What you can control on Android devices Skip Navigation

What you can control on
Android
devices

BlackBerry UEM
provides all of the tools you need to control the features that
Android
devices allow you to manage. It also includes features that allow you to give device users secure access to work resources without fully managing the device.
Control level
Description
Unmanaged devices
User privacy
activations
You can activate a device on
BlackBerry UEM
with the "
User privacy
" activation type to provide secure access to work resources without managing the device. This option is often used for BYOD devices.
These activations can allow users to access your network over VPN using
BlackBerry 2FA
, share files securely using
BlackBerry Workspaces
, and install
BlackBerry Dynamics
apps such as
BlackBerry Work
and
BlackBerry Access
to access work email and your work intranet.
Managed devices with a work profile
Work and personal - user privacy
(
Android Enterprise
) activations
Android Enterprise
devices can be managed but allow for personal use by creating a work profile on the device that separates work and personal data. This option maintains privacy for user's personal data in the personal profile but lets you manage work data using commands and IT policy rules. You can manage work apps on the device, including
BlackBerry Dynamics
apps.
You can wipe work data, but not personal data, from the device. Work and personal data are both protected using encryption and password authentication. This option is often used for corporate-owned, personally enabled (COPE) and BYOD devices.
Fully managed devices with a work profile
Work and personal - full control
(
Android Enterprise
) activations
Android Enterprise
devices can be fully managed but allow for some personal use by creating a work profile on the device that separates work and personal data but allows your organization to maintain full control over the device and wipe all data from the device. Some IT policy rules can be applied separately to the work and personal profiles. You can manage work apps on the device, including
BlackBerry Dynamics
apps.
You can log SMS, MMS, and phone calls sent and received on the device (if it runs
Android
10 or earlier). Work and personal data are both protected using encryption and password authentication. This option is often used for COPE devices.
Fully managed devices
Work space only
(
Android Enterprise
) activations
Android Enterprise
devices can be fully managed and have a work profile but no personal profile. This option lets you manage the entire device using commands and IT policy rules. You can manage work apps on the device, including
BlackBerry Dynamics
apps.
You can log SMS, MMS, and phone calls sent and received on the device. All data on the device is protected using encryption and a method of authentication such as a password. This option is often used for corporate-owned, business only (COBO) devices.
Device administration
MDM controls
activations
You can manage
Android
9.x and earlier devices using commands and IT policy rules. A separate work space is not created on the device, and there is no added security for work data. To provide security for work data you can install
BlackBerry Dynamics
apps.
This activation type is deprecated for
Android
10 devices. For more information, visit https://support.blackberry.com/community to read article 48386.
You can use device groups and compliance profiles to manage what happens for devices activated with "
MDM controls
" activations that are updated to
Android
10. For more information, see the Administration content.
Android Enterprise
provides full support for managing
Android
devices, including the following features:
  • Enforce password requirements
  • Control device capabilities using IT policies (for example, disable the camera or
    Bluetooth
    )
  • Enforce compliance rules
  • Create
    Wi-Fi
    and VPN connection profiles (with proxy)
  • Sync email, contacts, and calendar with devices
  • Send CA and client certificates to devices for authentication and S/MIME
  • Manage required and allowed public and internal apps
  • Locate and protect lost or stolen devices
Android Enterprise
devices that are activated with
BlackBerry UEM
also support additional controls available only for
Samsung Knox
Platform for Enterprise devices and for
BlackBerry
devices powered by
Android
.
BlackBerry UEM
also supports devices with
Samsung Knox Workspace
activations in addition to supporting
Samsung Knox
Platform for Enterprise; however,
Samsung Knox
activation types will be deprecated in a future release. For more information, visit https://support.blackberry.com/community to read article 54614.
Some features and
BlackBerry Dynamics
apps are not available with all license levels. For more information about available licenses, see the Licensing content.