Hassle free app management with Android Enterprise & Hexnode
Enterprise app management is now simpler than ever with Android enterprise and Hexnode
To keep up with the pace of the evolving device management landscape, Hexnode UEM is expanding its support for the increasingly popular Android WPCO (Work Profile on Company-Owned devices) enrollment mode. Android WPCO is a specialized Android Enterprise enrollment mode that allows businesses to deploy and manage company-owned devices, in a way that respects user privacy, while maintaining robust security controls. As employees often use company-owned devices for both professional and personal activities, WPCO provides a smart solution for ensuring corporate security without compromising user privacy. This approach provides a dedicated work profile within the device that keeps personal and work data securely separated.
WPCO – Breaking down the essentials
With Android WPCO, the device has two distinct areas: a work profile for corporate apps and data and a personal profile for the employee’s own apps and information. This separation ensures that work data stays protected within the work profile, while personal data remains private and accessible only to the user. The IT team can enforce security policies and manage work apps without accessing or controlling personal apps and data, giving employees peace of mind when using their company device for personal tasks.
Key features of WPCO
- Data isolation: WPCO keeps corporate data and personal data in separate profiles. Work data is confined to the work profile, allowing for enhanced protection and clear boundaries between work and personal spaces.
- App management: IT administrators can remotely deploy and manage business apps in the work profile without affecting personal apps. Employees still have full control over the apps in their personal profile, allowing them to install or delete personal apps freely.
- Security controls: WPCO offers built-in security features that give organizations control over the work profile, including setting password requirements, enabling remote data wipes, and enforcing other security policies.
Android WPCO can be looked upon as a hybrid of the Profile Owner and Device Owner modes that Hexnode already supports.
- Device owner: It is a management setup for company-owned Android devices, giving IT full control to enforce policies, manage apps, and secure the device. Device owner mode is ideal for dedicated work use, such as kiosks or single-purpose business devices, as it restricts personal usage and maximizes security.
- Profile owner: It is an Android Enterprise mode primarily used for managing a work profile on a device, often in BYOD (Bring Your Own Device) setups. In this mode, IT administrators control only the work profile, allowing them to enforce corporate policies, manage work apps, and secure work data without affecting the user’s personal apps and data privacy.
Android enterprise enrollment profiles
Hexnode now offers an enhanced Android Enterprise enrollment profile for both Device Owner and WPCO modes, giving IT admins expanded flexibility and control over device setup. The enrollment process is quick and easy via a QR code, ensuring minimal effort for end users. These profiles enables the following major usecases:
- Admins can configure app permissions, allowing or restricting specific permissions based on security needs.
- Devices can be added into static groups, departments, or specific roles. Admins can also set a personalized device name during enrollment, simplifying device identification and management.
- Introduced support for EAP (Extensible Authentication Protocol) Wi-Fi protocols. This provides stronger, enterprise-grade network security, ensuring reliable and secure Wi-Fi connectivity for devices.
With these new capabilities, Hexnode equips admins to create a more tailored, secure, and organized device management experience across both Device Owner and WPCO deployments.
Why do we need WPCO?
As businesses increasingly adopt flexible work models, the demand for device management solutions that support both BYOD (Bring Your Own Device) and corporate-owned devices is on the rise. While BYOD setups offer convenience and cost savings, they also introduce challenges in maintaining security on employee devices. Similarly, corporate-owned devices used for both work and personal tasks require a careful balance between corporate security and employee privacy.
WPCO is the solution that bridges the gap between BYOD and traditional device management by allowing businesses to secure corporate data on company-owned devices while maintaining a clear separation between work and personal information. Unlike BYOD, which relies on employee-owned devices, WPCO ensures that both corporate security and employee privacy are effectively managed on company-provided devices used for both professional and personal purposes.
WPCO vs BYOD
The key difference between BYOD (Bring Your Own Device) and WPCO (Work Profile on Company-Owned devices) lies in the ownership and control of the device and the approach to managing work and personal data.
| BYOD (Bring Your Own Device) | WPCO (Work Profile on Company-Owned) | |
| Device Ownership | Employee-owned | Company-owned |
| Security | Moderate security; limited control due to employee ownership | Higher security; IT can enforce stricter policies |
| Compliance | Suitable for less regulated environments | Better for regulated industries needing strict compliance |
| User Experience | Employees use personal devices, enjoying flexibility | Employees use company devices with clear personal/work separation |
| Suitable for | Flexibility and user privacy in less regulated sectors | Security-focused companies, especially in regulated sectors |
Feature comparison
Restrictions
Basic restrictions:
| Restriction | WPCO | Android enterprise profile owner | |
| Allow Device Functionality | Camera | ✅ | ✅ |
| Network settings | Wi-Fi | ✅ | ✅ |
| Force wifi | ✅ | ✅ | |
| Bluetooth | ✅ | ✅ | |
| Force Bluetooth | ✅ | ✅ | |
| Portable Wi-Fi hotspot | ❌ | ✅ | |
| Location | GPS | ✅ | ❌ |
Advanced restrictions:
| Restriction | WPCO | Android enterprise profile owner | |
| Allow Device Functionality | Copy contents between normal and work profiles | ✅ | ✅ |
| Users can adjust volume | ✅ | ✅ | |
| Allow input methods | ✅ | ✅ | |
| Screen Capture | ❌ | ✅ | |
| Allow Connectivity Options | Transfer data via bluetooth | ✅ | ✅ |
| Beam from the device | ❌ | ✅ | |
| Configure cellular network | ❌ | ✅ | |
| Allow Account Settings | Modify Accounts/Users | ✅ | ✅ |
| Configure user credentials | ❌ | ✅ | |
| Allow settings | Users can enable location sharing | ✅ | ✅ |
| Read any connected physical external media | ✅ | ✅ | |
| Update date and time automatically | ✅ | ❌ | |
| Configure VPN | ✅ | ✅ | |
| Trust Agents for Smart Lock | ❌ | ✅ | |
| Unredacted Notifications | ❌ | ✅ | |
| Fingerprint Unlock | ❌ | ✅ | |
| Iris Scanner | ❌ | ✅ | |
| Face Unlock | ❌ | ✅ | |
| Allow App settings | Install apps | ✅ | ✅ |
| Uninstall apps | ✅ | ✅ | |
| Control apps | ✅ | ✅ | |
| Install apps from unknown sources | ✅ | ✅ | |
| App runtime permissions | ✅ | ✅ | |
| Verify apps before install | ❌ | ✅ | |
| Parent profile app linking | ❌ | ✅ | |
| Allow cross-profile app communication | ❌ | ✅ |
Remote actions
| Action | WPCO | Android enterprise profile owner |
| Scan Device | ✅ | ✅ |
| Scan Device Location | ✅ | ❌ |
| Lock Device | ✅ | ✅ |
| Set Password | ✅ | ✅ |
| Clear Password | ✅ | ✅ |
| Wipe Device | ✅ | ✅ |
| Change Owner | ✅ | ✅ |
| Edit Device Attributes | ✅ | ✅ |
| Remote Ring | ✅ | ✅ |
| Install Application | ✅ | ✅ |
| Clear App Data | ✅ | ✅ |
| Uninstall Application | ✅ | ✅ |
| Request Application Feedback | ✅ | ✅ |
| Remote App Launch | ❌ | ✅ |
| Disenroll Device | ✅ | ✅ |
| Import contacts to device | ✅ | ✅ |
| Change Ringtone | ❌ | ❌ |
| Broadcast Message | ✅ | ✅ |
| Hexnode App Logs | ✅ | ✅ |
| Associate Policy | ✅ | ✅ |
| Set Friendly Name | ✅ | ✅ |
| Export Device Details | ✅ | ✅ |
Benefits for enterprises
Android WPCO offers significant advantages for enterprises, making it a smart choice for managing company-owned devices used for both work and personal activities. This approach doesn’t just improve data security, it also simplifies device management, improves user experience, and supports a balanced, privacy-respecting device strategy. Some of the key benefits offered by Android WPCO for enterprises are:
Better security for corporate data
Data leaks and security breaches remain a top concern for businesses. Hexnode integrates seamlessly with Android WPCO, enabling IT admins to enforce security policies and manage work apps independently of personal apps. This minimizes the risk of corporate data being exposed. This isolation ensures that sensitive information remains in the company’s control, even if an employee inadvertently downloads a risky app on their personal profile.
Featured resource
Hexnode for data security: Protecting your business data with Hexnode
Download the whitepaper to learn all about data security and how Hexnode can ensure data security in your organization.
Download PDFSimplified management with UEM tools
When paired with UEM tools like Hexnode, WPCO makes managing devices easier by allowing IT teams to control only the work profile, streamlining policy enforcement and app management.
Enhanced user experience
WPCO keeps personal and work data separate, letting employees enjoy personal use of their device without compromising privacy, fostering a better work-life balance.
Improved privacy and security
Hexnode UEM makes WPCO implementation simple, prioritizing data security while respecting user privacy, helping companies achieve a balanced, efficient approach to device management.
Final note
Android WPCO stands out as an essential tool for modern enterprises in today’s work environment, where flexibility and security are equally critical. By creating a secure, separate work profile on company-owned devices, WPCO addresses the need to protect corporate data, simplify device management, and respect employee privacy.
With Hexnode UEM, organizations can maximize the potential of Android WPCO through easy enrollment, advanced security controls, and efficient app management. Hexnode’s support for WPCO empowers IT teams to manage devices remotely, onboard employees seamlessly, and ensure compliance across industries like healthcare, finance, and remote work. For enterprises aiming to balance device management and data security with an enhanced user experience, Hexnode’s WPCO is an invaluable addition to their arsenal.
Get first hand Hexnode experience
Check out Hexnode with our 14 day free trial to explore Android WPCO and so much more.
Try out now
Share your thoughts