflow impact on users, be proactive and let them know. While this can add additional workload, informing users can start a useful early dialog to understand questions that may come up. IT teams are stretched at the best of times, being able to reduce inbound support requests through pro-active communication is never a bad thing! If you're looking at making disruptive changes to a fully managed device deployment, such as completely changing the UI of a kiosk, I’ve found that end users are more receptive to this level of impact during a device refresh. Users in these scenarios see these devices as tools to do their job and form habits in their workday around how their device works. If overnight you change how their device works this is likely to disrupt those learned habits, and cause friction for your users. This often leads them to believe that the device doesn’t perform as well as it used to, even if functionally you’ve just shifted an icon around. So if you have the ability to delay that new rebrand or that push to move the app icons around until your next rollout, it certainly might be worth holding off! Don’t forget dialog is a two way street Create an easy route for users to ask questions. You could look at adapting existing IT support flows, create a dedicated form or even host a weekly office hours for users to get some 1:1 time with the team. This brings us neatly to... Best practices for policy decisions and changes You can have the best laid plans for your mobility deployment, but there is one variable you cannot account for, user innovation. As a policy setter, it’s unlikely that your testing will directly replicate your end user's day-to-day behaviour. Over time they will find their own route to achieve their goals. There’s a fun equivalent called “desire paths” where pedestrians will walk an unplanned route to get to their destination causing an environmental impact to the landscape. Don’t block them from the path, embrace it! User-centric approach to change management Whether you’ve implemented a BYOD program or provided hardware to your users, the mobility decisions you’ve made will have a material impact on the day to day lives of your users, it’s one of the many great things about working in this space. This puts even the most robust testing programs under a huge amount of pressure. It’s nearly impossible to test every possible tap or swipe that an end user could perform. Don’t fret, this can lead to some fantastic opportunities part way through the lifecycle of your devices . You should run some 1:1 sessions with your users and see how they are actually using the devices. This feedback can help you make informed decisions about your next deployment milestone or make iterative changes to improve the mobile experience for everybody. An example that has always stayed with me was from a logistics organisation with a large quantity of fully managed devices. One of their users made a simple request to adjust the app layout on their kiosk to better align with their workflow. That small adjustment had a 4% time save every time a user performed that task. That might sound negligible, but when you multiply that time saving over 10,000 users performing that same task 15 times a day these small changes make a massive difference. We don’t all work for Formula 1 teams, but incremental gains can still be a target for us all. Pushing applications is more intrusive than you may think Being able to push applications to your users is one of the many benefits of enrolling a device into Android Enterprise, but it is also one of the more user intrusive actions you can take on a device under management. My general recommendation for distributing applications is you should only force install applications you know will be critical for the user to perform their work. Users who are using a device that is owned by the organisation and enrolled as fully managed will often be more open to a dozen or more applications being automatically installed on their devices. But users who have Android Work Profile, whether corporately owned or BYOD, may find it more jarring. Limit the applications installed to the core apps required for their work such as email, calendar and a document viewer. The rest can be available for the user to download through the Play Store -empower your users! What we are doing as a platform At all stages of the device lifecycle we inform the user to help them understand what is happening on their device. Through clear dialog during provisioning, helpful prompts while the device is in use and the ability for users to see what policies are actually applied to their devices, we aim to empower users through transparency and information. Visibility into policy Regardless of enrollment type, end users can see what policies are applied to their devices and all the device level information that the EMM is able to see, all from within Settings! Users simply need to go to Settings > Security and privacy > Your work policy info. Under this section they’ll be able to see everything that you can see from within your EMM and what policies have been applied to the device. For the avoidance of doubt, content in the personal profile is not visible to the organisation! Automate work/life balance BYOD and COPE users will see Android Work Profile, providing a clear separation of personal and work applications. Keep your eyes peeled for future content discussing this in more detail. Users are probably already familiar with being able to pause the Work Profile through the launcher, but did you know that they can also automate this process through Digital Wellbeing? Simply go to Settings > Digital Wellbeing > Work Profile schedule and you can set a daily schedule for when work apps will automatically pause and unpause! Users who have their devices enrolled as fully managed can utilise Digital Wellbeing to set a Focus mode to create a similar process to scheduling work apps. Visualisation In Android 14 QPR2 we introduced greater controls for end users initiating a screen-sharing session. As a standalone feature this has been well received, and helps remove the risk of sharing something users may not wish to share while presenting from their device. But in addition to this feature, we also included a clearer UI showing that the device’s screen is being shared. While a small addition in itself, this is a great demonstration on how we prioritise helping users to understand what is happening on their device. How do you build trust with your users? Considering starting an internal session discussion with your users? Perhaps you could start by talking about the on device features we discussed! Let us know below!
