Learn more about work profiles and device policies

This article only applies to organizations that are enrolled in Android in the enterprise program.

Android devices have features that make them enjoyable to use at home and at work. A separate work profile on your device allows organizations to manage the business data and applications they care about, but leave everything else on your device under your control. Work profiles are configured in different ways depending on what type of device you have.

Work profile

Work profiles allow an IT department to securely manage a work environment without restricting users from using their device for personal apps and data. Administrators control work profiles, which are kept separate from personal accounts, apps, and data. By default, work-profile notifications and app icons have a badge and appear next to personal apps in the apps launcher.

To activate a work profile, you must have a device policy controller installed on your device. For details, see Device policy controller or contact your IT administrator. For more information see What is a work profile?

Device policy controller

An Enterprise Mobility Management (EMM) device policy controller application allows IT administrators to separately manage access to corporate apps and data on supported Android devices. For more information see What is a device policy controller?

Work-managed device

Your organization may choose to provide a company-owned device for users and configure the device to enforce security controls that protect sensitive company data. These Android 5.0+ devices are referred to as work-managed devices.

Administrators can activate a work-managed device using one of the following mechanisms:

  • A near field communication (NFC) setup application, that provides configuration details to new devices via NFC bump
  • An activation token generated by the EMM provider and supplied at initial device setup.

    After the device is set up, users can’t disable the device policy controller or use the device in any way that’s not defined by the device policy controller, such as installing personal apps or signing up for a personal Google accounts.

Work managed device policies allow administrators to:

  • Create and remove secondary users from a device
  • Set device lock and remote wipe methods
  • Prevent USB file transfer
  • Disable keyguard customizations, such as widgets
  • Disable mounting of SD cards
  • Disallow modifications to Wi-Fi and Bluetooth® settings
  • Disable location sharing

Check with your IT administrator to find out which devices are supported for your organization.

Was this helpful?
How can we improve it?