如果启用资料所有者配置,用户就可以在同一设备上同时拥有工作资料(托管资料)和个人资料。若要启用资料所有者配置,您必须发送包含相应 extra 的 intent。例如,在设备上安装 TestDPC 应用(从 Google Play 下载或通过 GitHub 构建),通过启动器启动该应用,然后按照应用说明进行操作。
当启动器抽屉式导航栏中出现带有标记的图标时,表示配置已完成。
[[["易于理解","easyToUnderstand","thumb-up"],["解决了我的问题","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["没有我需要的信息","missingTheInformationINeed","thumb-down"],["太复杂/步骤太多","tooComplicatedTooManySteps","thumb-down"],["内容需要更新","outOfDate","thumb-down"],["翻译问题","translationIssue","thumb-down"],["示例/代码问题","samplesCodeIssue","thumb-down"],["其他","otherDown","thumb-down"]],["最后更新时间 (UTC):2025-03-26。"],[],[],null,["# Provision for device management\n\nIT admins can deploy devices to corporate users using cloud services, QR code,\nor Near Field Communication (NFC) provisioning. To get started, download the\n[NfcProvisioning\nAPK](https://github.com/googlesamples/android-NfcProvisioning) and\nthe [Android-DeviceOwner\nAPK](https://github.com/googlesamples/android-DeviceOwner). For a\ncomplete list of requirements, see [Implementing Device\nManagement](/docs/devices/admin/implement).\n| **Note:** If provisioning has already started, you must factory reset the affected devices first.\n\nAndroid 12 updates\n------------------\n\n- `ACTION_PROVISION_MANAGED_DEVICE` is deprecated.\n\n- `ACTION_PROVISION_MANAGED_PROFILE` is supported only for DPC-first work\n profile provisioning, in which end users can provision a work profile after\n downloading the DPC.\n\n- DPC developers that want to support QR code or other provisioning methods must\n implement handlers for the `DevicePolicyManager#ACTION_GET_PROVISIONING_MODE`\n and `DevicePolicyManager#ACTION_ADMIN_POLICY_COMPLIANCE` intent actions. If\n the DPC doesn't implement these handlers, provisioning fails.\n\n- The DPC `ACTION_GET_PROVISIONING_MODE` handler includes a new\n `EXTRA_PROVISIONING_ALLOWED_PROVISIONING_MODES` extra. The DPC must set the\n `EXTRA_PROVISIONING_MODE` extra to its resulting intent with a value that\n belongs to that list. If the DPC returns a value that isn't on that list,\n provisioning fails.\n\n- To further increase the stability, maintainability, and simplicity of flows\n that happen during the setup wizard, DPC setup can't be started after the end\n of the setup wizard. DPCs that use the\n `android.intent.category.PROVISIONING_FINALIZATION` category with the\n `ADMIN_POLICY_COMPLIANCE` intent action to explicitly request being setup\n prior the end of the setup wizard can remove that category as this is now done\n by default.\n\nManaged provisioning\n--------------------\n\nManaged provisioning is a framework UI flow that ensures users are adequately\ninformed of the implications of setting a device owner or managed profile.\nDevices that enable default encryption offer a considerably simpler and quicker\ndevice management provisioning flow.\n\nDuring managed provisioning, the managed provisioning component performs the\nfollowing activities:\n\n- Encrypts the device.\n- Creates the managed profile.\n- Disables non-required apps.\n- Sets the enterprise mobility management (EMM) app as profile or device owner.\n\nIn turn, the enterprise mobility management (EMM) app performs the following\nactivities:\n\n- Adds user accounts.\n- Enforces device compliance.\n- Enables any additional system apps.\n\nDuring managed provisioning, the framework copies the EMM app into the managed\nprofile. After provisioning completes, the EMM app's `ADMIN_POLICY_COMPLIANCE`\nintent handler is called in the work profile user (for work profile\nprovisioning) or in the device owner user (for device owner provisioning). The\nEMM then adds accounts and enforce policies, after which it calls\n`setProfileEnabled()` to make the launcher icons visible.\n| **Note:** The device owner can be set only from an unprovisioned device. If `Settings.Secure.USER_SETUP_COMPLETE` has ever been set, the device is considered provisioned and the device owner can't be set. The device must be factory reset before it can be provisioned again.\n\nProfile owner provisioning\n--------------------------\n\nProfile owner provisioning enables the user to have both a work profile (managed\nprofile) and a personal profile on a device. To enable profile owner\nprovisioning, you must send an intent with appropriate extras. For an example,\ninstall the TestDPC app ([download from Google\nPlay](https://play.google.com/store/apps/details?id=com.afwsamples.testdpc)\nor [build from\nGitHub](https://github.com/googlesamples/android-testdpc/)) on the\ndevice, launch the app from the launcher, then follow the app instructions.\nProvisioning is complete when badged icons appear in the launcher drawer.\n\nThe EMM DPC app triggers the creation of the managed profile by sending an\nintent with the\n[DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE](https://android.googlesource.com/platform/frameworks/base/+/android16-release/core/java/android/app/admin/DevicePolicyManager.java)\naction. The following command is a sample intent that triggers the creation of\nthe managed profile and sets the `DeviceAdminSample` as the profile owner: \n\n adb shell am start \\\n -a android.app.action.PROVISION_MANAGED_PROFILE \\\n -c android.intent.category.DEFAULT \\\n -e wifiSsid $(printf '%q' \\\"WifiSSID\\\") \\\n -e deviceAdminPackage \"com.google.android.deviceadminsample\" \\\n -e android.app.extra.deviceAdminPackageName $(printf '%q'.DeviceAdminSample\\$DeviceAdminSampleReceiver) \\\n -e android.app.extra.DEFAULT_MANAGED_PROFILE_NAME \"My Organisation\"\n\nDevice owner provisioning with NFC\n----------------------------------\n\nYou can use NFC or [cloud services](#provision_cs) to set up device owner (DO)\nprovisioning during the out-of-box setup process for a device.\n\nWhen using NFC, you provision devices in DO mode using [NFC\nbump](http://developer.android.com/guide/topics/connectivity/nfc/nfc)\nduring the initial device setup step. This method requires more bootstrapping,\nbut is low-touch and handles configuring Wi-Fi, installing the DPC, and setting\nthe DPC as device owner.\n\nA typical NFC bundle includes the following: \n\n EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_NAME\n EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_LOCATION\n EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_CHECKSUM\n EXTRA_PROVISIONING_WIFI_SSID\n EXTRA_PROVISIONING_WIFI_SECURITY_TYPE\n\nDevices must have NFC configured to accept the managed provisioning mimetype\nfrom the setup experience. To configure, ensure\n`/packages/apps/Nfc/res/values/provisioning.xml` contains the following lines: \n\n \u003cbool name=\"enable\\_nfc\\_provisioning\"\u003etrue\u003c/bool\u003e\n \u003citem\u003eapplication/com.android.managedprovisioning\u003c/item\u003e\n\n| **Note:** Android 10 [deprecates Android\n| beam](https://developer.android.com/about/versions/10/behavior-changes-all#beam-deprecation) and removes native support for NFC beam capabilities. This means that devices running Android 10 or higher don't support NFC device-to-device provisioning by default, and must be provisioned using NFC tags as described in this document.\n\nProvision using cloud services\n------------------------------\n\nYou can provision devices with a [device\nowner](#device_owner_provisioning_via_nfc) or [profile\nowner](#profile_owner_provisioning) (work profile) using cloud services. The\ndevice collects and uses credentials (or tokens) to perform a lookup to a cloud\nservice, which can then be used to initiate the provisioning process.\n\nEnterprise mobility management benefits\n---------------------------------------\n\nAn enterprise mobility management (EMM) app can help by conducting the following\ntasks:\n\n- Provisioning managed profile.\n- Applying security policies.\n - Set password complexity.\n - Lockdowns, such as disable screenshots, shared from managed profile\n- Configuring enterprise connectivity.\n - Use `WifiEnterpriseConfig` to configure corporate Wi-Fi.\n - Configure VPN on the device.\n - Use `DPM.setApplicationRestrictions()` to configure corporate VPN.\n- Enabling corporate app single sign on (SSO).\n - Install selected corporate apps.\n - Use `DPM.installKeyPair()` to silently install corp client certs.\n - Use `DPM.setApplicationRestrictions()` to configure hostnames, cert alias' of corporate apps.\n\nManaged provisioning is just one part of the EMM end-to-end workflow, with the\nend goal of making corporate data accessible to apps in the managed profile or\nmanaged device. For testing guidance, see [Setting up Device\nTesting](/docs/devices/admin/testing-setup)."]]