Avalanche Android Enterprise Work Profile Mode

Version 3

    Verified Product Versions

    Avalanche 6.3

    Scenario:

     

    Work Profile is best described as a BYOD platform for device management. Customers may want to provide corporate software to an employee or contractor but does not want to fully manage the device. Android Enterprise Work Profile (released with Avalanche 6.3) allows for a secure folder to be created on a device and house any corporate applications there.

     

    Video Summary:

     

     

    Server Side:

     

    Android Enterprise requires your console to be secured via an SSL certificate. The 6.3 installer will allow for you to generate and install a certificate from the installation wizard. You may also import a previously created certificate during this time as well. This can be self signed or Third Party Signed. Once 6.3 is installed and licenses are added users will need to configure their ESA (Enterprise Service Account) then will need to associate the ESA to an Enrollment Rule.

     

    1. Go to Tools > Android Enterprise.

    AEconfig1.png

    2. Click on Create Enterprise. (if this option is not available it means you are not using the secure address for your console)

    3. A new Google window will now be displayed.

     

    It should be pointed out that this is a google website. This means if you have logged into your chrome browser and you try to create an Enterprise it will be associated to your personal google account. MDM Administrators will want to ensure they create a corporate account to ensure your personal info is not utilized.

    AEconfig2.png

    Not all fields are required to be filled out but those that must adhere to GDPR should fill them out.

     

    4. Once you have filled out the information you will be able to return to your avalanche console and will see the newly created ESA associated to your Avalanche

    5. Next you will need to go to the Enrollment rule tab and create a new Enrollment rule for the Android Enterprise Devices.  You will be able to use both ANS or FCM at this point and time. If you select GCM it must be pointed out that Google has issued an End of Life statement for GCM and all servers will be shut down. It is also important to ensure you have selected the Android Service Account to be associated with the enrollment rule.

    AEconfig3.png

     

    Device Side:

     

    1. On the device open google play store

    2. Search for Avalanche Android Enterprise

    3. Put in your enrollment information

    4. The enabler will minimize and you will see a secure folder created on the device. This means the MDM has been authenticated by Google

    5. open the Secure Work Folder and open the Enabler again

    6. Click enroll.

     

    Additional Information:

     

    1. Customers will need to ensure they have configured the ESA account to correspond to the Enrollment Rule prior to enrolling a device. A device will be able to enroll without the ESA account but will not be able to sync properly.

    2. Customers who have already imported a certificate in a previous version of Avalanche 6.x to secure their console will need to relocate the certificate to a different folder. During the upgrade process the data within the installation folder will be deleted and laid back down. It is recommended to store the certificate in a secure location on the system outside of the installation folder prior to beginning the 6.3 upgrade process.

    3. Any device and server associated to Android Enterprise configurations will need to have access to the Avalanche Smart Device Server as well as the Internet. All devices and servers will communicate on port 443 to Google and a Ivanti Supply Chain server for authentication and validation purposes.

    Useful Links:

     

    Android Enterprise Private Play Store address (must be logged in as a ESA administrator

    Android Apps on Google Play

    Avalanche Android Enterprise Enabler

    Avalanche Android Enterprise - Apps on Google Play