Android Enterprise’s Fully Managed with Work Profile gives UEM admins the ability to provide their users with work and personal profiles on corporate devices. UEM admins like this setup because it serves users’ needs while protecting corporate data and making management of corporate devices easier. After all, admins retail complete control of the device in case of an untoward incident.
With Android 11, all of this is about to change.
What’s Changing?
Google has been heavily focused on improving end user privacy, which we saw with Android 10 and which we’ll see more of with Android 11. Because Fully Managed with Work Profile is intended partly for personal use on a corporate device, providing end user privacy is a must. Originally with Fully Managed with Work Profile it was left up to UEM developers to develop what policies could be enabled or disabled on the personal side of the corporate device, making it possible for UEM admins for UEM admins to have a say on what occurred on the personal profile. This will no longer be the case with Android 11.
Starting with Android 11, Fully Managed with Work Profile will no longer exist in its current state. When you upgrade to Android 11, Fully Managed with Work Profile will be migrated to a privacy-driven enhanced work profile mode. This new version will have access to endpoint-level restrictions to ensure corporate device policies are intact but will not enable access to control how the device is used.
What Does This Mean for Admins?
- Admins will no longer have access to reset passwords of the device in case of PIN loss.
- Admins will no longer have access to prevent end users from factory resetting the endpoint.
- Admins will no longer have access to the application inventory of the personal profile but will continue to be able to prevent installations of malicious applications.
It’s important to keep in mind there might be more admin limitations around user privacy policies to come. As we approach the Android 11 release, we’ll keep you updated.
What Should You Do to Prepare?
Keep an eye on our What’s New with Citrix Endpoint Management page and the Citrix blog for updates on name and feature changes from Google on Fully Managed with Work Profile. I also recommend that UEM admins leverage Fully Managed mode (Device Owner) if they need more control of their Android endpoints. It provides complete admin control over the device.