![Full Logo.png]](https://help.devicie.com/hs-fs/hubfs/Full%20Logo.png?height=30&name=Full%20Logo.png){kind=small}
Android-Work Profile High
Overview
The Android-Work Profile High provides a highly secure baseline for organizations to uplift security for their staff owned / bring your own device (BYOD) Android devices. It is recommended for devices used by specific users or groups who are uniquely high risk (for example, users who handle highly sensitive data where unauthorized disclosure causes considerable material loss to the organization)
Intune Description:
High security configuration for a personally owned enterprise mobile device.
Policy Impact Areas:
When deployed, this policy will impact:
-
Block copy and paste between work and personal profiles
-
Block lock screen notifications from corporate apps
-
Enforcing work profile reset after 5 repeated failed sign-in attempts
Deployment Notes
-
Pre-Deployment Considerations:
-
Ensure Android Enterprise configuration has been set (refer to Devicie Android Enterprise documentation for guidance)
-
-
Post-Deployment Validation:
-
Attempt file transfer to and from the device
-
Verify lock screen timeout and password enforcement
-
Configuration Settings:
|
Name |
Value |
|
Work profile settings |
|
|
General Settings |
|
|
Copy and paste between work and personal profiles |
Block |
|
Data sharing between work and personal profiles |
Apps in work profile can handle sharing request from personal profile |
|
Work profile notifications while device locked |
Block |
|
Default app permissions |
Device default |
|
Contact sharing via Bluetooth. |
Not configured |
|
Screen capture |
Block |
|
Display work contact caller-id in personal profile |
Not configured |
|
Search work contacts from personal profile |
Block |
|
Camera |
Not configured |
|
Allow widgets from work profile apps |
Not configured |
|
These settings work for all Android OS versions and manufacturers. |
|
|
Require Work Profile Password |
Require |
|
Maximum minutes of inactivity until work profile locks |
5 minutes |
|
Number of sign-in failures before wiping the work profile |
5 |
|
Password expiration (days) |
365 |
|
Prevent reuse of previous passwords |
5 |
|
Face unlock |
Not configured |
|
Fingerprint unlock |
Not configured |
|
Iris unlock |
Not configured |
|
Smart Lock and other trust agents |
Block |
|
These settings work for devices running Android 12 or later. |
|
|
Work Profile Password Complexity |
None |
|
These settings work for devices running Android 11 or earlier. |
|
|
Required password type |
Numeric complex |
|
Minimum password length |
6 |
|
Password |
|
|
These settings work for all Android OS versions and manufacturers. |
|
|
Maximum minutes of inactivity until screen locks |
5 minutes |
|
Number of sign-in failures before wiping device |
5 |
|
Password expiration (days) |
365 |
|
Prevent reuse of previous passwords |
5 |
|
Fingerprint unlock |
Not configured |
|
Face unlock |
Not configured |
|
Iris unlock |
Not configured |
|
Smart Lock and other trust agents |
Not configured |
|
These settings work for devices running Android 12 or later. |
|
|
Password complexity |
None |
|
These settings work for devices running Android 11 or earlier. |
|
|
Required password type |
Numeric complex |
|
Minimum password length |
6 |
|
System security |
|
|
Threat scan on apps |
Require |
|
Prevent app installations from unknown sources in the personal profile |
Block |
|
Connectivity |
|
|
Always-on VPN |
Not configured |
|
Lockdown mode |
Not configured |
|
Devicie Template Name |
Android-Work Profile High |
|
Default Intune Deployed Name |
DEVICIE-PROD-Android-Work Profile High |
|
Template Last Updated |
Nov 18, 2024 |
|
Document Last Updated: |
Jun 17, 2025 |