Hey everyone, can someone clarify what privileges an MDM app gets when a device is enrolled as Device Admin versus Device Owner? I understand both give management access, but what exactly changes for the app itself?
23 Views
Replies (5)
Marked SolutionPending Review
Participant
7 hours ago
Marked SolutionPending Review
@eliiza , the difference is mainly in how much control the MDM app can exercise over the device and apps. When the app is installed as a Device Admin, it gets only basic administrative privileges like enforcing password policies, enabling or disabling the Camera, and locking or wiping the device. Whereas, when the device is enrolled as Device Owner, the MDM app has complete control over the device. It can silently install or uninstall apps, push configurations, manage permissions, and enforce and control network settings, such as Wi-Fi or VPN.
Marked SolutionPending Review
Participant
5 hours ago
Marked SolutionPending Review
Yes, exactly. Adding on to what @skylar-a has said, features like kiosk mode and managed Play Store will only work when the MDM app is installed as Device Owner. In Device Admin mode, can’t do any of that because of the limited privileges it has.
Marked SolutionPending Review
Participant
4 hours ago
Marked SolutionPending Review
Can the MDM app install apps when the device is enrolled as Device Admin? Or does it need Device Owner mode for that?
Marked SolutionPending Review
Participant
3 hours ago
Marked SolutionPending Review
No, @eliiza . In Device Admin mode, the MDM app will not have the permission to install or uninstall apps on the device. If you want automatic installs, updates, or uninstalls, you’ll need to enroll the device as Device Owner.
Marked SolutionPending Review
Participant
3 hours ago
Marked SolutionPending Review
Got it, @leo_scott .
Save
