Activation types: Android devices
Android
devicesFor
Android
devices, you can select multiple activation types and rank them to ensure that BlackBerry UEM
assigns the most appropriate activation type for the device. For example, if you rank Work and personal - user privacy
(Samsung Knox
) first and Work and personal - user privacy
(Android Enterprise
) second, devices that support Samsung Knox Workspace
receive the first activation type and devices that don't support Samsung Knox Workspace
receive the second.Android Management devices
Android Management
devicesBefore activating devices with
Android Management
activation types, review the Considerations for Android Management activation types.Activation type | Description |
---|---|
Work and personal - user privacy (Android Management with work profile) | This activation type maintains privacy for personal data but allows you to manage work data using commands and IT policy rules. A work profile is created on the device that separates work and personal data. Work and personal data are both protected using encryption and password authentication. |
Work and personal - full control (Android Management fully managed device with work profile) | This activation type allows you to manage the entire device using commands and IT policy rules. A work profile is created on the device that separates work and personal data. Data in the work space is protected using encryption and a method of authentication such as a password, PIN, pattern, or fingerprint. This activation type supports logging of device activity (SMS, MMS, and phone calls) in UEM log files.Following activation, Work and personal - full control devices have only a limited set of the standard pre-installed apps, such as Camera, Phone, and Settings, in the personal space. The list of retained pre-installed apps depends on the device vendor and OS version.This activation type requires the device to be reset to factory default settings before it is activated. If the BlackBerry UEM Client is deleted or the work profile is removed from the device, it is automatically reset to factory default settings. |
Work space only (Android Management fully managed device) | This activation type allows you to manage the entire device using commands and IT policy rules. This activation type requires the user to reset the device to factory settings before activating. The activation process installs a work profile and no personal profile. The user must create a password to access the device. All data on the device is protected using encryption and a method of authentication such as a password. During activation, the device installs the UEM Client automatically and grants it Administrator permissions. Users cannot revoke the Administrator permissions or uninstall the app.Following activation, Work space only devices have only a limited set of the standard pre-installed apps, such as Camera, Phone, and Settings, plus any apps you have assigned with a required disposition. The list of retained pre-installed apps depends on the device vendor and OS version.This activation type requires the device to be reset to factory default settings before it is activated. If the UEM Client is deleted or the work profile is removed from the device, it is automatically reset to factory default settings. |
Android Enterprise devices
Android Enterprise
devicesActivation type | Description |
---|---|
Work and personal - user privacy (Android Enterprise with work profile) | This activation type maintains privacy for personal data but allows you to manage work data using commands and IT policy rules. A work profile is created on the device that separates work and personal data. Work and personal data are both protected using encryption and password authentication. To allow Google
Play app management for Android Enterprise devices, select "Add Google Play to the workspace" in the activation profile (enabled by default). If the device does not have access to Google
Play , the user must download the latest UEM Client from a different source. To download the .apk file of the latest UEM Client , see KB 42607.To enable BlackBerry Secure Connect Plus and Knox Platform for Enterprise support, you must select the "When activating Android Enterprise devices, enable premium UEM functionality such as BlackBerry Secure Connect Plus" option in the activation profile.Users do not have to grant Administrator permissions to the UEM Client . |
Work and personal - full control (Android Enterprise fully managed device with work profile) | This activation type allows you to manage the entire device using commands and IT policy rules. A work profile is created on the device that separates work and personal data. Data in the work space is protected using encryption and a method of authentication such as a password, PIN, pattern, or fingerprint. This activation type supports logging of device activity (SMS, MMS, and phone calls) in UEM log files.To allow Google
Play app management for Android Enterprise devices, select "Add Google Play account to the work space" in the activation profile (enabled by default).Following activation, Work and personal - full control devices have only a limited set of the standard pre-installed apps, such as Camera, Phone, and Settings, in the personal space. The list of retained pre-installed apps depends on the device vendor and OS version.To enable BlackBerry Secure Connect Plus and Knox Platform for Enterprise support, you must select the "When activating Android Enterprise devices, enable premium UEM functionality such as BlackBerry Secure Connect Plus" option in the activation profile.To specify whether UEM can limit activation by device ID, select "Allow only approved device IDs" in the activation profile.This activation type requires the device to be reset to factory default settings before it is activated. If the UEM Client is deleted or the work profile is removed from the device, it is automatically reset to factory default settings.During activation users must grant Administrator permissions to the UEM Client . |
Work space only (Android Enterprise fully managed device) | This activation type allows you to manage the entire device using commands and IT policy rules. It requires the user to reset the device to factory settings before activation. The activation process installs a work profile and no personal profile. The user must create a password to access the device. All data on the device is protected using encryption and a method of authentication such as a password. To allow Google
Play app management for Android Enterprise devices, select "Add Google Play to the workspace" in the activation profile (enabled by default). If the device does not have access to Google
Play , the user can download the UEM Client using an .apk file of the app. You can configure and include a QR Code that contains the location of the UEM Client source file in the activation email message that you send to users. When a user scans the QR Code code, the UEM Client automatically downloads.To configure and include a QR Code in the activation email message, you must select the “Allow QR codes for device activation” check box in the Activation defaults page (Settings > General settings > Activation defaults). You must also select the “Allow QR code to contain location of UEM Client app source file” check box and specify the location of the UEM Client app source file. To get the .apk file of the latest version of the UEM Client , see KB 42607.During activation, the device installs the UEM Client automatically and grants it Administrator permissions. Users cannot revoke the Administrator permissions or uninstall the app.Following activation, Work space only devices have only a limited set of the standard pre-installed apps, such as Camera, Phone, and Settings, plus any apps you have assigned with a required disposition. The list of retained pre-installed apps depends on the device vendor and OS version.To enable BlackBerry Secure Connect Plus and Knox Platform for Enterprise support, you must select the "When activating Android Enterprise devices, enable premium UEM functionality such as BlackBerry Secure Connect Plus" option in the activation profile.To specify whether UEM can limit activation by device ID, select "Allow only approved device IDs" in the activation profile.This activation type requires the device to be reset to factory default settings before it is activated. If the UEM Client is deleted or the work profile is removed from the device, it is automatically reset to factory default settings. |
Android devices without a work profile
Android
devices without a work profileThe following activation types apply to all
Android
devices.Activation type | Description |
---|---|
User privacy | You can use the User privacy activation type to provide basic control of devices, including work app management, while making sure that users' personal data remains private. A separate container is not created on the device. To provide security for work data you can install BlackBerry
Dynamics apps. Devices activated with User privacy can use services such as Find my Phone and Root Detection, but administrators cannot control device policies.You can also use the User privacy activation type to activate Chrome OS devices so that you can install and manage Android BlackBerry
Dynamics apps. |
Device registration for BlackBerry 2FA only | This activation type supports the BlackBerry 2FA solution for devices that UEM does not manage. This activation type does not provide any device management or controls, but it allows devices to use the BlackBerry 2FA feature. To use this activation type, you must also assign the BlackBerry 2FA profile to users.When a device is activated, you can view limited device information in the management console, and you can deactivate the device using a command. This activation type is supported only for Microsoft Active
Directory users.For more information, see the BlackBerry 2FA content. |
Samsung Knox Workspace devices
Samsung Knox Workspace
devicesSamsung Knox
activation types will be deprecated in a future release. Devices that support Knox Platform for Enterprise
can be activated using the Android Enterprise
activation types. For more information, see KB 54614.Activation type | Description |
---|---|
Work and personal - user privacy - (Samsung Knox ) | This activation type maintains privacy for personal data but allows you to manage work data using commands and IT policy rules. This activation type does not support the Knox MDM IT policy rules. A separate work space is created on the device, and the user must create a password to access the work space. Data in the work space is protected using encryption and a method of authentication such as a password, PIN, pattern, or fingerprint. The user must also create a screen lock password to protect the entire device and will not be able to use USB debugging mode.During activation, users must grant Administrator permissions to the UEM Client . |
Work and personal - full control (Samsung Knox ) | This activation type allows you to manage the entire device using commands and the Knox MDM and Knox Workspace IT policy rules. A separate work space is created on the device and the user must create a password to access the work space. Data in the work space is protected using encryption and a method of authentication such as a password, PIN, pattern, or fingerprint.During activation users must grant Administrator permissions to the UEM Client . |
Work space only - (Samsung Knox ) | This activation type allows you to manage the entire device using commands and the Knox MDM and Knox Workspace IT policy rules. This activation type removes the personal space and installs a work space. The user must create a password to access the device. All data on the device is protected using encryption and a method of authentication such as a password, PIN, pattern, or fingerprint. This activation type supports logging of device activity (SMS, MMS, and phone calls) in UEM log files.During activation, users must grant Administrator permissions to the UEM Client . |