I can respond to one part of your post, based on some painful experiences: It really is a best practice to enroll devices using Android for work/Android Enterprise immediately.
Google is actively depracating api's in addition to functionality tied to the old "Device Administrator" and you are only postponing the inevitable by delaying the use of Android Enterprise.
We have a number of customers who did not do this. Many have definitive requirements for the "Device Owner" Profile functionality delivered in MaaS and had to fully factory reset devices deployed in the field. Not pretty. Others chose to deploy using "Work Profile" to avoid the dreaded wipe requirement but had to give up certain security requirements as a result. Better to have newly deployed devices enrolled using AE out of the box than have to deal with this later, as well.
Our experience is such also, that because the original testing of AE was done on GOOGLE Pixels using a clean Android 10 o/s, other challenges arise as you attempt to manage other Android Vendor devices. Samsung is consistent however because the o/s i s open source to all, every Android vendor's tweaks to the o/s cause inconsistencies in functionality. MDM's make all best efforts to accommodate but it is a moving target. We advise our customers to standardize on Samsung to minimize the pain.
Bottom line, don't wait. Google is trying to replicate Apple's long standing method of delivering a consistent security/enrollment process with the o/s with the goal of leveling the field for all Android Device Vendors, but have a long way to go still.
------------------------------
Mitch Lauer
ConnecTel Wireless
Pittsburgh, PA
412-339-5765
mlauer@ConnecTelWireless.com------------------------------
Original Message:
Sent: Tue May 26, 2020 07:51 AM
From: Arne Halsteinslid
Subject: Is moving to Android Enterprise reqd for Samsung Device Administrator managed devices?
Hi!
We are currently managing iPhones and Samsung devices with MaaS360, more or less just enforcing the use of a passcode and setting up access to corporate mail through ActiveSync.
Android Enterprise is currently not configured, and if I check 'Container Type' of actively managed Samsung devices it says 'Samsung Device Administrator'. On the other hand, inactive devices and devices in 'Pending Control Removal' state show up with 'Container Type' equal 'Device Administrator'.
Customer is planning on enrolling new Samsung devices, and a few of the Samsung devices are already version 10.
Is moving to Android Enterprise required in order to manage this customer's Samsung devices?
What if customer wants to implement MaaS360 Secure Mail and Secure Browser, will that be supported or will you have to move to Android Enterprise for that type of functionality?
------------------------------
Arne Halsteinslid
------------------------------