Migrating from Device Admin (DA) to the Work Profile

Information about migrating from the legacy Device Admin to the Android Enterprise Work Profile, also called Profile Owner (PO) mode.

Google has announced that the legacy Device Admin will be deprecated for enterprise use, starting with the Android 10 Q release. This means that a number of Device Admin APIs will be removed from support over time. You should plan and implement the migration to Android Enterprise and Work Profile (Profile Owner) in advance to avoid disruption to your Android device base once Device Admin services are deprecated.
Note: Device Admin to Profile Owner migration is a one-time action initiated by administrators. Using device groups, administrators can migrate devices to Profile Owner in a controlled and phased manner, without disrupting business operations.

Impact of the migration on the Work Profile

The migration impacts the following features on the device:
  • A new Android Enterprise Work Profile will be created on the device after the migration process. If the migration is unsuccessful, the device will fall back to legacy Device Admin mode.
  • All first-party apps, such as Secure Mail, Browser, and SDK apps, will be removed from the supported OEM devices.
  • The Android MDM device policy that is applied on the device will be retained post-migration, but the policies in the Device Admin mode will be removed and Android Enterprise settings will be applied. This means that all existing corporate settings applied on the device, such as Wi-Fi, VPN, and email, will be removed. New corporate settings will be applied to the Work Profile based on the policies that are set up in the Android Enterprise policies section of the MDM policies.
  • All existing apps at the device level will be removed either automatically (for supported OEM devices) or users will be prompted for uninstallation so that apps can be re-applied to the Work Profile only.

Preparing for the migration to Android Enterprise

  • Make sure that you have set up Android Enterprise in the Setup > Services > Mobile Device Management > Enable Android Enterprise.
  • Ensure that the MaaS360 for Android app is updated to the latest version available on the Play Store and also ensure that your devices are running Android OS version 7.0 or later.
  • Make sure that devices support Native DPC (Device Policy Control).
  • Create a group of the devices you want to migrate. Once the migration is complete, the Container Type for migrated devices will be changed to Profile Owner in the Device Summary page in the MaaS360 portal. To monitor the migration progress and confirm the successful transition of devices to Profile Owner enrollment mode, you can set up an alert in the Alert Center.
  • Make sure that you copy the policy settings from the Device Admin section to the Android Enterprise policy section. After the migration, the devices will receive the new policies that you copied over to the Android Enterprise Settings section.
  • If your organization is using MaaS360 Docs, the documents that are stored locally in the Local Docs and My Docs section of the MaaS360 Docs app will not be automatically migrated. Contact IBM Support to use the Content Sync for Users feature where you can back up files in the Local Docs folder to the My Docs folder. If the Content Sync for Users feature is unavailable, use an alternate backup storage such as email messages.
  • If your organization is using the MaaS360 Browser, user-created favorites are not migrated.
  • To ensure that the migration process is successful, you must make sure that the device is not in one of the following modes:
    • Kiosk: Administrators must disable the Kiosk mode. To exit Kiosk mode, navigate to the Device view > More and then click Exit Kiosk mode.
    • Selective Wipe: Administrators must revoke the selective wipe. To revoke the selective wipe that is issued to the device, navigate to the Device view > More and then click Revoke selective wipe.