1. Device provisioning |
| 1.1. DPC-first work profile provisioning |
Android 5.1+ |
star |
End users can provision a work profile after downloading
their EMM's DPC from Google Play. |
| 1.7 Google Account work profile provisioning |
Android 5.0+ |
star_border |
Customers using G Suite or Cloud Identity can set up a work profile with their corporate credentials. |
2. Device security |
| 2.1. Device security challenge |
Android 5.0+ |
star |
IT admins can set and enforce a device security challenge
(e.g. PIN/pattern/password) of a certain type and complexity on managed
devices. |
| 2.2. Work security challenge |
Android 7.0+ |
star |
IT admins can set and enforce a security challenge for
apps and data in the work profile that is separate and has different
requirements from the device security challenge. |
| 2.3. Advanced passcode management |
Android 5.0+ |
star |
IT admins can configure advanced password settings on devices. |
| 2.4. Smart Lock management |
Android 6.0+ |
star_border |
IT admins can control what trust agents in Android's Smart Lock feature are permitted to unlock devices. |
| 2.5. Wipe and lock |
Android 5.0+ |
star |
IT admins can use the EMM’s console to remotely lock and
wipe work data from a managed device. |
| 2.6. Compliance enforcement |
Android 5.0+ |
star |
The EMM restricts access to work data and apps on devices that aren't in compliance with security policies. |
| 2.7. Default security policies |
Android 5.0+ |
star |
EMMs must enforce the specified security policies on
devices by default, without requiring IT admins to configure or customize
any settings in the EMM's console. |
| 2.9. SafetyNet support |
N/A |
star |
The EMM uses the SafetyNet Attestation API to ensure devices are valid Android devices. |
| 2.10. Verify Apps enforcement |
Android 5.0+ |
star |
IT admins can enable Verify Apps on devices. |
| 2.11. Direct Boot support |
Android 7.0+ |
star |
Direct Boot support ensures that the EMM's DPC is always active and able
to enforce policy, even if an Android 7.0+ device has not been unlocked. |
3. Account and app management |
| 3.1. Managed Google Play accounts enterprise enrollment |
N/A |
star |
IT admins can create a managed Google Play Accounts enterprise—an
entity that allows managed Google Play to distribute apps to devices. |
| 3.2. Managed Google Play account provisioning |
Android 5.0+ |
star |
The EMM can silently provision enterprise user accounts, called
managed Google Play accounts. |
| 3.5. Silent app distribution |
N/A |
star |
IT admins can silently distribute work apps on users' devices without
any user interaction. |
| 3.6. Managed configuration management |
Android 5.0+ |
star |
IT admins can view and silently set managed configurations for any app
that supports managed configurations. |
| 3.7. App catalog management |
N/A |
star |
IT admins can import a list of all the apps approved for their
enterprise from managed Google Play (play.google.com/work). |
| 3.8. Programmatic app approval |
N/A |
star |
The EMM's console uses the managed Google Play iframe to support Google
Play's app discovery and approval capabilities |
| 3.9. Basic store layout management |
N/A |
star |
End users can use the managed Google Play store app on their device to
install and update work apps. |
| 3.10. Advanced store layout configuration |
N/A |
star_border |
IT admins can customize the store layout users see in the managed
Google Play store app on their devices. |
| 3.11. App license management |
N/A |
star_border |
IT admins can view and manage app licenses purchased in the managed
Google Play from the EMM's console. |
| 3.12. Google-hosted private app management |
N/A |
star |
IT admins can update Google-hosted private apps through the EMM console
instead of through the Google Play console. |
| 3.13. Self-hosted private app management |
N/A |
star_border |
IT admins can configure and publish self-hosted private apps. |
| 3.14. EMM pull notifications |
N/A |
star_border |
The EMM uses pull notifications to receive Play event notifications
in real time |
| 3.15. API usage requirements |
N/A |
star |
The EMM implements Google's APIs at scale, avoiding traffic patterns
that could negatively impact customers' ability to manage apps in
production environments. |
| 3.16. Advanced managed configuration management |
Android 5.0+ |
star_border |
The EMM supports managed configurations with up to four levels of nested
settings and can retrieve and display any feedback sent from a Play
app. |
| 3.17. Web app management |
N/A |
star |
IT admins can create and distribute web apps in the EMM console. |
| 3.18. Managed Google Play account lifecycle management |
Android 5.0+ |
star |
The EMM can create, update, and delete managed Google Play Accounts on behalf of IT admins. |
4. Device management |
| 4.1. Runtime permission policy management |
Android 6.0+ |
star |
IT admins can silently set a default response to all runtime permission
requests made by work apps. |
| 4.2. Runtime permission grant state management |
Android 6.0+ |
star |
After setting a default runtime permission policy, IT admins can
silently set responses for specific permissions from any work app built on
API 23 or above. |
| 4.3. WiFi configuration management |
Android 6.0+ |
star |
IT admins can silently provision enterprise WiFi configurations on managed devices. |
| 4.4. WiFi security management |
Android 6.0+ |
star |
IT admins can provision enterprise WiFi configurations on managed devices. |
| 4.6. Account management |
Android 5.0+ |
star |
IT admins can ensure that only authorized corporate accounts can
interact with corporate data for services such as SaaS storage and
productivity apps, or email. |
| 4.7. G Suite account management |
Android 5.0+ |
star_border |
IT admins can ensure that only authorized G Suite accounts can interact
with corporate data. |
| 4.8. Certificate management |
Android 5.0+ |
star |
Allows IT admins to deploy identity certificates and certificate authorities to devices in order to enable access to corporate resources. |
| 4.9. Advanced certificate management |
Android 7.0+ |
star |
Allows IT admins to silently select the certificates that should be used by specific managed apps. |
| 4.10. Delegated certificate management |
Android 6.0+ |
star_border |
IT admins can distribute a third-party certificate management app to
devices and grant that app privileged access to install certificates into
the managed keystore. |
| 4.11. Advanced VPN management |
Android 7.0+ |
star |
Allows IT admins to specify an Always On VPN to ensure that data from
specified managed apps will always go through a configured VPN. |
| 4.12. IME management |
Android 5.0+ |
star_border |
IT admins can control what input methods (IMEs) users can configure for their devices. |
| 4.14. Accessibility services management |
Android 5.0+ |
star_border |
IT admins can control what accessibility services can be enabled on users' devices. |
| 4.15. Location sharing management |
Android 5.0+ |
star_border |
IT admins can prevent users from sharing location data with apps in the work profile. |
| 4.19. Screen capture management |
Android 5.0+ |
star_border |
IT admins can block users from taking screenshots when using managed apps. |
| 4.21. Network statistics collection |
Android 6.0+ |
star_border |
IT admins can query network usage statistics from a device's work profile. |
5. Device usability |
| 5.1. Managed provisioning customization |
Android 7.0+ |
star_border |
IT admins can modify the default managed provisioning flow UX to include enterprise-specific features. |
| 5.2. Enterprise customization |
Android 7.0+ |
star_border |
IT admins can customize aspects of the work profile with corporate
branding, for instance by setting the work profile user icon to the
corporate logo, or configuring the background color of the work
challenge. |
| 5.6. Cross-profile contact management |
Android 7.0+ |
star_border |
IT admins can control what contact data can leave the work profile. |
| 5.7. Cross-profile data management |
Android 6.0+ |
star_border |
Grants IT admins control over what data can leave the work profile, beyond the default security features of the work profile. |
| 5.10. Persistent preferred activity management |
Android 5.0+ |
star_border |
Allows admins to set an app as the default intent handler for intents that match a certain intent filter. |
| 5.11. Keyguard feature management |
Android 7.0+ |
star |
IT admins can control the features available to users before unlocking
the device keyguard (lock screen) and the work challenge keyguard
(lock screen). |
| 5.17. Work profile policy transparency management |
Android 9.0+ |
star |
IT admins can customize the message displayed to users when removing the
work profile from a device. |