If your device has a Work Profile, your organization can view and manage your work apps and data. Your personal apps, data, and usage details aren't visible or accessible to your organization. Your organization may be able to manage certain settings on your device (e.g. time and date, language, Wi-Fi configurations) and enforce app defaults such as messaging and browser if your device is company-owned.
I own my device
What data is visible to my organization?
When you add a Work Profile to your personal device, some details about your device are visible to your organization:
- Model, Serial Number, and Device ID
- Phone Number
- Carrier
- Operating system
- Build Number
- Kernel Version
- Baseband Version
- MAC Address
- Language
Your organization can only view details about the apps and data in your Work Profile, including:
- All the apps accessing data in your Work Profile
- Details regarding your managed account (the account associated with your Work Profile)
- Network activity and location information from apps in your Work Profile
Contact your organization for more information about their privacy policy.
What policies can my organization manage on my device?
When you first add a Work Profile to your device, you need to install a device policy controller app (selected by your organization) as part of the setup process. This app manages your Work Profile, presents the terms of use, and details the data on your device that is captured and recorded. You must review and accept the user license agreement to set up your Work Profile.
If your device is personally-owned, your organization can carry out some or all of the following actions:
- Remotely create, access, and delete data in your Work Profile
- Remotely provision, add, and remove eSIMs*
- Enforce minimum passcode requirements on your Work Profile and device
- Suspend access to your Work Profile
- Restrict what can be shared across your work and personal profiles
- Block screen captures and Circle to Search in your Work Profile
- Manage access to your organization's corporate mail server and internal data
- Remotely install and uninstall apps and certificates in your Work Profile
- Manage permissions and other settings for apps in your Work Profile
*Note: For BYOD devices, the user is responsible for activating the eSIM and can delete the ESIM at any time.
My organization owns my device
What data is visible to my organization?
Your organization can access the basic details of its company-owned devices, including:
- Model, serial number, and ID
- Phone Number
- Carrier
- Operating system
- Build Number
- Kernel Version
- Baseband Version
- MAC Address
- Language
Your organization can only view details about the apps and data in your Work Profile, including:
- All the apps accessing data in your Work Profile
- Details regarding your managed account
- Network activity and location information from apps in your Work Profile
For information on how your organization manages data on company-owned devices, refer to your organization’s privacy policy.
What policies can my organization manage on my device?
Your organization can carry out some or all of the following actions:
- Remotely create, access, and delete data in your Work Profile
- Remotely provision, add, and remove eSIMs
- Enforce minimum passcode requirements for your device and Work Profile
- Suspend access to your Work Profile
- Restrict what can be shared across your personal and Work Profiles
- Block screen captures and Circle to Search in your Work Profile
- Manage access to your organization's corporate mail server and internal data
- Remotely install and uninstall apps and certificates in your Work Profile
- Manage permissions and other settings for apps in your Work Profile
Because your device is company-owned, your organization can also configure any of the following policies:
- Set limits for how long you can pause your Work Profile
- Disallow (and uninstall) specific apps in your personal profile
- Block the use of the private space on the personal profile
- Block screen captures and Circle to Search in your personal profile
- Block app installations from unapproved app stores
- Disable device's camera
- Disable location sharing in personal apps
- Configure and schedule system updates
- Configure factory-reset protection settings and factory-reset the device
- Configure, Wi-Fi, airplane mode, roaming, tethering, private DNS and other network settings
- Configure screen brightness, brightness mode, and timeout duration
- Set the time, date, location on the device
- Enforce the default dialer, messages, and browser app in your personal profile
- Block the ability to make outgoing calls or send SMS text messages
- Block USB file transfers
- Block the the ability to mount physical media (e.g. SD cards)