By: Shanthi Thillairajah | PM | Microsoft Endpoint Manager - Intune
Updated 6/23/21 - We have received over 49 comments on this Android preview blog post, and in those comments and occasional subsequent support cases, you helped us deliver Android Enterprise corporate-owned devices with a work profile as generally available.
We've excited to announce the general availability of Android Enterprise corporate-owned devices with a work profile in Endpoint Manager! With this release, Endpoint Manager now supports the complete set of Android Enterprise management scenarios, including dedicated devices, fully managed devices, and personally-owned devices with a work profile.
More information about the GA release can be found in our blog here: Announcing general availability of Android Enterprise corporate-owned devices with a work profile
As this feature is now GA, we want to hear from you! If you have any suggestions, questions, or comments, please visit us on our Tech Community page or our Twitter @IntuneSuppTeam. Your continued feedback helps make the product better, we are grateful for this community, thank you!
Microsoft Endpoint Manager – Intune support for Android Enterprise corporate-owned devices with a work profile is now in public preview! You can start enrolling devices here in the Microsoft Endpoint Manager admin center. Corporate-owned devices with a work profile is one of the corporate management scenarios in the Android Enterprise solution set. This corporate-owned, personally-enabled (COPE) scenario offers separation between work and personal profiles, similar to that offered for personally-owned work profile devices, while giving admins more device-level control. IT admins can see, control, and configure the work accounts, applications, and data in the work profile, while end users are guaranteed that admins will have no visibility into the data and applications in the personal profile. This scenario is targeted at organizations that wish to enable personal use on corporate-owned single-user devices that they have provided for work. This management scenario is available for Android 8+ (Oreo and higher) devices.
This preview release is intended to demonstrate the corporate-owned work profile capabilities that we have built so far. We hope to gather feedback and iterate on the design and functionality before the end-to-end scenario becomes generally available in the Microsoft Endpoint Manager admin center. The following features are included in today’s preview:
Three new features for corporate-owned devices with a work profile were added in the September release:
Support for app protection policies (APP, also known as MAM) was added in the October release.
Intune admins can enable enrollment for this scenario by selecting the “corporate-owned devices with a work profile” enrollment tile (indicated with the red arrow below). Admins can create multiple enrollment profiles with unique tokens that do not expire.
There are new screens in the end user enrollment flow that help inform the user about the functionality of the work profile and personal profile on the device. Here are some examples of the screens:
Next, there are screens that will guide your end user through setting up admin requirements like creating a device password, installing work applications, and registering the device. After a successful enrollment, the user should see two sections labeled work and personal after they swipe up to see their full application list.
You can create device configuration profiles to assign to corporate-owned devices with a work profile to disable device features, assign certificates, or configure VPN.
To create a device configuration profile, select a profile under the “Fully Managed, Dedicated, and Corporate-Owned Work Profile” category shown below. Device configuration profiles in this category can be applied to fully managed, dedicated, and corporate-owned work profile devices.
Some of the settings in the Device Restrictions profile do not apply to corporate-owned devices with a work profile; however, there are headers under each setting category that indicate which device types a particular setting can be applied to. Below is an example of these headers used in the Users and Accounts category.
Some settings only apply at the work-profile level for corporate-owned devices with a work profile. These settings still apply device-wide for fully managed and dedicated devices. They are marked with the “work profile-level” descriptor in the setting name, as shown in the example below.
The compliance settings that are available for fully managed and dedicated devices will be applicable to corporate-owned devices with a work profile for this preview. To create a compliance policy, admins should select “Android Enterprise” as the platform and “Fully managed, dedicated, and corporate-owned work profile” as the policy type.
IT admins can deploy apps and utilize app configuration for corporate-owned devices with a work profile as a part of this preview release. To create an app configuration policy for managed devices, admins should select “Android Enterprise” for the platform and “Fully Managed, Dedicated, and Corporate-Owned Work Profile” for the profile type.
As referenced above, there is no support for app protection policies (APP, also known as MAM) in this preview release.
The available preview features are fully supported through our Intune support channels.
As you validate and build out the Android Enterprise corporate-owned devices with a work profile preview scenarios, we would appreciate your feedback on IT admin's device configuration and end-user's device enrollment experiences. Keep us posted on your Android experience through comments on this blog post, through Twitter (@IntuneSuppTeam), and request any new features on UserVoice.
For information about the new privacy protections on company-owned devices, refer to Google’s blog post.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.