Configuring policy restrictions on Android devices

Use custom settings on Android devices to configure policy restrictions that are not built in to IBM MaaS360®.

In addition to the built-in policies for Android, you can extend the management capabilities by creating custom policy restrictions in the IBM® MaaS360 Portal. The custom policies include the features and settings that administrators can control on their Android Enterprise devices.

Creating custom policy restrictions in MaaS360

Follow the steps to create custom policy restrictions in IBM MaaS360.
  1. From the IBM MaaS360 Portal home page, select Security and click Policies.
  2. Select an Android Enterprise policy and click Restrictions.
  3. Expand the Additional Settings section, and enter custom settings in the form of key-value pairs.
MaaS360 supports the following custom restrictions for Android devices.
Key Value Description Support Matrix
workNetworkLogs true, false

When this setting is set to false, network logging is disabled.

Android 8+ (DO)

Android 12+ (PO)

workUserControlledDisabledPackages Comma-separated package IDs.

For example,

com.ibm.security.verifyapp

Users cannot clear app data or force-stop the apps that are configured in this policy.

Android 11+ (DO)
commonCriteriaMode true, false

In Common Criteria mode, certain device functions are adjusted to meet the higher security level required by the Common Criteria certification.

By default, it is set to false.

Android 11 (DO)

Android 11 (WPCO)

UserManager.constant true, false

The UserManager policy in Android outlines the system rules and restrictions for user management, outlining the actions and conditions for different user types. For more information, refer Configuring the UserManager.constant policy.

Take the support matrix from the user manager Google page.

allowUninstallFromAppCatalog true, false

When this setting is set to true, the users can uninstall apps from the MaaS360 App Catalog for Android Enterprise enrollments.

Android 7+ (DO, PO)

Android 11+ (WPCO)

disablePin true, false

This attribute disables users from configuring the MaaS360 Container passcode on their devices. This option applies to users without a Workplace Persona policy.

For users with a Workplace Persona policy, the MaaS360 Container PIN setting must be managed through the Persona policy.

This is supported on Android app version 9.00 and later.

Android 7+ (DO, PO) Android 11+ (WPCO)