Enhanced employee and device protection with Android 15 for business
15th October, 2024 Flexibility and productivity go hand-in-hand in the era of modern work. But so can security risks. Designed for the modern workplace, Android 15 introduces new ways to protect company devices and shield sensitive data - for both employees and companies - wherever the working day leads. Here’s how Android 15 can strengthen digital defenses. Secure stolen devices with Android theft protection Too often the cost of theft extends beyond hardware. That’s why Android theft protection* focuses on locking down your device should it fall into the wrong hands, helping minimize the impact of stolen devices. Theft Detection Lock offers automatic protection the moment a device is stolen. It uses machine learning to detect any motion associated with theft, like snatching or driving away, and quickly locks the device to protect device data. Offline Device Lock is enabled once a device is stolen. If a stolen device is disconnected for a set period of time, the device screen automatically locks to prevent unauthorized access, even when off-grid. Remote Lock empowers employees to act quickly once their devices are gone. As an extra, immediate precaution when a device is lost or stolen, employees can lock the missing device at android.com/lock using just their phone number. *Theft Detection Lock, Offline Device Lock, and Remote Lock requires Android 10+ and an internet connection. Android Go devices are not supported. Support may vary based on your device model. The user must be using the phone while it is unlocked. All theft protection features will be available in October. Offer employees a private space within their personal profile Personally enabled devices balance convenience and usability, with enhanced controls to protect business data. Now, employees are able to create a private space* for personal profile data - a folder locked with a separate password or biometrics - to store apps containing sensitive information, like banking or healthcare. Employees can work with peace of mind, knowing that personal apps and activities are hidden and secure when working on the go or when sharing the screen with co-workers. *Private space on COPE devices are subject to the same security requirements as the personal profile. Admins will be able to block the user from having a Private Space and remove an existing Private Space in COPE. Review security logs easily with the latest NIAP logging requirements Android 15 is enhancing device security with new logging capabilities that meet the latest NIAP regulations. Administrative changes are logged and stored in the SecurityLog - and data backup events are migrated from Logcat to the SecurityLog for easier upload and streamlined management. Now IT teams can more easily identify and address potential security threats. Read Stronger management of company-owned devices with Android 15 next. Learn more about what’s new in our Help Center FAQ. Register for the community to access and download these images and an Android 15 slide deck. Enjoyed this introduction? Feel free to drop a kudos and join the discussion below - we’d love to know how these new features might impact your business strategy.[Product Update] Lock and locate Corporate devices with Lost Mode
Lock lost corporate devices and get real-time location updates to recover them. Android Enterprise admins, have you discovered Lost Mode? It’s a new management feature designed to safeguard your organisation's data and recover misplaced devices. No more frantic "phone-finding" missions or compromised sensitive information - Lost Mode empowers you to take control in challenging situations. Lost Mode empowers device management through: Remote lock down: Instantly lock lost or stolen devices. Gone are the days of helplessly hoping lost devices remain untouched; Lost Mode helps prevent unauthorised access beyond incoming and emergency calls, securing your data, and peace of mind. If the need arises, enrolled devices can also be remotely wiped. Real-time location tracking: Track the location of a lost device in real-time. Whether nestled under a colleague's desk or left in a taxi, Lost Mode can remotely pinpoint a device's whereabouts for hassle-free recovery. Lock screen message: Communicate company contact information directly on the lock screen. If found by a passerby, the pre-set company message will tell them where to return it. Or they’ll have the option to ‘Call owner’ on your chosen contact number with a press of a button, making good deeds a breeze. Audible locator: Turn your device into a beacon. When Lost Mode is activated, the device begins to ring on full volume, guiding you, or a helpful passerby, towards its hidden location. It’s a step up from breadcrumbs or wasting time aimlessly retracing your steps - follow the audible trail and reclaim your missing tech. How does it work? IT admins can easily put a device into Lost Mode from their EMM console. Once the missing device is found, and is back in the right hands, employees can simply exit lost mode with their device passcode and resume business as usual. Or, IT Admins can exit Lost Mode from their EMM console. Beyond immediate recovery, having this security measure in place enables quick action, minimising the risk of data breaches, improving employee peace of mind and eliminating wasted time searching for misplaced devices. Next steps Lost Mode is exclusive to EMMs that use Android Management API, and is currently available for both Work Profile on company-owned devices running Android 13 or later, and fully managed devices on Android 11 or later. To check if this feature has been made available in their console, please contact your EMM. For a step by step on how to enable Lost Mode on company-owned devices, check out this article in the Help Center. Otherwise it would be great to hear from you, have you or do you plan to implement Lost Mode into your device strategy? Which feature do you think will be most useful?Read this year's 2024 Android Security Paper
Hey Friends, this year's new 2024 Android Security paper is now available, take a look! In today’s modern world, we use mobile devices everywhere – at home, on the go, and at the office. So, protecting them against cyber threats has never been more important. Mobile devices are attractive targets for bad actors to steal or compromise to gain access to personal and business data. 83% of all phishing sites specifically target mobile devices and render in mobile browsers differently than desktop browsers. With that in mind, I’m happy to announce the updated Android Security Paper. Here, we detail our latest security measures to help protect your fleet of devices. By combining Zero Trust principles, enhanced privacy features, and advanced security capabilities, Android continues to set the standard for a secure, privacy preserving, and user-friendly mobile platform across use cases. What's new in Android 15 Android 15 brings more robust anti-theft protection capabilities, Private space to help protect users personal apps, and more dynamic audit logging. Additionally, we have introduced a simplified eSIM management feature, artificial intelligence management capabilities for IT admins, and a host of privacy preserving features. Plus, you’ll discover improvements to make customer sign-up and account governance easier and more secure. Finally, we have hardened the OS by enhancing memory safety to help minimize vulnerabilities. Enjoy! 2024 Android Security Paper[Product Update] Signup and Device Enrollment: New Features and upcoming plans
Hello everyone, As we kickstart a new year, we are pleased to update you on enhancements we’ve made in the areas of signup and device enrollment and give you an advanced look at some features we’ll be adding in the near future. Background We’ve heard from many customers that they prefer being able to administer Android management capabilities (e.g signing up for Android Enterprise, logging into the Managed Play store, etc.) using their corporate email address rather than a gmail address. This provides increased security, along with better administrative capabilities including self-service fixes for lost account credentials and changing access when team members change. We’ve also heard that for knowledge worker devices, customers prefer being able to log in to their devices with their work email, and being able to have the convenience of shared experiences across their phone and desktop. (More details can be found in this Android Enterprise blog post) To improve the experience for both IT admins and end users, we’ve been working on changes in signup and enrollment that emphasize the use of work email accounts, and minimize Managed Google Play accounts except for dedicated devices that don't have logged in users. Here is an update on our recent announcements as well as our plans for the next few quarters: 1) Improved signup Flow (Launched and rolled out to all EMMs) In Q2 2024, we announced a new signup flow that encourages all new customer IT admins to sign up with their corporate email rather than a gmail account. We also made it possible to bind multiple EMM instances to a customer’s domain to allow for using multiple EMMs simultaneously in testing and in production. As of July 2024, all of our EMM partners have adopted this new flow so new customer signups should use managed Google Domains by default. 2) New Android Enterprise enrollment flow In early Q3 2024 for EMM partners with solutions based on Android Management API, we added the ability to enable “Authenticate using Google” which allows managed Google Accounts with work email addresses to be enrolled for end users. In addition, we added a new enrollment method, which is the ability to trigger enrollment by adding managed Google accounts directly from the Settings>Accounts section in Android OS. Enabling “Authenticate using Google” requires our EMM partners to make some changes to allow userless dedicated devices to enroll without being prompted to add a work account, but all AMAPI partners should be working to adopt these changes and all EMMs will be enabled by Q1 2025. For EMM Partners that build custom solutions based on Play EMM API, similar new enrollment capabilities will be available to begin development starting in Q1 2025. 3) Upgrade Managed Google Play Enterprises to Managed Google Domains (Q1 2025) Next, following up on our new signup flow from earlier in the year, we are making it possible for ALL organizations to upgrade their Managed Google Play accounts enterprises, and have their binding moved to their managed Google domain. This will involve switching out the gmail addresses used by IT admins for currently bound enterprises and replacing them with work email addresses associated with a managed Google domain. 4) Upgrading users to Managed Google accounts (later 2025) Finally, later in 2025, we’re going to be offering the capability to upgrade end user Managed Google Play accounts installed on devices to managed Google accounts corresponding to user email addresses. Stay tuned for more details in the coming quarters. We extend our thanks to the AE community for your continued support and collaboration. As we continue to enhance the signup and device enrollment experience, we encourage you to stay tuned for more updates and exciting developments in the coming quarters. Plus, feel free to let us know below if you are interested in hearing more about any of the above. The Android Enterprise Team
