Migrate from device administration to Android Enterprise 编辑
This article discusses considerations and recommendations for migrating from legacy Android device administration to Android Enterprise. Google is deprecating the Android Device Administration API. That API supported enterprise apps on Android devices. Android Enterprise is the modern management solution recommended by Google and Citrix.
XenMobile is changing to Android Enterprise as the default enrollment method for Android devices. After Google deprecates the APIs, enrollment will fail for Android Q devices in device administration mode.
Android Enterprise includes support for fully managed and work profile device modes. The Google publication, Android Enterprise Migration Bluebook
, explains in detail about how legacy device administration and Android Enterprise differ. We recommend that you read the migration information from Google.
That publication also describes the four phases of device administration migration and includes the following diagram. This article includes recommendations specific to XenMobile for the migration phases.
Diagram from the Android Enterprise MigrationBluebook
.Republished with the permission of Google.
Impact of device administration deprecation
Google will deprecate the following Device Administration APIs. These APIs won’t work on devices running Android Q after you upgrade Secure Hub to target the Android Q API level:
- Disable camera: Controls access to device cameras.
- Expire password: Forces users to change their password after a configurable time period.
- Limit password: Sets restrictive password requirements.
The deprecated APIs have no impact on devices enrolled in Citrix MAM-only mode.
Recommendations
The following recommendations are for devices already enrolled in the Android legacy device administration mode, unenrolled devices, and devices enrolled in Citrix MAM-only mode.
Device enrollment status | Recommended action |
---|---|
Existing device is enrolled in device administration mode and upgradeable to Android Q. | Before upgrading the device to Android Q, migrate from device administration mode to Android Enterprise. |
Existing device is enrolled in device administration mode. The device can’t upgrade to Android Q. | Device can remain in device administration mode. However, plan to move the device to Android Enterprise on device refresh. |
Existing device is enrolled in device administration mode and is upgraded to Android Q. | Migrate from device administration mode to Android Enterprise before Google deprecates the APIs. A warning message for these devices appears in the XenMobile console. |
New device delivered with Android Q and enrolled in device administration mode. | Migrate from device administration mode to Android Enterprise before Google deprecates the APIs. A warning message for these devices appears in the XenMobile console. |
New device delivered with or upgradeable to Android Q. The device isn’t enrolled. | Use Android Enterprise for any new devices. |
New or existing device on Android Q gets enrolled in device administration mode after Google deprecates the APIs. | To avoid the impacts of deprecated Google APIs, Citrix recommends migrating to Android Enterprise before Google deprecates the APIs. After that date, enrollments of these devices will fail. |
New or existing devices enrolled in Citrix MAM-only mode | No action needed. The deprecated Google APIs have no impact on devices in MAM-only mode. |
Analysis
The analysis phase of migration consists of:
Understanding your legacy Android setup
Documenting your legacy setup so you can map legacy features to Android Enterprise features
Recommended analysis
Evaluate Android Enterprise on XenMobile: Fully managed, fully managed with work profile, dedicated device, work profile (BYOD).
Analyze your current device administration features against Android Enterprise.
Document your device administration use cases.
To document your device administration use cases:
Create a spreadsheet and list the current policy groups in your XenMobile console.
Create separate use cases based on the existing policy groups.
For each use case, document the following:
- Name
- Business owner
- User identity model
- Device Requirements
- Security
- Management
- Usability
- Device inventory
- Make and model
- OS Version
- Apps
For each app, list:
- App name
- Package name
- Hosting method
- Whether the app is public or private
- Whether the app is mandatory (true/false)
Requirements mapping
Based on the completed analysis, determine your Android Enterprise feature requirements.
Recommended requirements mapping
Determine the management mode and enrollment method:
Work profile (BYOD): Requires re-enrollment. No factory reset needed.
Fully managed: Requires factory reset. Enroll devices by using QR code, Near field communication (NFC) bump, device policy controller (DPC) identifier, zero touch.
Create an app migration strategy.
Map use case requirements to Android Enterprise features. Document the feature for each device requirement that most closely matches the requirement and its corresponding Android version.
Determine the minimum Android OS based on feature requirements (7.0, 8.0, 9.0).
Choose an identity model:
Recommended: Managed Google Play Account
Use Google G-Suite accounts only if you’re a Google Cloud Identity Customer
Create a device strategy:
No action: If devices meet the minimum OS level
Upgrade: If devices support and can be updated to the supported OS
Replace: If devices can’t be updated to the supported OS level
Recommended app migration strategy
After you complete the requirements mapping, move the apps from the Android platform to the Android Enterprise platform. For details about publishing apps, see Add apps
.
Public store apps
Select the apps to migrate and then edit the apps to clear the Google Play setting and select Android Enterprise as the platform.
Select the delivery group. If an app is mandatory, move the app to the Required Apps list in the delivery group.
After you save an app, it appears in the Google Play Store. If you have a work profile, apps appear in the Google Play Store in the work profile.
Private (enterprise) apps
Private apps are developed in-house or by a third-party developer. We recommend that you publish private apps by using Google Play.
Select the apps to migrate and then edit the apps to select Android Enterprise as the platform.
Upload the APK file and then configure the app settings.
Publish the app to the required delivery group.
MDX apps
Select the apps to migrate and then edit the apps to select Android Enterprise as the platform.
Upload the MDX File. Go through the app approval process.
Select the MDX policies.
For Enterprise MDX apps, we recommend changing them to MDX SDK mode wrapped apps:
Option 1: Host the APK in Google Play with a developer account assigned privately to your organization. Publish the MDX file in XenMobile.
Option 2: Publish the app from XenMobile as an enterprise app. Publish the APK in XenMobile and select the platform Android Enterprise for the MDX file.
Citrix device policy migration
For policies that are available for both the Android and Android Enterprise platforms: Edit the policy and select the platform Android Enterprise.
For Android Enterprise, consider the enrollment mode. Some policy options are available only for devices in work profile mode or fully managed mode.
Proof of concept
After you migrate apps to Android Enterprise, you can set up a migration test to verify that the features are working as intended.
Recommended proof-of-concept setup
Set up the deployment infrastructure:
Create a Delivery Group for your Android Enterprise testing.
Configure Android Enterprise in XenMobile.
Set up user apps.
Configure Android Enterprise features.
Assign policies to the Android Enterprise delivery group.
Test and confirm features.
Complete a device setup walkthrough for each use case.
Document user setup steps.
Deployment
You can now deploy your Android Enterprise setup and prepare your users for migration.
Recommended deployment strategy
The Citrix recommended deployment strategy is to test all of your production systems for Android Enterprise, then complete device migration later.
In this scenario, users continue to use legacy devices with their current configuration. You set up new devices for Android Enterprise management.
Migrate existing devices only when an upgrade or replacement is necessary.
Migrate existing devices to Android Enterprise management at the end of their usual lifecycle. Or, migrate those devices when they need replacement due to loss or breakage.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论