As the use of mobile in the enterprise proliferates, and more and more enterprises are embracing mobile first strategies and policies, it is important that our G Suite customers who use Google Mobile Management as their enterprise mobility management tool (EMM) determine the policies that best protect their mobile users. This includes ensuring that corporate data stored on mobile devices is kept separate from end user data via the use of Android work profiles.
Making work profiles the default enrollment option for Android devices
To ensure a BYOD policy that is end-user friendly without sacrificing corporate security, we would like to encourage Google Mobile Management customers to employ a mobile policy that keeps personal and corporate data safe.
To that end, starting with Google Apps Device Policy v7.55 and above, the default enrollment process will utilize a work profile for those customers that have enabled Android at work and are whitelisting apps in managed Play, and for those devices that do support work profiles.
Enrolling a corporate account allows your end users to access the managed Play store for curated and whitelisted apps, and provides a clear separation between corporate data and personal data to ensure that IT does not accidentally remove personal data from the device.
Your users will still be able to opt-out of using a work profile and continue with the previous method of enrollment, if your corporate policy allows this.
For more details on whether this change will apply to your organization, or if you would like details on how to prevent work profiles from being used in your mobile deployments, please see the FAQs below and refer to the Help Center.
This change will start rolling out on June 5, 2017 along with the release of Google Apps Device Policy app v7.55+.
-- FREQUENTLY ASKED QUESTIONS --
Will this enrollment change be the default for all Google Mobile Management customers?
No. This change will only apply to your organization under the following conditions:
- Your organization is using Google Mobile Management for Android (more details)
- Android advanced management has been enabled for the entire organization, or organizational unit (more details)
- Your organization has whitelisted Android apps in the managed Play store (more details)
This change will also only be shown to your users under the following conditions:
- The Android device to which your user is adding their account supports work profiles
- The Google Apps Device Policy app that is being used for enrollment is version 7.55+
Android work profiles are supported on Lollipop (5.1), Marshmallow (6.0), and Nougat (7.0) devices, and any yummy future versions of Android. If you are looking to purchase new devices, please see the recommended list of Android Enterprise devices, or contact the OEM manufacturer of the device you are interested in.
Our organization currently does not use work profiles, what are the advantages of using a work profile?
We recommend work profiles for several reasons:
- End users can use one Android device and keep corporate data and personal data separate
- Administrators can curate and whitelist applications that are needed for corporate use
- IT administrators cannot erase personal emails, photos, or other personal data; they can only wipe the content within the work profile itself
For more details on work profiles and Android within the enterprise, please refer to the Android at work home page.
We provide our employees with Company Owned Android devices. Does this change impact us?
No. If you are already using Company Owned devices within Google Mobile Management, then this change will not be relevant to those devices. This change only applies to personal Android devices.
We are upgrading our mobile deployment at the moment. Can we opt out of this change?
Yes you can disable this feature immediately (without waiting for the new version of the Google Apps Device Policy app to be available).
To do this, follow these steps:
- Log in to Admin Console
- Click on Device Management
- Go to Android Settings > Work Profile and set the Work Profile Setup field to be “Disable”
Note that this will prevent any user from enrolling in a work profile, and we encourage you to view the benefits of using work profiles in your organization as a way to keep corporate and personal data separate.
Can my users access their corporate apps without a work profile?
Yes. However, if your user has a device that supports a work profile, but does not use a work profile, they will not be able to access the managed Play store from their Android device. Thus these users will not be able to see the recommended apps that have been whitelisted for their organization.
For more details on how users with legacy Android devices can access work apps, please see the following announcement: Users with legacy Android devices can now access work apps in Google Play
Launch Details
Release track:
Launching to both Rapid release and Scheduled release on June 5
Editions:
Available to all G Suite editions
Rollout pace:
Extended rollout (potentially longer than 15 days for feature visibility)
Impact:
End users who are setting up eligible Android devices and whose organization policies allow it.
Action:
Change management suggested/FYI
More Information
Help Center: What is a work profile?
Launch release calendar
Launch detail categories
Get these product update alerts by email
Subscribe to the RSS feed of these updates