With TinyMDM Work Profile, create a secure container to manage professional apps on devices used for work and personal purposes.
Allow employees to work from anywhere. Protect sensitive company data in or out of the workplace.

Secure work profile container
With full awareness of the risks involved in not managing BYOD, more and more companies are adopting MDM software to secure their employees’ personal devices and thereby gain access to business data. MDM solutions offer the ability to protect sensitive data and to make key resources available. As an official Android Enterprise MDM, one of TinyMDM features is to manage personally owned devices in a BYOD setup.
A secure container holds business-related apps managed by the Work Profile, and it safeguards them with a password. End users just have to go in the work tab to see their business apps, differentiated by a briefcase icon.
Employees no longer have the option of inadvertently downloading malicious applications within the work profile. All business applications and documents are protected in a dedicated storage compartment, which can be remotely wiped in case of a compromised device.
Data encryption
As an official Android EMM partner, TinyMDM seamlessly integrates Android Enterprise (AFW) and thus the Android encryption protocol FBE. The FBE encryption method encrypts storage areas with unique, user-dependent recovery keys randomly generated by the AES 256-Bit encryption algorithm. The keys are also protected by a component similar to the Trusted Execution Environment, as in the FDE implementation. The policy is enforced via a DPC application installed in the work profile and controlled by TinyMDM. The separation of personal and business profile data is based on the multi-user logic of Android.


Personal data privacy
Enabling a Work Profile allows companies to manage business data and apps, but leave everything else on the mobile device under the user’s control. Admins can securely manage the corporate part but have no control over personal apps and data: cannot view, access, or delete anything personal. The end user can turn off / pause the professional container at any time in one click, thus respecting the right to disconnect. In addition, the employee has the option to go to the device settings at any time and delete the work profile if it is no longer needed.