Android Enterprise is a Google-led initiative to enable the use of Android devices and apps in the workplace. The program offers APIs and other tools for developers to integrate support for Android into their enterprise mobility management (EMM) solutions. This site provides developers with an overview of the program and the background information required to start building an Android Enterprise solution.

Android devices: enterprise use cases

This section describes the most common enterprise deployment scenarios for Android devices. You can use Android Enterprise's tools and services to support any or all of these use cases in your EMM solution.

Integrate Android into your EMM solution

An Android Enterprise solution is a combination of three components: your EMM console, a device policy controller (DPC), and managed Google Play.

Figure 4. Components of an Android Enterprise solution.

EMM console

EMM solutions typically take the form of an EMM console—a web application you develop that allows IT admins to manage their organization, devices, and apps. To support these functions for Android, you integrate your console with the APIs and UI components provided by Android Enterprise.


All Android devices that an organization manages through your EMM console must install a DPC app during setup. A DPC is an agent that applies the management policies set in your EMM console to devices. Depending on which development option you choose, you can couple your EMM solution with Android's DPC or with a custom DPC that you develop.

Managed Google Play

Figure 5. Managed Google Play.

Managed Google Play is an enterprise app platform based on Google Play that's free to Android Enterprise customers and available for you to integrate into your EMM solution. It combines the familiar user experience and app store features of Google Play with a set of management capabilities designed specifically for enterprises.

IT admins can use managed Google Play to discover apps, view app details, and purchase app licenses. Typically, an IT admin curates, manages, and distribute apps through an EMM console.

Using Android Enterprise APIs, an EMM console can distribute apps to managed devices. Apps can be remotely installed on a device or added to the device's managed Google Play store.

On managed devices, managed Google Play is the user's enterprise app store. The interface is similar to Google Play—users can browse apps, view app details, and install them. Unlike the public version of Google Play, users can only install apps from managed Google Play that are whitelisted for them.

Android EMM lifecycle features

The following section provides an overview of the major features you can integrate into your EMM solution.

Customer onboarding

Android Enterprise provides APIs and an online setup flow for you to onboard new customers. When an organization completes the onboarding process, you create an Enterprise resource for it.

There are two types of enterprises: Managed Google Play Accounts enterprises and Google Accounts enterprises.

Device and work profile provisioning

Provisioning is the process of setting up an Android device for management. It typically involves passing the DPC along with other setup details (for example, corporate WiFi credentials) to the device. For fully managed and dedicated devices, Android supports the following provisioning methods:

  • Zero-touch enrollment: IT admins use your EMM console to create provisioning configurations and apply them to devices purchased from authorized resellers. These configurations are automatically applied to devices on first boot.
  • QR code device provisioning: During setup of a new or factory-reset device, an IT admin scans a QR code generated by the EMM's console that contains provisioning details for the device.
  • NFC device provisioning: IT admins "bump" new or factory-reset devices with the EMMs NFC provisioning app to pass provisioning details to the device.
  • DPC-identifier install: In the device setup wizard, an IT admin or end user enters a unique DPC identifier (e.g. "emm123#") to download the required DPC and provision the device.
  • Google Accounts method: Users enter their Google Account credentials to initiate the provisioning process (Google Accounts enterprises only).

To set up a work profile on an employee-owned device, the following provisioning methods are available:

  • Link to provisioning details: An IT admins provides a link to end users containing an enrollment token they can use to set up their work profile.
  • Setup from Settings: In Settings > Google, an end users selects "Set up work profile". In the setup wizard, they enter or scan a code to set up a work profile on their device.
  • Install DPC from Play: IT admins or end users can install their DPC from Google Play. The DPC then guides the user through the process of setting up a work profile.
  • Google Accounts method: Users enter their Google Account credentials to initiate the provisioning process (Google Accounts enterprises only)

Device management

Android devices are capable of supporting over 80 different management policies. To support device management, security, and usability features, your EMM console should support a workflow similar to the one described below:

  1. An IT admin configures management policies in their EMM's console for a specific user, device, group, or similar.
  2. The policies are communicated to the specified devices via their DPCs.
  3. The DPCs enforce the policies on specified devices.

If your solution uses Android's DPC, steps 2 and 3 are managed for you. If your solution uses a custom DPC, you need to develop your own way to support step 2 and you use Android's framework APIs to support step 3. See Development options for more details.

App management and distribution

IT admins typically use managed Google Play to browse apps and purchase app licenses. To provide customers with a more unified user experience, you can embed managed Google Play directly into your console as an iframe.

Android Enterprise supports public apps (any app available in Google Play), as well as private apps. Private apps are apps that are only available to users belonging to a specified enterprise. IT admins can publish apps in the Google Play Console, or directly from your EMM console, and restrict their visibility to their enterprise.

Public and private apps are both available for distribution to managed devices. There are two ways to distribute an app: add the app to a device's managed Play store or remotely push install the app to the device. In addition to these distribution methods, you can also use Android Enterprise's APIs to integrate other app management features into your EMM console, such as configuring app settings and managing runtime permission requests.

Next: Development options