Enrolling company-owned devices (COPE) as Fully managed with work profile

Company-owned devices are quite often used both for business and personal use. Sharing a device for work and private matters includes risks of business data leaks, while employees might feel unsafe when their data is stored on a device owned and managed by the organization. On Android devices, the solution for the corporate-owned personally enabled (COPE) strategy is to manage a work profile on a company-owned device. This article explains how to enable COPE with Miradore by enrolling your Android device on Fully managed with a work profile mode.

Requirements

• Factory reset or a new device
• Premium subscription plan
• Supported from Android 11 onwards

What is Fully managed with work profile management?

There are three different ways to manage the Android devices with Miradore:

• Fully managed is intended for company-owned devices used mainly for work.
• Work profile, which can be set as secure work data and application container on the device that is usually owned by the employee (BYOD).
• Fully managed with work profile can be used for company-owned devices that are for both work and personal use.

The Fully managed with work profile mode provides control over management features for the whole device while implementing a work profile and enabling the end user privacy for the personal data and applications on the device.

With the management mode, the administrator can keep devices compliant with the organization's IT policies and, for example:

• Secure all company data, applications, and contact details in a separate work profile
• Install applications in the work profile without user interaction
• Define the requirements for the device passcode
• Wipe the entire device
• Prevent factory reset protection

On the other hand, the mode guarantees better user privacy when:

• The administrator can not see or access the user's personal data and applications
• User is notified when the location tracking is enabled

COPE is known with various terms such as corporate-owned device with a work profile, fully managed with work profile, and work profile on a company-owned device. The Fully managed with work profile mode implementation in Miradore follows the latest security, privacy, and management settings enforced by Google and it is supported on the devices with Android version 11 or later.

How to enroll an Android device in Fully managed with a work profile mode?

To enroll an Android device in Fully managed with work profile management, go to the Enrollment wizard (Enrollment > Enroll device).

Complete the enrollment by following the instructions. After the enrollment the device has the Work profile and Managed Google Play account set. The applications are installed from the Managed Google Play store similar to Android Enterprise work profile devices.

You can also enroll the device through Enrollment > Android Enterprise and by selecting the Fully managed with work profile option from the management types. Please note, that this enrollment does not assign a user to the device. If there is no user assigned to a device the Managed Google Play account can not be set. The account is needed for application configuration and silent deployment on the device.

Add the user for a device on the Settings tab of the Device page (Management > Devices > Device).

Additional information

• From Miradore Android client 2.10.0, the Fully managed with work profile (COPE) devices support Android Enterprise Zero-touch enrollment and Knox Mobile Enrollment (KME).
• After the enrollment, the Fully managed with work profile devices will receive the FM+WP tag.

The end user experience

The enrollment will set up two different profiles for the device. To carry on with the setup, select Agree at the bottom.

When the work profile is ready, the user can also add a personal Google Account to access the private applications and content. The two separate profiles appear at the bottom of the screen. The user can now easily switch between the two and see the applications and information according to the selected profile.