Mit Google Admin können Sie Ihr Google Cloud-Konto auch unterwegs verwalten. Sie können Nutzer und Gruppen hinzufügen und verwalten, den Support kontaktieren und sich Prüfprotokolle für Ihre Organisation ansehen. Show WER KANN GOOGLE ADMIN NUTZEN? – Diese App ist nur für Administratoren von Google Cloud-Produkten gedacht, darunter G Suite Basic, G Suite Business, G Suite for Education, G Suite for Government, Google Coordinate und Chromebooks. Folgende Funktionen stehen zur Verfügung: Hinweis zu Berechtigungen Device admin deprecation. Starting with Android 9 (API level 28), some admin policies will be marked as deprecated when invoked by a device admin. We recommend you start to prepare now for this change. To learn more and see the migration options, read Device admin deprecation. Android includes support for enterprise apps by offering the Android Device Administration API. The Device Administration API provides device administration features at the system level. These APIs allow you to create security-aware apps that are useful in enterprise settings, in which IT professionals require rich control over employee devices. For example, the built-in Android Email app has leveraged these APIs to improve Exchange support. Through the Email app, Exchange administrators can enforce password policies — including alphanumeric passwords or numeric PINs — across devices. Administrators can also remotely wipe (that is, restore factory defaults on) lost or stolen handsets. Exchange users can sync their email and calendar data. This document is intended for developers who want to develop enterprise solutions for Android-powered devices. It discusses the various features provided by the Device Administration API to provide stronger security for employee devices that are powered by Android. Note For information on building a Work Policy Controller for Android for Work deployments, see Build a Device Policy Controller. Device administration API overviewHere are examples of the types of apps that might use the Device Administration API:
How does it work?You use the Device Administration API to write device admin apps that users install on their devices. The device admin app enforces the desired policies. Here's how it works:
If users do not enable the device admin app, it remains on the device, but in an inactive state. Users will not be subject to its policies, and they will conversely not get any of the app's benefits—for example, they may not be able to sync data. If a user fails to comply with the policies (for example, if a user sets a password that violates the guidelines), it is up to the app to decide how to handle this. However, typically this will result in the user not being able to sync data. If a device attempts to connect to a server that requires policies not supported in the Device Administration API, the connection will not be allowed. The Device Administration API does not currently allow partial provisioning. In other words, if a device (for example, a legacy device) does not support all of the stated policies, there is no way to allow the device to connect. If a device contains multiple enabled admin apps, the strictest policy is enforced. There is no way to target a particular admin app. To uninstall an existing device admin app, users need to first unregister the app as an administrator. PoliciesIn an enterprise setting, it's often the case that employee devices must adhere to a strict set of policies that govern the use of the device. The Device Administration API supports the policies listed in Table 1. Note that the Device Administration API currently only supports passwords for screen lock: Table 1. Policies supported by the Device Administration API.
Other featuresIn addition to supporting the policies listed in the above table, the Device Administration API lets you do the following:
Sample appThe examples used in this document are based on the
Device Administration API sample, which is included in the SDK samples (available through the Android SDK Manager) and located on your system as The sample app offers a demo of device admin features. It presents users with a user interface that lets them enable the device admin app. Once they've enabled the app, they can use the buttons in the user interface to do the following:
Figure 1. Screenshot of the sample app Developing a device administration appSystem administrators can use the Device Administration API to write an app that enforces remote/local device security policy enforcement. This section summarizes the steps involved in creating a device administration app. Creating the manifestTo use the Device Administration API, the app's manifest must include the following:
Here is an excerpt from the Device Administration sample manifest: <activity android:name=".app.DeviceAdminSample" android:label="@string/activity_sample_device_admin"> <intent-filter> <action android:name="android.intent.action.MAIN" /> <category android:name="android.intent.category.SAMPLE_CODE" /> </intent-filter> </activity> <receiver android:name=".app.DeviceAdminSample$DeviceAdminSampleReceiver" android:label="@string/sample_device_admin" android:description="@string/sample_device_admin_description" android:permission="android.permission.BIND_DEVICE_ADMIN"> <meta-data android:name="android.app.device_admin" android:resource="@xml/device_admin_sample" /> <intent-filter> <action android:name="android.app.action.DEVICE_ADMIN_ENABLED" /> </intent-filter> </receiver> Note that:
<device-admin xmlns:android="http://schemas.android.com/apk/res/android"> <uses-policies> <limit-password /> <watch-login /> <reset-password /> <force-lock /> <wipe-data /> <expire-password /> <encrypted-storage /> <disable-camera /> </uses-policies> </device-admin> When designing your device administration app, you don't need to include all of the policies, just the ones that are relevant for your app. For more discussion of the manifest file, see the Android Developers Guide. Implementing the codeThe Device Administration API includes the following classes: DeviceAdminReceiver Base class for
implementing a device administration component. This class provides a convenience for interpreting the raw intent actions that are sent by the system. Your Device Administration app must include a DeviceAdminReceiver subclass.DevicePolicyManager A class for managing policies enforced on a device. Most clients of this class must have published a DeviceAdminReceiver that the user has currently enabled. The DevicePolicyManager manages policies for one or more DeviceAdminReceiver instancesDeviceAdminInfo This class is used to
specify metadata for a device administrator component.These classes provide the foundation for a fully functional device administration app. The rest of this section describes how you use the Subclassing DeviceAdminReceiverTo create a device admin app, you must subclass In its
Enabling the appOne of the major events a device admin app has to handle is the user enabling the app. The user must explicitly enable the app for the policies to be enforced. If the user chooses not to enable the app it will still be present on the device, but its policies will not be enforced, and the user will not get any of the app's benefits. The process of enabling the app begins when the user performs an action that triggers the When the user clicks the Enable Admin checkbox, the display changes to prompt the user to activate the device admin app, as shown in figure 2. Figure 2. Sample app: activating the app Below is the code that gets executed when the user clicks the Enable Admin checkbox. This has the effect of triggering the
The line When the app needs to perform an operation that is contingent on the device admin app being enabled, it confirms that the app is active. To do this it uses the
Managing policies
You get a handle to the
This section describes
how to use
Set password policies
Set a password for the deviceThis code displays a user interface prompting the user to set a password:
Set the password qualityThe password quality can be one of the following PASSWORD_QUALITY_ALPHABETIC The user must enter a password containing at least alphabetic (or other symbol) characters.PASSWORD_QUALITY_ALPHANUMERIC The user must enter a password containing at least both numeric and alphabetic (or other
symbol) characters.PASSWORD_QUALITY_NUMERIC The user must enter a password containing at least numeric characters.PASSWORD_QUALITY_COMPLEX The user must have entered a password containing at least a letter, a numerical digit and a special symbol.PASSWORD_QUALITY_SOMETHING The policy requires some kind of password, but doesn't care what it is.PASSWORD_QUALITY_UNSPECIFIED The policy has no requirements for the password. For example, this is how you would set the password policy to require an alphanumeric password:
Set password content requirementsBeginning with Android 3.0, the
For example, this snippet states that the password must have at least 2 uppercase letters:
Set the minimum password lengthYou can specify that a password must be at least the specified minimum length. For example:
Set maximum failed password attemptsYou can set the maximum number of allowed failed password attempts before the device is wiped (that is, reset to factory settings). For example:
Set password expiration timeoutBeginning with Android 3.0, you can use the
Restrict password based on historyBeginning with Android 3.0, you can use the For example, this snippet prohibits users from reusing any of their last 5 passwords:
Set device lockYou can set the maximum period of user inactivity that can occur before the device locks. For example:
You can also programmatically tell the device to lock immediately:
Perform data wipeYou can use the You wipe data as follows:
The Disable cameraBeginning with Android 4.0, you can disable the camera. Note that this doesn't have to be a permanent disabling. The camera can be enabled/disabled dynamically based on context, time, and so on. You control whether the camera is disabled by using the
Storage encryptionBeginning with Android 3.0, you can use the For example:
See the Device Administration API sample for a complete example of how to enable storage encryption. Additional code samplesThe Android AppRestrictionEnforcer and DeviceOwner samples further demonstrate the use of the APIs covered on this page. Wo finde ich App Administrator?Wie aktiviere oder deaktiviere ich eine Geräte Administrator App?. Gehen Sie zu Einstellungen.. Gehen Sie auf eine der folgenden Weisen vor: Tippen Sie auf Sicherheit und Standort > Geräte Admin-Apps. ... . Tippen Sie auf eine Geräteadministrator-App.. Wählen Sie, ob die App aktiviert oder deaktiviert werden soll.. Was ist ein Administrator auf dem Handy?Als Administrator einer Organisation können Sie mit der Google Admin App wichtige Verwaltungsaufgaben über Ihr Android-Smartphone oder -Tablet ausführen. Zur Durchführung dieser Schritte ist die Berechtigung "Nutzerverwaltung" erforderlich.
Was ist mein Administrator?Eine Person aus Ihrer IT-Abteilung oder vom Helpdesk (in einem Unternehmen oder einer Bildungseinrichtung) Die Person, die Ihren E-Mail-Dienst oder Ihre Website verwaltet (in einem kleinen Unternehmen oder Club)
|