Migrating from Device Admin (DA) to the Work Profile

Information about migrating from the legacy Device Admin to the Android Enterprise Work Profile, also called Profile Owner (PO) mode.

Google announced the deprecation of the legacy Device Admin for enterprise use effective with the Android 10 Q release. As a part of this deprecation, a number of Device Admin APIs will be removed from support over time. You should move to Android Enterprise and plan the migration to the Work Profile (Profile Owner) in advance so that the deprecation of services does not impact your Android device base.

Impact of the migration on the Work Profile

The migration impacts the following features on the device:
  • A new Android Enterprise Work Profile is created on the device after the migration process. The device falls back to the legacy Device Admin mode if the migration is unsuccessful.
  • All first party apps such as Secure Mail, Browser, and SDK apps are removed from supported OEM devices such as Samsung, LG, Panasonic, Zebra, Kyocera, Bluebird, and Honeywell.
  • The Android MDM device policy that is applied on the device is retained post migration, however the policies in the Device Admin mode (Device Settings/Advanced settings) are removed and Android Enterprise settings are applied. As a result, the existing corporate settings applied on the device such as Wifi, VPN, and email are removed. New corporate settings are applied to the Work Profile based on the policies that are set up in the Android Enterprise policies section of the MDM policies.
  • All existing apps at the device level are removed either automatically (for supported OEM devices) or users are prompted for uninstallation so that apps can be re-applied to the Work Profile only. However, apps must be approved for Android Enterprise on Managed Google Play. If a warning icon is displayed in the App Catalog for the app, click the warning icon to approve the app for Android Enterprise.

Preparing for the migration to Android Enterprise

  • Make sure that you set up the Android Enterprise settings at Setup > Services > Enable Android Enterprise Solution Set.
  • Make sure that the MaaS360 for Android agent version is upgraded to 6.50 or later and Android OS version is 5.1 and later. You should use Android agent 6.70 and later to track the status of the migration.
  • Make sure that devices support Native DPC (Device Policy Control).
  • Create a group of devices that you want to migrate. These devices use the Manual enrollment mode. When the enrollment mode switches to Profile Owner, migration is complete. You can add an alert in the Alert Center to monitor these devices.
  • Make sure that the Device Settings and the Advanced Setting policies for these devices are copied over to the Android Enterprise policy section for corresponding policies. Devices receive the new policies that you copied over to the Android Enterprise Settings section.
  • Make a list of all the apps that must be pushed to devices including the apps that you previously distributed to the group. Make sure that these apps are approved for Android Enterprise. Use the Customize column to view the status: Is Approved App = Yes.
  • If your organization is using MaaS360 Docs, the documents that are stored locally in the Local Docs and My Docs section of the MaaS360 Docs app are not automatically migrated. Contact IBM Support to use the Content Sync for Users feature where you can back up files in the Local Docs folder to the My Docs folder. If the Content Sync for Users feature is unavailable, use an alternate backup storage such as email messages.
  • If your organization is using the MaaS360 Browser, user created favorites are not migrated.
  • Administrators must make sure that the device is not in one of the following modes for the migration process to succeed:
    • Kiosk: Administrators must disable the Kiosk mode. To exit Kiosk mode, navigate to the Device view > More and then click Exit Kiosk mode.
    • Selective Wipe: Administrators must revoke the selective wipe. To revoke the selective wipe that is issued to the device, navigate to the Device view > More and then click Revoke selective wipe.