As an admin using advanced mobile management, how and what you can control on a user's Android device depends on the management app on the device. The management app is an agent, which gives your organization access to device information and settings. As of September 2019, Google endpoint management is rolling out Android Device Policy, a management app that replaces the Google Apps Device Policy app. Android Device Policy offers new features and also changes how some existing features behave.
Questions
How do I find out which management app is on a device?-
Sign in to your Google Admin console.
Sign in using your administrator account (does not end in @gmail.com).
-
From the Admin console Home page, go to Devices.
- Click Mobile devices.
- Click the row of the device you want to view details for.
- Click Device security.
The device’s management is listed under User agent.
Android Device Policy—The device user doesn't need to install anything, but they will be prompted to set up a work profile on personal devices.
The transition process depends on how the device is set up:
Personal device with a work profile
Your organization's management privilege is Profile owner
On the device, the user removes their work profile and then adds their work account again. They're prompted to set up Android Device Policy.
Note: If the device doesn't support Android Device Policy, the user is prompted to set up Google Apps Device Policy app instead.
Personal device without a work profile
Your organization's management privilege is Device admin
On the device, the user takes the following steps:
- Open the Google Apps Device Policy app.
- Tap Unregister. The work account is removed from the device.
- Open the Settings app and tap Accounts.
- Add the work account again and set up Android Device Policy. During enrollment, the user must set up a work profile because it's required for Android Device Policy.
Note: If the device doesn't support Android Device Policy, the user is prompted to set up Google Apps Device Policy app instead.
Company-owned device or a personal device the users sets as work-only
Your organization's management privilege is Device owner
To trigger the switch, the device must be reset by an admin or, if allowed, by the user. The user can then add the work account again and set up Android Device Policy. Note: If the device doesn't support Android Device Policy, the user is prompted to set up Google Apps Device Policy app instead.
To reset the device from the Admin console:
-
Sign in to your Google Admin console.
Sign in using your administrator account (does not end in @gmail.com).
-
From the Admin console Home page, go to Devices.
- Click Mobile devices.
- Point to the device and click More
Wipe Device.
If you allow users to reset their devices, the user can reset the device.
Android Device Policy is integrated directly into the operating system of the device, so it doesn't appear as a separate app on the device. If needed, you can access the app in Google Play. On the device, tap Play Store and search for Android Device Policy.
The data that's removed from a device depends on your organization's management privilege:
|
Device type |
Wipe device | Wipe account |
|---|---|---|
|
Personal device with a work profile Your organization's management privilege is Profile owner |
The user’s work profile is removed, which includes the work account and all apps and data associated with it. Personal data and apps remain on the device. |
Same as Wipe device |
|
Company-owned device (or a personal device the users sets as work only) Your organization's management privilege is Device owner |
The device is reset to its factory settings. All work and personal data is removed. |
The device is reset to its factory settings. All work and personal data is removed. Note: If the device is currently under basic mobile management but was previously under advanced mobile management, wiping the account isn’t supported and the only option is to wipe the device. |
No. Personal Android devices managed with advanced mobile management and set up as user-owned (user selects Use for work & personal during setup) must install a work profile to access work data.
Note: The user is required to create a work profile even when you disable work profile creation or make it optional (In the Admin console, go to DevicesMobile & endpoints
Settings
Android settings
Work Profile
Work Profile Setup).
A work profile isn't required when users select Use for work only when they set up their personal device. However, the device is fully managed by their organization and the user can't add any personal accounts to the device. If the account is wiped remotely, the device is reset to its factory settings and all data is removed.