Back to top
Home / Knox Platform for Enterprise / Migrate to Android 11 / Device management modes /

Android policies in the personal profile

Last updated July 26th, 2023

As described in Device management modes, Android 11:

  • deprecates the fully managed device with a work profile, to protect user privacy on company devices that enable personal usage

  • provides a new work profile on company-owned device, which offers greater privacy to the end user and at the same time offer sufficient level of control to the IT admin to protect corporate assets

This page summarizes the Android policies that can and can’t be applied to the personal side of company-owned devices with Android 11. For complete details, see Google’s EMM migration guidelines > Appendix A and B (requires partner login).

For similar lists of the Knox policies that can and can’t be applied to the personal side, see Knox policies in the personal profile.

Android policies allowed

The following features are available to the work profile on company-owned devices.

Device Management

  • Wipe device
  • Set password complexity
  • Control system update policy
  • Disable screen capture
  • Block external storage
  • Block tethering
  • Block camera
  • Block cross profile data sharing

Networking

  • Data roaming controls
  • Block SMS usage
  • Block Bluetooth controls
  • Block Wi-fi configuration

App Management

  • Set allow list / block list of permissible apps
  • Suspend apps

Android policies not allowed

In order to protect end user privacy, the following features are not available to the work profile on company-owned devices.

Device Management

  • Block end user ability to factory reset
  • Disable keyguard
  • Reset password for the device
  • Set input methods
  • Enable or disable backup service
  • Disallow user from configuring user credentials

Networking

  • Configure personal side VPN
  • Configure always-on VPN on personal side
  • Set device-wide DNS configurations
  • Setting a Global Proxy
  • Add an override APN
  • Ability to block user from resetting network

App Management

  • Manage install apps on personal side
  • Control permissions on personal apps
  • Block clearing personal app data and caches
  • Ability to set default activity to handle intents
  • Ability to poll apps on personal side
  • App restrictions for personal apps
  • Grant privileged access to apps on the personal side (delegated scope)

Logging

  • Bug report request
  • Network logging

Key Store Management

  • View list of installed CA certificates
  • Install user CA on personal side
  • Install certificate chain and corresponding private key
  • Generate new public or private key pair
  • Associate certificates with key pairs

On this page

Is this page helpful?