This article shows how you can set up Android Work Profile on your Android devices.
Requirements
- Your Miradore site must have either the Premium Plan or the free trial activated
- Managed Google Play Enterprise has been configured for your site
- Devices are running Android 6.0 or above
- Devices are connected to the Internet via Wifi or mobile data
- Devices are not work-managed devices
Please note that certain older Android devices don't support the managed profiles. If you run into errors and are not sure whether your device supports managed profiles, download Google's TestDPC from Google Play and try creating a managed profile using the app.
New to Miradore?
Discover how Miradore can help you manage your Android devices with ease.
Why set up Android Enterprise Work Profile?
Once the requirements are met, administrators can create a work profile on the managed devices. The purpose of the work profile is to create a secure container for your work data and separate the private applications from the work applications. Administrators can then remotely manage the work container and deploy applications silently to any device running Android 5.1 or above.
This is a particularly important solution for the companies that support personal devices deployment scenarios, allowing the employees to bring personally-owned devices to work and to use those devices to access privileged company information and applications securely, making sure that e.g. work contacts won't get leaked via private instant messaging apps.
When a work profile is created on the device, the Miradore Client operates as the profile owner of the work data and has only limited control outside of the work profile. This means that our client is no longer the device administrator of the device and can't, for example, install Samsung KNOX/SAFE configuration profiles or wipe the device. It can, however, lock the device, install Wi-Fi networks, collect device location and enforce passcode policies like it normally would. The work profile can also be at any time removed from the device both by an administrator as well as the user.
How to enable Work Profile for legacy enrolled Android devices?
If you already managing an Android device in the device administrator mode, you can enable the work profile from the Management > Devices page using the Managed Google Play > Create account/Work profile action button.
How to set up the Work Profile on Android devices?
The following video explains what the Android work profile is and walks you through the easy enrollment process. You can also follow the written instructions below.
See also the article Enrollment Instructions for Android Users.
1. If the device is not yet managed with Miradore, go to Enrollment > Enroll device page on your Miradore site and choose the platform Android.
2. Select Light to enroll a device using the Work Profile mode.
3. Add a device user: enter the user's email address and choose Work profile. You can also choose to send the enrollment invitation via email and/or SMS to the user if needed.
The system generates credentials for enrollment. Read the QR code with the device or follow the steps to enroll in the Work profile. If you have chosen to send the invitation to the device user, the system sends the credentials to the device user.
The next pictures show how the enrollment process continues at the device end. First, the user must click the Enroll now button from the email. This will take him/her to the Google Play store. Next he/she clicks Install now and Install which starts the installation of the Miradore Client application.
Wait until the Miradore Online Client installation completes and click Open to open up the app. The app show will show a privacy closure explaining what data the app collects and what is it used for. The user must read the provided information carefully and give their consent for the data collection before continuing.
The next step is the device user needs to allow all permission requests from the Miradore app.
Please note that Miradore respects users' privacy and security. It is not possible for anyone to access the user's personal contacts, phone calls, text messages, instant messages, files, or photos through Miradore.
The actual creation of the Work Profile begins immediately after the Miradore client installation has been completed and the Client has successfully connected to your Miradore site for the first time.
The device user can see a round Miradore icon on the notification area when the client asks the user to approve the creation of the Work Profile.
Please note, that the device must be encrypted before proceeding. The encryption process may require that the device battery is charged up to 80% and the device is plugged in. When the encryption is complete, the managed profile creation continues.
Setting up Android Enterprise Work Profile takes a few minutes. Miradore app will show the Managed profile created screen to the device user when after the profile creation has been completed successfully.
After a successful Work profile setup, the Miradore client can be removed from the primary user profile running on the device. The uninstallation will be requested from the user automatically. After the client uninstallation, the setup is ready at the device end. The device user can recognize the Work Profile apps by the orange briefcase icon.
The Show device button becomes active in Miradore after the enrollment has been completed. You can open up the device form to see details about the device. You can follow the enrollment on the Device's Action log, and also on the Enrollment log page.
The default tag Profile owner is added for each device where the work profile has been successfully enabled. This helps to identify work profile devices in your Miradore site and can be used, for example, to create a separate business policy for work profile-enabled devices.
A Work profile can also be automatically enabled to the devices during the device administrator enrollment process. Just add a tag afw to the enrollment or user and the work profile is automatically installed to the Android device that is enrolled with the created credentials.
Please note that after a successful Work Profile enrollment, the "Profile owner" tag (not "afw") will be added to the device in Miradore.
Troubleshooting
If the device's Google Play store is older than the required version, it must be updated to ensure that managed Google play account can be created in the work profile. Play store should be updated automatically in the background, as long as the user has signed in to Google Play.
We have noted that sometimes on Android 6 devices the work profile creation fails because the Play Store version on those devices is out-of-date and the automatic updates are not working. You can try to resolve this issue by manually initiating the installation of Play Store updates. You can manually start the installation by tapping the Build number option in the Play Store's Settings.
More information
Have feedback on this article? Please share it with us!
Previous Article:
« Enroll an Android device in fully managed device mode using NFC
Next Article:
Enrolling company-owned devices (COPE) as Fully managed with work profile »