Getting started with Android device management

Endpoint Manager MDM gives you access to management options for your mobile Android devices, such as settings and configurations, software distribution, and console actions. Endpoint Manager integrates with Google's Android Enterprise program for modern Android device management.

Android Enterprise offers three management modes: work profile, fully managed, and kiosk. For information about each management mode and their user experiences, see Android Enterprise management modes.

Configuring Endpoint Manager for Android device management

1.Configure your CSA in the console. The Ivanti Cloud Services Appliance (CSA) provides secure communication and functionality over the internet. The CSA acts as a meeting place where devices, MDM or agent-managed, can communicate with the Endpoint Manager core server—even if they are behind firewalls or use a proxy to access the internet. The CSA requires a third-party certificate for mobile device management. To configure your CSA, see Configuring the Ivanti Cloud Services Appliance. Android Enterprise does not need the CSA to be configured for managing certificates or remote control.

2.Select your CSA for MDM. To select the CSA you would like Endpoint Manager MDM to communicate with, navigate to Tools > Modern Device Management > MDM Configurations > Common Settings > Cloud Service Appliances (CSA).

3.Secure your web server with a certificate. Your web server must be secured with a trusted, third-party, SSL certificate for Android Enterprise application management. Once you have obtained a certificate, bind it to your web server in Internet Information Services (IIS) Manager. For more information, see Binding a web server certificate.

4.Create an Android Enterprise account. An enterprise account connects Endpoint Manager and Google, enabling Android Enterprise device management and giving you access to an enterprise managed Play Store. For information about creating an enterprise account, see Android Enterprise accounts.

Enrolling Android devices

Enroll work profile mode devices. Work profile mode is typically used for employee-owned devices (BYOD), since it creates a work profile that is distinct from the rest of the device. For information about enrolling work profile mode devices, see Enrolling devices in Android Enterprise.

Enroll fully managed devices. Fully managed mode is typically used for company-owned devices, since it has full control over the device and its data. Fully managed device mode offers extensive control over device policies, settings, and applications. For information about enrolling fully managed devices, see Enrolling devices in Android Enterprise

Managing enrolled devices

Set up kiosk (dedicated) devices. Kiosk mode locks fully managed devices to a single app or set of apps. Kiosk mode (also known as dedicated device mode) is a subset of fully managed mode. To put a device into kiosk mode, enroll it as a fully managed device then use a mobile Android configuration to enable kiosk mode. For information about setting up kiosk devices, see Kiosk mode for Android Enterprise.

Create agent settings to configure devices. Agent settings for mobile devices allow you to configure device settings and restrictions from the Endpoint Manager console. For more information about the available settings, see Agent settings: Mobile Android Configuration.

Create software packages for devices. Approve, purchase, and publish apps in your enterprise managed Play Store. Using distribution packages, configure enterprise apps, make them available in the work profile badged Play Store, or silently install them on devices. For information about approving and distributing applications, see Distributing Android Enterprise apps.

Perform actions from the console. After a device is enrolled, it appears in the inventory, and you can perform actions such as locking the device or viewing the device inventory. Most of these actions are performed by right-clicking on the device in the inventory. For information about available actions, see Device actions.

NOTE: If you have older devices that don't support Android Enterprise, see Enrolling legacy Android devices for information about managing legacy Android devices.