Lockdown policy fields for Android Enterprise devices in Work Profile mode
Whether a lockdown policy field applies to an Android Enterprise device depends on the Android Enterprise mode that the device is registered in. The modes—Work Managed Device mode, Managed Device with Work Profile (COPE) mode on Android devices versions 8-10, and Work Profile on Company Owned Devices Android versions 11 and later supported versions—are described in "Modes for Android Enterprise devices" in the Core Device Management Guide for Android and Android Enterprise Devices.
Lockdown options in this section apply to Android Enterprise devices in Work Profile mode.
|
Item |
Description |
Default Policy Setting |
|
Allow copy and paste |
Allows copy and paste from apps inside the Android Enterprise profile to apps outside the profile. |
Selected |
|
Allow caller ID across profiles |
Allows caller ID to be visible to phone app in all profiles. When the caller ID is permitted across profiles, work contacts can be viewed by the personal apps for incoming calls. This applies to Android 6.0 through the most recently released versions as supported by MobileIron. |
Selected |
|
Allow work calendar sharing with personal profile |
Select to allow calendar sharing of work calendar information with the personal profile. This is so apps can display work events alongside personal events in device user's personal profile (for example calendar apps like Google calendar.) If the work event is tapped within the personal profile, a view of the event displays. Tapped again, it opens the event in the work calendar. Applicable to Managed devices with work profiles. |
Not selected |
|
Allow contact search across profiles |
Allows personal space Contacts app sharing across the profile. This is supported on Android 7.0 devices through the most recently released version as supported by MobileIron. |
Selected |
|
Allow contact sharing on Bluetooth devices. |
Allows the caller ID to be visible on another Bluetooth device such as your car’s Bluetooth screen. This is supported on Android 6.0 devices through the most recently released version as supported by MobileIron. |
Selected |
|
Allow unknown sources in personal profile |
Allow installation of apps from untrusted sources in the personal profile. The work profile never allows installation of apps from unknown sources. |
Not selected |
|
Android 8: Allow Auto-Fill |
Allows password autofill. |
Selected |
|
Android 8: Allow work app notifications in personal profile |
When device user is in personal profile, notifications from Mobile@Work apps will display. |
Selected |
|
Android 8: Allow Bluetooth Sharing |
Allows Bluetooth sharing with other devices. |
Selected |
|
Android 9: Allow Printing |
Allows the printing of documents from Mobile@Work apps. |
Selected |
|
Android 9: Allow Share into Profile |
Allows sharing from outside the Work Profile to inside the Work Profile |
Selected |
|
Android 11+: Enable Cross profile whitelisting of Apps |
Allows users to share information from specific apps from within the work profile to the personal side of the device. This allows data from the Work Profile container to share data to the exact same app that is located on the personal side. Selecting + displays a list and you must add at least one app in order for this configuration to apply. |
Not selected |
|
Android 11+: Enable Maximum Profile Timeout |
Select to set a maximum time window the work profile can be turned off before Core suspends personal apps on the device. You can set a time between 72 and 8760 hours. 8760 hours is one year of time. Default value is set to 72 hrs if the option is selected. The device user sees a message prompting to turn on the work profile to enable suspended apps. Available for Android 11+ devices in Work Profile on Company Owned Device. |
|
|
Managed Device |
||
|
Android 11: Enable Common Criteria (CC) mode |
Select to enable Common Criteria mode for Android 11 + devices. If Common Criteria mode is turned off after being enabled previously, all existing Wi-Fi configurations will be lost. Applicable to Managed Device with Work Profile mode and Work Profile on Company Owned Device mode. |
Disabled |