VMware Workspace ONE Community
gmc1979
Contributor
Contributor
‎05-01-2020 08:23 AM

Blacklist Apps not working in Personal Profile in fully managed devices with work profiles (COPE)

Good morning, everybody,

I am designing the configuration of Samsung A70 (Android 9) devices with Android Enterprise in fully managed with work profile mode. The version of Workspace ONE is 2001

I've set up a group of blacklisted applications (in particular the Office, Outlook, Onedrive) that I'd like not to use in the private profile. These applications are in some cases already pre-installed on the device (Word,Excel,Onedrive), while others (Outlook, Teams) could be downloaded later with your Google ID personal.

Then I created a profile in application control selecting that it was enabled on the whole device. According to the manual: "For COPE, the 'Work Managed' checkbox applies to the personal side and 'Work profile' applies to the corporate side". Configure Application Control (Android)

After making these settings I started to register the devices.

Unfortunately they have no effect, the pre-installed apps are accessible and also those downloaded and installed by the market later are accessible.

Am I doing something wrong? Is it actually possible to block the use of apps in the private profile in a fully managed device?

Thank you,

Gianmarco

Reply
5 Replies
LukeDC
Expert
Expert
‎05-05-2020 09:06 AM

No, it's private. You can mange the device, but you cannot affect apps in the personal side. hence it's private Smiley Wink

COPE is not great and is changing a bit come Android 11.

Reply
0 Kudos
gmc1979
Contributor
Contributor
‎05-05-2020 02:53 PM

Good evening, everyone,

thank you for your answer.

So I ran some tests and thanks also to the web I realized that it is essential after creating a blacklist or a whitelist to reapply the application control profile.

In this way I was able to block the installation of apps on the personal profile of the device.

It is important that the profile is set by flagging to ""Where would you like to apply application control on Corporate Owned Personally Enabled devices?" only "Work Managed Device" and blacklisted app blocking.

I add that instead to distribute apps on your personal profile you need to do it as private apps, among other things if they are apps on Play Store will update without having to manage them from console.

Regards,

Gianmarco

Reply
LukeDC
Expert
Expert
‎05-06-2020 07:54 AM

Yep, COPE is tricky and not a truly supported AE config. Hence the changes coming in Android 11.

AE never intended a fully managed device having a work profile on it as well. So things get dicey.

Reply
0 Kudos
gmc1979
Contributor
Contributor
‎05-06-2020 08:03 AM

Hi Luke,

Indeed, the behaviour of AE with COPE is not very clear. For the moment I'm still working on devices with Android 9 and they'll be switching to Android 10 soon.

So on Android 11 I still haven't informed myself enough about it yet, could you tell me where I can get information about the new features of AE in Android 11 ?

Thanks !

Gianmarco

Reply
0 Kudos