Google Android 11 must be provisioned as a fully managed device and configured to create a work profile.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-228632 | GOOG-11-009600 | SV-228632r505895_rule | Medium |
| Description |
|---|
| The Android Enterprise Work Profile is the designated application group for the COPE use case. SFR ID: FMT_SMF_EXT.1.1 #47 |
| STIG | Date |
|---|---|
| Google Android 11 COPE Security Technical Implementation Guide | 2020-09-18 |
Details
| Check Text ( C-30867r505893_chk ) |
|---|
| Review that Google Android 11 is configured as Corporate Owned Work Managed. This procedure is performed on both the EMM Administrator console and the Google Android 11 device. On the EMM console, configure the default enrollment as Corporate Owned, and select "Use for Work & Personal". On the Google Android 11 device, do the following: 1. Go to the application drawer. 2. Ensure a Personal tab and a Work tab are present. If on the EMM console the account the default enrollment is set to Corporate Owned Work Managed or on the Google Android 11 device the user does not see a Work tab, this is a finding. |
| Fix Text (F-30844r505894_fix) |
|---|
| Configure Google Android 11 device as corporate owned with a work profile. On the EMM console, configure the default enrollment as Corporate Owned, and select "Use for Work & Personal". Refer to the EMM documentation to determine how to configure the device. |