![Full Logo.png]](https://help.devicie.com/hs-fs/hubfs/Full%20Logo.png?height=30&name=Full%20Logo.png){kind=small}
Android-Work Profile Enhanced
Overview
The Android-Work Profile Enhanced provides a strong baseline for organizations to uplift security for their staff owned / bring your own device (BYOD) Android devices.
Intune Description:
Enhanced configuration for a personally owned enterprise mobile device.
Policy Impact Areas:
When deployed, this policy will impact:
-
Block screen capture while using corporate apps
-
Enforcing work profile reset after 10 repeated failed sign-in attempts
Deployment Notes
-
Pre-Deployment Considerations:
-
Ensure Android Enterprise configuration has been set (refer to Devicie Android Enterprise documentation for guidance)
-
-
Post-Deployment Validation:
-
Attempt file transfer to and from the device
-
Verify lock screen timeout and password enforcement
-
Configuration Settings:
|
Name |
Value |
|
Work profile settings |
|
|
General Settings |
|
|
Copy and paste between work and personal profiles |
Block |
|
Data sharing between work and personal profiles |
Apps in work profile can handle sharing request from personal profile |
|
Work profile notifications while device locked |
Not configured |
|
Default app permissions |
Device default |
|
Contact sharing via Bluetooth. |
Enable |
|
Screen capture |
Block |
|
Display work contact caller-id in personal profile |
Not configured |
|
Search work contacts from personal profile |
Not configured |
|
Camera |
Not configured |
|
Allow widgets from work profile apps |
Enable |
|
These settings work for all Android OS versions and manufacturers. |
|
|
Require Work Profile Password |
Require |
|
Maximum minutes of inactivity until work profile locks |
5 minutes |
|
Number of sign-in failures before wiping the work profile |
10 |
|
Password expiration (days) |
|
|
Prevent reuse of previous passwords |
|
|
Face unlock |
Not configured |
|
Fingerprint unlock |
Not configured |
|
Iris unlock |
Not configured |
|
Smart Lock and other trust agents |
Not configured |
|
These settings work for devices running Android 12 or later. |
|
|
Work Profile Password Complexity |
None |
|
These settings work for devices running Android 11 or earlier. |
|
|
Required password type |
Numeric complex |
|
Minimum password length |
6 |
|
Password |
|
|
These settings work for all Android OS versions and manufacturers. |
|
|
Maximum minutes of inactivity until screen locks |
5 minutes |
|
Number of sign-in failures before wiping device |
10 |
|
Password expiration (days) |
|
|
Prevent reuse of previous passwords |
|
|
Fingerprint unlock |
Not configured |
|
Face unlock |
Not configured |
|
Iris unlock |
Not configured |
|
Smart Lock and other trust agents |
Not configured |
|
These settings work for devices running Android 12 or later. |
|
|
Password complexity |
None |
|
These settings work for devices running Android 11 or earlier. |
|
|
Required password type |
Numeric complex |
|
Minimum password length |
6 |
|
System security |
|
|
Threat scan on apps |
Require |
|
Prevent app installations from unknown sources in the personal profile |
Not configured |
|
Connectivity |
|
|
Always-on VPN |
Not configured |
|
Lockdown mode |
Not configured |
|
Devicie Template Name |
Android-Work Profile Enhanced |
|
Default Intune Deployed Name |
DEVICIE-PROD-Android-Work Profile Enhanced |
|
Template Last Updated |
Noc 18, 2024 |
|
Document Last Updated: |
Jun 17, 2025 |