Migrate from device administration to Android Enterprise 编辑

This article discusses considerations and recommendations for migrating from legacy Android device administration to Android Enterprise. Google is deprecating the Android Device Administration API. That API supported enterprise apps on Android devices. Android Enterprise is the modern management solution recommended by Google and Citrix.

XenMobile is changing to Android Enterprise as the default enrollment method for Android devices. After Google deprecates the APIs, enrollment will fail for Android Q devices in device administration mode.

Android Enterprise includes support for fully managed and work profile device modes. The Google publication, Android Enterprise Migration Bluebook
, explains in detail about how legacy device administration and Android Enterprise differ. We recommend that you read the migration information from Google.

That publication also describes the four phases of device administration migration and includes the following diagram. This article includes recommendations specific to XenMobile for the migration phases.

Diagram from the Android Enterprise MigrationBluebook
.Republished with the permission of Google.

Impact of device administration deprecation

Google will deprecate the following Device Administration APIs. These APIs won’t work on devices running Android Q after you upgrade Secure Hub to target the Android Q API level:

• Disable camera: Controls access to device cameras.
• Expire password: Forces users to change their password after a configurable time period.
• Limit password: Sets restrictive password requirements.

The deprecated APIs have no impact on devices enrolled in Citrix MAM-only mode.

Recommendations

The following recommendations are for devices already enrolled in the Android legacy device administration mode, unenrolled devices, and devices enrolled in Citrix MAM-only mode.

Analysis

The analysis phase of migration consists of:

• Understanding your legacy Android setup

• Documenting your legacy setup so you can map legacy features to Android Enterprise features

Recommended analysis

1. Evaluate Android Enterprise on XenMobile: Fully managed, fully managed with work profile, dedicated device, work profile (BYOD).

2. Analyze your current device administration features against Android Enterprise.

3. Document your device administration use cases.

To document your device administration use cases:

1. Create a spreadsheet and list the current policy groups in your XenMobile console.

2. Create separate use cases based on the existing policy groups.

3. For each use case, document the following:

   • Name
   • Business owner
   • User identity model
   • Device Requirements
     • Security
     • Management
     • Usability
   • Device inventory
     • Make and model
     • OS Version
   • Apps

4. For each app, list:

   • App name
   • Package name
   • Hosting method
   • Whether the app is public or private
   • Whether the app is mandatory (true/false)

Requirements mapping

Based on the completed analysis, determine your Android Enterprise feature requirements.

Recommended requirements mapping

1. Determine the management mode and enrollment method:

   • Work profile (BYOD): Requires re-enrollment. No factory reset needed.

   • Fully managed: Requires factory reset. Enroll devices by using QR code, Near field communication (NFC) bump, device policy controller (DPC) identifier, zero touch.

2. Create an app migration strategy.

3. Map use case requirements to Android Enterprise features. Document the feature for each device requirement that most closely matches the requirement and its corresponding Android version.

4. Determine the minimum Android OS based on feature requirements (7.0, 8.0, 9.0).

5. Choose an identity model:

   • Recommended: Managed Google Play Account

   • Use Google G-Suite accounts only if you’re a Google Cloud Identity Customer

6. Create a device strategy:

   • No action: If devices meet the minimum OS level

   • Upgrade: If devices support and can be updated to the supported OS

   • Replace: If devices can’t be updated to the supported OS level

Recommended app migration strategy

After you complete the requirements mapping, move the apps from the Android platform to the Android Enterprise platform. For details about publishing apps, see Add apps
.

• Public store apps

  1. Select the apps to migrate and then edit the apps to clear the Google Play setting and select Android Enterprise as the platform.

  2. Select the delivery group. If an app is mandatory, move the app to the Required Apps list in the delivery group.

  After you save an app, it appears in the Google Play Store. If you have a work profile, apps appear in the Google Play Store in the work profile.

• Private (enterprise) apps

  Private apps are developed in-house or by a third-party developer. We recommend that you publish private apps by using Google Play.

  1. Select the apps to migrate and then edit the apps to select Android Enterprise as the platform.

  2. Upload the APK file and then configure the app settings.

  3. Publish the app to the required delivery group.

• MDX apps

  1. Select the apps to migrate and then edit the apps to select Android Enterprise as the platform.

  2. Upload the MDX File. Go through the app approval process.

  3. Select the MDX policies.

  For Enterprise MDX apps, we recommend changing them to MDX SDK mode wrapped apps:

  • Option 1: Host the APK in Google Play with a developer account assigned privately to your organization. Publish the MDX file in XenMobile.

  • Option 2: Publish the app from XenMobile as an enterprise app. Publish the APK in XenMobile and select the platform Android Enterprise for the MDX file.

Citrix device policy migration

For policies that are available for both the Android and Android Enterprise platforms: Edit the policy and select the platform Android Enterprise.

For Android Enterprise, consider the enrollment mode. Some policy options are available only for devices in work profile mode or fully managed mode.

Proof of concept

After you migrate apps to Android Enterprise, you can set up a migration test to verify that the features are working as intended.

Recommended proof-of-concept setup

1. Set up the deployment infrastructure:

   • Create a Delivery Group for your Android Enterprise testing.

   • Configure Android Enterprise in XenMobile.

2. Set up user apps.

3. Configure Android Enterprise features.

4. Assign policies to the Android Enterprise delivery group.

5. Test and confirm features.

6. Complete a device setup walkthrough for each use case.

7. Document user setup steps.

Deployment

You can now deploy your Android Enterprise setup and prepare your users for migration.

Recommended deployment strategy

The Citrix recommended deployment strategy is to test all of your production systems for Android Enterprise, then complete device migration later.

• In this scenario, users continue to use legacy devices with their current configuration. You set up new devices for Android Enterprise management.

• Migrate existing devices only when an upgrade or replacement is necessary.

• Migrate existing devices to Android Enterprise management at the end of their usual lifecycle. Or, migrate those devices when they need replacement due to loss or breakage.