Managing Corporate Owned Devices
Corporate owned devices are the ones that are owned by an organization but given to employees or setup for unattended access. Their primary use-case to get complete control on the applications that an employee has access to or to make sure that there is only one application running. Combined with the application control, you might want to control a bunch of other settings so as to increase the productivity. Corporate owned devices are widely divided into two categories as mentioned below,
- Corporate Owned Single Use (COSU): COSU refers business owned Android devices which behave and deploys for a single dedicated purpose. You may enroll, deploy and manage such business-owned Android device through COSU profile using Android for the Work platform.
- Work Managed Device (WM): This solution set is designed for corporate-owned devices that are used exclusively for only work. This manages the entire device and enforces an extended range of policy controls unavailable to work profiles, restricting the device to only corporate use.
In this guide, we will see the various features that MobiLock offer's that will help to manage your Corporate devices. Click on the links in each section to navigate to the relevant help document.
This is the common step to effectively manage your Android 6.0 devices and above. This requires a G-Mail account (non G-Suite) for your organization and some easy steps on MobiLock Dashboard. If you are using devices less than Android 6.0 or you are using devices that are not Android Enterprise ready, then you can skip this.
Choose between Kiosk or Agent Mode
MobiLock Pro offers two mode of operations to manage corporate owned devices. One is an option to set MobiLock as the default launcher, where you can customize the launcher experience. Another option is to set MobiLock as agent which retains the Android's default launcher but still lets you control the policies.
Device Profile is a MobiLock Dashboard entity, that you can use to group all the policies together and apply it to one or multiple devices. Device Profile offer a wide range of policies, like a application policy, browser shortcut settings, display & notification settings, single app mode etc.
QR Code or Enrollment configurations are MobiLock Dashboard entity that helps you create reusable enrollment configurations. Once a configuration is created, you can use the QR Code to enroll your corporate devices, or use config files if you are looking at mass deployment.
Once you have the device profile and an enrollment configuration ready, use this guide to learn the various enrollment options available.
One of the advantages of enrolling your devices via afw#mobilock, is the ability to search and distribute applications directly from Google Play Store. If your organization has private enterprise apk's, MobiLock offers an enterprise store where you can upload your apk's and publish/install on Android devices.
This guide explains on how you can control the application permissions at a global level and at an application level.
You can remotely configure an application that is distributed from MobiLock's Play for Work apps. This may include remotely configuring the Email, or setting up Chrome usage policies.
Secure your corporate devices, by enforcing a device level password. This ensures that your corporate data is secure even if the device is left unattended or stolen.
Use these options to apply additional security settings on selected OEM and EMM managed devices. Additionally learn how to set an OS Update policy which determines how the Android OS updates are handled. Note that this cannot control the OEM/Firmware updates.
Get extra security for your EMM managed devices. Configure a set of G-Mail id's that are required to provision the device once they are factory reset. This helps you to prevent the misuse of a device by factory resetting it.
If your organization uses Exchange based email server, then you can use MobiLock to configure the devices with your Exchange settings.