Android Enterprise device enrollment restrictions for personally owned work profile devices
Before enrolling Android Enterprise personally owned work profile devices for the Android Enterprise security configuration framework, organizations must configure the appropriate restrictions. These restrictions ensure that users can only enroll
- approved devices.
- a specified number of devices.
- devices with specified platforms.
- devices with specified operating systems.
- devices from specified manufacturers.
For more information on device enrollment restrictions, see Set enrollment restrictions.
Personally owned work profile basic (level 1) security restrictions
For Android Enterprise personally owned work profile basic security (Level 1), the following device restrictions must be implemented:
| Type | Platform | Version | Allows personal devices |
|---|---|---|---|
| Android Enterprise | Allow | Android 8.0 and later. Microsoft recommends configuring the minimum Android major version to match the supported Android versions for Microsoft apps. OEMs and devices adhering to Android Enterprise recommended requirements must support the current shipping release + one letter upgrade. Currently, Android recommends Android 9.0 and later for knowledge workers. For more information, see Android Enterprise Recommended requirements. |
Yes |
| Android device administrator | Block | All versions | Yes |
Personally owned work profile high (level 3) security restrictions
For Android Enterprise personally owned work profile high security (Level 3), the following device restrictions should be implemented:
| Type | Platform | Version | Allows personal devices |
|---|---|---|---|
| Android Enterprise | Allow | Android 9.0 and later | Yes |
| Android device administrator | Block | All versions | Yes |
Fully managed security restrictions
Ensure the organization supports Android Enterprise fully managed device enrollment by reviewing Enroll the fully managed devices.
Conditional access policies
Organizations can use Azure AD Conditional Access policies to ensure that users can only access work or school content on enrolled Android devices. To do this, you will need a conditional access policy that targets all potential users. Details on creating this policy can be found in Require managed devices for cloud app access with Conditional Access.
Follow the steps in Scenario: Require device enrollment for iOS and Android devices, which ensures that only enrolled mobile devices that are compliant can connect to Microsoft 365 endpoints.
Next steps
Povratne informacije
Pošalјite i prikažite povratne informacije za