Microsoft just announced preview support for Corporate Owned Fully Managed Android Enterprise devices. What does this mean for the administrator of these devices? Well the landscape has been changing a lot lately in the device management space. So before going on to the new stuff let’s review the classic scenarios
COBO – Corporate Owned Business Only – In this scenario, the enterprise buys the device and issues it to an employee. The device is intended for business use only and there is no/minimal personal use or data on the device. In this scenario the device can be wiped at the discretion of the owner (the enterprise). This scenario commonly has a small number of standard devices to ease procurement and management.
BYOD – Bring Your Own Device – In this scenario employees supply their own device and connect to corporate services with it. If the device is managed there is usually some segregation or containerization of personal and corporate data and apps. If the employee changes devices or leave the organization, the enterprise typically only wipes the corporate portion of the device leaving personal apps and data intact as the device is personally owned. It can be difficult to manage BYOD as there is minimal control over the types of devices employees may use.
CYOD – Chose Your Own Device – This scenario is very similar to BYOD with the exception of a set list of supported devices is provided by the employer and the employee must chose from that list. Often there is a small allowance allocated to help offset the cost to the employee to offset the increased cost associated with the loss of choice. This typically has an element of standardization associated with it by design.
COPE – Corporate Owned Personally Enabled – This scenario has the employer purchasing and owning device with the employee having the ability to use personal apps and data. This typically requires some segregation between corporate and personal apps and data. In this scenario the ability to wipe the device may or not differentiate between personal and corporate apps and data depending on the corporate policies.
Until recently, the most common secured Android platform was Samsung Knox which leveraged available Android APIs to create a secured container and additional management policies and restrictions. This eased the administration scenarios that required some form of corporate and personal segregation. In many cases MDM vendors created their own container models to provide similar experiences on non-Knox devices.
Android Enterprise changes the landscape once again by providing much of the functionality of Knox across devices from dozens of Android vendors. There is an ever growing list of Android Enterprise Recommended devices. Notice that Samsung is on the list as well. It’s not clear to me at this time what the future of Samsung Knox is however in my most recent testing of Android Enterprise controls I found that they were at best a subset of the controls available in Knox. This is a rapidly changing landscape and I expect parity or near parity very quickly as hardware vendors expose more to the Android Enterprise APIs.
So to circle back to the Microsoft announcement – In short it means that Intune now supports the Android Enterprise version of COBO.
By Colin Smith
Colin Smith is the Manager of the Microsoft Solutions Practice at Cistel Technology Inc. , a Microsoft Gold Partner headquartered in Ottawa, Canada. Colin is a frequent author and presenter. He is also a dual Microsoft MVP. He is an MVP for Enterprise Mobility (formerly System Center Configuration Manager) who has been working with the product since SMS version 1.0. He is also a MVP for Windows and Devices for IT. In 2017 he was awarded the Windows Insider MVP designation as well. He has over 25 years of experience deploying Microsoft-based solutions for the private and public sector with a focus on mobile, desktop, cloud and data center management.