Configuring MAM-only Android devices

Configuring MAM-only Android devices requires the following steps:

• Disabling the device administrator on Android devices
• Configuring the security policy for MAM-only Android devices
• Configuring the privacy policy for MAM-only Android devices
• Configuring the sync policy for MAM-only Android devices
• Configuring the lockdown policy for MAM-only Android devices
• Making apps available to MAM-only Android devices
• Using Apps@Work on MAM-only Android devices
• Configuring AppConnect and AppTunnel for MAM-only Android devices

Disabling the device administrator on Android devices

Disabling the device administrator on Android devices is necessary for configuring Ivanti EPMM to support MAM-only Android devices. This setting is on the Android quick setup policy.

Procedure 

1. In the Ivanti EPMM Admin Portal, go to Policies & Configs > Policies.
2. Select Add New > Android > Android Quick Setup.
3. In the Name field, enter a descriptive name for the policy.
4. De-select Device Administrator.
5. Click Save > OK.

Related topics 

• “Working with Android Quick Setup policies” in the Ivanti EPMM Device Management Guide for Android and Android Enterprise devices.

Configuring the security policy for MAM-only Android devices

Only some settings on the security policy apply to MAM-only Android devices. This procedure explains how to configure the default security policy. However, the same considerations apply to any security policy that you label for Android devices or a subset of Android devices.

If you are applying the default security policy or a custom security policy to both MAM-only Android devices and to non-Android devices, including Android Enterprise devices, set the appropriate fields for non-Android devices according to your requirements

Procedure 

1. In the Ivanti EPMM Admin Portal, go to Policies & Configs > Policies.
2. Select the default security policy.
3. Click Edit. The Modify Security Policy dialog box opens.
4. The Password section does not apply to MAM-only Android devices.

5. In the Data Encryption section, set Device Log Encryption to On if you want to encrypt the log files you email with the Send Log option in Ivanti Mobile@Work for Android.

   All other settings in the Data Encryption section do not apply to MAM-only Android devices.

6. In the Android section, set Require strict TLS for Apps@Work if you require strict TLS between Apps@Work and other services.

   All other settings in the Android section do not apply to MAM-only Android devices.

7. The Android enterprise, Windows 8.1, and Windows 10 sections do not apply to MAM-only Android devices.
8. In the Access Control section, in For All Platforms, select the compliance action, if any, that you require for each security violation.
9. In the Access Control section, in For Android devices, select the compliance action, if any, that you require for these security violations, which are the only ones in this section supported for MAM-only Android devices:
   • when Android version is less than
   • when a compromised Android device is detected
10. Click Save > OK.

When selecting a compliance action, keep in mind that wipe is not supported for MAM-only Android devices.

Related topics 

• MAM-only Android devices
• “Security policies” in Getting Started with Ivanti EPMM
• “Device Log Encryption” in the Ivanti EPMM Device Management Guide for Android and Android Enterprise devices.

Configuring the privacy policy for MAM-only Android devices

All Android-related settings on the privacy policy apply to MAM-only Android devices. For information on configuring the privacy policy, see “Privacy policies” in Getting Started with Ivanti EPMM.

Related topics 

• MAM-only Android devices

Configuring the sync policy for MAM-only Android devices

All Android-related settings on the sync policy apply to MAM-only Android devices. For information on configuring the privacy policy, see “Sync policies” in Getting Started with Ivanti EPMM.

Related topics 

• MAM-only Android devices

Configuring the lockdown policy for MAM-only Android devices

The lockdown policy does not apply to MAM-only Android devices. If your Ivanti EPMM deployment includes only MAM-only Android devices, you can ignore the lockdown policy. However, if your deployment includes other device platforms, including Android Enterprise, configure the lockdown policy to meet your requirements.

Related topics 

• “Lockdown policies” in Getting Started with Ivanti EPMM
• MAM-only Android devices

Making apps available to MAM-only Android devices

The procedures for making apps available to MAM-only Android device is the same as when Android devices support MDM. However, the following features, available when adding or editing an app in the App Catalog, are not supported:

• Per App VPN settings
• Silent installation

For configuration information, see Adding Google Play apps for Android.

Using Apps@Work on MAM-only Android devices

Using Apps@Work on MAM-only Android devices is the same as it is with Android devices that support MDM.

For information, see Android app versions and device counts.

Configuring AppConnect and AppTunnel for MAM-only Android devices

Configuring AppConnect for MAM-only Android devices is the same as configuring AppConnect for Android. Configuring AppTunnel with HTTP/S tunneling or TCP tunneling is also the same. For information on configuring AppConnect and AppTunnel for Android, see “Configuration overview” in the AppConnect Guide for EPMM.