Full device management offers comprehensive device and app management capabilities for company-owned devices. This option gives you granular control over device data and security, and access to Android's full suite of app management features.
For example, with full device management you can set the minimum password requirements on a device, remotely wipe and lock a device, and set default responses to app permission requests. You also have full control over the apps on a device, including the ability to remotely install and remove apps.
What features do fully managed devices support?
Standard features
All EMM providers offering full device management support the following standard features:
Device setup
Feature |
Description |
EMM token |
Enter a token provided by your EMM to trigger full device management setup. |
NFC |
Push setup details to a device via an NFC bump. |
Device security
Feature |
Description |
Set lock screen restrictions |
Set and enforce the type of passcode (e.g. PIN/pattern/password) required to unlock a device. |
Wipe and lock work data |
Remotely lock and wipe a device. |
Automatic compliance enforcement |
Automatically restrict access to data and apps on devices that aren't in compliance with security policies. |
Configure Smart Lock settings |
Enable or disable specific Smart Lock methods, such as trusted bluetooth devices, face recognition, or voice recognition. |
Access security logs |
View and export security logs for a given device and time window. |
App management
EMM providers support Android app management through an enterprise version of Google Play, called managed Google Play. With an EMM, you can create managed Google Play Accounts* for your users. These accounts enable app distribution to their fully managed devices.
Feature |
Description |
View and manage your app catalog |
View a list of purchased apps, approved apps, and private apps. |
Distribute apps silently |
Silently install apps on a device without any user interaction. |
Download apps from the managed Play app |
Users can install and update apps approved for them through the managed Google Play app on their device. |
Set managed configurations |
Configure work apps for individual users or devices. |
Customize users' managed Play app |
Customize the app store layout displayed in the managed Google Play app on a device. |
Support Google-hosted private apps |
Publish Google-hosted private apps from the EMM's console and distribute them to devices. |
Support externally hosted private apps |
Publish externally hosted private apps from the EMM's console and distribute them to devices. |
Disable app installs from locations other than Google Play |
App installations from locations other than Google Play and OEM-approved sources are disabled by default. |
*For organizations with G Suite or Cloud Identity, users can access managed Google Play with their G Suite or Cloud Identity account.
Device management
Feature |
Description |
Set default runtime permission policies |
Set the default response (prompt, allow, or deny) to all runtime permission requests from apps. |
Set specific runtime permission policies |
Set the default response (prompt, allow, or deny) to specific runtime permission requests from apps. |
Block modification of Wi-Fi settings |
Prevent users from creating new Wi-Fi configurations or modifying existing ones. |
Control access to input methods |
Configure the input methods (e.g. keyboards) that a user can configure on their device. |
Control access to accessibility services |
Configure the accessibility services that can be enabled on a device. |
Set location sharing preferences |
Configure device location sharing settings (e.g. high accuracy, battery-saving, sensors only, off) for apps. |
Block users from uninstalling apps |
Prevent users from uninstalling apps or modifying apps through Settings. |
Disable screen captures and Circle to Search |
Prevent users from taking screenshots or using Circle to Search. |
Disable camera |
Prevent apps from using device cameras. |
Retrieve network statistics |
Retrieve network usage statistics for a device. |
Remote reboot |
Remotely reboot a device. |
Manage system network radio settings |
Control system network radio settings and usage policies. |
Manage system audio settings |
Control device audio features. |
Manage system clock settings |
Control device clock and timezone settings. Prevent users from modifying automatic device settings. |
Device usability
Feature |
Description |
Set default apps for specific activities |
Set the default app for specific activities. For example, choose the default browser for opening web links. |
Customize device setup UI |
Set the color, logo, and terms and conditions displayed during device setup. |
Customize device UI |
Customize devices with corporate branding. |
Customize lock screen message |
Set a message to display on a device's lock screen. |
Set custom help text |
Specify help text shown to a user when they attempt to modify managed settings on a device. |
Schedule over-the-air (OTA) system updates |
Postpone OTA system updates for up to 30 days and set up regular maintenance windows for updates. |
Retrieve MAC addresses |
Remotely retrieve device MAC addresses. |
Advanced features
In addition to the standard features above, all Android Enterprise Recommended EMM providers offering full device management support the following advanced features:
Device setup
Device security
Feature |
Description |
Set advanced lock screen restrictions |
Set and enforce the quality, length, and complexity of the passcode required to unlock a device. |
Check device integrity |
Validate device integrity to help determine whether a device has been tampered with or otherwise modified. Set up automated rules (e.g. wipe corporate data) if validation fails. |
Google Play Protect enforcement |
Google Play Protect's Verify Apps feature is enabled by default and scans apps for malware before and after installation. |
Block external data transfers |
Lock down bluetooth and hardware elements (e.g. Quickshare, NFC beam, external media, USB storage) to prevent users from sharing or transferring work data. |
App management
Feature |
Description |
Managed Google Play in EMM's console |
Access managed Google Play directly through the EMM's console to search for, approve, and manage work apps. |
Device management
Feature |
Description |
Configure Wi-Fi settings |
Remotely deploy Wi-Fi login settings (SSID, password) to a device. |
Configure certificate-authenticated Wi-Fi |
Remotely deploy Wi-Fi settings to a device that include identity, certificates for client authorization, and CA certificates. |
Manage eSIMs |
Remotely add, remove and provision eSIMs. |
Restrict access to authorized accounts |
Ensure that only authorized corporate accounts can interact with corporate data by preventing users from adding or modifying accounts. |
Manage certificates |
Deploy identity certificates and certificate authorities to a device to enable access to corporate resources. |
Manage advanced certificate details |
Select certificates for specific apps, remove CAs and identity certs from an active device, and prevent users from modifying credentials in the managed keystore. |
Enable Always On VPN |
Enable Always On VPN for specific apps to ensure they always go through a configured VPN. |
Restrict factory-reset privileges |
Specify the account(s) authorized to factory reset a device. |
Manage 3rd party certificates |
Distribute a 3rd-party certificate management app to a device and grant the app privileged access to install certificates in the managed keystore.
|
Enforce approved credential managers |
Prevent backing up work credentials and passwords to an unapproved credential manager. Use of credential managers is blocked if no approved credential manager is set. |
Device usability
Feature |
Description |
Customize lock screen features |
Control the features a user can access before unlocking the device. |
Which Android devices are supported?
Android Marshmallow (6.0) and later devices.
Which EMM providers support full device management?
EMM providers that support full device management are listed in the Android Enterprise Solutions Directory.