Showing results for 
Search instead for 
Did you mean: 
Level 9

McAfee EMM using Google C2DM - Handling google accounts

McAfee EMM uses Googles C2DM service for push functionality out to the device. 

In order for Googles C2DM service to function Google require a registered Google account on the device, this equals that a Google account is required on the device in order for McAfee EMM to work.

Some competitive MDM products have there own push functionality (e.g. Microsoft Exchange and DME) which gives the advantage of using their MDM solution without requiring a Google account (unless the user wants to use its private account).

How does your company manage Google accounts?

Users just create a private account and downloads the app? How do you do if they refuse?

How do you deploy EMM?

Can all users without/contradicts a private account share one Google account? I have tried Google Apps without luck.

I find in unreasonable for a company demanding there users to create a private Google account in order of securing a corporate device.

0 Kudos
1 Reply
Level 12

Re: McAfee EMM using Google C2DM - Handling google accounts

I’m not sure about DME but I would assume that it is the same as exchange in that it only uses the ActiveSync management capabilities rather than the built in C2DM (Android) and Apple MDM (iOS) which provide extended and customized capabilities that continue to become more relevant with every update of the OSs and the MDM solutions. I believe that EMM can be configured to use just ActiveSync if you prefer but don't hold me to that.

The thing is that in exchanges implementation of ActiveSync policy enforcement the controls are very limited. I believe that you can only enforce a password and wipe an entire device. Also ActiveSync policies are supported to a different extent on each device and each vendor so If you're using an MDM solution that depends on ActiveSync for policy enforcement then some functions of your policy may not be enforced on all devices.

Conversely the reason for using C2DM and Apple MDM for policy enforcement is that they are completely supported at the OS level, they provide expanded and customized policies over ActiveSync such as the ability to block cloud services or manipulate apps, etc.

We use iOS exclusively at this point but we have the same issue so:

1) I encourage people to open a personal account since it is likely that they will need it in the future anyway. If they don't want a personal account then we create one using their work email.

2) Yes users have private accounts. We chose not to do corporate accounts do to the liability, cost, and personal nature of the accounts. If they refuse they can have a non-smart phone or a blackberry (since EMM supports those as well).

3) Advanced Security deployment (dual server). Chose this to keep a firewall between the web server which has no important data and the hub server which communicates with sql and DCs etc.

4) Not completely sure I understand the question but you should be able to share one account between at least a number of devices, for apple it's 10. But then they will also be sharing costs if they want to buy apps and sharing Gmail, Google voice, apps accounts which may be automatically synced when you link the account to the device.

"I find in unreasonable for a company demanding there users to create a private Google account in order of securing a corporate device." I agree, and believe that they should offer a more basic solution if you only need MDM and have no interest in the Google account. Unfortunately that's not the way it is and it's likely not going to change any time soon. You will find less MDM solutions that don't require the use of C2DM and Apple MDM for enforcement over time but just know that these solutions will ultimately provide a better experience and better security so while things may be a little basic and hard to justify at this point, with time they will improve and the benefits will surely out way any concerns.

0 Kudos