Configuring policy restrictions on Android devices
Use custom settings on Android devices to configure policy restrictions that are not built in to IBM MaaS360®.
In addition to the built-in policies for Android, you can extend the management capabilities by creating custom policy restrictions in the IBM® MaaS360 Portal. The custom policies include the features and settings that administrators can control on their Android Enterprise devices.
Creating custom policy restrictions in MaaS360
- From the IBM MaaS360 Portal home page, select Security and click Policies.
- Select an Android Enterprise policy and click Restrictions.
- Expand the Additional Settings section, and enter custom settings in the form of key-value pairs.
| Key | Value | Description | Support Matrix |
|---|---|---|---|
| workNetworkLogs | true, false |
When this setting is set to false, network logging is disabled. |
Android 8+ (DO) Android 12+ (PO) |
| workUserControlledDisabledPackages | Comma-separated package IDs. For example, com.ibm.security.verifyapp |
Users cannot clear app data or force-stop the apps that are configured in this policy. |
Android 11+ (DO) |
| commonCriteriaMode | true, false |
In Common Criteria mode, certain device functions are adjusted to meet the higher security level required by the Common Criteria certification. By default, it is set to false. |
Android 11 (DO) Android 11 (WPCO) |
| UserManager.constant | true, false |
The UserManager policy in Android outlines the system rules and restrictions for user management, outlining the actions and conditions for different user types. For more information, refer Configuring the UserManager.constant policy. |
Take the support matrix from the user manager Google page. |
| allowUninstallFromAppCatalog | true, false |
When this setting is set to true, the users can uninstall apps from the MaaS360 App Catalog for Android Enterprise enrollments. |
Android 7+ (DO, PO) Android 11+ (WPCO) |
| disablePin | true, false |
This attribute disables users from configuring the MaaS360 Container passcode on their devices. This option applies to users without a Workplace Persona policy. For users with a Workplace Persona policy, the MaaS360 Container PIN setting must be managed through the Persona policy. This is supported on Android app version 9.00 and later. |
Android 7+ (DO, PO) Android 11+ (WPCO) |