This blog post was written by Shanthi Thillairajah and Jessica Yang, Program Managers at Microsoft Endpoint Manager, a Zebra Independent Software Vendor (ISV) Partner.
These days, it seems like a week doesn’t go by when digital privacy isn’t at the forefront of the news. As awareness around this issue increases, companies that prioritize employee privacy will find themselves wielding a powerful competitive differentiator in talent acquisition and retention. But the trade-off between data security and individual privacy can be a constant balancing act.
Employees want to be confident only they can access their personal data and information. Organizations want to be confident devices are secure and manageable. The device administrator (legacy), fully managed, and dedicated management modes for corporate-owned Android™ devices, place the entire device under management. This could allow IT to view data that may be private or personal to the user. On the other hand, giving employees the option to use personally-owned devices with a work profile can provide excellent separation of work and personal data. But it may not provide the level of control needed for corporate devices.
For organizations that allow employees to use their corporate devices for personal use, configuring those devices as corporate-owned devices with a work profile may be the perfect solution as it offers the best of both approaches: the data separation functionality of a personally-owned work profile device and the added device management capabilities designed for a corporate device. Users can keep their corporate applications, data, and contacts in a work container (work profile) and keep their personal applications, data, and contacts in a personal container (personal profile). Users can download and use applications for personal use, as well as send texts and make calls to their personal contacts, with confidence their company’s IT administrator will have no visibility into their personal data. There is full separation between the corporate and personal containers on the device.
With the pandemic introducing concerns around shared devices and hygiene, organizations are now exploring the option of issuing one ruggedized device to each employee. Zebra’s new smartphone-style EC50/EC55 devices, for example, are designed to provide the durability and work productivity tools employees need while feeling and looking more like a personal device. With this comes a new set of challenges, as employees naturally expect individually-assigned devices to offer more flexibility for personal use.
In such cases, organizations can configure corporate-owned devices with a work profile to increase employee productivity and morale. Instead of having to leave their personal lives in a locker for the duration of the workday, employees using corporate-owned devices with a work profile can remain connected to loved ones through apps like Microsoft Family Safety while still being efficient at their jobs. And, through your unified endpoint management solution, your organization retains control over device functions so you don’t have to worry about data leakage or inappropriate social media posts.
Corporate-owned devices with a work profile also empower employees to choose apps that assist their unique productivity flows during the workday. For example, they can download and use YouTube in the personal profile to look up videos of how to perform a particular task, completely separate from the rest of the work experience. In work conditions where it may be difficult to handle multiple mobile devices, giving them a single corporate-owned device with both personal and corporate functionality helps them remain agile during the workday. It also boosts everyone’s confidence that both company data and employee privacy are protected.
What’s really great is that employees working from home can also benefit from this approach to device management. For example, they can easily transition from checking corporate email in their work profile to monitoring the status of a grocery delivery in a personal application, and then move back to work-related tools instantly for maximum efficiency.
Provisioning corporate-owned devices with a work profile provides a number of unique device management capabilities that extend beyond the data separation benefits mentioned above. For example, when managed with Microsoft Endpoint Manager, organizations that use Microsoft Endpoint Manager can configure the following types of experiences on Zebra devices they have set up as corporate-owned devices with a work profile:
1. Granular control of hardware features: IT admins can disable use of hardware features like the camera and screen capture within the work profile, the personal profile, or both profiles. Organizations can also block file transfer over USB, mounting of external media, and the unmuting and adjustment of microphone volume. These capabilities allow your organization more granular control over when users can or cannot capture and share corporate and personal information.
2. Factory reset protection: IT admins can prevent non-authorized users from unlocking the device after it is factory reset to protect corporate devices from being repurposed or resold. This gives you another tool for loss prevention by making devices unusable without admin credentials.
3. Bluetooth® and Wi-Fi control: IT admins can manage wireless connectivity on corporate-owned devices with a work profile by preventing users from changing Wi-Fi configurations, configuring Bluetooth or using data roaming on the devices.
4. Device-level actions: In case of loss, IT admins can easily remotely wipe (factory reset), lock and reset the work profile password on devices.
These are just some of the device management capabilities that can empower your organization and employees to be more productive and secure when using corporate-owned devices with a work profile.
If you are interested in learning more about how to protect both your company data and employee privacy on corporate-owned devices, you should take a look at unified endpoint management (UEM) solutions like Microsoft Endpoint Manager. They allow you to easily enable, deploy and manage corporate-owned devices with a work profile alongside the rest of your endpoint management needs. UEM solutions are especially beneficial if you have Zebra devices that need to be configured and managed in all the ways described above to allow for both professional and personal use.
If you’d like to learn more about Microsoft Endpoint Manager’s capabilities, you can visit our website or just try Enterprise Mobility + Security for 90 days. For information on how to set up Intune enrollment of Android Enterprise corporate-owned devices with a work profile on devices such as the Zebra EC50/EC55, please visit this documentation or this blog post.
###
Gartner has recognized Microsoft as a Leader in the 2020 Magic Quadrant for Unified Endpoint Management based on our Completeness of Vision and Ability to Execute in the Unified Endpoint Management market, available in full here.