Network Requirements for Android Enterprise

Looking For

Something Else?

SEARCH

Android - Agent

This category covers Moki's Agent/Device Administrator management solution.

IOS

This category covers Moki's iOS management solution.

Android Enterprise

This category covers Moki's Android Enterprise management solution.

BrightSign

This category covers Moki's BrightSign management solution.

FAQs

This category provides general FAQs about Moki's solutions.

News & Updates

This category provides news and updates.

What is Android Enterprise?

Android Enterprise is a Google-led initiative to enable the use of Android devices and apps in the workplace. The program offers APIs and other tools for developers to integrate support for Android into their enterprise mobility management (EMM) or mobile device management (MDM) solutions. 

There are three use cases supported on Android Enterprise. Moki’s Android Enterprise solution was built to manage company-owned devices for dedicated use. Dedicated devices are a subset of company-owned devices that serve a specific purpose. Android comes with a broad set of management features that allow organizations to configure devices for everything from employee-facing factory and industrial environments, to customer-facing signage and kiosk purposes.

Dedicated devices are typically locked to a single app or set of apps. Android 6.0+ offers granular control over a device’s lock screen, status bar, keyboard, and other key features, to prevent users from enabling other apps or performing other actions on dedicated devices.

An Android Enterprise solution is a combination of three components: your Moki Total Control console, a device policy controller (DPC), and managed Google Play.

Moki’s MDM Console

Moki’s MDM console is a cloud-based web application that allows admins to manage their organization, devices, and apps. Moki’s console has been integrated with the APIs and UI components provided by Android Enterprise.

DPC

All Android devices that Moki manages use Android’s DPC. A DPC is an agent that applies the management policies set in your Moki console to devices.

Managed Google Play

Managed Google Play is an enterprise app platform based on Google Play that is free to Android Enterprise customers and fully integrated into Moki’s MDM console. It combines the familiar user experience and app store features of Google Play with a set of management capabilities designed specifically for enterprises.

IT admins can use managed Google Play to discover apps, view app details, and purchase app licenses. IT admins can curate, manage, and distribute apps through Moki’s MDM console. 

Using Android Enterprise APIs, Moki can distribute apps to managed devices. Apps can be remotely installed on a device or added to the device’s managed Google Play store.

On managed devices, managed Google Play is the user’s enterprise app store. The interface is similar to Google Play—users can browse apps, view app details, and install them. Unlike the public version of Google Play, users can only install apps from managed Google Play that are whitelisted for them.

What is needed for Moki to communicate with devices?

The lifeblood of any mobile device rollout is the connectivity of the device. In order for Moki to communicate with the device there are ports that should be open constantly. It is also recommended that you get a dedicated network for the devices to connect to so that they can have maximum bandwidth and accessibility.

The following domains need to be allowed, (open port requirements):

Destination HostPortsPurpose

play.google.com

android.com

google-analytics.com

googleusercontent.com

*gstatic.com 

*.gvt1.com

*.ggpht.com

dl.google.com

dl-ssl.google.com

android.clients.google.com

*.gvt2.com

*.gvt3.com

TCP/443

TCP, UDP/5228-5230

Google Play and updates 

gstatic.com, googleusercontent.com – contains User-Generated Content (for example,. app icons in the store)

*gvt1.com, *.ggpht, dl.google.com, dl-ssl.google.com, android.clients.google.com – Download apps and updates, Play Store APIs

gvt2.com and gvt3.com are used for Play connectivity monitoring and diagnostics. 

*.googleapis.com
m.google.com
TCP/443EMM/Google APIs/PlayStore APIs/Android Management APIs

accounts.google.com

accounts.google.[country]

TCP/443

Authentication

For accounts.google.[country], use your local top-level domain for [country]. For example, for Australia use accounts.google.com.au, and for United Kingdom use accounts.google.co.uk.

gcm-http.googleapis.com

gcm-xmpp.googleapis.com

android.googleapis.com

TCP/443,5228-5230Google Cloud Messaging (e.g. EMM Console <-> DPC communication, like pushing configs)

fcm.googleapis.com

fcm-xmpp.googleapis.com

firebaseinstallations.googleapis.com

TCP/443,5228–5230Firebase Cloud Messaging (for example, . Find My Device, EMM Console <-> DPC communication, like pushing configs). For the most up to date information on FCM, click here.

fcm-xmpp.googleapis.com

gcm-xmpp.googleapis.com

TCP/5235,5236When using persistent bidirectional XMPP connection to FCM and GCM servers

pki.google.com

clients1.google.com

TCP/443Certificate Revocation list checks for Google-issued certificates

clients2.google.com

clients3.google.com

clients4.google.com

clients5.google.com

clients6.google.com

TCP/443Domains shared by various Google backend services such as crash reporting, Chrome Bookmark Sync, time sync (tlsdate), and many others 
omahaproxy.appspot.comTCP/443Chrome updates
android.clients.google.comTCP/443Android Device Policy download URL used in NFC provisioning

connectivitycheck.android.com
connectivitycheck.gstatic.com

www.google.com

TCP/443Used by Android OS for connectivity check whenever the device connects to any WiFi / Mobile network.
Android connectivity check, starting with N MR1, requires https://www.google.com/generate_204 to be reachable, or for the given Wi-Fi network to point to a reachable PAC file.

ota.googlezip.net

ota-cache1.googlezip.net

ota-cache2.googlezip.net

TCP/443Used by Pixel devices for OTA updates

mtalk.google.com

mtalk4.google.com

mtalk-staging.google.com

mtalk-dev.google.com

alt1-mtalk.google.com

alt2-mtalk.google.com

alt3-mtalk.google.com

alt4-mtalk.google.com

alt5-mtalk.google.com

alt6-mtalk.google.com

alt7-mtalk.google.com

alt8-mtalk.google.com

android.clients.google.com

device-provisioning.googleapis.com 

TCP/443,5228–5230Allows mobile devices to connect to FCM when an organization firewall is present on the network. (see details here)
time.google.comUDP/123During provisioning, Android devices require access to an NTP server, which is typically accessed via port UDP/123. This can be changed by an OEM.

android-safebrowsing.google.com

safebrowsing.google.com

TCP/443

Safebrowsing endpoints are used for Google Play Protect.

*.mokicloud.com

443, 3478, 5349

Remote Control

*.moki.com443Remote Control

moki-marbles.appspot.com

443

Remote Control

*.pushy.me

TCP/443,5228-5230Remote Control

*.pushy.io

443Remote Control

 

Submit a Ticket

Contact us by email, or just fill out the form

Skip to content