Device Admin Deprecation: Transition from Device Admin to Device Owner.
Introduction
Google has announced that the Device Admin (DA) Device Management method will be deprecated in Android 10 and removed entirely in Android 11. Check this blog from Google.
Why has DA been deprecated?
In 2010 DA was introduced in Android 2.2. It was intended as a local administration tool. However, it has been used in companies as an enterprise administration tool. However, the Device Admin method had several disadvantages:
- App distribution. No integration with the Google Play Store.
- Obsolete Security model. Not possible to separate work- and personal data.
- Not thought of as an enterprise administration concept. No advanced management.
What does this mean?
From Android 10, it will ONLY be possible to provision (enroll) a device as Device Owner (DO) or Profile Owner (PO).
Devices currently enrolled as Device Admin
- Upgrading from Android 9 to Android 10. This should still work – but some features will not work. This is NOT recommended.
- Upgrading from Android 10 to Android 11 will NOT WORK.
What is new in Device Owner?
The Device Owner concept was introduced in Android 7 in 2016 and is an enterprise administration concept.
With Device Owner you can use Android Enterprise features like:
- Android Zero Touch. It’s a Portal like Samsung KNOX but for all Android 8 and newer devices.
- Managed Google Play Store for your organization. Distribution of public and private apps.
- Advanced security model designed for enterprise administration.
What must I do?
Due to the deprecation of Device Admin, all devices currently enrolled as Device Admin will have to be reenrolled as Device Owner. This means that the device must be factory reset and enrolled again either from the Samsung KNOX Portal or with the CapaInstaller Configurator App.
If you use the Samsung KNOX Portal
Device Owner provisioning requires a factory reset device. The device must be enrolled in the Samsung KNOX portal and has an MDM profile assigned.
Follow the below steps in this guide on the CapaInstaller Wiki:
- Create an MDM Profile – Device Owner.
- Enrollment of Samsung KNOX device for Device Owner. (NB! The device must be factory reset).
If you use CapaInstaller Configurator App
The CapaInstaller Configurator App must be installed on a similar device.
By Tue Hansen, Technical Support Engineer