Android Device Compatibility

This documentation describes the various Android Enterprise device modes and Jamf security services compatibility with these modes. The information below applies to all of the Jamf security services: Jamf Private Access, Jamf Threat Defense, and Jamf Data Policy.

Android Enterprise is a Google-led initiative to enable the use of Android devices and apps in the workplace. The program offers APIs and other tools for developers to integrate support for Android into their unified endpoint management (UEM) solutions. For more information, see Google's Android Enterprise Overview.

Full Device Management

Full management for work-only company-owned devices

Corporate-owned devices that are intended exclusively for work purposes. These are devices that can be fully managed by an organization, including implementing device-wide controls, and visibility of apps and data.

This is often called COBO (Corporate-Owned Business-Only).

Dedicated device management

Corporate-owned devices that have a specific purpose (for example, kiosks). These are fully managed devices that are typically restricted to a limited set of functionality and apps.

This is also known as COSU (Corporate-Owned Single Use).

Compatibility matrix
Vectoring MethodsCompatibility Across the Whole Device

VPN and DNS

Yes

Proxy

Samsung Knox only

Work Profile Management

Work profile for mixed-use company-owned devices

Similar to the BYOD mode but aimed to support corporate-owned devices, the work and personal profiles are separated but organizations can enforce some device-wide policies, such as Wi-Fi settings, blocking USB transfers, and so on. An organization can only view and control apps and data on the work profile, and cannot access or view anything on the personal profile.

This mode is an alternative for Corporate-Owned Personally Enabled (COPE) mode, which was deprecated for devices running Android 11 and later.

Work profiles for employee-owned devices (BYOD)

These devices are set up with a work profile which is a dedicated space on the device. An employee can use their own device and have their personal and work apps and data separated. An organization only has control over the work profile and cannot access or view anything on the personal (parent) profile.

This is also known as Bring Your Own Device (BYOD).

Compatibility matrix
Vectoring MethodsNetwork traffic and Jamf Trust present inside the work profileNetwork traffic and Jamf Trust present outside of the work profile

VPN and DNS

Yes

No

Jamf security services can be deployed on the personal profile, but this will not be manageable via a UEM and will be at the discretion of the user.

This second deployment would be shown as a separate device record within RADAR.

Proxy

No

Unmanaged, Non-Android Enterprise Devices

Devices that are not set up as Android Enterprise devices can still be enrolled with Jamf security services via more manual deployment methods.

The recommended method for non-Android Enterprise devices is to use Activation Profiles with an Identity Provider integration to allow your users to active their devices via single sign-on. Alternatively, a user can click on an Activation Profile's Shareable Link.

Compatibility Matrix
Vectoring MethodsCompatibility Across the Whole Device

VPN and DNS

Yes

Proxy

Samsung Knox only