Android in the Enterprise: Best Practices
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share

Android in the Enterprise: Best Practices

  • 2,771 views
Uploaded on

Learn best-practices for enabling Android smartphones and tablets in the enterprise. ...

Learn best-practices for enabling Android smartphones and tablets in the enterprise.

Learn more: http://www.maas360.com/products/mobile-device-management/android/

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
2,771
On Slideshare
2,771
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
49
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • In our webinar today we will talk about embracing the Android opportunity in the Enterprise, Security and Best Practices for Android , some of the key new features of the latest Android OS: 2.3.X and 3.X updates and finally I will discuss Microsoft Exchange Support for Android including a demo of how to connect an android device to you Exchange server and also how to wipe the device through Outlook Web Access.
  • 2011 is the start of the year that businesses were confronted with how to fully embrace mobile devices. This also drags the IT department into the picture as users bring their own devices into the enterprise without a proper IT management, strategy, and operation. Androids and iPhones are being selected over the traditional Blackberry and Windows Mobile devices. From a recent study the iPhone surpassed the BlackBerry as the top mobile device and Android has become the number one OS and continues to gain market share quarterly.And this is a good thing! Amazingly enough the business does benefit. Studies have shown employees work 10-20% more night and weekend hours when provided a laptop with corporate access. Businesses also save money when an employee brings in their own device as they are responsible for the cost of the device and it’s associated voce/data plan – eliminating corporate carrier contracts and additional overhead. As notebook technology struggles to keep ground, studies have shown the mobile device freight train shows no signs of stopping.
  • Have a realistic policy set for 2012. Support multiple device platforms and allow personal devices. You are likely already doing this now, but with very minimal information a user can sync an Android or even a newer iPod touch device to your exchange server without you ever being alerted or notified. Cost savings could also add up as the employee is covering their own plan.Take stock of your mobile devices by implementing a multi-platform reporting and inventory tool. This will help understand risks regarding mobile devices and make informed decisions. The solution should also be extended to your help desk and HR departmentsProbably the most important, require and enforce basic security precautions. This includes requiring a strong password, password expiration, auto-lock and auto-wipe if a specific number of failures. Enforce that local encryption is enabled and have the ability to remote wipe. Select Gingerbread ROM’s and native Honeycomb now have improved software level encryption which can encrypt internal and external storage on the dveice.
  • Android 2.3 has some key enhancements and features.(Improved Performance):Faster speed. Google promises Gingerbread is its "fastest version of Android yet," thanks to its improved responsiveness and power management.(Power Management)The Android system takes a more active role in managing apps that are keeping the device awake for too long or that are consuming CPU while running in the background. By managing such apps — closing them if appropriate — the system helps ensure best possible performance and maximum battery life. The system also gives the user more visibility over the power being consumed by system components and running apps. The Application settings provides an accurate overview of how the battery is being used, with details of the usage and relative power consumed by each component or application.(Control over applications)A shortcut to the Manage Applications control now appears in the Options Menu in the Home screen and Launcher, making it much easier to check and manage application activity. Once the user enters Manage Applications, a new Running tab displays a list of active applications and the storage and memory being used by each. The user can read further details about each application and if necessary stop an application or report feedback to its developer.(Downloads Management)Easier file management. A new integrated Downloads app lets you access and manage every file you download, whether you get it via the Internet, e-mail, or through any other program.(Native Encryption)Motorola recently released an updated Android ROM that encrypts the internal and external SD cards on select mobile devices.
  • (UI Refresh)Android's user interface gets a refresh with Gingerbread. Android Gingerbread isn't the massive redesign we've been hearing about -- that may still be ahead with up and coming Ice Cream Sandwich -- but there are a number of interface changes you'll notice right away. Among them:An updated color scheme. Gingerbread introduces a "simplified visual theme" that includes a darker notification bar and black-based menus (to conserve battery as the backlight is not utilized as much on darker themes).Android Gingerbread features a redesigned on-screen keyboard that's said to be faster and more intuitive. In addition to its updated form, the keyboard now supports multitouch input and a "smart" autocorrect function.Improved cut-and-paste. Android Gingerbread allows you to long-press on any Web page or text input field to select words and copy them to the system clipboard.NFC support on select devices: allows the user to read an NFC tag embedded in a poster, sticker, advertisement, or in the future may be used for making payments.(Nexus-line)Developer based phones that continue to push the limits of current hardware and also drive new features to be implemented in Android
  • (Android 3.0)Android 3.0 known as Honeycomb first shipped on the XOOM tablet, but has made some much requested improvements over the last few releases.
  • To support native Android 2.2 and above devices, you must be running Microsoft Exchange ActiveSync 2003 Service Pack 2, Microsoft Exchange ActiveSync 2007 or 2010.Android 2.2 and above supports the following Exchange information services:● Adding Exchange user accounts (via an ActiveSync server), and enforcement of mailbox policies● Synchronizing email, using the Email application● Synchronizing calendar events, using the Calendar application● Synchronizing a user’s contacts, using the Contacts application and shared system-wide● Autocompletion of email addresses in Email, from a Global Address List (GAL)If you are running a Microsoft Exchange ActiveSync 2007 or 2010 server, Android 2.2 also supports the automatic discovery of your ActiveSync server using only an email address and password, when adding an account.
  • Android 2.2 supports the Microsoft Exchange ActiveSync mailbox policies described here. When configuring the policy, other options may work as well but these have been certified.Require Password: If you set this ActiveSync mailbox policy, users must secure their phones using a numeric PIN or alphanumeric password (using the PIN or Password option in the Android 2.2 Screen Unlock Security settings). The other ActiveSync mailbox policies have no effect if this policy is not set.Require alphanumeric passwordIf you set this ActiveSync mailbox policy, users must secure their phones using a password that includes both letters and numbers (only the Password option is available in the Android 2.2 Screen Unlock Security settings). If you don’t set this mailbox policy, users may secure their phones with a password or a numeric PIN (both the Password and PIN settings are available).Number of failed attempts allowedThis ActiveSync mailbox policy sets the maximum number of times a user can enter an incorrect password before the phone resets itself to factory defaults (a local wipe). Android 2.2 supports a maximum of 31 failed password attempts for this setting.Minimum password lengthThis ActiveSync mailbox policy sets a minimum number of letters or numbers for an PIN or password. Android 2.2 supports PINs and passwords of up to 16 characters.Screen Timeout: (Time without user input before password must be re-entered)This ActiveSync mailbox policy sets the maximum number of minutes after a user has last touched the screen or pressed a button before the phone locks itself, requiring the user to unlock the phone with a PIN or password. On Android 2.2 phones, this restricts the Screen Timeout setting to a duration less than or equal to the value of the policy you set. Android 2.2 supports a maximum of 30 minutes for this setting.Allow non-provisionable devicesThis ActiveSync mailbox policy controls whether devices that do not support all of your mailbox policies can synchronize information with your Exchange server. If all of your mailbox policies are supported by Android 2.2 (as described in this section), this policy has no effect on Android 2.2 phones. If some of your mailbox policies are not supported by Android 2.2 and you set this policy, users can add Exchange accounts to their phones, synchronize information, and Android 2.2 will enforce those of your policies that it does support. If some of your mailbox policies are not supported by Android 2.2 and you don’t set this policy, users can not add Exchange accounts to their phones and any existing accounts will beprevented from synchronizing information in the future (no existing information is deleted).Remote wipeIf you establish a mailbox policy on your ActiveSync server, you can perform a remote wipe of any Android 2.2 phone that has added an account from your server. A remote wipe performs the same action as a factory data reset (a feature of the Android 2.2 Privacy settings): it erases allof the user’s personal data from internal phone storage, including information about the user’s Exchange accounts, Google Accounts, and any other accounts. It also erases all application settings and any downloaded applications. A remote wipe does not erase any system softwareupdates the user has downloaded or any files on the phone’s SD card, such as music or photos.. For more information about Microsoft Exchange ActiveSync mailbox policies, please visit this link from Microsoft: http://technet.microsoft.com/en-us/library/bb123484(EXCHG.80).aspx ).I will now give a demo on how you would go about setting up Exchange Active Sync Mailbox Policies.
  • Exchange Server 2007 and above allows you to assign mobile device security policies on a per-user or global basis. These policies are called Exchange Active Sync Mailbox Policies.To create an Exchange ActiveSync Mailbox Policy in Exchange 2007, from the Exchange Management Console, navigate to Organization Configuration and then Client Access to view any existing policies that apply to mobile devices in your organization. On the right hand side under Actions, Client Access, Go to New Exchange ActiveSync Mailbox and you will be brought to the next screen.
  • As you can see there are a number of parameters that you can set within the policy. The first thing you have to do is enter a name for the mobile device security policy you’re creating. As a best practice, it is best to enter a name that describes the policy’s purpose.Below the Mailbox Policy Name field are a number of checkboxes that you can use to enable or disable various policy elements. The first checkbox allows you to decide whether or not you want to allow users to use non –provisionable mobile devices. What this means is that the mobile devices security policy that you are creating is not compatible with some older mobile devices.The lower section allows you to require a password, and then set the parameters for that password. For example, you can set the password length and complexity requirements. You can also control the amount of time that a mobile device can be idle before it locks itself and requires the user to re-enter the password for continued use.You do not have to specify all policy settings when you create a new Exchange ActiveSync mailbox policy. Any policy setting that you do not explicitly set will keep its default value. Once you have enabled and disabled the mobile device security policy options to your liking, click the “New” button and the ActiveSync Mailbox Policy will be created. When the creation process completes, click the finish button to close the wizard.
  • The mobile device security policy you just created will now be listed in the Organization Configuration, Client Access container.
  • To assign the mobile device security policy to a mailbox, from the Exchange Management Console navigate through the console tree to Recipient Configuration, Mailbox to view a list of all users in your organization. Right Click on the user whom you want to assign the policy and select properties. Go to the mailbox features tab. This tab is used to enable or to disable Exchange ActiveSync, but also contains a properties button. Select Exchange Active Sync from the list and click the properties button above it to display the Exchange ActiveSync Properties dialog box.
  • Click the browse button and select the policy that you would like to apply. Click OK to complete the process. After the apply of the policy it can take anywhere from 5-10 minutes for the device to receive the policy. Once that occurs an indication will appear on the device stating that a passcode policy has been applies and will not download any data until a new passcode is set.The user is then prompted to enter in a passcode twice for verification and then hit OK. If you want to apply the same policy for everyone, simply make the policy the default policy.
  • To add an Exchange Email Account on your Android device, from the applications list, select “My Accounts”. Select Add Account and from the set up accounts menu select the icon for Corporate Sync.You will need the below information to setup an Exchange Account on your phone:Enter: Domain name\\user nameEnter PasswordUse secure connection should be checked.Enter Email addressEnter Exchange Server AddressTap on Next  to submit settings. Handset will check with server and verify if successful you can then select Done.You will need to review and adjust your exchange settings after set-up to make sure you have the appropriate sync settings to get email.
  • On this screen, make sure your email setting for "sync messages" goes back far enough in time to pull email from your corporate account or it will not show up in the inbox. You will need to review and adjust your exchange settings after set-up to make sure you have the appropriate sync settings to get email in the Email Settings. To do so, Open up the applications list on your device and open up the email application, your default email account will be displayed (which is also adjustable in the email settings menu), press the menu button and select email settings, the email settings menu will then be displayed.
  • You will need to review and adjust your exchange settings after set-up to make sure you have the appropriate sync settings to get email in the Email Settings. To do so, Open up the applications list on your device and open up the email application, your default email account will be displayed (which is also adjustable in the email settings menu), press the menu button and select email settings, the email settings menu will then be displayed. To edit each option, simply tap on the setting and that will bring you into another menu to adjust the settings.
  • Outlook Web Access offers a number of actions for devices using Active Sync, like Removing the Device, Wiping all Data on the Device, Displaying a Recovery Password and Retrieving the log file.Android 2.2 and above supports Remote Wipe, as well as wiping the device locally. This easily allows the user to blow up a device that may have been lost or stolen or allows the IT admin to take action as well. To do this, simply log into OWA, under Options on the left, go down to Mobile Devices. Highlight the device you wish to wipe, for Android some may say the device model, for example “Motorola”, and others will appear as “Android”, then select wipe all data from device from the top. If you are an IT admin, you then have the ability to browse to a particular users mailbox after logging in to take the appropriate action for the specified user.
  • Joe to coverQuotes from article:“MaaS360 is our Clear Choice Winner based on its strong overall performance, particularly its ease of use.”“MaaS360 initially shocked us it was so simple to deploy.”“Everything was easy to set up.”
  • Lastly I wanted to provide an overview of our upcoming webinars. We also have Past Webinars posted and lots of how to content at our MaaSters Center. Here you can find mobile device management best practices, common blackberry solutions and over 300 articles and posts including training videos and free tools.

Transcript

  • 1. Android in the Enterprise: Best Practices By Drew Schmanek© 2010 Fiberlink Communications MORE Webinar Series © 2010 Fiberlink Communications
  • 2. What is all the excitement about? MORE Webinar Series © 2010 Fiberlink Communications 2
  • 3. What is all the excitement about? MORE Webinar Series © 2010 Fiberlink Communications 3
  • 4. What will I learn today?> How to Embrace the Android Opportunity> Security and Best Practices for Android> Android 2.3.X updates (Gingerbread)> Android 3.X updates (Honeycomb)> Microsoft Exchange Support MORE Webinar Series © 2010 Fiberlink Communications 4
  • 5. Embracing the Android Opportunity> 2011 is the year businesses first confronted the mobile device challenge which will only progress the concern in 2012.> Users are bringing their own devices into the enterprise  Androids and iPhones have increased market share, and have surpassed the end user capabilities of the traditional Blackberry and Windows Mobile devices.> Amazingly enough, the business does benefit from this!  Cost savings for companies from employee owned devices with personal voice/data plans.  Studies have shown employees work 10-20% more night and weekend hours. MORE Webinar Series © 2010 Fiberlink Communications 5
  • 6. Security/Best Practices> Have a realistic policy in place for 2012  Support multiple device platforms and allow personal devices> Put in a multi-platform inventory tool, immediately  Many businesses don’t have good data on their mobile devices, or know the total head count of devices  Find unsupported devices and help in troubleshooting> Enforce the basic security precautions  Password  Remote Wipe  Encryption (improved software level encryption in 2.3) MORE Webinar Series © 2010 Fiberlink Communications 6
  • 7. Android 2.3.X Gingerbread> Features and Improvements  Improved Performance • Faster speed • Improved power management • Control over applications  Application Management • New integrated Downloads App  Encryption • Select 2.3.X Motorola Devices now offer support MORE Webinar Series © 2010 Fiberlink Communications 7
  • 8. Android 2.3.X Gingerbread UI Refresh • Color scheme • New keyboard • Improved cut-and-paste NFC [near field communication] support MORE Webinar Series © 2010 Fiberlink Communications 8
  • 9. Android 3.X Honeycomb Android 3.0 • New UI for Android tablets only • Native tabbed browsing, replaces multiple browser windows • Email: new two-pane UI exclusive to Android 3.X Android 3.1 • Support for external peripherals [keyboards and pointing devices] • Wi-Fi lock maintains Wi-Fi connections when device’s screen is off • Support for HTTP proxy for each connected Wi-Fi access point Android 3.2 • Compatibility display mode for apps that have not yet been optimized for tablet screen resolutions • New display support functions that give developers more control over the look and feel on different Android devices. MORE Webinar Series © 2010 Fiberlink Communications 9
  • 10. Microsoft Exchange Support> Requirements  Microsoft Exchange ActiveSync 2003 sp2  Microsoft Exchange ActiveSync 2007  Microsoft Exchange ActiveSync 2010> Supported Features  Adding Exchange user accounts (via an ActiveSync server) and enforcement of mailbox policies  Synchronizing email, calendar events, and contacts  Autocompletion of email addresses in Email  Auto discovery of ActiveSync server (ActiveSync 2007 and up) MORE Webinar Series © 2010 Fiberlink Communications 10
  • 11. Microsoft Exchange Support> Supported Security Policies  Require password  Require alphanumeric password  Number of failed attempts allowed  Minimum password length  Screen Timeout  Allow non-provisionable devices  Remote Wipe  Encryption 3.X and above [native] *for more information about Microsoft Exchange ActiveSync mailbox policies, see http://technet.microsoft.com/en-us/library/bb123484(EXCHG.80).aspx MORE Webinar Series © 2010 Fiberlink Communications 11
  • 12. Exchange ActiveSync Mailbox Policies> Exchange Management Console MORE Webinar Series © 2010 Fiberlink Communications 12
  • 13. Exchange ActiveSync Mailbox Policies MORE Webinar Series © 2010 Fiberlink Communications 13
  • 14. Exchange ActiveSync Mailbox Policies MORE Webinar Series © 2010 Fiberlink Communications 14
  • 15. Exchange ActiveSync Mailbox Policies MORE Webinar Series © 2010 Fiberlink Communications 15
  • 16. Exchange ActiveSync Mailbox Policies MORE Webinar Series © 2010 Fiberlink Communications 16
  • 17. Microsoft Exchange ActiveSync MORE Webinar Series © 2010 Fiberlink Communications 17
  • 18. Microsoft Exchange ActiveSync MORE Webinar Series © 2010 Fiberlink Communications 18
  • 19. Microsoft Exchange ActiveSync MORE Webinar Series © 2010 Fiberlink Communications 19
  • 20. Outlook Web Access for Remote Wipe MORE Webinar Series © 2010 Fiberlink Communications 20
  • 21. Network World MDM Product Test MaaS360 is the Clear Choice Winner “Fiberlink’s MaaS360 is our Clear Choice Winner, based on its strong overall performance, particularly its ease of use. The application initially shocked us, as it was comparatively simple to deploy.” MORE Webinar Series © 2010 Fiberlink Communications
  • 22. Questions or follow-up? Donna Lima Wrap-up dlima@fiberlink.com> Up-coming Webinars (http://maasters.maas360.com/webinars/)  Sept 15: Developing Applications for iPhone and iPad> Past Webinars (http://links.maas360.com/webinars/)  Financial Services: Benchmarking your Smartphone IT Operations  Managing Devices in a Post-Intel World  Enabling iPhones and iPads in the Enterprise> Plus lots of How-To content at the MaaSters Center  Mobile Device Management Best Practices • http://links.maas360.com/mdm/  Mobile Device Management Strategy Series from Lopez Research • http://links.maas360.com/mdmstrategy/  Mobile Device Management Glossary • http://links.maas360.com/mdmglossary/  Over 300 articles and posts including training videos and free tools • http://maasters.maas360.com/ MORE Webinar Series © 2010 Fiberlink Communications 22