If you're an admin using advanced mobile management in your organization, what you can control on a user's Android device depends on the management app of the device. The management app is an agent, which gives your organization access to device information and settings.
In September 2019, Google rolled out a new Android management app called Android Device Policy. This app replaced the legacy Google Apps Device Policy, which is no longer supported. Android Device Policy offers new features and changes how some existing features behave. To switch to Android Device Policy, users must have an Android 6.0 Marshmallow or later device that supports a work profile.
Transitioning to Android Device Policy
How do I transition my organization's Android devices from Google Apps Device Policy to Android Device Policy?The transition process depends on how the device is set up:
Personal device with a work profile
Your organization's management privilege is Profile owner
On the device, the user removes their work profile and then adds their work account again. They're prompted to set up Android Device Policy.
Note: If the device doesn't support Android Device Policy, the user is prompted to set up Google Apps Device Policy app instead.
Personal device without a work profile
Your organization's management privilege is Device admin
On the device, the user takes the following steps:
- Open the Google Apps Device Policy app.
- Tap Unregister. The work account is removed from the device.
- Open the Settings app and tap Accounts.
- Add the work account again and set up Android Device Policy. During enrollment, the user must set up a work profile because it's required for Android Device Policy.
Note: If the device doesn't support Android Device Policy, the user is prompted to set up Google Apps Device Policy app instead.
Company-owned device or a personal device the users sets as work-only
Your organization's management privilege is Device owner
To trigger the switch, an admin must reset the device or, if allowed, the user. The user can then add the work account again and set up Android Device Policy. Note: If the device doesn't support Android Device Policy, the user is prompted to set up Google Apps Device Policy app instead.
To reset the device from the Admin console:
-
Sign in to your Google Admin console.
Sign in using your administrator account (does not end in @gmail.com).
-
Go to Menu DevicesOverview.
- Click Mobile devices.
- Point to the device and click MoreWipe Device.
If you allow users to reset their devices, the user can reset the device.
-
Sign in to your Google Admin console.
Sign in using your administrator account (does not end in @gmail.com).
-
Go to Menu DevicesOverview.
- Click Mobile devices.
- Click the row of the device that you want to view details for.
- Click Device security.
The device’s management is listed under User agent.
-
Sign in to your Google Admin console.
Sign in using your administrator account (does not end in @gmail.com).
- In the Admin console, go to Menu DevicesMobile & endpointsDevices.
- Click Add a filterselect OSenter Androidclick Apply.
- Click Add a filterselect Management levelselect Advancedclick Apply.
- To export the results, in the top-right corner, click Download device list.
- In download box, select All columns and Google Sheetsclick Download.
- To open your download, under Your Tasks, click Open in Google Sheets.
- In Google Sheets, filter the data by User Agent.
Installing Android Device Policy
How does a user install Android Device Policy?The device user doesn't need to install anything, but they will be prompted to set up a work profile on personal devices.
Android Device Policy is integrated directly into the operating system of the device, so it doesn't open as a separate app on the device. If needed, you can access the app in Google Play. On the device, tap Play Store and search for Android Device Policy.
Managing Android Device Policy
What happens when I wipe an account or device remotely?The data that's removed from a device depends on your organization's management privilege:
Device type |
Wipe device | Wipe account |
---|---|---|
Personal device with a work profile |
The user’s work profile is removed, which includes the work account and all apps and data associated with it. Personal data and apps remain on the device. |
Same as Wipe device |
Company-owned device (or a personal device the user sets as work only) |
The device is reset to its factory settings. All work and personal data is removed. |
The device is reset to its factory settings. All work and personal data is removed. Note: If the device is currently under basic mobile management but was previously under advanced mobile management, wiping the account isn’t supported and the only option is to wipe the device. |
No. Personal Android devices managed with advanced mobile management and set up as user-owned (user selects Use for work & personal during setup) must install a work profile to access work data.
Note: The user is required to create a work profile even when you deactivate work profile creation or make it optional (In the Admin console, go to DevicesMobile & endpointsSettingsAndroid settingsWork ProfileWork Profile Setup).
A work profile isn't required when users select Use for work only when they set up their personal device. However, the organization still manages the device and the user can't add personal accounts. If the account is wiped remotely, the device is reset to its factory settings and all data is removed.