Google is really focused on making Android more work-friendly, and N adds a bunch of new features to improve Android for Work. For starters, there's now a toggle that'll completely disable a device's work profile, including apps, notifications, and background sync. While work mode is turned off, a persistent icon will be displayed in the status bar to remind users that work apps can't launch.

Screenshot_20160311-085845 Screenshot_20160311-085833

Image credit to Andrew Quebe

Work profiles in N now also support an additional layer of protection by letting administrators specify a security challenge whenever a work app is launched. This challenge may be in the form of either a pin, a fingerprint, or a password, and the administrator can also specify things like the required minimum password length or the password's "quality."

Here's a quick overview of the many more new additions to Android for Work in N:

  • Always-on VPN lets the device automatically start up a work VPN at boot time, so that apps can only access the internet through a "secure" connection.
  • Setting up an Android for Work device will potentially be a much faster process, now that the setup wizard for work profiles supports QR code scanning.
  • Access to specific apps can now be suspended so that they become effectively disabled. This is very similar to the way system apps can already be disabled in Android, with the exception that disabled work apps will show up with a grayed icon in the launcher.
  • Contacts are now integrated between work profiles and the primary user, so that they are now mutually accessible from either environment.
  • Android for Work devices can now be remotely rebooted, as long as the device is corporately owned (the corporation is the device owner) and not just being used in a "bring your own device" (BYOD) environment (the corporation is just the profile owner).
  • Device owners (i.e. not in a BYOD environment) have the option of disabling data roaming on a system level.
  • Device owners can monitor and log all sorts of activities, including app launches, adb activity, and screen unlocks.
  • Device owners can remotely trigger and retrieve bug reports.
  • Profile and device owners can grant third-party apps access to client certificates as well as uninstall them.
  • Organizations can configure a specific app to manage work app restrictions.
  • Users can now disable location permissions for all work apps while still allowing personal apps to access location.
  • Organizations can customize the work profile with corporate colors and logos.
  • Profile owners and device owners can install multiple Wi-Fi CA certificates on a work device.
  • Device owners can set up a custom lockscreen message.
  • In work profiles, a profile or device owner can now specify the dialer app.
  • Also within work profiles, an organization can choose to lock down the wallpaper and user icon for the work profile. This does not affect the wallpaper or user icon of a user's personal profile.
  • Device owners and profile owners can retrieve information on the device's health, such as the CPU usage or temperature.

All of these restrictions are intended to be fully transparent to users, with messages like "Action not allowed" or custom organization-specific messages being shown to users whenever a certain action is blocked or disabled.