Android for Work

Android for Work, is the feature developed by Google to make Android devices(running 5.0 or later versions) corporate-ready. AfW provides several features and configurations, which secure the device and make the device cater to the needs of an organization.

Some of the features supported by AfW are mentioned below:

In case of Android for Work(AfW), it is recommended to provision personal devices as Profile Owner and corporate devices as Device Owner. You can know more Profile Owner and Device Owner as explained below:


Device Owner - for Corporate Devices

In case of Corporate-owned devices, provisioning the devices as Device Owner ensures the organization has full control of the device as it "owns the device" and provides more features to ensure the device and the confidential data in the device are secure and away from any unauthorized access. Device Owner supports all the Profile Owner-supported features as well as additional features.

Provisioning devices as Device Owner

There are different methods for provisioning devices as Device Owner, as explained below.

ENROLLMENT TYPE APPLICABLE FOR COMMENTS
Samsung Knox Mobile Enrollment(KME)

Applicable for Samsung devices supporting Knox and running 8.0 or later versions

Useful for large-scale out-of-the-box enrollment, similar to Apple Business Manager(ABM).

Google Zero Touch Enrollment/Provisioning(ZTE/ZTP)

Applicable for devices running 7.0 or later versions

Useful for large-scale out-of-the-box enrollment similar to Apple Business Manager(ABM) but applicable only on certain devices as listed here.

EMM Token Enrollment

Applicable for devices running 6.0 or later versions

Useful in case the number of devices to be managed are less in number, as the devices need to be unboxed to initiate enrollment

Near Field Communication(NFC) Enrollment

Applicable for devices supporting NFC and running 5.0 or later versions

Useful in case the number of devices to be managed are less in number, as the devices need to be unboxed to initiate enrollment

Activation Code

Applicable for devices running Android 5.1 and not supporting NFC

Useful in case the number of devices to be managed are less in number, as the devices need to be unboxed to initiate provisioning after which enrollment needs to be carried out separately.

Android Debug Bridge(ADB)

Applicable for devices running Android 5.0 or later versions and not supporting NFC/Activation Code

Useful in case the number of devices to be managed are less in number, as the devices need to be unboxed to initiate provisioning after which enrollment needs to be carried out separately.

The devices are factory reset before setting up Android for Work to prevent malware from potentially acting as a device owner and taking over the device. and to ensure there are no privacy-related issues due to the existence of apps and/or user data in the devices.
Some of the main features supported by Device Owner: The complete set of restrictions supported by Device Owner can be viewed here.

Profile Owner - for Personal Devices

In case of personal devices, AfW creates a "Work profile", a logical container which demarcates the personal space and the corporate space in a device. Organizations can fully control the work profile but has zero control over the personal profile, as organization "owns only the profile". Unlike Device Owner which supports several features, Profile Owner supports fewer features when compared to Device Owner. If the device is enrolled in MDM through any method(Self-Enrollment, Enrollment through invitation) other than NFC and QR code, it gets provisioned as Profile Owner by default.


Some of the main features supported by Profile Owner:

The complete set of restrictions supported by Profile Owner can be viewed here.

Refer to this link for the non-exhaustive list of devices supporting AfW.
Copyright © 2019, ZOHO Corp. All Rights Reserved.
ManageEngine