Security conscious organizations look at ways to ensure corporate data on mobile devices are protected. One method used to protect that data is through device enrollment. Device enrollment enables organizations to deploy compliance policies (PIN strength, jailbreak/root validation, etc.), as well as configuration policies (WiFi, certificates, VPN, etc.). Device enrollment also enables organizations to manage app lifecycle.
In Android 2.2, Google introduced support for device management with the device administrator API. Since that time, organizational needs have changed, as mobile devices continue to contain and access more sensitive data. These needs include separation of work and personal data, kiosk management, app configuration, and app distribution, to name a few. The device administrator API was not designed to handle these scenarios.
With Android 5.0, Google introduced a new management profile with the introduction of managed device (device owner) and work profile (profile owner) modes (what is collectively known as Android Enterprise now). As the functionality in Android Enterprise has continued to evolve, Google announced decreasing support for device administrator. For more information on Microsoft Endpoint Manager’s plans, see:
- Decreasing support for Android device administrator
- Move Android devices from device administrator to work profile management
Android offers Android Enterprise work profile as an enrollment model for personally-owned devices, where IT wants to provide a clear separate boundary between work and personal data. As organizations transition from device administrator to work profile for personally-owned devices, users may experience confusion or frustration that there are now separate app instances for work and personal use.
To address this concern, Android introduced the CrossProfileApps API in Android 9. This API allows an app to recognize when it has a corresponding instance in the work or personal profile. Using this API, an app may expose an in-app user experience to end users, allowing them to switch to the cross-profile instance without having to back out to the app launcher and tap the other app icon’s instance.
Outlook and the CrossProfileApps API
The first Microsoft app to take advantage of the CrossProfileApps API is Outlook for Android. This feature is slowly rolling out this month and requires a minimum build of 4.2039.0 with Android 9 or later. Users can leverage this functionality from within the left-hand navigation menu. When launching Outlook in the personal profile, users will see a work profile switcher button (highlighted by the red square) in the left-hand navigation account switcher section:
With Outlook in the work profile, users will see a personal profile switcher button (highlighted by the red square) in the left-hand navigation account switcher section:
When the user taps the work or personal profile switcher button, they will be switched to the relevant instance of Outlook:
We are also releasing a teaching moment to educate users on this functionality, for example:
It is important to note that this functionality only works if the user is using the same app in both profiles. Users using Gmail in their personal profile, for example, cannot use the CrossProfileApps API to switch to Outlook in the work profile.
We hope your users will find this improvement useful. If you have any questions, please let us know.
Ross Smith IV
Principal Program Manager
Customer Experience Engineering