What is Android Enterprise?
Android Enterprise is a Google-led initiative to enable the use of Android devices and apps in the workplace. The program offers APIs and other tools for developers to integrate support for Android into their enterprise mobility management (EMM) or mobile device management (MDM) solutions.
There are three use cases supported on Android Enterprise. Moki’s Android Enterprise solution was built to manage company-owned devices for dedicated use. Dedicated devices are a subset of company-owned devices that serve a specific purpose. Android comes with a broad set of management features that allow organizations to configure devices for everything from employee-facing factory and industrial environments, to customer-facing signage and kiosk purposes.
Dedicated devices are typically locked to a single app or set of apps. Android 6.0+ offers granular control over a device’s lock screen, status bar, keyboard, and other key features, to prevent users from enabling other apps or performing other actions on dedicated devices.
An Android Enterprise solution is a combination of three components: your Moki Total Control console, a device policy controller (DPC), and managed Google Play.
Moki’s MDM Console
Moki’s MDM console is a cloud-based web application that allows admins to manage their organization, devices, and apps. Moki’s console has been integrated with the APIs and UI components provided by Android Enterprise.
All Android devices that Moki manages use Android’s DPC. A DPC is an agent that applies the management policies set in your Moki console to devices.
Managed Google Play
Managed Google Play is an enterprise app platform based on Google Play that is free to Android Enterprise customers and fully integrated into Moki’s MDM console. It combines the familiar user experience and app store features of Google Play with a set of management capabilities designed specifically for enterprises.
IT admins can use managed Google Play to discover apps, view app details, and purchase app licenses. IT admins can curate, manage, and distribute apps through Moki’s MDM console.
Using Android Enterprise APIs, Moki can distribute apps to managed devices. Apps can be remotely installed on a device or added to the device’s managed Google Play store.
On managed devices, managed Google Play is the user’s enterprise app store. The interface is similar to Google Play—users can browse apps, view app details, and install them. Unlike the public version of Google Play, users can only install apps from managed Google Play that are whitelisted for them.
What is needed for Moki to communicate with devices?
The lifeblood of any mobile device rollout is the connectivity of the device. In order for Moki to communicate with the device there are ports that should be open constantly. It is also recommended that you get a dedicated network for the devices to connect to so that they can have maximum bandwidth and accessibility.
The following domains need to be allowed, (open port requirements):
|TCP/443||Access to Moki’s cloud-based management platform.|
Google Play and updates
googleusercontent.com – contains User Generated Content (e.g. app icons in the store)
*gvt1.com, *.ggpht, dl.google.com,dl-ssl.google.com,android.clients.google.com -Download apps and updates, PlayStore APIs
|3||*.googleapis.com||TCP/443||EMM/Google APIs/PlayStore APIs|
|TCP/443||Authentication For accounts.google.[country], use your local top-level domain for [country]. For example, for Australia use accounts.google.com.au, and for the United Kingdom use accounts.google.co.uk.|
|5||gcm-http.googleapis.com, gcm-xmpp.googleapis.com, |
|Google Cloud Messaging (e.g. EMM Console <-> DPC communication, like pushing configs)|
|Firebase Cloud Messaging (e.g. Find My Device, EMM Console <-> DPC communication, like pushing configs)|
|TCP/443||Certificate Revocation list checks for Google-issued certificates|
|TCP/443||Domains shared by various Google backend services such as crash reporting, Chrome Bookmark Sync, time sync (tlsdate), and many others|
|10||android.clients.google.com||TCP/443||CloudDPC download URL used in NFC provisioning|
|11||connectivitycheck.android.com www.google.com||TCP/443||Connectivity check prior to CloudDPC v470 Android connectivity check starting with N MR1 requires https://www.google.com/generate _204 to be reachable, or for the given WiFi network to point to a reachable PAC file.|