Managing the closed network / AOSP devices
Listing details for Registration status, post-registration reception and provisions, and app management.
Registration status values
Upon registration to Ivanti EPMM, the device sends all device details to Ivanti EPMM. The Device Details page > Registration Status field lists the following values:
Action |
Registration Status value |
Android Enterprise configuration sent to device |
Work Managed Device |
Closed network / AOSP configuration sent to device |
Work Managed Device - Non GMS |
Device does not receive the AOSP configuration |
The device is retired (factory reset.) |
Closed network / AOSP device capabilities
After successful registration, devices will be able to receive and provision the following:
Type |
Description |
Configurations |
|
Policies |
|
App Management |
|
Standard device management capabilities |
All the supported device management commands of Android Enterprise work for closed network / AOSP deployment, except "Shared Kiosk- Signout." |
App Management
-
With a closed network / AOSP deployment, devices registered as a non-GMS device will have access to all in-house applications through Apps@Work.
-
In non-closed networks / AOSP deployments, all apps need to be uploaded as in-house apps using their .apks since there is no access to Google's application bundles.
-
When applying app restrictions, make sure to have the Install this app for Android enterprise and Enable AOSP app restrictions check boxes selected.
For more information about app management, see "Adding in-house apps for Android" in the Ivanti EPMM Apps@Work Guide.
Always-On VPN for AOSP for Android Enterprise devices
In AOSP mode, you can have Always-On VPN status for devices using Android 10 and later supported versions. Directing traffic from the device through the VPN is useful for highly regulated industries and for customers who would deploy AOSP functionality.
Before you begin
Be sure to have an Android Enterprise configuration in place with the Always On check box selected. See Enabling an Android Enterprise VPN client to be always on.
Procedure
-
Go to Services > Google and select the Enable AOSP/Closed Network Devices check box (see Enabling a closed network / AOSP deployment in Ivanti EPMM.)
-
Install a VPN app. When applying app restrictions, make sure to have the Install this app for Android enterprise and Enable AOSP app restrictions check boxes selected.
-
In Services > Sentry, add a new Standalone Sentry with a public certificate ( see "Standalone Sentry certificate" in the Ivanti Standalone Sentry Installation Guide.)
-
In the Device Details page, the status of AOSP is displayed in the following fields:
-
Registration Date - Registration date of the device.
-
Registration IMSI - Registration of ISMI (international mobile subscriber identity) number.
-
Registration Status - Indicates the AOSP (non GMS) is registered as a Work Managed Device.
-
Registration UUID - Unique ID when registering from the client.
-
-
The result is on user's device > System Settings > VPN provided app > Always-On VPN is switched on.