Network Requirements for Android Enterprise

Looking For

Something Else?


Android - Agent

This category covers Moki's Agent/Device Administrator management solution.


This category covers Moki's iOS management solution.

Android Enterprise

This category covers Moki's Android Enterprise management solution.


This category covers Moki's BrightSign management solution.


This category provides general FAQs about Moki's solutions.

News & Updates

This category provides news and updates.

What is Android Enterprise?

Android Enterprise is a Google-led initiative to enable the use of Android devices and apps in the workplace. The program offers APIs and other tools for developers to integrate support for Android into their enterprise mobility management (EMM) or mobile device management (MDM) solutions. 

There are three use cases supported on Android Enterprise. Moki’s Android Enterprise solution was built to manage company-owned devices for dedicated use. Dedicated devices are a subset of company-owned devices that serve a specific purpose. Android comes with a broad set of management features that allow organizations to configure devices for everything from employee-facing factory and industrial environments, to customer-facing signage and kiosk purposes.

Dedicated devices are typically locked to a single app or set of apps. Android 6.0+ offers granular control over a device’s lock screen, status bar, keyboard, and other key features, to prevent users from enabling other apps or performing other actions on dedicated devices.

An Android Enterprise solution is a combination of three components: your Moki Total Control console, a device policy controller (DPC), and managed Google Play.

Moki’s MDM Console

Moki’s MDM console is a cloud-based web application that allows admins to manage their organization, devices, and apps. Moki’s console has been integrated with the APIs and UI components provided by Android Enterprise.


All Android devices that Moki manages use Android’s DPC. A DPC is an agent that applies the management policies set in your Moki console to devices.

Managed Google Play

Managed Google Play is an enterprise app platform based on Google Play that is free to Android Enterprise customers and fully integrated into Moki’s MDM console. It combines the familiar user experience and app store features of Google Play with a set of management capabilities designed specifically for enterprises.

IT admins can use managed Google Play to discover apps, view app details, and purchase app licenses. IT admins can curate, manage, and distribute apps through Moki’s MDM console. 

Using Android Enterprise APIs, Moki can distribute apps to managed devices. Apps can be remotely installed on a device or added to the device’s managed Google Play store.

On managed devices, managed Google Play is the user’s enterprise app store. The interface is similar to Google Play—users can browse apps, view app details, and install them. Unlike the public version of Google Play, users can only install apps from managed Google Play that are whitelisted for them.

What is needed for Moki to communicate with devices?

The lifeblood of any mobile device rollout is the connectivity of the device. In order for Moki to communicate with the device there are ports that should be open constantly. It is also recommended that you get a dedicated network for the devices to connect to so that they can have maximum bandwidth and accessibility.

The following domains need to be allowed, (open port requirements):

Destination HostPortsPurpose







TCP, UDP/5228-5230

Google Play and updates, – contains User-Generated Content (for example,. app icons in the store)

*, *.ggpht,,, – Download apps and updates, Play Store APIs and are used for Play connectivity monitoring and diagnostics. 

TCP/443EMM/Google APIs/PlayStore APIs/Android Management APIs[country]



For[country], use your local top-level domain for [country]. For example, for Australia use, and for United Kingdom use

TCP/443,5228-5230Google Cloud Messaging (e.g. EMM Console <-> DPC communication, like pushing configs)

TCP/443,5228–5230Firebase Cloud Messaging (for example, . Find My Device, EMM Console <-> DPC communication, like pushing configs). For the most up to date information on FCM, click here.

TCP/5235,5236When using persistent bidirectional XMPP connection to FCM and GCM servers

TCP/443Certificate Revocation list checks for Google-issued certificates

TCP/443Domains shared by various Google backend services such as crash reporting, Chrome Bookmark Sync, time sync (tlsdate), and many others 
omahaproxy.appspot.comTCP/443Chrome updates Device Policy download URL used in NFC provisioning

TCP/443Used by Android OS for connectivity check whenever the device connects to any WiFi / Mobile network.
Android connectivity check, starting with N MR1, requires to be reachable, or for the given Wi-Fi network to point to a reachable PAC file.

TCP/443Used by Pixel devices for OTA updates 

TCP/443,5228–5230Allows mobile devices to connect to FCM when an organization firewall is present on the network. (see details here) provisioning, Android devices require access to an NTP server, which is typically accessed via port UDP/123. This can be changed by an OEM.


Safebrowsing endpoints are used for Google Play Protect.


443, 3478, 5349

Remote Control

*.moki.com443Remote Control


Remote Control


TCP/443,5228-5230Remote Control


443Remote Control


Submit a Ticket

Contact us by email, or just fill out the form

Skip to content