Work profile

The work profile solution set is intended for BYOD devices, allowing admins to manage a self-contained work profile on a user's personal device. Corporate apps, data, and management policies are restricted to the work profile, keeping them secure and separate from personal data while maintaining user privacy.

Feature list

Select your development method to load the appropriate feature list:


Key

star required feature star_border optional feature remove_circle_outline not supported/not applicable


1. Device provisioning

1.1. DPC-first work profile provisioning Android 5.1+
star
End users can provision a work profile after downloading their EMM's DPC from Google Play.
1.7 Google Account work profile provisioning Android 5.0+
remove_circle_outline
Customers using G Suite or Cloud Identity can set up a work profile with their corporate credentials.

2. Device security

2.1. Device security challenge Android 5.0+
star
IT admins can set and enforce a device security challenge (e.g. PIN/pattern/password) of a certain type and complexity on managed devices.
2.2. Work security challenge Android 7.0+
star
IT admins can set and enforce a security challenge for apps and data in the work profile that is separate and has different requirements from the device security challenge.
2.3. Advanced passcode management Android 5.0+
star_border
IT admins can configure advanced password settings on devices.
2.4. Smart Lock management Android 6.0+
remove_circle_outline
IT admins can control what trust agents in Android's Smart Lock feature are permitted to unlock devices.
2.5. Wipe and lock Android 5.0+
star
IT admins can use the EMM’s console to remotely lock and wipe work data from a managed device.
2.6. Compliance enforcement Android 5.0+
star
The EMM restricts access to work data and apps on devices that aren't in compliance with security policies.
2.7. Default security policies Android 5.0+
star
EMMs must enforce the specified security policies on devices by default, without requiring IT admins to configure or customize any settings in the EMM's console.
2.9. SafetyNet support N/A
star_border
The EMM uses the SafetyNet Attestation API to ensure devices are valid Android devices.
2.10. Verify Apps enforcement Android 5.0+
star_border
IT admins can enable Verify Apps on devices.
2.11. Direct Boot support Android 7.0+
star_border
Direct Boot support ensures that the EMM's DPC is always active and able to enforce policy, even if an Android 7.0+ device has not been unlocked.

3. Account and app management

3.1. Managed Google Play accounts enterprise enrollment N/A
star
IT admins can create a managed Google Play Accounts enterprise—an entity that allows managed Google Play to distribute apps to devices.
3.2. Managed Google Play account provisioning Android 5.0+
star
The EMM can silently provision enterprise user accounts, called managed Google Play accounts.
3.5. Silent app distribution N/A
star
IT admins can silently distribute work apps on users' devices without any user interaction.
3.6. Managed configuration management Android 5.0+
star
IT admins can view and silently set managed configurations for any app that supports managed configurations.
3.7. App catalog management N/A
remove_circle_outline
IT admins can import a list of all the apps approved for their enterprise from managed Google Play (play.google.com/work).
3.8. Programmatic app approval N/A
star_border
The EMM's console uses the managed Google Play iframe to support Google Play's app discovery and approval capabilities
3.9. Basic store layout management N/A
star
End users can use the managed Google Play store app on their device to install and update work apps.
3.10. Advanced store layout configuration N/A
remove_circle_outline
IT admins can customize the store layout users see in the managed Google Play store app on their devices.
3.11. App license management N/A
remove_circle_outline
IT admins can view and manage app licenses purchased in the managed Google Play from the EMM's console.
3.12. Google-hosted private app management N/A
star_border
IT admins can update Google-hosted private apps through the EMM console instead of through the Google Play console.
3.13. Self-hosted private app management N/A
star_border
IT admins can configure and publish self-hosted private apps.
3.14. EMM pull notifications N/A
remove_circle_outline
The EMM uses pull notifications to receive Play event notifications in real time
3.15. API usage requirements N/A
star
The EMM implements Google's APIs at scale, avoiding traffic patterns that could negatively impact customers' ability to manage apps in production environments.

4. Device management

4.1. Runtime permission policy management Android 6.0+
star
IT admins can silently set a default response to all runtime permission requests made by work apps.
4.2. Runtime permission grant state management Android 6.0+
star
After setting a default runtime permission policy, IT admins can silently set responses for specific permissions from any work app built on API 23 or above.
4.3. WiFi configuration management Android 6.0+
star_border
IT admins can silently provision enterprise WiFi configurations on managed devices.
4.4. WiFi security management Android 6.0+
star_border
IT admins can provision enterprise WiFi configurations on managed devices.
4.6. Account management Android 5.0+
star_border
IT admins can ensure that only authorized corporate accounts can interact with corporate data for services such as SaaS storage and productivity apps, or email.
4.7. G Suite account management Android 5.0+
remove_circle_outline
IT admins can ensure that only authorized G Suite accounts can interact with corporate data.
4.8. Certificate management Android 5.0+
star_border
Allows IT admins to deploy identity certificates and certificate authorities to devices in order to enable access to corporate resources.
4.9. Advanced certificate management Android 7.0+
star_border
Allows IT admins to silently select the certificates that should be used by specific managed apps.
4.10. Delegated certificate management Android 6.0+
star_border
IT admins can distribute a third-party certificate management app to devices and grant that app privileged access to install certificates into the managed keystore.
4.11. Advanced VPN management Android 7.0+
star_border
Allows IT admins to specify an Always On VPN to ensure that data from specified managed apps will always go through a configured VPN.
4.12. IME management Android 5.0+
star_border
IT admins can control what input methods (IMEs) users can configure for their devices.
4.14. Accessibility services management Android 5.0+
star_border
IT admins can control what accessibility services can be enabled on users' devices.
4.15. Location sharing management Android 5.0+
star_border
IT admins can prevent users from sharing location data with apps in the work profile.
4.19. Screen capture management Android 5.0+
star_border
IT admins can block users from taking screenshots when using managed apps.
4.21. Network statistics collection Android 6.0+
remove_circle_outline
IT admins can query network usage statistics from a device's work profile.

5. Device usability

5.1. Managed provisioning customization Android 7.0+
star_border
IT admins can modify the default managed provisioning flow UX to include enterprise-specific features.
5.2. Enterprise customization Android 7.0+
remove_circle_outline
IT admins can customize aspects of the work profile with corporate branding, for instance by setting the work profile user icon to the corporate logo, or configuring the background color of the work challenge.
5.5. Policy transparency management Android 7.0+
remove_circle_outline
IT admins can customize the help text provided to users when they attempt to modify managed settings on their device, or deploy an EMM-supplied generic support message.
5.6. Cross-profile contact management Android 7.0+
star_border
IT admins can control what contact data can leave the work profile.
5.7. Cross-profile data management Android 6.0+
remove_circle_outline
Grants IT admins control over what data can leave the work profile, beyond the default security features of the work profile.
5.10. Persistent preferred activity management Android 5.0+
star_border
Allows admins to set an app as the default intent handler for intents that match a certain intent filter.
5.11. Keyguard feature management Android 7.0+
star_border
IT admins can control the features available to users before unlocking the device keyguard (lock screen) and the work challenge keyguard (lock screen).

Send feedback about...

Android Enterprise