Android 11 for Enterprise: Everything You Need to Know

ISEC7 SPHERE

Rumored to have a September 8th release date, Android 11 introduces some great improvements for end-users, like wireless Android Auto support for all Android devices, chat bubbles, etc.

But Android 11 has also implemented some major changes and restrictions to enhance user privacy that need to be considered from an enterprise perspective to ensure a smooth transition and maintain security and control.

 

Managing Devices Before Android 11

One of the main changes with Android 11 is the way corporate-owned devices are managed. With Android 10, there are mainly three types of management modes: 

  • Android Enterprise with work profile: Typically used for Bring Your Own Device (BYOD) deployments where the device is personally owned. Allows user to use their personal device at work, access their work mail, apps, etc. without compromising security.
  • Adroid Enterprise fully managed: Typically used for Corporate Owned Business Only (COBO) deployments where full control over device and data is required with little to no room for private usage. Typically for regulated environments (Federal administration, government, etc.)
  • Android Enterprise fully managed with work profile: For Corporate Owned Personally Enabled (COPE) deployments where although the device belongs to the company and work data is stored, the device is also enterprise-managed/controlled and leaves the user with a wall-garden for their private apps and data. In other words, this management mode provides a good balance between BYOD and COBO without compromising corporate data security.

Managing Devices with Android 11

With Android 11, the Bring Your Own Device (BYOD) management mode hasn’t changed. However, Corporate Owned Personally Enabled (COPE) will be replaced by a new management mode called Enhanced Work Profile (EWP). Corporate Owned Business Only (COBO) management mode will remain.

 

What Is the Difference?

For the end-user, the differences are few to none, as both provisioning and daily usage experience will remain identical.

 

However, this is a different story for people in charge of enterprise device management, as they will have less visibility and less device control for the benefit of improved user privacy.

 

For example, on a COPE deployment, although private apps and data would not be visible to the company, things like app installation reports, app lists, device usage, etc. are visible. This will no longer be the case with EWP.

 

Also, the way a device is recognized, as company or personally owned, will mainly depend on the enrollment method used:

  • If provisioned using QR or ZT methods, the device is recognized as company-owned
  • Otherwise, the device is recognized as personally owned

What Is the Impact of Upgrading?

For new deployment, there is no impact. However, for existing deployments, there are a couple of things to consider. 

After upgrading a device to Android 11, COPE devices will be converted to EWP without any need to re-enroll (=zero user interaction). Another option is for a company to choose full control for company owned devices. 

 

How Can I Prepare?

  1. Customers need to contact their UEM vendor to ensure their devices are prepared to upgrade to
    Android 11; most of them already are, and only require the customer to have end-users update the EMM app on their mobile device before upgrading the device OS to Android 11. 

  2. Use system update management tools (ex: Samsung E-FOTA, etc.) to delay the OS upgrade if needed. 

 

Want to know more?

Note: Please fill out the fields marked with an asterisk.


(C) Rémi Frédéric Keusseyan, Mobility Expert/Master Trainer