Work profile

The work profile solution set is intended for employee-owned devices and company-owned devices for work and personal use. Corporate apps, data, and management policies are restricted to the work profile. With a work profile, the same device can be used securely and privately for work and personal purposes.

Feature list

star required	star_border optional	star advanced	remove_circle_outline not supported

1. Device provisioning
1.1. DPC-first work profile provisioning	Android 5.1+	star	You can provision a work profile after downloading the EMM's DPC from Google Play.
1.5. Zero-touch enrollment	Android 8.0+ (Pixel 7.1+)	star_border	IT admins can preconfigure devices purchased from authorized resellers and manage them using your EMM console.
1.6. Advanced zero-touch provisioning	Android 7.0+	star	IT admins can automate much of the device enrollment process by deploying DPC registration details through zero-touch enrollment.
1.7 Google Account work profile provisioning	Android 5.0+	star_border	Enterprises using Google accounts or cloud Identity can set up a work profile with their corporate accounts.
1.9. Direct zero-touch configuration	Android 7.0+	star	IT admins can use the EMM’s console to set up zero-touch devices using the zero-touch iframe.
1.10. Work profiles on company-owned devices	Android 8.0+	star	EMMs can enroll company-owned devices that have a work profile.
2. Device security
2.1. Device security challenge	Android 5.0+	star	IT admins can set and enforce a device security challenge (such as PIN/pattern/password) of a certain type and complexity on managed devices.
2.2. Work security challenge	Android 7.0+	star	IT admins can set and enforce a security challenge for apps and data in the work profile that is separate and has different requirements from the device security challenge.
2.3. Advanced passcode management	Android 5.0+	star	IT admins can set up advanced password settings on devices.
2.4. Smart Lock management	Android 6.0+	star_border	IT admins can manage what trust agents in Android's Smart Lock feature are permitted to unlock devices.
2.5. Wipe and lock	Android 5.0+	star	IT admins can use the EMM’s console to remotely lock and wipe work data from a managed device.
2.6. Compliance enforcement	Android 5.0+	star	The EMM restricts use of work data and apps on devices that aren't in compliance with security policies.
2.7. Default security policies	Android 5.0+	star	EMMs must enforce the specified security policies on devices by default, without requiring IT admins to set up or customize any settings in the EMM's console.
2.9. SafetyNet support	N/A	star	The EMM uses the SafetyNet Attestation API to ensure devices are valid Android devices.
2.10. Verify Apps enforcement	Android 5.0+	star	IT admins can turn on Verify Apps on devices.
2.11. Direct Boot support	Android 7.0+	star	Direct Boot support ensures that the EMM's DPC is active and able to enforce policy, even if an Android 7.0+ device has not been unlocked.
2.12. Hardware security management	Android 5.1+	star	IT admins can lock down hardware elements of a company-owned device to ensure data-loss prevention.
3. Account and app management
3.1. Managed Google Play Accounts enterprise enrollment	N/A	star	IT admins can create a Managed Google Play Accounts enterprise—an entity that allows managed Google Play to distribute apps to devices.
3.2. Managed Google Play Account provisioning	Android 5.0+	star	The EMM can silently provision enterprise user accounts, called Managed Google Play accounts.
3.5. Silent app distribution	N/A	star	IT admins can silently distribute work apps to devices without any user interaction.
3.6. Managed configuration management	Android 5.0+	star	IT admins can view and silently set managed configurations for any app that supports managed configurations.
3.7. App catalog management	N/A	star	IT admins can import a list of the apps approved for their enterprise from managed Google Play (play.google.com/work).
3.8. Programmatic app approval	N/A	star	The EMM's console uses the managed Google Play iframe to support Google Play's app discovery and approval capabilities
3.9. Basic store layout management	N/A	star	The managed Google Play Store app can be used on devices to install and update work apps.
3.10. Advanced store layout configuration	N/A	star_border	IT admins can customize the store layout seen in the managed Google Play Store app on devices.
3.11. App license management	N/A	star_border	IT admins can view and manage app licenses purchased in the managed Google Play from the EMM's console.
3.12. Google-hosted private app management	N/A	star	IT admins can update Google-hosted private apps through the EMM console instead of through the Google Play Console.
3.13. Self-hosted private app management	N/A	star_border	IT admins can set up and publish self-hosted private apps.
3.14. EMM pull notifications	N/A	star_border	The EMM uses pull notifications to receive Play event notifications in real-time
3.15. API usage requirements	N/A	star	The EMM implements Google's APIs at scale, avoiding traffic patterns that could negatively impact enterprises' ability to manage apps in production environments.
3.16. Advanced managed configuration management	Android 5.0+	star_border	The EMM supports managed configurations with up to four levels of nested settings and can retrieve and display any feedback sent from a Play app.
3.17. Web app management	N/A	star	IT admins can create and distribute web apps in the EMM console.
3.18. Managed Google Play Account lifecycle management	Android 5.0+	star	The EMM can create, update, and delete managed Google Play Accounts on behalf of IT admins.
3.19. Application track management	Android 5.0+	star	IT Admins can set up a set of development tracks for particular applications.
4. Device management
4.1. Runtime permission policy management	Android 6.0+	star	IT admins can silently set a default response to runtime permission requests made by work apps.
4.2. Runtime permission grant state management	Android 6.0+	star	After setting a default runtime permission policy, IT admins can silently set responses for specific permissions from any work app built on API 23 or above.
4.3. Wi-Fi configuration management	Android 6.0+	star	IT admins can silently provision enterprise Wi-Fi configurations on managed devices.
4.4. Wi-Fi security management	Android 6.0+	star	IT admins can provision enterprise Wi-Fi configurations on managed devices.
4.6. Account management	Android 5.0+	star	IT admins can ensure that unauthorized corporate accounts can't interact with corporate data for services such as SaaS storage and productivity apps, or email.
4.7. Workspace account management	Android 5.0+	star_border	IT admins can ensure that unauthorized Workspace accounts can't interact with corporate data.
4.8. Certificate management	Android 5.0+	star	Allows IT admins to deploy identity certificates and certificate authorities to devices to allow access to corporate resources.
4.9. Advanced certificate management	Android 7.0+	star	Allows IT admins to silently select the certificates that specific managed apps should use.
4.10. Delegated certificate management	Android 6.0+	star_border	IT admins can distribute a third-party certificate management app to devices and grant that app privileged access to install certificates into the managed keystore.
4.11. Advanced VPN management	Android 7.0+	star	Allows IT admins to specify an Always On VPN to ensure that data from specified managed apps will go through a set-up VPN.
4.12. IME management	Android 5.0+	star_border	IT admins can manage what input methods (IMEs) are allowed on devices.
4.14. Accessibility services management	Android 5.0+	star_border	IT admins can manage what accessibility services are allowed on devices.
4.15. Location Sharing management	Android 5.0+	star_border	IT admins can prevent sharing location data with apps in the work profile.
4.17. Factory reset protection management	Android 5.1+	star	Allows IT admins to protect company-owned devices from theft by ensuring unauthorized individuals can't factory reset devices.
4.19. Screen capture management	Android 5.0+	star_border	IT admins can block users from taking screenshots when using managed apps.
4.21. Network statistics collection	Android 6.0+	star_border	IT admins can query network usage statistics from a device's work profile.
5. Device usability
5.1. Managed provisioning customization	Android 7.0+	star_border	IT admins can modify the default setup flow UX to include enterprise-specific features.
5.2. Enterprise customization	Android 7.0+	star_border	IT admins can customize aspects of the work profile with corporate branding, for instance by setting the work profile user icon to the corporate logo, or setting up the background color of the work challenge.
5.6. Cross-profile contact management	Android 7.0+	star_border	IT admins can manage what contact data can leave the work profile.
5.7. Cross-profile data management	Android 6.0+	star_border	Grants IT admins control over what data can leave the work profile, beyond the default security features of the work profile.
5.10. Persistent preferred activity management	Android 5.0+	star_border	Allows IT admins to set an app as the default intent handler for intents that match a certain intent filter.
5.11. Keyguard feature management	Android 7.0+	star	IT admins can manage the features available before unlocking the device keyguard (lock screen) and the work challenge keyguard (lock screen).
5.12. Advanced keyguard feature management	Android 5.0+	star	IT admins can manage advanced device keyguard (lock screen) features.
5.17. Work profile policy transparency management	Android 9.0+	star	IT admins can customize the message displayed when removing the work profile from a device.
5.18. Connected app support	Android 9.0+	star	IT admins can set a list of packages that can communicate across the work profile boundary.
6. Device admin deprecation
6. Device admin deprecation	Android 5.0+	star	EMMs are required to post a plan by the end of 2021 ending support for Device Admin on GMS devices by the end of 2022.