Android enterprise

Android includes functionality that simplifies the integration of devices into your company environment and helps your users to separate personal and corporate data on their device. This is referred to as Android enterprise (formerly Android for Work).

Note Sophos Mobile supports Android enterprise for devices with Android 6 or higher.

Sophos Mobile supports the Android enterprise enrollment modes Device owner and Profile owner.

Device owner

When a device is enrolled in device owner mode, device ownership is assigned to Sophos Mobile. Sophos Mobile can monitor and manage settings, apps and data on the whole device.

Device owner mode differs from a standard enrollment as follows:

  • Users have a simplified enrollment experience.
  • Users don’t need to set up a personal Google account on the device.
  • Users can only install apps from managed Google Play, and you can configure the store layout.
  • Only a minimum set of apps is enabled by default: Google Play Store, Contacts, Messages, Phone.
  • You can install, uninstall or update apps without user interaction.
  • You can configure app permissions so that users are not asked to grant permissions at runtime.
  • For apps that support it, you can configure custom app settings.
  • You can reset the screen lock password. With standard enrollment, this is not possible for Android 7.0 or later.
  • You can configure a kiosk mode that restricts app usage to a selection of apps, not just a single app.
  • You can only enroll devices that have not been set up yet, or that have been reset to their factory settings.
  • There is no dedicated unenroll action. To unenroll a device, wipe it.

Profile owner

When a device is enrolled in profile owner mode, a work profile is created on the device. Sophos Mobile can only monitor and manage settings, apps and data within the work profile.

The profile owner mode is suitable for BYOD (bring your own device) scenarios.