Android Enterprise as default for Citrix Endpoint Management service (CEM)
Citrix is preparing for upcoming changes to Android Enterprise. Google is deprecating its device administrator mode for managing Android devices. Starting with Android 10, some deprecated device administrator APIs may result in a security exception when invoked, and Google is recommending that customers using device administrator mode migrate to Android Enterprise.
To support this transition and strengthen security, Citrix is encouraging customers to transition to Android Enterprise. In upcoming release of Citrix Endpoint Management (CEM), Citrix will detect if Android Enterprise is already configured. If detected, CEM will make Android Enterprise the default enrollment mode of all Android devices, newly enrolled or re-enrolled.
What Does This Mean?
Once this CEM feature is available, the enrollment mode of Android devices can be controlled using enrollment profiles, giving you the option to continue using the device administrator until you are ready to migrate to Android Enterprise. By default, an Android device enrollment profile will have the Fully managed/Work profile selected.
If you want to manage devices in device administrator mode, you will select the Legacy (device administrator) option.
To learn more, please take a moment to read our detailed blog post and review our frequently asked questions on this new feature.
Frequently Asked Questions
What’s happening with Android Enterprise as Default in the upcoming release?
You’ll now have the option to set up new and existing enrollment profiles with the Legacy (device administrator) or Fully Managed/Work Profile enrollment types. Please note, this will not take into effect until a future release of CEM is deployed to CEM service customers.
Customers with Android Enterprise configured and existing devices enrolled in Legacy (device administrator) mode should take this time to modify existing or create new enrollment profiles to prepare for the enforcement of this feature.
Setting the enrollment profile as Legacy (device administrator) enrollment type and assigning it to the appropriate delivery group will have NO impact on the current setup or enrollment process.
Please note, in an upcoming release, the CEM UI will be updated to indicate Legacy (device administrator). This will emphasize that device administrator is indeed a legacy platform and administrators should start to migrate to Android Enterprise.
What happens once the feature “Android Enterprise as Default” is enforced?
All devices associated to enrollment profiles configured with Legacy (device administrator) will enroll into device administrator.
All devices associated to enrollment profiles configured with Fully Managed/Work Profile will enroll into Android Enterprise.
What happens if I am in the process of migrating to Android Enterprise but I still have some devices managed under device administrator mode? How should I set up CEM to manage my Android devices?
CEM will support enrollment profiles for both device administrator and Android Enterprise.
Administrators must configure their enrollment profiles and delivery group associations accordingly to each enrollment type and continue to migrate to Android Enterprise.
Will I have to make any changes if I have an on-premises environment of CEM?
No, this only affects customers with the CEM service.
When should I expect the CEM service to be updated with this change?
Citrix is working to have this change available within the cloud service in the next few weeks.