Android Management

• 1 min to read •

Being one of the most widely used mobile operating systems in the world, Android is prone to multiple security compromises. Accessing critical business data stored on Android devices can threaten security if hacked, stolen, or lost.

With Syxsense Android device management IT administrators and security departments can manage all of a company's and personal mobile devices, keeping them secure and the workforce flexible and productive. 

It helps you set up devices with ease, secure both data and devices, and manage Android settings and applications remotely. Android management allows to:

  • control Google Play apps deployment
  • control hardware features such as camera, USB storage, or microphone to protect sensitive data
  • control data-level leaks with feature restrictions (like a clipboard or screen-shot functions)
  • set policies to enable access to corporate resources
  • set password policies (updates or complexity evolving corporate standards)

Prerequisites 

A Syxsense Manage or Enterprise account that has 'Admin' permissions

Guided walk-through: Enable Android Device ManagementGuided walk-through: Enable Android Device Management

Click on 'Settings'  in the top right corner of the screen ① > Choose 'Android Management' ②Drop-down TitleDrop-down Title
Fill in the form with your contact information.
Click 'Enable Android Management' ③
After enabling the setting you will receive your unique ID

After enabling the setting, choose one of the following options:

① Stop data collection and delete the assigned ID

② Temporarily discontinue the data collection with keeping the assigned ID for further reactivation

③ Enforce the data collectionDrop-down TitleDrop-down Title

Guided walk-through: How to Set Password PoliciesGuided walk-through: How to Set Password Policies

Click on 'Mobile Management' ① > Click on 'Policies' ② > Click  ③Drop-down TitleDrop-down Title

Configure the policy

  • Enter Policy Name ① (We recommend using a standardized naming convention)
  • Choose necessary policy features you would like to enforce on endpoints you intend to include in the policy. Choose the permission option for deploying untrusted apps
  • Enable or disable developer's mode, and set the level of default permissions. ②
  • Set device password complexity (requirements for the password used to unlock a device) ③
  • Set work profile password complexity. ④  

Passwords that contain only alphanumeric or alphabetic characters are easy to discover. It is recommended to use a variety of characters to strengthen security.

E.g. COMPLEXITY_HIGH will define the high password complexity band as follows:

  • PIN with no repeating (4444) or ordered (1234, 4321, 2468) sequences, length at least 8
  • alphabetic, length at least 6
  • alphanumeric, length at least 6

 

  • Click 'More...' to open the Advanced configuration tab. ⑤

This tab allows setting more complex requirement values:

  • Length of password history determines the number of unique new passwords that must be associated with a user account before an old password can be reused.
  • A number of incorrect device-unlock passwords that can be entered before a device is wiped.
  • Password expiration time-out.Drop-down TitleDrop-down Title
Click 'Set and Deploy' ⑥

Guided walk-through: How to Add Application Deployment PolicyGuided walk-through: How to Add Application Deployment Policy

Click on 'Mobile Management' ① > Click on 'Policies' ② > Click  ③Drop-down TitleDrop-down Title

Select thebutton on the toolbar and then review the Application Deployment wizard window which will open.

Take the following steps:

  • Select thebutton next to the Application ID input box ①

 Syxsense interfaces with the Google Play Store to provide or deny access to a particular application. Because of this interaction with the Google Play Store, we can offer a pre-built list of applications available from the Play Store, without any special configuration required. Selecting this option will open a popup window which provides a list of available applications from the Google Play Store. 

 

  • Search for the application you wish to provision, click on the app icon, and then click the select button ②
  • After selecting the Application ID, determine how you want the mobile device to interact with the application. Choose 'Install Type' ③

Currently Syxsense supports the following Installation types:

Available – Do not auto install the application but allow the install of the application from the Google Play Store.

Preinstalled – Software Exists on Device Already and will be modified to match current application requirements.

Force Installed – Software is automatically installed on the device when policy is deployed.

Blocked – Software is not allowed to be installed on the endpoint. 

Required for Setup – The App is automatically deployed and cannot be removed by the user. Setup of the device will not complete until application is deployed. 

KIOSK – Software is installed by default and launched on the device in Kiosk mode.

 

  • Choose Default Permission ④

This Default Permissions option regulates what permissions are assigned to an application if requested.

The Default Permissions provide the following options:

Prompt – Allows the user to select the permissions they want to approve for the application.

Grant – Automatically allows the access requested by the application.

Deny – Automatically denies the access requested by the application.

Permission-Policy-Unspecified – Check for an explicitly set policy within the application policy document, and if not found, use the Prompt behavior.

 

  • Choose whether the application is generally available to the endpoint or relegated to just the work profile ⑤

Available options for this setting are:

'Connected_work_and_personal_app_dissallowed' - Forces the app to only be accessed within the work profile. 'Connected_work_and_personal_app_allowed' - Lets the user use the app from their own profile.

 

  • Choose how the application will be updated by selecting an option from the Auto Update Mode dropdown ⑥

Currently, Syxsense supports the following update methods:

Auto_Update_Default – Automatically updates the application within a few days of when the update is made available.

Auto_Update_Postponed – Do not auto update the application for at 90 days after the application becomes out of date.

Auto_Update_High_Priority – Update the application as soon as a new version of the application becomes available.

 

  • Set Managed Properties (application specific configurations) ⑦
  • Configure application permissions. To set an explicit application permission, select the plus icon ⑧, and then double click the dropdown to select the explicit permission that you want to configure.

Currently, Android supports hundreds of explicit permissions which you can configure to allow, deny, or prompt.

If you would like to review the specific permissions which Syxsense can control for an android application, please review the official Android Developer Guide: Permissions Management document provided by Google.Drop-down TitleDrop-down Title

Click 'Save' to finalize the application. 

Once saved, your new application deployment can be found within the Apps tab for the current Android deployment policy under the App ID field.

Guided walk-through: How to Add Enforcement PolicyGuided walk-through: How to Add Enforcement Policy

Click on 'Mobile Management' ① > Click on 'Policies' ② > Click  ③Drop-down TitleDrop-down Title
To create a new Enforcement Policy select the button in the toolbar of the Android Policy builder.

Take the following steps:

  • Select the device setting you wish to enforce from the 'Setting' dropdown menu ①
 Please, refer to the official Android Developers Guide for specific instructions on what each setting manages.
  • Set a 'Block After' timer (optionally) ②
This will set the setting to be managed only after a set number of days. Setting this timer to 0 disables the option.
  • Select the Block Scope for the setting ③

Syxsense currently supports the following Block settings:

Block_Scope_Unspecified – Blocks the setting if another policy does not supersede it. Block_Scope_Work_Profile – Blocks the setting from being modified by the work profile.

Block_Scope_Device – Blocks the setting from being modified by any profile on the device.

 

  • Once a Block Scope is set, the device policy can then be removed from the device after a set number of days by changing the Wipe After timer ④

 Setting the Wipe After to 0 disables the option. Drop-down TitleDrop-down Title
  Click 'Save' to finalize the enforcement policy.

Last Update: Mar 12, 2024

Copyright ©2024 by Syxsense, Inc. All Rights Reserved