Android Enterprise is available on Android XR powered devices. Android XR headsets and glasses have similar features and services to mobile devices, which makes it easier for EMMs to understand and develop for this new form factor. However, UX, use cases, and feature requirements for Android XR may differ from mobile devices. These differences are described on this page.
Device primer
Android XR is an operating system for extended reality devices, like headsets and glasses. It provides the user interface, the ability to access popular apps, and AI assistance from Gemini to these devices. For the purpose of this guide, there are two primary device types that run Android XR:
- Headsets and Wired Glasses: XR Headsets and Wired Glasses are standalone devices that operate with a full instance of the Operating System (OS) running on them. These are typically offered as Video See-Through (VST) devices that use headset cameras to stream the real world onto internal screens, or as Optical See-Through (OST) devices, which have transparent lenses with digital content overlaid on them. Device management applies directly to both VST and OST headsets and wired glasses, similar to how mobile devices are managed.
- AI Glasses: AI Glasses are lightweight and styled similar to regular glasses, enabling hands-free experiences where AI is vital to the interaction with the device. AI Glasses typically have a camera, microphone, and speakers, and may include features to overlay digital content on the glasses. AI Glasses don't run the full OS. Instead, they serve as a companion to a primary device like, a mobile phone.
Allowed management
EMMs that want to manage Android XR headsets may use the Android Management API or build their own custom DPCs to manage headsets.
Custom DPC usage requirements
EMMs that choose to use custom DPCs need to be aware of the following requirements:
- EMMs need to support and use Managed Google Accounts for enrolling devices.
- New custom DPCs for managing Android XR are allowed and are eligible for
validation, but these are not eligible for validation for managing mobile
devices.
- Legacy EMM vendors that may already have a validated custom DPC are excluded from this requirement.
Management feature availability
Current Android Enterprise features for managing Android XR devices are based on the Fully Managed Device mode. Although most DPM APIs are available in the XR platform, some features may not be relevant or available due to UX or form factor characteristics.
EMM validation feature sets
The following list is the set of features that are used to evaluate an EMM implementation of Android Enterprise as part of the solution validation.
Requirement definitions
- Management features noted as 'Required' are included in core validation of EMMs.
- Management noted as 'Recommended' are optional and are not counted against validation, but are recommended based on recognized customer use cases.
Fully Managed Android XR device validation feature set
| Management feature | Requirement | Description |
|---|---|---|
| 1.2 DPC identifier device provisioning | Required | You can provision a fully managed device using a DPC identifier ("afw#"). |
| 1.4. QR code device provisioning | Required | admins can use a new or factory-reset device to scan a QR code generated by the EMM's console to provision the device. |
| 1.5. Zero-touch enrollment | Required | IT admins can preconfigure devices purchased from authorized resellers and manage them using your EMM console. |
| 1.6. Advanced zero-touch provisioning | Recommended | IT admins can automate much of the device enrollment process by deploying DPC registration details through zero-touch enrollment. |
| 1.8. Google Account device provisioning | Recommended | For enterprises using Workspace, this feature guides users through the installation of their EMM's DPC after entering corporate Workspace credentials during device setup. |
| 1.9. Direct zero-touch configuration | Recommended | IT admins can use the EMM's console to set up zero-touch devices using the zero-touch iframe. |
| 1.11. Dedicated device provisioning | Required | Required IT admins can enroll dedicated devices without the user being prompted to authenticate with a Google Account. |
| 2.1. Device security challenge | Required | IT admins can set and enforce a device security challenge, such as PIN, pattern, or password, of a certain type and complexity on managed devices. |
| 2.10. Verify Apps enforcement | Required | IT admins can turn on Verify Apps on devices. |
| 2.11. Direct Boot support | Required | Direct Boot support makes sure that the EMM's DPC is active and able to enforce policy, even if an Android 7.0+ device has not been unlocked. |
| 2.12. Hardware security management | Required | IT admins can lock down hardware elements of a device to ensure data-loss prevention. |
| 2.13. Enterprise security logging | Recommended | IT admins can gather usage data from devices that can be parsed and programmatically evaluated for malicious or risky behavior. |
| 2.3. Advanced passcode management | Required | IT admins can set up advanced password settings on devices. |
| 2.5. Wipe and lock | Required | IT admins can use the EMM's console to remotely lock and wipe work data from a managed device. |
| 2.6. Compliance enforcement | Required | The EMM restricts access to work data and apps on devices that aren't in compliance with security policies. |
| 2.7. Default security policies | Required | EMMs must enforce the specified security policies on devices by default, without requiring IT admins to set up or customize any settings in the EMM's console. |
| 2.8. Security policies for dedicated devices | Required | Users cannot escape a locked down dedicated device to allow other actions. |
| 2.9. Play Integrity support | Required | The EMM uses the Play Integrity API to make sure devices are valid Android devices. |
| 3.1. Enterprise binding | Required | IT admins can bind the EMM to their organization, allowing the EMM to use managed Google Play to distribute apps to devices. |
| 3.3. Managed Google Play device account provisioning | Recommended | The EMM can create and provision managed Google Play device accounts. |
| 3.5. Silent app distribution | Required | IT admins can silently distribute work apps to devices without any user interaction. |
| 3.6. Managed configuration management | Required | IT admins can view and silently set managed configurations for any app that supports managed configurations. |
| 3.8. Programmatic app approval | Recommended | The EMM's console uses the managed Google Play iframe to support Google Play's app discovery and approval capabilities. |
| 3.9. Basic store layout management | Recommended | The managed Google Play Store app can be used on devices to install and update work apps. |
| 3.10. Advanced store layout configuration | Recommended | IT admins can customize the store layout seen in the managed Google Play Store app on devices. |
| 3.12. Google-hosted private app management | Recommended | IT admins can update Google-hosted private apps through the EMM console instead of through the Google Play Console. |
| 3.13. Self-hosted private app management | Recommended | IT admins can set up and publish self-hosted private apps. |
| 3.16. Advanced managed configuration management | Required | The EMM supports up to four levels of nested settings. It also displays any feedback sent by Play apps. |
| 3.17. Web app management | Recommended | IT admins can create and distribute web apps in the EMM console. |
| 3.18. Managed Google Play Account lifecycle management | Recommended | The EMM can create, update, and delete managed Google Play Accounts on behalf of IT admins. |
| 3.19. Application track management | Recommended | IT Admins can configure a set of development tracks for particular applications. |
| 3.20. Advanced application update management | Recommended | IT Admins can allow apps to be updated immediately or postpone them from being updated for 90 days. |
| 3.23. Managed Google Account provisioning | Required | The EMM can provision devices with managed Google Accounts to identify users, control apps, and manage access to Google services. |
| 3.24. Managed Google Play Account upgrade | Recommended | IT admins can upgrade the user account type to a managed Google Account, allowing the device to access Google Account services and features on enrolled devices. |
| 4.1. Runtime permission policy management | Required | IT admins can silently set a default response to runtime permission requests made by work apps. |
| 4.2. Runtime permission grant state management | Required | After setting a default runtime permission policy, IT admins can silently set responses for specific permissions from any work app built on API 23 or higher. |
| 4.3. Wi-Fi configuration management | Required | IT admins can silently provision enterprise Wi-Fi configurations on managed devices. |
| 4.4. Wi-Fi security management | Required | IT admins can provision enterprise Wi-Fi configurations on managed devices. |
| 4.5. Advanced Wi-Fi management | Required | IT admins can lock down Wi-Fi configurations on managed devices, to prevent users from creating new configurations or modifying corporate configurations. |
| 4.6. Account management | Required | IT admins can make sure that unauthorized corporate accounts can't interact with corporate data for services such as SaaS storage and productivity apps, or email. |
| 4.8. Certificate management | Required | Allows IT admins to deploy identity certificates and certificate authorities to devices to allow access to corporate resources. |
| 4.9. Advanced certificate management | Required | Allows IT admins to silently select the certificates that specific managed apps should use |
| 4.11. Advanced VPN management | Recommended | Allows IT admins to specify an Always On VPN to make sure that data from specified managed apps will go through a set-up VPN. |
| 4.17. Factory reset protection management | Required | Allows IT admins to protect company-owned devices from theft by making sure unauthorized individuals can't factory reset devices. |
| 4.18. Advanced app control | Required | IT admins can prevent the user from uninstalling or otherwise modifying managed apps through Settings. |
| 4.19. Screen capture management | Required | IT admins can block users from taking screenshots when using managed apps. |
| 4.20. Disable cameras | Required | IT admins can turn off use of device cameras by managed apps. |
| 4.23. Reboot device | Required | IT admins can remotely restart managed devices. |
| 4.24. System radio management | Recommended | Enables IT admins granular management of system network radios and associated usage policies. |
| 4.25. System audio management | Required | IT admins can silently manage device audio features. |
| 4.26. System clock management | Required | IT admins can manage device clock and time zone settings, and prevent modifying automatic device settings. |
| 4.28. Delegated scope management | Recommended | IT admins are able to delegate extra privileges to individual packages. |
| 5.8. System update policy | Required | IT admins can set up and apply over-the-air (OTA) system updates for devices. |
| 5.10. Persistent preferred activity management | Required | Allows IT admins to set an app as the default intent handler for intents that match a certain intent filter. |
| 5.13. Remote debugging | Recommended | IT admins can retrieve debugging resources from devices without requiring extra steps. |
| 5.14. MAC address retrieval | Required | EMMs can silently fetch a device's MAC address, to be used to identify devices in other parts of the enterprise infrastructure. |
| 5.15. Advanced lock task mode management | Recommended | With a dedicated device, IT admins can use the EMM's console to turn on and turn off the home button, notifications, and other features. |
| 5.16. Advanced system update policy | Recommended | IT admins can block system updates on a device for a specified freeze period. |
| 5.19. Manual update support | Recommended | IT admins can manually install a system update by providing a path. |
Feature notes
Lock task mode on Android XR for Android 14
The current implementation of Lock Task mode supports Lock Task of single 3D apps only.
- Notifications and Quick Settings are unavailable in the XR environment since there is no status bar.
You may need to allowlist specific helper system apps that handle environment setup and calibration to make sure 3D apps launch successfully, These helper system apps include:
- com.android.systemui (Home customization)
- com.google.xr.eyetracking.calibration (Eye calibration)
Media projection for screen casting
- EMMs that support screen casting using Media Projection APIs set screen capture resolution of no higher than 2880x2880. Setting resolution higher than this may introduce headset display issues when casting.
Validate your solution upon completion of requirements
EMMs are encouraged to sign up and follow the partner onboarding process if they want to:
- Submit their solutions to be validated for Android XR management.
- Make their solutions eligible to be part of the Android Enterprise partner solution directory.
To sign up for partner onboarding, go to the Android Enterprise Partner Portal. For existing Android Enterprise EMM partners, you can find guidance and resources in the Partner Portal.