Skip Navigation
  1. BlackBerry Docs
  2. BlackBerry UEM 12.17
  3. Administration
  4. Managing Android devices
  5. What you can control on Android devices

What you can control on
Android
 devices

BlackBerry UEM
 provides all of the tools you need to control the features that
Android
 devices allow you to manage. It also includes features that allow you to give device users secure access to work resources without fully managing the device.
Control level
Description
Unmanaged devices
User privacy
 activations
You can activate a device on
BlackBerry UEM
 with the "
User privacy
" activation type to provide secure access to work resources without managing the device. This option is often used for BYOD devices.
These activations can allow users to access your network over VPN using
BlackBerry 2FA
, share files securely using
BlackBerry Workspaces
, and install
BlackBerry Dynamics
 apps such as
BlackBerry Work
 and
BlackBerry Access
 to access work email and your work intranet.
Managed devices with a work profile
Work and personal - user privacy
 (
Android Enterprise
) activations
Android Enterprise
 devices can be managed but allow for personal use by creating a work profile on the device that separates work and personal data. This option maintains privacy for user's personal data in the personal profile but lets you manage work data using commands and IT policy rules. You can manage work apps on the device, including
BlackBerry Dynamics
 apps.
You can wipe work data, but not personal data, from the device. Work and personal data are both protected using encryption and password authentication. This option is often used for corporate-owned, personally enabled (COPE) and BYOD devices.
Fully managed devices with a work profile
Work and personal - full control
 (
Android Enterprise
) activations
Android Enterprise
 devices can be fully managed but allow for some personal use by creating a work profile on the device that separates work and personal data but allows your organization to maintain full control over the device and wipe all data from the device. Some IT policy rules can be applied separately to the work and personal profiles. You can manage work apps on the device, including
BlackBerry Dynamics
 apps.
You can log SMS, MMS, and phone calls sent and received on the device (if it runs
Android
 10 or earlier). Work and personal data are both protected using encryption and password authentication. This option is often used for COPE devices.
Fully managed devices
Work space only
 (
Android Enterprise
) activations
Android Enterprise
 devices can be fully managed and have a work profile but no personal profile. This option lets you manage the entire device using commands and IT policy rules. You can manage work apps on the device, including
BlackBerry Dynamics
 apps.
You can log SMS, MMS, and phone calls sent and received on the device. All data on the device is protected using encryption and a method of authentication such as a password. This option is often used for corporate-owned, business only (COBO) devices.
Device administration
MDM controls
 activations
You can manage
Android
 9.x and earlier devices using commands and IT policy rules. A separate work space is not created on the device, and there is no added security for work data. To provide security for work data you can install
BlackBerry Dynamics
 apps.
This activation type is deprecated for
Android
 10 devices. For more information, visit https://support.blackberry.com/community to read article 48386.
You can use device groups and compliance profiles to manage what happens for devices activated with "
MDM controls
" activations that are updated to
Android
 10. For more information, see the Administration content.
Android Enterprise
 provides full support for managing
Android
 devices, including the following features:
  • Enforce password requirements
  • Control device capabilities using IT policies (for example, disable the camera or
    Bluetooth
    )
  • Enforce compliance rules
  • Create
    Wi-Fi
     and VPN connection profiles (with proxy)
  • Sync email, contacts, and calendar with devices
  • Send CA and client certificates to devices for authentication and S/MIME
  • Manage required and allowed public and internal apps
  • Locate and protect lost or stolen devices
Android Enterprise
 devices that are activated with
BlackBerry UEM
 also support additional controls available only for
Samsung Knox
 Platform for Enterprise devices and for
BlackBerry
 devices powered by
Android
.
BlackBerry UEM
 also supports devices with
Samsung Knox Workspace
 activations in addition to supporting
Samsung Knox
 Platform for Enterprise; however,
Samsung Knox
 activation types will be deprecated in a future release. For more information, visit https://support.blackberry.com/community to read article 54614.
Some features and
BlackBerry Dynamics
 apps are not available with all license levels. For more information about available licenses, see the Licensing content.