Migrate from device administration to Android Enterprise 编辑

November 14, 2019 Contributed by:  K

This article discusses considerations and recommendations for migrating from legacy Android device administration to Android Enterprise. Google is deprecating the Android Device Administration API. That API supported enterprise apps on Android devices. Android Enterprise is the modern management solution recommended by Google and Citrix.

XenMobile is changing to Android Enterprise as the default enrollment method for Android devices. After Google deprecates the APIs, enrollment will fail for Android Q devices in device administration mode.

Android Enterprise includes support for fully managed and work profile device modes. The Google publication, Android Enterprise Migration Bluebook
, explains in detail about how legacy device administration and Android Enterprise differ. We recommend that you read the migration information from Google.

That publication also describes the four phases of device administration migration and includes the following diagram. This article includes recommendations specific to XenMobile for the migration phases.

Phases of migration to Android Enterprise

Diagram from the Android Enterprise MigrationBluebook
.Republished with the permission of Google.


Impact of device administration deprecation

Google will deprecate the following Device Administration APIs. These APIs won’t work on devices running Android Q after you upgrade Secure Hub to target the Android Q API level:

  • Disable camera: Controls access to device cameras.
  • Expire password: Forces users to change their password after a configurable time period.
  • Limit password: Sets restrictive password requirements.

The deprecated APIs have no impact on devices enrolled in Citrix MAM-only mode.

Recommendations

The following recommendations are for devices already enrolled in the Android legacy device administration mode, unenrolled devices, and devices enrolled in Citrix MAM-only mode.

Device enrollment statusRecommended action
Existing device is enrolled in device administration mode and upgradeable to Android Q.Before upgrading the device to Android Q, migrate from device administration mode to Android Enterprise.
Existing device is enrolled in device administration mode. The device can’t upgrade to Android Q.Device can remain in device administration mode. However, plan to move the device to Android Enterprise on device refresh.
Existing device is enrolled in device administration mode and is upgraded to Android Q.Migrate from device administration mode to Android Enterprise before Google deprecates the APIs. A warning message for these devices appears in the XenMobile console.
New device delivered with Android Q and enrolled in device administration mode.Migrate from device administration mode to Android Enterprise before Google deprecates the APIs. A warning message for these devices appears in the XenMobile console.
New device delivered with or upgradeable to Android Q. The device isn’t enrolled.Use Android Enterprise for any new devices.
New or existing device on Android Q gets enrolled in device administration mode after Google deprecates the APIs.To avoid the impacts of deprecated Google APIs, Citrix recommends migrating to Android Enterprise before Google deprecates the APIs. After that date, enrollments of these devices will fail.
New or existing devices enrolled in Citrix MAM-only modeNo action needed. The deprecated Google APIs have no impact on devices in MAM-only mode.


Analysis

The analysis phase of migration consists of:

  • Understanding your legacy Android setup

  • Documenting your legacy setup so you can map legacy features to Android Enterprise features

Recommended analysis

  1. Evaluate Android Enterprise on XenMobile: Fully managed, fully managed with work profile, dedicated device, work profile (BYOD).

  2. Analyze your current device administration features against Android Enterprise.

  3. Document your device administration use cases.

To document your device administration use cases:

  1. Create a spreadsheet and list the current policy groups in your XenMobile console.

  2. Create separate use cases based on the existing policy groups.

  3. For each use case, document the following:

    • Name
    • Business owner
    • User identity model
    • Device Requirements
      • Security
      • Management
      • Usability
    • Device inventory
      • Make and model
      • OS Version
    • Apps
  4. For each app, list:

    • App name
    • Package name
    • Hosting method
    • Whether the app is public or private
    • Whether the app is mandatory (true/false)


Requirements mapping

Based on the completed analysis, determine your Android Enterprise feature requirements.

Recommended requirements mapping

  1. Determine the management mode and enrollment method:

    • Work profile (BYOD): Requires re-enrollment. No factory reset needed.

    • Fully managed: Requires factory reset. Enroll devices by using QR code, Near field communication (NFC) bump, device policy controller (DPC) identifier, zero touch.

  2. Create an app migration strategy.

  3. Map use case requirements to Android Enterprise features. Document the feature for each device requirement that most closely matches the requirement and its corresponding Android version.

  4. Determine the minimum Android OS based on feature requirements (7.0, 8.0, 9.0).

  5. Choose an identity model:

    • Recommended: Managed Google Play Account

    • Use Google G-Suite accounts only if you’re a Google Cloud Identity Customer

  6. Create a device strategy:

    • No action: If devices meet the minimum OS level

    • Upgrade: If devices support and can be updated to the supported OS

    • Replace: If devices can’t be updated to the supported OS level

Recommended app migration strategy

After you complete the requirements mapping, move the apps from the Android platform to the Android Enterprise platform. For details about publishing apps, see Add apps
.

  • Public store apps

    1. Select the apps to migrate and then edit the apps to clear the Google Play setting and select Android Enterprise as the platform.

    2. Select the delivery group. If an app is mandatory, move the app to the Required Apps list in the delivery group.

    After you save an app, it appears in the Google Play Store. If you have a work profile, apps appear in the Google Play Store in the work profile.

  • Private (enterprise) apps

    Private apps are developed in-house or by a third-party developer. We recommend that you publish private apps by using Google Play.

    1. Select the apps to migrate and then edit the apps to select Android Enterprise as the platform.

    2. Upload the APK file and then configure the app settings.

    3. Publish the app to the required delivery group.

  • MDX apps

    1. Select the apps to migrate and then edit the apps to select Android Enterprise as the platform.

    2. Upload the MDX File. Go through the app approval process.

    3. Select the MDX policies.

    For Enterprise MDX apps, we recommend changing them to MDX SDK mode wrapped apps:

    • Option 1: Host the APK in Google Play with a developer account assigned privately to your organization. Publish the MDX file in XenMobile.

    • Option 2: Publish the app from XenMobile as an enterprise app. Publish the APK in XenMobile and select the platform Android Enterprise for the MDX file.

Citrix device policy migration

For policies that are available for both the Android and Android Enterprise platforms: Edit the policy and select the platform Android Enterprise.

For Android Enterprise, consider the enrollment mode. Some policy options are available only for devices in work profile mode or fully managed mode.


Proof of concept

After you migrate apps to Android Enterprise, you can set up a migration test to verify that the features are working as intended.

Recommended proof-of-concept setup

  1. Set up the deployment infrastructure:

    • Create a Delivery Group for your Android Enterprise testing.

    • Configure Android Enterprise in XenMobile.

  2. Set up user apps.

  3. Configure Android Enterprise features.

  4. Assign policies to the Android Enterprise delivery group.

  5. Test and confirm features.

  6. Complete a device setup walkthrough for each use case.

  7. Document user setup steps.


Deployment

You can now deploy your Android Enterprise setup and prepare your users for migration.

Recommended deployment strategy

The Citrix recommended deployment strategy is to test all of your production systems for Android Enterprise, then complete device migration later.

  • In this scenario, users continue to use legacy devices with their current configuration. You set up new devices for Android Enterprise management.

  • Migrate existing devices only when an upgrade or replacement is necessary.

  • Migrate existing devices to Android Enterprise management at the end of their usual lifecycle. Or, migrate those devices when they need replacement due to loss or breakage.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。
列表为空,暂无数据

词条统计

浏览:34 次

字数:12238

最后编辑:6 年前

编辑次数:0 次

    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文