data separation
Android - Enterprise devices
From Android 9: Android Enterprise Enrollment (Fully Managed Device)
At the latest since Relution 5, Android Enterprise Enrollment has become the fully managed device device owner
for managing Android devices in Relution. The MDM functions are integrated into the operating system and standardized. This enables a largely vendor-independent, uniform MDM functionality on the Android platform. The Android Enterprise functions are only available for certified devices. Samsung devices can be managed and secured even more extensively with the KNOX functions. The Relution Client App is no longer mandatory for Android Enterprise Enrollment. However, the classic login as device administrator
is still possible. In this case, the Relution Client App is provided with special rights on the device to be able to execute the MDM functions. However, with this type of enrollment, the options for MDM intervention are highly dependent on the Android device used. A wide range of configurations and functions are available when managing Android devices:
- Installation and configuration of apps (e.g. Exchange client)
- Managed Google Play Store
- WiFi and VPN configuration
- Fully automated device enrollment (KNOX Mobile Enrollment)
Android - Bring Your Own Devices
Work Profile Enrollment
Android Enterprise additionally offers the so-called Work Profile
, which is intended for private devices and sets up a container Work
on the device that can be managed by Relution. This container contains a Managed Play Store
, which only makes approved apps available for installation. Installing apps from the Managed Google Play Store
is possible without a local Google account. Additionally, the apps can be configured via Relution if a Managed App Configruation
is supported by the respective app (e.g. an email app with a predefined server address and user ID). The container can also contain its own address book to separate business and private contacts.
Anything outside the container Personal
cannot affect Relution, e.g. the device cannot be reset or locked. However, the container can be removed via Relution, which deletes all the data it contains.
Relution supports the work profile in an organization in parallel with the full device management of Android Enterprise and the classic login as system administrator. Thus, mixed operation with different devices is possible in Relution.
Functional limitations
In addition, the following functions in the Work
container can also be disabled by restriction:
- App Block/Allowlisting
- Creation of new users and profiles
- Adding and removing accounts
- Install apps
- Uninstalling apps
- Using the camera
- Taking screenshots
- Configuring and using Bluetooth
- Sharing contacts via Bluetooth
- Configure mobile network
- Configure VPN
- Configure standard Wi-Fi networks
- Using Android Beam (NFC) to share app data
- Mount external physical media
- Transferring files via USB