Plan for Change: Moving to Android Management API and web enrollment for Android personally owned work profile

Originally posted by Microsoft Jan 26, 2025 Uncategorized 0 Comments

Later this year we are making two significant improvements for the management of Android personally owned work profile devices. These include a web-based enrollment process and a new implementation to deliver policies by moving to Google’s Android Management API. These updates are designed to modernize device management and improve the user enrollment flow.

For more details, review the blog: New policy implementation and web enrollment for Android personally owned work profile

How this will affect your organization:

The upcoming changes will impact the way Android personally owned work profile devices are managed within your organization:

  • New devices will automatically use web-based enrollment and the Android Management API upon release without any admin action.
  • Existing devices will need to be migrated to the Android Management API. A setting will be added in the Intune admin center for admins to easily migrate devices, along with reporting to show which devices need to be moved. Devices will automatically be migrated in calendar year 2026 if no action is taken. 
  • The Intune app and Android Device Policy app will install and users will see notifications on their device about the installation. Note: The Android Device Policy app will be hidden on the device and users will not be able to view or launch the app. 
  • If you are using username and password for Wi-Fi policies, after the device has been migrated, users will lose access to corporate Wi-Fi until they sign in again. We recommend using certificate authentication as a more secure method and minimize disruption to your users. 
  • The work profile settings ‘Display work contact caller-id in personal profile’ and ‘Search work contacts from personal profile’ will become one setting, if either are set to Block, Intune will automatically configure this to block for devices on the Android Management API. Once all devices are using the new API the user interface will be updated accordingly. 
  • Screen timeouts can be configured either for the device or for the work profile under ‘Maximum minutes of inactivity until work profile locks’. After devices are migrated it will only be configurable in the work profile setting. If you have configured the setting in both, it will use the lesser of the two. 
  • Devices on the Android Management API will not receive policies preventing users from using biometrics or trust agents to unlock their device. However, policies that prevent this at the work profile level will still be supported and should be used as an alternative if you have this configured at the device level.

What you need to do to prepare:

To ensure a smooth transition and the most streamlined experience for your users, we recommend as applicable:

  • Reviewing the changes listed and revising any relevant policy configurations
  • Update your IT admin documentation
  • Notify your users or helpdesk about the changes in experience

We will provide more specific timeframes and additional information in the coming months to give you adequate time to prepare. Stay tuned to the blog for more details and updates: New policy implementation and web enrollment for Android personally owned work profile

Message ID: MC988140

Comments are closed.

Joao Ferreira

I've been working with Microsoft Technologies over the last ten years, mainly focused on creating collaboration and productivity solutions that drive the adoption of Microsoft Modern Workplace.

%d bloggers like this: