Summer is one of my favorite times of the year. The weather is great, and there are plenty of outdoor festivals and events to keep my weekend calendar completely booked. With so many opportunities for fun, it’s easy to forget about some of the important responsibilities that come with the season.

For example, if you want to win your fantasy football league league, now’s the time to start crunching numbers and preparing for your draft.

And if you work in IT, the summer months mean it’s time to start preparing for upcoming mobile OS updates that arrive every year like clockwork at the end of the season.

Coming soon, Android Q will include experience and security improvements that benefit both IT admins and end users. Along with these new improvements comes deprecation of some legacy management features. If you’re currently using Android Device Admin APIs, there are a few things you need to be aware of.

What’s Changing?

Android Q will continue deprecating Android Device Admin APIs over the next several releases. If you’re currently using Device Admin features we encourage you to put a migration plan in place that will get you to Android Enterprise management prior to release of Android Q. Moving forward, Android Enterprise will be the default/recommended method for managing Android device types using the Citrix Endpoint Management service.

Google has put together a comprehensive Android Enterprise Migration Bluebook, which can help you with any required migration planning prior to the release of Android Q.

Some of the Android Device APIs that will no longer work with Android Q include DISABLE_CAMERA, DISABLE_KEYGUARD_FEATURES, EXPIRE_PASSWORD, and LIMIT_PASSWORD.

Why Android Enterprise?

Reliability and consistency — Android Enterprise provides a consistent management experience where all devices support and execute the same capabilities regardless of device manufacturer.

Work/life separation and balance — Users want one device for work and personal activities, and they also want to feel secure about their personal privacy. Whether using a BYOD device or corporate-issued device, users feel most comfortable when they know that only business-related applications and data are being monitored.

Security — Multiple layers of protection including secure hardware, mandatory encryption, Google Play Protect, and application management policies. Google Play Protect scans more than 50 billion apps every day.

Better/faster onboarding — A uniform onboarding experience for all Android Enterprise supported devices that simplifies the task of end-user setup.

Flexibility and choice — Android Enterprise supports multiple management modes including BYOD (Work Profile) and corporate profiles including COPE (fully managed with work profile), COBO (company owned) and COSU (dedicated device/single use).

Android Enterprise and Citrix Endpoint Management

One of the architectural changes that occurs when migrating to Android Enterprise is that the EMM vendor management console (Citrix) needs to connect with Google Play. The Google Play infrastructure is used to offer services that include a managed, private enterprise app delivery store. Google Play is also where the device profiles will live. The good news is that this set-up is really easy:

  • On Console Settings – Select Android Enterprise
  • Connect to Google Play
  • Sign in with corporate Google ID
  • Enter org name and confirm “Citrix” as EMM
  • Enterprise ID is added, Enable Android Enterprise

Once the simple set-up is completed, Citrix Endpoint Management and managed Google Play work seamlessly together to secure, configure, and manage your organizations’ Android devices and the required public or corporate apps.

Additionally, providing the user with the market’s best mobile productivity apps from Citrix enables them to do their daily job with the best native-user experience. Citrix Endpoint Management will give your IT department more than 60 application level policies (MAM), such as Citrix micro-VPN, to control the Citrix mobile productivity apps while the user stays secure and productive. Android Enterprise support for a managed version of Citrix Workspace app is coming soon.

Easy Provisioning Makes Life Simple for IT

Every time we make significant changes to the Citrix Endpoint Management service, customers always plead, ”Please tell me this doesn’t require re-enrollment!” Enrolling a device may seem simple to some of us, but for others it’s a major headache that often requires a trip to the help desk.

One of the most valuable benefits of Android Enterprise is the effort that’s been made to simplify the onboarding and enrollment process. Google has worked closely with UEM vendors, including Citrix, to ensure onboarding and provisioning are fast and easy. Citrix Endpoint Management supports all the Android Enterprise provisioning methods for fully managed devices.

Let’s take a look at a few examples.

Fully Managed Device Provisioning Methods

QR code — Android 9 devices and higher have a QR code reader built in. For this method, the user simply turns on the device, taps the welcome screen six times, and scans the QR code, which automatically starts the enrollment-provisioning process by connecting to Google Play to access the management profile.

Android zero-touch — Leveraging Android zero-touch enrollment, IT admins can create, edit, and delete UEM configurations. In doing so, devices or groups of devices can be shipped with the enrollment already complete. All the user needs to do is turn on the device, connect to WiFi, and enter their password.

EMM token — With this method, a user’s IT department will provide them with a token. For Citrix Endpoint Management, the token is afw#xenmobile. This token is entered when the new device is turned on and the user is prompted for “Email or phone.” Entering the correct EMM token automatically downloads the Citrix Endpoint Management device policy controller app so that the user can simply enter credentials to get set up.

NFC Bump — The NFC Bump method uses “Near Field Communication” to provision the device. Leveraging NFC Bump, the new device must be in close proximity (4 centimeters) to another. Bulk enrollment of corporate-issued devices has always been a major headache for IT. With NFC Bump enrollment, IT enrolls a master device, carrying the MDM server details, and simply taps the device to other unenrolled devices to start the automated-enrollment process. Bulk enrollment made easy!

BYOD Provisioning Method

In addition to the Work Managed options above, the BYOD method is popular for workers using a personally owned device. With this method, IT manages the business data (the Android work profile), leaving all the personal data and applications private. In other words, IT only has visibility and control of the work applications and nothing else. With this method, there is no device management, only mobile application management (MAM).

If you haven’t made the switch from Device Admin to Android Enterprise for management of your Android device deployments, there’s no better time than now. Android Enterprise provides a consistent framework for securing all your Android devices while addressing enrollment challenges with a choice of simple provisioning methods.

Go to the Android Enterprise Solution Directory for a list of Android-recommended devices that meet the elevated enterprise requirements. And for more information, visit Citrix’s Android Enterprise product page.