App Container

Device users typically want their personal data and work data on one device. This requirement presents a challenge for enterprises, which need to ensure that they:

  • fully protect work data and
  • don't run into any liability issues by accidentally interfering with a user’s personal data.

The Android Enterprise work profile is an app container that provides enterprises with a solution to securely isolate personal and work data on one device. Knox Platform for Enterprise extends this secure container by providing more granular management policies for Samsung devices.

NOTE— To take advantage of all the latest Knox features, we strongly recommend that you use Android Enterprise work profiles as secure app containers. Knox Workspace containers were deprecated with Knox 3.4.1 on Android 10, which debuted with the Note 10. However, older devices like the S10 that are upgraded to Knox 3.4.1 or higher still support the Knox Workspace containers until EOL.

Granular management policies

The Work profile provides IT admins with granular management policies to address the challenges of maintaining personal and work data on the same device.

Data transfer

With the isolation of work and personal data, a device user has access to two separate spaces. To increase productivity in certain situations, it is often necessary to share data between spaces. For example, while using a phone app in the personal space, it may be necessary to call a work contact saved in the secure work space. With the Work profile, IT admins have granular management policies to manage the import and export of data to and from the Work profile. This data can include apps, files, clipboard data, call logs, contacts, calendar events, bookmarks, notifications, shortcuts, and SMS.

Container-only control

For liability and productivity purposes, IT admins can't apply effective policies on a device with both personal and work data. The Work profile provides IT admins the ability to configure and control critical functionality for the container only. An IT admin can enable or disable the following exclusively for the container:

  • Bluetooth
  • NFC
  • USB access
  • External storage

Container configuration

With the isolation of work and personal data, the device user has access to two separate spaces. This dual access presents some challenges to quickly identifying and accessing work data.

To enhance usability, the Work profile provides an IT admin the ability to add work shortcuts to personal spaces so device users can quickly access work data. The Work profile also provides an IT admin with the ability to set custom resources like work badges on app icons, helping users quickly identify company work apps.

Password policy

An IT admin must ensure only authorized people have access to work data inside a container. The Work profile supports advanced authentication mechanisms to meet all enterprise needs.

An IT admin can enforce and configure:

  • Complex passwords or code schemes
  • Two-factor authentication
  • Active Directory authentication

Additionally, an IT admin can lock the container to restrict access. This restriction is necessary when a device is out of compliance, lost, or stolen.