Management and Security

Android Enterprise

Enrolling a device with Android Enterprise allows you to encrypt your device drive, manage settings and apps on the device, and apply a work profile to control only work-related functionality. You can also sync, wipe, or lock the device from the console without an agent on the device.

The Android Enterprise agent can operate in the following management modes:

•Work profile mode is typically used for employee-owned devices (BYOD), since it creates a work profile that is distinct from the rest of the device. Work profiles keep the user's work related accounts, apps, and data separate from their personal data. (Requires Android 5.1+.)

Work profile mode user experience

The experience for work profile mode is significantly different from the standard agent. Instead of enrolling through an Endpoint Manager agent, they will create a work profile and enroll in Endpoint Manager through a Google service.

This management mode creates a work profile that separates enterprise data from personal data. Certain apps run within that work profile and store data there. These same apps can also run outside the work profile. To distinguish which data the app is using, Android creates two icons for the same app: the normal app icon and the work profile app icon, which is “badged” with a briefcase icon.

Using Android Enterprise

For information about Android Enterprise enrollment and features, see the following sections:

•Creating an Android Enterprise account

•Enrolling devices in Android Enterprise

•Distributing Android Enterprise apps

•Agent settings: Mobile Android Configuration