Throughout this series, we’ve been putting focus on the different use cases that Android Enterprise supports with its various modes. So far, we’ve discussed the work profile and the fully dedicated device and how these deployment modes bring exceptional customer experiences from BYOD to rugged use cases. Now we are excited that through VMware Workspace ONE UEM, we are able to combine the best of both worlds and bring you corporate-owned personally-enabled (also known as COPE or work profile on a fully managed device).
Hello, COPE! Enabling Personal Use on a Corporate Device
Feedback we have heard in the past was that Android Enterprise needed middle ground. The work profile was great for BYOD while the fully managed device was a little too restrictive. Cue COPE. This brings together the work profile and the fully managed device to give IT the control that they need while giving end users the flexibility to install the apps of their choice. The end users still see the separation of work and personal with the work profile and IT admins get the ease of mind that corporate data on the device, even outside the work profile, is secure.
What Does COPE Look Like?
- For the end user – It looks similar to a device with just a work profile with the corporate apps badged with the work icon. However, to make sure the end user knows the device is fully managed, the lock screen has a message that reads, “This device is managed by your organization”. When it comes to apps, there will be two separate Google Play stores – one is managed Google Play with company-approved apps and the other is a public store where any app (like Facebook or Instagram) can be installed for personal use. Since the device is fully managed, it’s enrolled out of the box through one of the five methods (zero-touch enrollment, NFC bump, EMM identifier, QR code or Knox Mobile Enrollment).
- For the admin – There’s a simple toggle setting in the Workspace ONE UEM console so when enrolled, the device knows to enroll as COPE opposed to just fully managed. When configuring device policies, the admin has the ability to select if the policy or restriction applies to the work profile or the device side. For example, the admin can select to allow the user to screen capture when using the personal apps but prevent screen capture when using corporate apps in the work profile. Unlike a device with just the work profile, if the device is stolen or the user leaves the company it can be remotely factory reset to remove any data from the device or to be ready for the next user.
See what this looks like yourself in episode 6 of the Android Series:
COPE is available in Workspace ONE UEM 1810 and higher. For more information, visit My Workspace ONE for our product guides and announcements. If you haven’t seen our previous episodes, learn why it’s time to make the switch from device administrator to Android Enterprise in episode 1. As always, be sure to return to our blog for the latest on Android Enterprise and Workspace ONE!