Device administrator is the legacy method of enrolling Android devices with the Workspace ONE UEM console after Android’s Work Managed and Work Profile modes were introduced in Android 5.0. Customers who are enrolled into Workspace ONE UEM using Android (Legacy) deployment can migrate to Android Enterprise to take advantage of device functionality for the enterprise.

This section gives you information and best practices on how to move from the Android (Legacy) deployment to Android Enterprise.

Google deprecated certain device administrator APIs in favor or more up-to-date device functionality because device administrator is not well suited to support current enterprise requirements. Workspace ONE UEM customers can adopt Work Managed (ideal for corporate owned devices), Work Profile (ideal for BYOD deployments), and Corporate Owned Personally Enabled (COPE) modes to manage their Android devices by migrating from Android (Legacy) to Android Enterprise. For more information on device modes, see Understanding Android Device Modes.

Have more questions? See our Frequently Asked Questions sections to help.

Migrate from Android (Legacy) to Android Enterprise into Work Managed Mode Using Zebra Android Devices

Zebra devices running Android 7 and higher and MXMF 7 and higher support a migration from Android (Legacy) to Android Enterprise Work Managed mode. The migration features from this flow include:
  • The migration is done remotely and silently.
  • Devices do not power off, reboot, or reset during the migration ensuring app data to remains intact.
  • Wi-Fi connectivity is maintained during the migration.
  • Products which do not contain profiles remain installed.
  • Migration to AOSP/Closed Network mode is fully supported.

To get started, see Migrate to Work Managed Enrollment Using Android Legacy Migration Tool.

Migrate from Android (Legacy) to Android Enterprise with BYOD Devices

The Workspace ONE UEM console provides a seamless process that helps you migrate all devices from Android (Legacy) to a Work Profile for Android Enterprise. The migration features in the UEM console help you to make sure that:

  • Your legacy administration remains intact until migration is complete.
  • Devices not being migrated are never affected.
  • Monitor which devices are complete, in progress, and assigned.
  • Create staging or test Smart Groups to make sure that all user devices successfully migrate before migrating your entire device fleet.

To get started, see Migrating to Work Profile From Android (Legacy) Using Migration Tool.

Migrate from Android (Legacy) to Android Enterprise with Corporate Owned Devices

You can migrate from Android (Legacy) to Android Enterprise with your corporate owned devices into Work Managed Mode or Corporate Owned Personally Enabled (COPE). The enrollment and migration options vary depending on Android OS, device type, and whether the devices have access to Google Services. This scenario is best for migrating non- Zebra Android devices.

The migration and enrollment options are:
  • Use Fully Managed enrollment for Android 8.0+ devices. To get started, see Migrate to Android Enterprise Using Zero Touch Enrollment
  • Use Knox Mobile Enrollment for Samsung Android 8.0+ devices. To get started, see Samsung Knox Mobile Enrollment documentation.
  • Follow the Cap and Grow strategy and continue to use your current Android devices enrolled through Android (Legacy). A Cap and Grow strategy means that any new device rollouts are automatically enrolled into Android Enterprise and managed simultaneously with older deployments (Android (Legacy) until your organization is ready to move all devices to Android Enterprise.

Migrate from Android (Legacy) to Android Enterprise Without Google Services

If you are currently enrolled into Workspace ONE UEM with Android devices deployed through Android (Legacy) and want to switch to Android Enterprise without Google Services, we offer Closed Network support for corporated owned devices and unmanaged enrollment for BYOD devices.

If you have a device that has no network connectivity or the device can connect to a network but has no Google services (a non-GMS certified device), you can enroll these devices into Android Enterprise into Work Managed Mode and push internal applications and apply policies with Android profiles.

If you have a device that has network connectivity but has restrictions on Google Services, for example devices being in China, you can use Closed Network support for corporate devices. For BYOD devices, you can use SDK-based MAM only mode called Registered Mode to enable unmanaged enrollment for Android devices.

For more information on Closed Network support for corporate owned devices. see Devices & Users / Android / Android EMM Registration to configure these settings.

To configure your BYOD devices without Google services, see Enable Unmanaged Enrollment for Android Devices for steps to enroll.

Impact on APIs

Google deprecated certain device administrator APIs in favor of more up-to-date device functionality because device administrator is not well suited to support current enterprise requirements. The following APIs available with device administrator no longer function on devices running Android 10 and above. Devices remaining on Android 9.0 and below are not impacted:
  • USES_POLICY_DISABLE_CAMERA
  • USES_POLICY_DISABLE_KEYGUARD_FEATURES
  • USES_POLICY_EXPIRE_PASSWORD
  • USES_POLICY_LIMIT_PASSWORD