How to manage Android applications in a container? 

Description

An organization has to manage all the devices in its organization, including the employees personal devices. The IT administrator cannot obtain complete control of such devices. In such cases, the devices can be enrolled as a Profile Owner. For these devices only the profile and apps pushed by MDM can be managed. For other devices it is recommended to enroll the device as Device Owner, where the device can be completely managed by the organization.

For devices enrolled as Profile Owner, the apps distributed by MDM will automatically be added to a logical container. This container ensures that there is no communication between the personal and corporate apps. This helps keep the corporate data safe from unauthorised access. In case of Device Owner, since the device as a whole is being managed by the organization, there is no need to containerize the device.  

Prerequisites

Android for Work configurations are supported for devices running Android 5.0 and above.

Steps 

Follow the steps given below to add Play Store apps into the logical container or Work Profile

    1. Integrate Android for Work with the MDM MSP.
    2. Purchase or approve the required Play Store apps to be added to the managed devices.
    3. If the app supports applying configurations Over-the-Air, make the required changes to the app settings.
    4. Enroll the devices that are to be managed, using invites or self enrollment.
    5. When the device gets enrolled with MDM MSP, the Work Profile is automatically created to containerize the corporate apps from the personal apps.
    6. Distribute the required apps to the managed devices.
    7. The distributed apps will be installed with the Work Profile.

NOTE: If any configurations are applied to the apps, they will also get distributed along with the apps to the devices.