Core apps being removed - Android Enterprise
Assuming that you have factory reset your device and use afw#mobicontrol for gmail account name to get the device into device-owner/managed-device mode, then most built-in apps bundled on your device should be hidden by default. This is the norm, though I've encountered some low-cost devices of some unknown brands that do not have their apps hidden.
The script command "enable_system_app" is meant to make hidden built-in app available again. However, the process is not reversible, and the built-in apps revealed remains available unless there is another factory reset.
Although standard Google apps such as Gmail is nearly always bundled, I believe the preferred way to include such app is not to use "enable_system_app" script command, but rather to download the latest version from Managed-Google Play Store. Although this approach takes some more time and network traffic to complete, but makes deployment/upgrade of all "managed" app in total control from the MDM system. You can of course further dynamically make some managed app temporarily not visible/executable using application run control and/or kiosk mode profile payloads.
The Camera app bundled on most popular devices are nearly always custom-made app selected by the device manufacturer. So, it is normal that the camera app is hidden in managed-device mode, and it is also likely not possible to find such app from Managed Google Play Store. If you really cannot find your preferred alternative camera app out of tens of alternatives found on Managed Google Play store, you can still choose to unhide your built-in camera app using "enable_system_app" script command as a last resort.
Gmail via the managed play store is no problem (other than your noted extra time and traffic)
I'll look at alternate cameras but the challenges around losing the out of the box camera and gallery without the option allow via the profile is annoying
Device in managed-device mode of Android Enterprise platform is meant for demanding enterprise use cases. Security and controllability are of prime importance. Most apps currently bundled on consumer-grade devices are not managed apps configurable systematically by any MDM infrastructure. For camera app, an enterprise might want all photos taken to be saved into a single predefined directory in internal Flash, rather than any internal/external memory directory selected by the device end-user. With managed Google Play store, the IT department can choose which app and what configurable parameters to remotely deploy over-the-air to each device of predefined use-case.
Besides, I believe the managed Google Play store will soon support paid apps not just in North America, but virtually all over the world. This will help enterprises manage company-owned software assets efficiently.
That makes sense.
Our own app uses its own camera and we store in a defined location. The use of the camera was within the parameters of a job so if you needed to take a photo to, say, attach to an email for any other reason we allowed access to the generic camera. I'll look at configurable alternatives.
Thanks, as always, for the help.