Stay organized with collections
Save and categorize content based on your preferences.
Android Enterprise is a Google-led initiative to enable the use of Android
devices and apps in the workplace. The program offers APIs and other tools for
developers to integrate support for Android into their enterprise mobility
management (EMM) solutions. This site provides developers with an overview of
the program and the background information required to start building an Android
Enterprise solution.
Android devices: management use cases
This section describes the management options available in Android to support
managed deployments. You can use Android Enterprise's tools and services to
support any or all of the following options in your EMM solution.
Work profile for employee-owned devices (BYOD)
Figure 1. Personally-owned device with a work profile.
BYOD devices can be set up with a work profile—a feature
built into Android 5.1+ that allows work apps and data to be stored in a
separate, self-contained space within a device. An employee can continue to use
their device as normal; all their personal apps and data remain on the device's
primary profile.
An employee's organization has full management control of the apps, data, and
settings in their device's work profile, but has no visibility or access to the
device's personal profile. This distinct separation gives organizations control
over corporate data and security without compromising employee privacy.
Work profile for mixed-used company-owned devices
Figure 2. Company-owned device with a work profile
Work profiles can also be used to enable mixed work and personal use on
company-owned devices. Like with a personally-owned device, organizations have
full management control of the apps, data, and settings in a work profile.
With a device that's company-owned, organizations can also enforce many
device-wide policies (e.g configure Wi-Fi settings, block USB file transfers)
and restrictions that apply to a device's personal profile (e.g. disallow
certain apps).
These additional management capabilities allow organizations to keep
company-owned devices compliant with IT policies while maintaining employee
privacy—the personal profile of a company-owned device, including its apps,
data, and usage, aren't visible or accessible to organizations.
Full management for work-only company-owned devices
Figure 3. Fully managed device.
Fully managed deployments are for company-owned devices
intended exclusively for work purposes. With a fully managed Android 5.0+
device, organizations can enforce
Android's full range of management policies, including device-level policies that are
unavailable to work profiles.
Full management for dedicated devices
Figure 4. Left: Example employee-facing
scenarios. Right: Example customer-facing scenarios.
Dedicated devices (formerly called corporate-owned
single-use, or COSU) are a subset of fully managed devices that serve a
specific purpose. Android comes with a broad set of management features that
allow organizations to configure devices for everything from employee-facing
factory and industrial environments, to customer-facing signage and kiosk
purposes.
Dedicated devices are typically locked to a single app or set of apps.
Android 6.0+ offers granular control over a device's lock screen, status bar,
keyboard, and other key features, to prevent users from enabling other apps or
performing other actions on dedicated devices.
Integrate Android into your EMM solution
An Android Enterprise solution is a combination of three components: your EMM
console, Android Device Policy,
and managed Google Play.
EMM console
EMM solutions typically take the form of an EMM console—a web application you
develop that allows IT admins to manage their organization, devices, and apps.
To support these functions for Android, you integrate your console with the APIs
and UI components provided by Android Enterprise.
Android Device Policy
All Android devices that an organization manages through your EMM console must
install Android Device Policy
during setup. Android Device Policy is an app supplied by Android that
automatically applies the management policies set in your EMM console to devices.
Managed Google Play
Figure 5. Managed Google Play.
Managed Google Play facilitates app management capabilities for Android
Enterprise solutions. It combines the familiar user experience and app store
features of Google Play with a set of management capabilities designed
specifically for organizations.
Managed Google Play can be embedded into your EMM console to provide
IT admins with features such as:
Public app search
Private app publishing
Web app publishing
App organization
On managed devices, managed Google Play is the organization's app store.
The interface is similar to Google Play—users can browse apps, view app details,
and install them. Unlike the public version of Google Play, users can only
install apps from managed Google Play that their organization approves for them.
Android EMM lifecycle features
This section provides an overview of the major features you can integrate into
your EMM solution.
Onboard new organizations
Android Enterprise provides APIs and an online setup flow for you to onboard new
organizations. When an organization completes the onboarding process, you create
an Enterprise resource for it.
There are two types of enterprise bindings:
managed Google Play Accounts enterprises and managed Google domains.
Managed Google Play Accounts enterprise
This is a legacy enterprise binding type, used for organizations that
signed-up before 2024. Organizations may be assigned a managed Google Play
Accounts enterprise binding when they sign up now, to support certain unusual
situations.
With this type of enterprise binding, you may only provision managed Google
Play Accounts for devices and end users. Managed Google Play Accounts provide
access to managed Google Play, allowing users to install and use work apps selected by IT
admins. If the organization uses a 3rd-party identity service, you can link
managed Google Play Accounts with the organization's existing identity
accounts.
Managed Google Play Accounts have limited use, solely for managing apps with
the Google Play Store. These accounts can't be used with any other Google or
third-party services. Devices that only have a managed Google Play Account
won't be able to use
cross-device features.
Managed Google domain
With this type of enterprise binding, you can provision devices using either
managed Google Accounts or managed Google Play Accounts. In addition to managing
Android devices, the IT admin can use the managed Google domain to manage other
devices such as ChromeOS devices, and enable other Google services.
Provisioning is the process of setting up an Android device for management. It
typically involves transferring setup details (for example, corporate WiFi
credentials) to the device and installing Android Device Policy. For a full list
of provisioning methods, see the Feature list.
Manage devices
After a device or work profile is provisioned, it's ready to be managed. Through
the Android Management API, Android supports over 80 device and app management
policies. Android Device Policy, the management app
installed during provisioning, applies policies set in the API to devices:
When a device or work profile is provisioned, Android Management API assigns
it a unique device ID.
IT admins use an EMM console integrated with Android Management API to
configure device and app management policies.
IT admins assign these policies to specific devices or work profiles (i.e.
specific device IDs).
Android Management API sends the policies to the specified device IDs.
On each device or work profile, Android Device Policy enforces the policies
it receives from Android Management API.
Android Management API and Android Device Policy handle steps 4 and 5
automatically, meaning there's no development effort required to communicate
policy settings to devices.
Manage apps
With the managed Google Play iframe,
you can support app discovery, private app publishing, web app publishing, and
app organization into your EMM console with minimal integration effort.
Android Management API handles app distribution through the policy-based
approach described in the Manage devices. The API supports
two primary methods of app distribution: adding an app to a device's managed
Play store app or remotely push installing an app to a device.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-05-07 UTC."],[[["\u003cp\u003eAndroid Enterprise empowers businesses to utilize Android devices and apps securely in the workplace through work profiles and fully managed deployments.\u003c/p\u003e\n"],["\u003cp\u003eIt offers a comprehensive suite of tools and APIs for developers to integrate Android management capabilities into their Enterprise Mobility Management (EMM) solutions.\u003c/p\u003e\n"],["\u003cp\u003eThe program leverages Android Device Policy and managed Google Play to enforce policies and streamline app management for organizations.\u003c/p\u003e\n"],["\u003cp\u003eDevices can be provisioned as either work profiles for personal or company-owned devices, or fully managed for dedicated work purposes.\u003c/p\u003e\n"],["\u003cp\u003eAndroid Enterprise supports a range of management features including device onboarding, device & app management policies, and app distribution through managed Google Play.\u003c/p\u003e\n"]]],[],null,["Android Enterprise is a Google-led initiative to enable the use of Android\ndevices and apps in the workplace. The program offers APIs and other tools for\ndevelopers to integrate support for Android into their enterprise mobility\nmanagement (EMM) solutions. This site provides developers with an overview of\nthe program and the background information required to start building an Android\nEnterprise solution.\n\n\u003cbr /\u003e\n\n*** ** * ** ***\n\nAndroid devices: management use cases\n\nThis section describes the management options available in Android to support\nmanaged deployments. You can use Android Enterprise's tools and services to\nsupport any or all of the following options in your EMM solution.\n\nWork profile for employee-owned devices (BYOD) **Figure 1.** Personally-owned device with a work profile.\n\n\nBYOD devices can be set up with a **work profile**---a feature\nbuilt into Android 5.1+ that allows work apps and data to be stored in a\nseparate, self-contained space within a device. An employee can continue to use\ntheir device as normal; all their personal apps and data remain on the device's\nprimary profile.\n\n\nAn employee's organization has full management control of the apps, data, and\nsettings in their device's work profile, but has no visibility or access to the\ndevice's personal profile. This distinct separation gives organizations control\nover corporate data and security without compromising employee privacy.\n\nWork profile for mixed-used company-owned devices **Figure 2.** Company-owned device with a work profile\n\nWork profiles can also be used to enable mixed work and personal use on\ncompany-owned devices. Like with a personally-owned device, organizations have\nfull management control of the apps, data, and settings in a work profile.\n\nWith a device that's company-owned, organizations can also enforce many\ndevice-wide policies (e.g configure Wi-Fi settings, block USB file transfers)\nand restrictions that apply to a device's personal profile (e.g. disallow\ncertain apps).\n\nThese additional management capabilities allow organizations to keep\ncompany-owned devices compliant with IT policies while maintaining employee\nprivacy---the personal profile of a company-owned device, including its apps,\ndata, and usage, aren't visible or accessible to organizations.\n\nFull management for work-only company-owned devices **Figure 3.** Fully managed device.\n\n**Fully managed** deployments are for company-owned devices\nintended *exclusively for work purposes* . With a fully managed Android 5.0+\ndevice, organizations can enforce\n[Android's full range of management policies](/android/work/requirements/fully-managed-device), including device-level policies that are\nunavailable to work profiles.\n\nFull management for dedicated devices **Figure 4.** Left: Example employee-facing scenarios. Right: Example customer-facing scenarios.\n\n**Dedicated devices** (formerly called corporate-owned\nsingle-use, or COSU) are a subset of fully managed devices that serve a\nspecific purpose. Android comes with a broad set of management features that\nallow organizations to configure devices for everything from employee-facing\nfactory and industrial environments, to customer-facing signage and kiosk\npurposes.\n\nDedicated devices are typically locked to a single app or set of apps.\nAndroid 6.0+ offers granular control over a device's lock screen, status bar,\nkeyboard, and other key features, to prevent users from enabling other apps or\nperforming other actions on dedicated devices.\n\n\u003cbr /\u003e\n\n*** ** * ** ***\n\nIntegrate Android into your EMM solution\n\nAn Android Enterprise solution is a combination of three components: your EMM\nconsole, [Android Device Policy](https://play.google.com/store/apps/details?id=com.google.android.apps.work.clouddpc),\nand managed Google Play.\n\nEMM console\n\nEMM solutions typically take the form of an EMM console---a web application you\ndevelop that allows IT admins to manage their organization, devices, and apps.\nTo support these functions for Android, you integrate your console with the APIs\nand UI components provided by Android Enterprise.\n\nAndroid Device Policy\n\nAll Android devices that an organization manages through your EMM console must\ninstall [Android Device Policy](https://play.google.com/store/apps/details?id=com.google.android.apps.work.clouddpc)\nduring setup. Android Device Policy is an app supplied by Android that\nautomatically applies the management policies set in your EMM console to devices.\n\nManaged Google Play **Figure 5.** Managed Google Play.\n\nManaged Google Play facilitates app management capabilities for Android\nEnterprise solutions. It combines the familiar user experience and app store\nfeatures of Google Play with a set of management capabilities designed\nspecifically for organizations.\n\nManaged Google Play can be embedded into your **EMM console** to provide\n**IT admins** with features such as:\n\n- Public app search\n- Private app publishing\n- Web app publishing\n- App organization\n\nOn **managed devices**, managed Google Play is the organization's app store.\nThe interface is similar to Google Play---users can browse apps, view app details,\nand install them. Unlike the public version of Google Play, users can only\ninstall apps from managed Google Play that their organization approves for them.\n\n\u003cbr /\u003e\n\n*** ** * ** ***\n\nAndroid EMM lifecycle features\n\nThis section provides an overview of the major features you can integrate into\nyour EMM solution.\n\nOnboard new organizations\n\nAndroid Enterprise provides APIs and an online setup flow for you to onboard new\norganizations. When an organization completes the onboarding process, you create\nan `Enterprise` resource for it.\n| **Key Point:** An `Enterprise` represents the binding between the organization and your EMM solution---all the users and devices that the organization manages through your solution will belong to its `Enterprise`.\n\nThere are two types of enterprise bindings:\n**managed Google Play Accounts enterprises** and **managed Google domains**.\n\nManaged Google Play Accounts enterprise\n\n*This is a legacy enterprise binding type, used for organizations that\nsigned-up before 2024. Organizations may be assigned a managed Google Play\nAccounts enterprise binding when they sign up now, to support certain unusual\nsituations.*\n\nWith this type of enterprise binding, you may only provision managed Google\nPlay Accounts for devices and end users. Managed Google Play Accounts provide\naccess to managed Google Play, allowing users to install and use work apps selected by IT\nadmins. If the organization uses a 3rd-party identity service, you can link\nmanaged Google Play Accounts with the organization's existing identity\naccounts.\n\nManaged Google Play Accounts have limited use, solely for managing apps with\nthe Google Play Store. These accounts can't be used with any other Google or\nthird-party services. Devices that only have a managed Google Play Account\nwon't be able to use [cross-device features](https://www.android.com/better-together/).\n\nManaged Google domain\n\nWith this type of enterprise binding, you can provision devices using either\nmanaged Google Accounts or managed Google Play Accounts. In addition to managing\nAndroid devices, the IT admin can use the managed Google domain to manage other\ndevices such as ChromeOS devices, and enable other Google services.\n\nIf the organization\n[verifies their\ndomain](https://cloud.google.com/identity/docs/verify-domain), they can [sync\ntheir organization's identities](https://support.google.com/a/topic/2679497) into the managed Google domain. When\nsetting up a device, each user will then be able to use the\n[Google Account provisioning method](https://developers.google.com/android/work/play/emm-api/prov-devices#google_account_method).\nThe account will give them access to managed Google Play in\naddition to any other Google services enabled through the Google Admin\nconsole, including [cross-\ndevice experiences](https://www.android.com/better-together/)\n\nProvision devices and work profiles\n\nProvisioning is the process of setting up an Android device for management. It\ntypically involves transferring setup details (for example, corporate WiFi\ncredentials) to the device and installing Android Device Policy. For a full list\nof provisioning methods, see the [Feature list](/android/work/requirements#1.-device-provisioning).\n\nManage devices\n\nAfter a device or work profile is provisioned, it's ready to be managed. Through\nthe Android Management API, Android supports [over 80 device and app management\npolicies](/android/work/requirements). Android Device Policy, the management app\ninstalled during provisioning, applies policies set in the API to devices:\n\n1. When a device or work profile is provisioned, Android Management API assigns it a unique device ID.\n2. IT admins use an EMM console integrated with Android Management API to configure device and app management policies.\n3. IT admins assign these policies to specific devices or work profiles (i.e. specific device IDs).\n4. Android Management API sends the policies to the specified device IDs.\n5. On each device or work profile, Android Device Policy enforces the policies it receives from Android Management API.\n\nAndroid Management API and Android Device Policy handle steps 4 and 5\nautomatically, meaning there's no development effort required to communicate\npolicy settings to devices.\n\nManage apps\n\nWith the [managed Google Play iframe](/android/management/apps#managed_google_play_iframe),\nyou can support app discovery, private app publishing, web app publishing, and\napp organization into your EMM console with minimal integration effort.\n\nAndroid Management API handles app distribution through the policy-based\napproach described in the [Manage devices](#manage_devices). The API supports\ntwo primary methods of app distribution: adding an app to a device's managed\nPlay store app or remotely push installing an app to a device.\n\n*** ** * ** ***\n\n**Next:** [Develop your solution](/android/work/dev-options)"]]