The era of remote working has ushered the need for exploring unique requirements around device management. Not all employees can be forcefully fit into either fully-managed or BYOD device management types. COPE- company owned personally enabled device management mode is an ideal fit for employees who want to leverage unlimited liberty in device usage while also having secure access to business resources.
Changes to Company-Owned Personally-Enabled (COPE) in Android 11
The new updates to Android 11 are going to transform the COPE use cases. These changes are introduced to make end-user privacy more robust than ever along with several functional updates. Let us have a look at the prime changes that can be expected to COPE and overall mobile device management for android with Android 11.
Previously, COPE device management was implemented by having a dedicated work profile and the provisioning was similar to a fully managed device with the exception that work apps and data were pushed into the work profile and the rest of the device could be left for personal use. The organization could apply policies, take full control over device operation, network settings and visibility. This is typically known as work profiles on fully managed devices (WPoFMD).
Android 11 is however bringing in a few changes to this in order to enhance the work profile experience.
The UX will remain the same for the end-users but will change for the IT admins. Whenever the device is managed under COPE, the provisioning can happen with methods such as Android Zero-touch or by scanning the QR code. The device will be flagged as corporate-owned but the settings will be exclusively applied to the work profile only, with the supported EMM solution provider.
The IT admins will clearly have lesser visibility of the devices since now the device is work profile managed and not managed in its entirety. Think BYOD style management for corporate-owned devices. The IT admins will not be able to access App installation reports, app lists, some device details, usage statistics since this will generate the app data of personal use and don’t fit into the Google user privacy compliance. Android 11 will truly make user privacy a priority for COPE.
A fully-managed device will not have a work profile and hence users will not be able to download apps on fully-managed devices, especially since it raises DLP concerns. But for organizations that do not have concerns around data, they can extend the capability for app download on fully managed devices. Android 11 updates can be deferred or delayed up to 90 days, subjective to your EMM solution provider.
The devices that were previously running on COPE can either migrate to enhanced COPE profile or move to fully managed. Inflating work profiles on fully managed devices will not be possible and it will be the responsibility of the EMM providers to build the capabilities to support the new changes in Android 11. OEMs however are expected to perform modifications to this but that’s something the future will tell us.
The Android 11 updates have been around for more than 4 months now and all said and done, the upgrade to the new COPE profile is totally worth it for organizations who truly don’t want to restrict their employees in fully managed profiles. Choosing the appropriate EMM provider to support the same is of course imperative.