Android’s unique work profile creates the best of both worlds – separating work and personal data so IT has the security it needs and users have the freedom to use the personal apps and services they want. Only the work data is managed, giving IT full control of corporate information and keeping employees’ photos, apps, and other personal data separate.
In Android Oreo, Google are now bringing work profiles to corporate-owned devices. Now, organizations can enable company devices for personal use with a work profile. While the organization still retains control of the device, work apps and data can be put in a work profile, keeping personal apps and data outside the profile.
This brings the benefits of the work profile to company-owned devices, such as removing the need for a complex device-wide passcode, and allowing employees to turn off work notifications when they’re away. The improved usability and clear separation makes this management mode ideal for corporate-owned, personally-enabled (COPE) deployments.
Get up and running in seconds
With zero-touch enrollment available in Android Oreo, organizations can deploy corporate-owned Android devices with enterprise mobility management settings pre-configured, so team members can start using their device right out of the box. Devices can be configured online and drop-shipped to employees who will have management enforced from the start.
With the work profile in Oreo, we’ve made it easier than ever for employees to set up their personal device for work, with 10x faster work profile setup. Google have even reduced the enrollment steps required so users can get their work profile set up with a single tap – no complicated instructions required.
Robust security that stops malware in its tracks
Google continue to invest in Android platform security, giving IT more advanced capabilities in managing their fleet of devices. With Project Treble in Oreo, we’re improving security by separating the underlying vendor implementation from the core Android framework. This modularization isolates each hardware abstraction layer (HAL) into its own process so each HAL only gets the hardware driver and kernel access it needs. This improves sandboxing and makes it harder for framework compromises to exploit the kernel.
Google are also enabling stricter enforcement of Google Play Protect, our always-on security service that scans for malware and blocks potentially harmful apps. Now, admins can block unknown or risky apps from being installed across the whole device, outside the work profile. Google are also providing new APIs to enable administrators to verify the security posture of their fleet including details on which apps are installed.
With the inclusion of secure password reset, it’s now easier for admins to securely help users recover from forgotten passwords on fully encrypted devices. Admins can also enable network logging for corporate-owned devices to record DNS lookups and TCP connections, helping companies detect suspicious network behavior or remotely debug problematic apps.
Improved privacy and transparency
It’s important for employees to have visibility into management policies, particularly when considering a device for personal use. To help employees stay informed, Google have made it easier to see management actions taken across the device, such as the installation of a new app or enforcement of a lock screen. Google have also improved notifications for connectivity changes, like always-on VPN and network logging.
These are just a few of the new and improved enterprise features in Android Oreo, with more updates coming soon. To learn more, check out the What’s new in Android 8.0 page