Android Enterprise is available on Android XR powered devices. Android XR headsets and glasses have similar features and services to mobile devices, which makes it easier for EMMs to understand and develop for this new form factor. However, UX, use cases, and feature requirements for Android XR may differ from mobile devices. These differences are described on this page.
Device primer
Android XR is an operating system for extended reality devices, like headsets and glasses. It provides the user interface, the ability to access popular apps, and AI assistance from Gemini to these devices. For the purpose of this guide, there are two primary device types that run Android XR:
- Headsets and Wired Glasses:XR Headsets and Wired Glasses are standalone devices that operate with a full instance of the Operating System (OS) running on them. These are typically offered as Video See-Through (VST) devices that use headset cameras to stream the real world onto internal screens, or as Optical See-Through (OST) devices, which have transparent lenses with digital content overlaid on them. Device management applies directly to both VST and OST headsets and wired glasses, similar to how mobile devices are managed.
- AI Glasses:AI Glasses are lightweight and styled similar to regular glasses, enabling hands-free experiences where AI is vital to the interaction with the device. AI Glasses typically have a camera, microphone, and speakers, and may include features to overlay digital content on the glasses. AI Glasses don't run the full OS. Instead, they serve as a companion to a primary device like, a mobile phone.
Allowed management
EMMs that want to manage Android XR headsets may use the Android Management API or build their own custom DPCs to manage headsets.
Custom DPC usage requirements
EMMs that choose to use custom DPCs need to be aware of the following requirements:
- EMMs need to support and use Managed Google Accounts for enrolling devices.
- New custom DPCs for managing Android XR are allowed and are eligible for
validation, but these are not eligible for validation for managing mobile
devices.
- Legacy EMM vendors that may already have a validated custom DPC are excluded from this requirement.
Management feature availability
Current Android Enterprise features for managing Android XR devices are based on the Fully Managed Device mode . Although most DPM APIs are available in the XR platform, some features may not be relevant or available due to UX or form factor characteristics.
EMM validation feature sets
The following list is the set of features that are used to evaluate an EMM implementation of Android Enterprise as part of the solution validation.
Requirement definitions
- Management features noted as 'Required' are included in core validation of EMMs.
- Management noted as 'Recommended' are optional and are not counted against validation, but are recommended based on recognized customer use cases.
Fully Managed Android XR device validation feature set
| Management feature | Requirement | Description |
|---|---|---|
| Required | You can provision a fully managed device using a DPC identifier ("afw#"). | |
| Required | admins can use a new or factory-reset device to scan a QR code generated by the EMM's console to provision the device. | |
| Required | IT admins can preconfigure devices purchased from authorized resellers and manage them using your EMM console. | |
| Recommended | IT admins can automate much of the device enrollment process by deploying DPC registration details through zero-touch enrollment. | |
| Recommended | For enterprises using Workspace, this feature guides users through the installation of their EMM's DPC after entering corporate Workspace credentials during device setup. | |
| Recommended | IT admins can use the EMM's console to set up zero-touch devices using the zero-touch iframe. | |
| Required | Required IT admins can enroll dedicated devices without the user being prompted to authenticate with a Google Account. | |
| Required | IT admins can set and enforce a device security challenge, such as PIN, pattern, or password, of a certain type and complexity on managed devices. | |
| Required | IT admins can turn on Verify Apps on devices. | |
| Required | Direct Boot support makes sure that the EMM's DPC is active and able to enforce policy, even if an Android 7.0+ device has not been unlocked. | |
| Required | IT admins can lock down hardware elements of a device to ensure data-loss prevention. | |
| Recommended | IT admins can gather usage data from devices that can be parsed and programmatically evaluated for malicious or risky behavior. | |
| Required | IT admins can set up advanced password settings on devices. | |
| Required | IT admins can use the EMM's console to remotely lock and wipe work data from a managed device. | |
| Required | The EMM restricts access to work data and apps on devices that aren't in compliance with security policies. | |
| Required | EMMs must enforce the specified security policies on devices by default, without requiring IT admins to set up or customize any settings in the EMM's console. | |
| Required | Users cannot escape a locked down dedicated device to allow other actions. | |
| Required | The EMM uses the Play Integrity API to make sure devices are valid Android devices. | |
| Required | IT admins can bind the EMM to their organization, allowing the EMM to use managed Google Play to distribute apps to devices. | |
| Recommended | The EMM can create and provision managed Google Play device accounts. | |
| Required | IT admins can silently distribute work apps to devices without any user interaction. | |
| Required | IT admins can view and silently set managed configurations for any app that supports managed configurations. | |
| Recommended | The EMM's console uses the managed Google Play iframe to support Google Play's app discovery and approval capabilities. | |
| Recommended | The managed Google Play Store app can be used on devices to install and update work apps. | |
| Recommended | IT admins can customize the store layout seen in the managed Google Play Store app on devices. | |
| Recommended | IT admins can update Google-hosted private apps through the EMM console instead of through the Google Play Console. | |
| Recommended | IT admins can set up and publish self-hosted private apps. | |
| Required | The EMM supports up to four levels of nested settings. It also displays any feedback sent by Play apps. | |
| Recommended | IT admins can create and distribute web apps in the EMM console. | |
| Recommended | The EMM can create, update, and delete managed Google Play Accounts on behalf of IT admins. | |
| Recommended | IT Admins can configure a set of development tracks for particular applications. | |
| Recommended | IT Admins can allow apps to be updated immediately or postpone them from being updated for 90 days. | |
| Required | The EMM can provision devices with managed Google Accounts to identify users, control apps, and manage access to Google services. | |
| Recommended | IT admins can upgrade the user account type to a managed Google Account, allowing the device to access Google Account services and features on enrolled devices. | |
| Required | IT admins can silently set a default response to runtime permission requests made by work apps. | |
| Required | After setting a default runtime permission policy, IT admins can silently set responses for specific permissions from any work app built on API 23 or higher. | |
| Required | IT admins can silently provision enterprise Wi-Fi configurations on managed devices. | |
| Required | IT admins can provision enterprise Wi-Fi configurations on managed devices. | |
| Required | IT admins can lock down Wi-Fi configurations on managed devices, to prevent users from creating new configurations or modifying corporate configurations. | |
| Required | IT admins can make sure that unauthorized corporate accounts can't interact with corporate data for services such as SaaS storage and productivity apps, or email. | |
| Required | Allows IT admins to deploy identity certificates and certificate authorities to devices to allow access to corporate resources. | |
| Required | Allows IT admins to silently select the certificates that specific managed apps should use | |
| Recommended | Allows IT admins to specify an Always On VPN to make sure that data from specified managed apps will go through a set-up VPN. | |
| Required | Allows IT admins to protect company-owned devices from theft by making sure unauthorized individuals can't factory reset devices. | |
| Required | IT admins can prevent the user from uninstalling or otherwise modifying managed apps through Settings. | |
| Required | IT admins can block users from taking screenshots when using managed apps. | |
| Required | IT admins can turn off use of device cameras by managed apps. | |
| Required | IT admins can remotely restart managed devices. | |
| Recommended | Enables IT admins granular management of system network radios and associated usage policies. | |
| Required | IT admins can silently manage device audio features. | |
| Required | IT admins can manage device clock and time zone settings, and prevent modifying automatic device settings. | |
| Recommended | IT admins are able to delegate extra privileges to individual packages. | |
| Required | IT admins can set up and apply over-the-air (OTA) system updates for devices. | |
| Required | Allows IT admins to set an app as the default intent handler for intents that match a certain intent filter. | |
| Recommended | IT admins can retrieve debugging resources from devices without requiring extra steps. | |
| Required | EMMs can silently fetch a device's MAC address, to be used to identify devices in other parts of the enterprise infrastructure. | |
| Recommended | With a dedicated device, IT admins can use the EMM's console to turn on and turn off the home button, notifications, and other features. | |
| Recommended | IT admins can block system updates on a device for a specified freeze period. | |
| Recommended | IT admins can manually install a system update by providing a path. |
Feature notes
Lock task mode on Android XR for Android 14
-
The current implementation of Lock Task mode supports Lock Task of single 3D apps only.
- Notifications and Quick Settings are unavailable in the XR environment since there is no status bar .
-
You may need to allowlist specific helper system apps that handle environment setup and calibration to make sure 3D apps launch successfully, These helper system apps include:
- com.android.systemui (Home customization)
- com.google.xr.eyetracking.calibration (Eye calibration)
Media projection for screen casting
- EMMs that support screen casting using Media Projection APIs set screen capture resolution of no higher than 2880x2880. Setting resolution higher than this may introduce headset display issues when casting.
Validate your solution upon completion of requirements
EMMs are encouraged to sign up and follow the partner onboarding process if they want to:
- Submit their solutions to be validated for Android XR management.
- Make their solutions eligible to be part of the Android Enterprise partner solution directory.
To sign up for partner onboarding, go to the Android Enterprise Partner Portal . For existing Android Enterprise EMM partners, you can find guidance and resources in the Partner Portal.
