Device Administrator, Android enterprise, and future changes
In the classic model of EMM for Android devices, the AirWatch Agent becomes a Device Administrator in the Android device. The Android OS requires this in order to grant the Agent access to EMM API's. Starting in Android L, Google introduced a new model for EMM with Android enterprise, previously known as Android for Work. The new model offers a standard set of management API's across all Android OEM's, provides silent installation of public applications, a streamlined application management experience through the Play Store for Work, and allows for separation of personal and work data in BYOD scenarios, among other advantages.
As part of its initiative to drive adoption of Android enterprise, Google has announced that it will gradually deprecate key EMM features, such as passcode management, in the classic Device Administrator EMM model. These key EMM features will be deprecated in future versions of the Android OS only. While Android Oreo fully supports both the Device Administrator and Android enterprise models, Some of these key Device Administrator APIs will still remain in Android P, but Google will complete this deprecation with their release of Android Q.
AirWatch environments will continue to support the classic Device Administrator EMM model, until otherwise specified. Any devices still using the Device Administrator model will not become unmanaged or unenrolled, but will lose support for key EMM functions.
For more information about AirWatch's product strategy with regard to this announcement, please review the blog post from our Product team.
Impact and Required Action
All current Android releases, including Android Oreo, fully support both the Device Administrator and Android enterprise EMM models, so no immediate action is required. However, Google and VMware recommend that organizations using the Device Administrator model plan an eventual migration of their Android devices to the Android enterprise model. Organizations must consider two main points in this process:
- After enabling Android Enterprise in an AirWatch environment, any devices currently enrolled with the Device Administrator model will have to be re-enrolled in order to migrate to the Android enterprise model. Organizations should evaluate the two modes of enrollment, Work Profile and Work Managed, as well as different methods of enrollment for each in order to find the most suitable for their use case.
- On devices using Android enterprise, the AirWatch Agent will only have access to Android enterprise APIs, so functionality provided by OEM-specific APIs may no longer be supported. This specifically impacts functionality offered through Profiles in the AirWatch Console.
Setting up Android Enterprise, enrolling devices with this model, a list of available profiles, and more is explained in our VMware AirWatch Integration with Android for Work.
Support Contact Information
The AirWatch Team