To learn how to set up a work profile, see Create a work profile and enroll your device. Work apps are marked with a briefcase badge, while personal apps do not have a briefcase badge. Some screen readers and voice assistants identify work apps by saying "work" before the app name. After you've set up the work profile, you may see duplicate apps on your device.
For example, you could have two Outlook apps. Use the version that's marked with the briefcase for work-related tasks. For the best experience, always sign in to work apps with your work account, and sign in to personal apps with your personal account. The appearance of the briefcase can vary slightly from device to device. To see how it appears on other Android devices, see the examples at the bottom of this article. Once you've set up a work profile, your organization can automatically install work apps on your device.
The location of the work profile varies by device manufacturer and Android version. This section describes where to find the work profile in the app drawer and on the home screen. If you're using a custom launcher, work apps can appear in places other than the app drawer or home screen folder. Swipe up on the home screen or select Apps to access the app drawer. Work apps appear alongside your personal apps or within a Work tab in your app drawer.
Since the IT admin makes this decision, there's no way for you to know in advance which intents are allowed to cross this boundary. The IT admin sets this policy, and is free to change it at any time. Before your app starts an activity, you should verify that there is a suitable resolution.
You can verify that there is an acceptable resolution by calling Intent. If there is no way to resolve the intent, the method returns null.
If the method returns non-null, there is at least one way to resolve the intent, and it is safe to fire off the intent. In this case, the intent could be resolvable either because there is a handler on the current profile, or because the intent is allowed to cross to a handler on the other profile. For more information about resolving intents, see Common Intents. If the app cannot resolve the intent, it should take an appropriate action such as showing an error message. Sometimes an app needs to provide other apps with access to its own files.
For example, an image gallery app might want to share its images with image editors. A file URI begins with the file: prefix, followed by the absolute path of the file on the device's storage. However, because the work profile and the personal profile use separate storage areas, a file URI that is valid on one profile is not valid on the other.
This situation means that if you attach a file URI to an intent, and the intent is handled on the other profile, the handler is not able to access the file. Instead, you should share files with content URIs. Content URIs identify the file in a more secure, shareable fashion.
The content URI contains the file path, but also the authority that provides the file, and an ID number identifying the file. You can generate a content ID for any file by using a FileProvider. You can then share that content ID with other apps even on the other profile. The recipient can use the content ID to get access to the actual file.
When you call the getUriForFile method, you must include the file provider's authority in this example, "com. An app typically provides a NotificationListenerService subclass to receive callbacks from the system about changes to notifications. Devices with work profiles might affect how NotificationListenerService works with your app. You can't use a NotificationListenerService from an app running in the work profile.
When your app is running in a work profile, the system ignores your app's NotificationListenerService. However, apps running in the personal profile can listen for notifications. When your app runs in the personal profile, you might not get notifications for apps running in the work profile. By default, all personal profile apps receive callbacks but an IT admin can allowlist one or more personal profile apps that they allow to listen for notification changes.
The system then blocks non-allowlisted apps. In Android 8. Your app still receives callbacks about notifications posted in the personal profile. You should test your app in a work-profile environment to catch problems that would cause your app to fail on a device with work profiles. In particular, testing on a work-profile device is a good way to make sure that your app handles intents properly: not firing intents that can't be handled, not attaching URIs that don't work cross-profile, and so on.
We have provided a sample app, BasicManagedProfile , which you can use to set up a work profile on an Android device that runs Android 5. This app offers you a simple way to test your app in a work-profile environment. You can also use this app to configure the work profile as follows:. If you manually install an app over a USB cable to a device which has a work profile, the app is installed on both the personal and the work profile. Once you have installed the app, you can test the app under the following conditions:.
To run an app in the work profile, you would use a command like this:. Content and code samples on this page are subject to the licenses described in the Content License.
App Basics. Build your first app. App resources. Resource types. App manifest file. Device compatibility.
Multiple APK support. Tablets, large screens, and foldables. Build responsive UIs. Build for foldables. Getting started. Handling data. User input. Watch Face Studio. Health services. Creating watch faces. Android TV. Build TV Apps. Android Enterprise provides infrastructure for deploying app configuration values to apps that support them.
By specifying configuration values for work apps, you ensure they are properly set when users launch the app for the first time. Support for app configuration requires that app developers create their Android apps specifically to support managed configuration values. If they do, then you can use Intune to specify and apply these configuration settings.
For more information, see Add app configuration policies for managed Android devices. Instead, email configurations can be set by applying app configuration settings to email apps that support them.
Intune provides configuration templates for Gmail and Nine Work apps when managed as work apps. Other email apps that support app configuration profiles can be configured with mobile app configuration policies. If you are using Exchange ActiveSync Conditional Access for an Android Enterprise personally-owned or corporate-owned work profile device, consider using either the Gmail or Nine Work email app.
For more information, see How to configure email settings in Microsoft Intune. This console includes an option to make apps private to your organization. For more information, see Add a device compliance policy for Android Enterprise work profile devices in Intune. For general information about app protection policies, see What are app protection policies? The same VPN providers and basic configuration options are available for Android Enterprise management with two differences:.
Work profile-scoped VPN — VPN connections are limited to just the apps deployed to the personally-owned or corporate-owned work profile. If you are signing in for the first time, you must register and pay a fee to become a member of the Google Developer program. In the console, add new application.
For details, see Google's support doc: Publish Private apps. You upload and provide information about your app in the same way as you publish any app to the Google Play store. However, you must specifically add your organization using the Google Play Console. For details, see Google's support doc Publish to your own organization. Follow Google's support documentation to make the app available only to your organization. The app won't be available on the public Google Play store.
After you've published your app, sign in to the Managed Google Play store with the same account that you used to configure the connection between Intune and Android Enterprise.
In the Apps node of the store, verify that the app you've published is displayed. The app is automatically approved to be synchronized with Intune. Managed Google Play web links are installable and manageable just like other Android apps.
When installed on a device, they will appear in the user's app list alongside the other apps they have installed. When selected, they will launch in the device's browser. Web links pushed down from Managed Google Play will not open in the corporate context of Microsoft Edge if you have configured your Intune application protection policy setting Receive data from other apps to be Policy managed apps.
For related information, see Android app protection policy settings in Microsoft Intune. Web links will open with Microsoft Edge or any other browser app you choose to deploy. Be sure to deploy at least one browser app to devices in order for web links to be able to open properly.
However, all of the Display options available for web links full screen, standalone, and minimal UI will only work with the Chrome browser. Add an app Title , the web app URL , select how the app should be displayed, and select an app icon.
Web apps may take several minutes to become available to sync. If you have approved an app from the store and don't see it in the Apps workload, force an immediate sync as follows:. When the app is displayed in the App licenses node of the Apps workload pane, you can assign it just as you would assign any other app by assigning the app to groups of users. After you assign the app, it is installed or available for install on the devices of the users that you've targeted.
The user of the device is not asked to approve the installation. For more information about Android Enterprise personally-owned work profile devices, see Set up enrollment of Android Enterprise personally-owned work profile devices. Only apps that have been assigned will show up in the Managed Google Play store for an end user.
As such, this is a key step for the admin to take when setting up apps with Managed Google Play. Android Enterprise fully managed devices are corporate-owned devices associated with a single user and used exclusively for work and not personal use. Users on fully managed devices can get their available company apps from the Managed Google Play app on their device. By default, an Android Enterprise fully managed device will not allow employees to install any apps that are not approved by the organization.
Also, employees will not be able to remove any installed apps against policy.
0コメント