Dedicated management is an extension of full device management. You can lock down dedicated devices to a single app (or apps), enabling them to perform specific employee or customer-facing functions. This includes inventory management, hospitality kiosk services, and digital signage. You can also enforce extended security policies on dedicated devices to prevent users from exiting apps and accessing a device’s home screen.
What features do dedicated devices support?
All EMM providers offering dedicated device management support the following key features:
|EMM token||Enter a token provided by your EMM to trigger full device management setup.|
|Set lock screen restrictions||Set and enforce the type of passcode (e.g. PIN/pattern/password) required to unlock a device.|
|Block users from escaping locked down devices||Block users from escaping locked down dedicated devices to enable other actions.|
|Wipe and lock work data||Remotely lock and wipe a device.|
|Automatic compliance enforcement||Automatically restrict access to data and apps on devices that aren't in compliance with security policies.|
EMM providers support Android app management through an enterprise version of Google Play, called managed Google Play. With an EMM, you can create managed Google Play Accounts for your devices. These accounts enable app distribution to your dedicated devices.
|View and manage your app catalog||View a list of purchased apps, approved apps, and private apps.|
|Distribute apps silently||Silently install apps on a device without any user interaction.|
|Set managed configurations||Configure work apps for individual users or devices.|
|Set default runtime permission policies||Set the default response (prompt, allow, or deny) to all runtime permission requests from apps.|
|Set specific runtime permission policies||Set the default response (prompt, allow, or deny) to specific runtime permission requests from apps.|
|Lock app(s) to screen||Specify an app (or apps) to lock to the screen, and ensure that users can't exit apps.|
|Schedule over-the-air (OTA) system updates||Postpone OTA system updates for up to 30 days and setup regular maintenance windows for updates.|
In addition to the key features above, all Android Enterprise Recommended EMM providers offering dedicated device management support the following advanced features:
|QR code||Scan a QR code provided by the EMM to enroll a device from a device's setup wizard.|
|Zero-touch enrollment||Preconfigure devices using the Zero-touch enrollment portal.|
|Device integrity verification||Validate device integrity to help detect if a device has been tampered with or modified. Set up automated rules (e.g. wipe and lock) if validation fails.|
|Block external data transfers||Lock down hardware elements (e.g. NFC beam, external media, USB storage) to prevent users from sharing or transferring work data.|
|Configure Wi-Fi settings||Remotely deploy Wi-Fi login settings (SSID, password) to a device.|
|Configure certificate-authenticated Wi-Fi||Remotely deploy Wi-Fi settings to a device that include identity, certificates for client authorization, and CA certificates.|
|Manage certificates||Deploy identity certificates and certificate authorities to a device to enable access to corporate resources.|
|Manage advanced certificate details||Select certificates for specific apps, remove CAs and identity certs from an active device, and prevent users from modifying credentials in the managed keystore.|
|Enable Always On VPN||Enable Always On VPN for specified apps to ensure they always go through a configured VPN.|
|Restrict factory-reset privileges||Specify the account(s) authorized to factory reset a device.|
|Manage advanced dedicated device features||Control granular dedicated device features, including disabling the device status bar, lock screen, and phone activity alerts.|
|Retrieve bug reports||Remotely retrieve bug reports from devices.|
Support for additional features varies by EMM provider. To view the features supported by a specific EMM, see the Android Enterprise Solutions Directory.
|NFC||Push setup details to a device via an NFC bump.|
|G Suite or Cloud Identity account||Set up a device by entering a user's G Suite or Cloud Identity account details.|
|Set advanced lock screen restrictions||Set and enforce the quality, length, and complexity of the passcode required to unlock a device.|
|Configure Smart Lock settings||Enable or disable specific Smart Lock methods, such as trusted bluetooth devices, face recognition, or voice recognition.|
|Google Play Protect enforcement||Google Play Protect's Verify Apps feature is enabled by default and scans apps for malware before and after installation.|
|Access security logs||View and export security logs for a given device and time window.|
|Support Google-hosted private apps||Publish Google-hosted private apps from the EMM's console and distribute them to devices.|
|Support externally hosted private apps||Publish externally hosted private apps from the EMM's console and distribute them to devices.|
|Block modification of Wi-Fi settings||Prevent users from creating new Wi-Fi configurations or modifying existing ones.|
|Restrict access to authorized accounts||Ensure that only authorized corporate accounts can interact with corporate data by preventing users from adding or modifying accounts.|
|Manage 3rd party certificates||Distribute a 3rd-party certificate management app to a device and grant the app privileged access to install certificates in the managed keystore.|
|Control access to input methods||Configure the input methods (e.g. keyboards) that a user can configure on their device, including system input methods.|
|Control access to accessibility services||Configure the accessibility services that can be enabled on a device.|
|Set location sharing preferences||Configure device location sharing settings (e.g. high accuracy, battery-saving, sensors only, off) for apps.|
|Block users from uninstalling apps||Prevent users from uninstalling apps or modifying apps through Settings.|
|Disable screen captures||Prevent users from taking screenshots when using apps.|
|Disable camera||Prevent apps from using device cameras.|
|Retrieve network statistics||Retrieve network usage statistics for a device.|
|Remote reboot||Remotely reboot a device.|
|Manage system network radio settings||Control system network radio settings and usage policies.|
|Manage system audio settings||Control device audio features.|
|Manage system clock settings||Control device clock and timezone settings. Prevent users from modifying automatic device settings.|
|Set default apps for specific activities||Set the default app for specific activities. For example, choose the default browser for opening web links.|
|Customize device setup UI||Set the color, logo, and terms and conditions displayed during device setup.|
|Customize lock screen message||Set a message to display on a device's lock screen.|
|Customize lock screen features||Control the features accessible to a user before unlocking a device.|
|Retrieve MAC addresses||Remotely retrieve device MAC addresses.|
Which Android devices are supported?
Android Lollipop (5.1) and later devices.
Which EMM providers support dedicated device management?
EMM providers that support dedicated device management are listed in the Android Enterprise Solutions Directory.