Android for Work Overview
The concern for data security increases as enterprises continue to incorporate Bring Your Own Device (BYOD) programs into their company policies. Employees are using personal devices for work-related business, and these devices can contain vast amounts of sensitive company information. Google is making Android more secure for enterprises by providing data separation and security through a program called Android for Work. Android for Work not only improves BYOD programs but also allows enterprises to deploy corporate owned devices that are enterprise ready. As of 8.1, AirWatch supports device profiles for corporate devices.
The benefits of Android for Work include:
- Removes the fragmentation of manageability on Android devices, which standardizes the core components of Android on the same operating systems across all devices regardless of manufacturer.
- Integrates the user of Google applications for business purposes to provide personal and work profiles in a single unified launcher.
Android for Work Functionality
For broad device support, Google has developed two versions of the Android for Work solution: Pre-Lollipop Android for Work and Lollipop+ Android for Work.
Android for Work on supported Lollipop devices offers a dedicated Work Profile with security, management and application support built-in. For all other devices, Ice Cream Sandwich and newer, users can enjoy similar functionality through a downloadable app.
Google has provided a list of devices that support Android for Work here.
You should consider the supported devices and OS versions, pre-requisites, and recommended reading from the AirWatch team before integrating with Android for Work with approved devices. Familiarizing yourself with the information available in the AirWatch Integration with Android for Work guide as well as the Android Platform Guide helps you prepare for deploying Android for Work.
Prerequisites and Deployment
To begin using Android for Work inside the AirWatch Admin Console, you need to register your enterprise with Google. This creates your Android for Work admin account, which connects with AirWatch to manage your enterprise devices. Users will not be able to use Android for Work features from their devices until registered with AirWatch. The Android for Work setup wizard simplifies the process of generating the EMM token, uploading the EMM token, and creating users. For a walk-through of integrating with Android for Work, please refer to the AirWatch Integration with Android for Work.
Organization Group Setup
AirWatch recommends creating a separate, child organization group to contain all Android for Work devices. This will allow you to create system policies and security settings that are specific to these devices, in order to take advantage of their expanded functionality. If you have configured User Group Mapping for your directory users, AirWatch recommends leveraging QR code enrollment or ServerURL/GroupID enrollment for users with Android for Work devices in order to properly map them to the correct organization group. If you are using QR code enrollment with User Group Mapping configured at the top organization group level, make sure to override the User Group Mapping settings at the child organization group to direct users to the proper OG.