Restrictions

The Restrictions settings restrict specific features, network settings, developer options, and location detection policies on Android devices.

Device restrictions

The following table describes the restrictions that you can configure on a device:
Policy setting Description Supported devices
Allow camera The device can use a camera. Android 5.0+ PO and DO
Mute master volume The volume is muted for the whole device. Android 5.0+ DO
Allow unmuting of microphone The device can use the microphone. Android 5.0+ DO
Allow volume adjustments The user can adjust the volume of the device. Android 5.0+ DO
Allow Bluetooth configuration The user can configure additional settings for Bluetooth on the device. Android 5.0+ DO
Allow outgoing beam The device can send information externally with Near Field Communication (NFC). Android 5.1.1+ PO and DO
Allow sharing of locations The device allows apps to access the device's location information. Android 5.0+ PO and DO
Enable work contacts across profiles The device can access contacts in the work profile across other profiles. Android 7.0+ PO
Allow Bluetooth The device can use Bluetooth. Android 8.0+ DO
Allow Bluetooth sharing The device cannot share data externally through Bluetooth. Android 8.0+ PO and DO
Allow backup service The device can use backup services to back up device data. Android 8.0+ DO
Disable screen dim The device screen remains active until the device is locked. Android 8.0+ DO
Allow audio recording The user can record audio on the device. Samsung Knox with DO
Allow S-Voice The user can use the S Voice app on the device. Samsung Knox with DO
Allow video recording The user can record video on the device.

If this setting is disabled, the user can still take pictures with the camera.

Samsung Knox with DO
Allow apps to manage certificates on Android Trust Store The device allows apps to manage (install, list, remove) certificates in the Android Trust Store. Samsung Knox with DO

Network restrictions

The following table describes the network restrictions that you can configure on a device:
Policy setting Description Supported devices
Allow outgoing calls The device can make outgoing calls. (This setting does not impact emergency phone numbers). Android 5.0+ DO
Allow SMS The device can use SMS (send and receive text messages). (This setting does not impact the visibility of the SMS app on the device, just the functionality of sending and receiving messages). Android 5.0+ DO
Allow WiFi The device can use wifi.

If this setting is disabled, access to wifi is still available for wifi-only devices.

Android 5.0+ DO
Allow VPN The device can access a VPN.

If this setting is disabled, the user cannot access the VPN configuration screen to establish a VPN session.

Android 5.0+ and 6.0+ DO
Allow mobile network configuration The user can modify network settings on the device. Android 5.0+ DO
Allow data roaming The device can use data roaming. Android 7.0+ DO
Allow configuration of cell broadcasts The user can modify cellular settings on the device. Android 5.0+ DO
Allow network reset The user can reset network settings on the device. Android 6.0+ DO
Allow tethering The device can connect (tether) to other devices through wifi, Bluetooth, or USB.

If this setting is disabled, the device cannot connect to other devices through wifi, Bluetooth, or USB.

Note: You can block third-party apps that allow tethering.

Android 5.0+ DO
Enable separate dialer for work profile The device allows a separate dialer specifically for the work profile. Android 7.0+ DO
Allow S-Beam The device uses S Beam to share data through Wi-Fi Direct. Samsung Knox with DO
Allow Wi-Fi Direct The device can use Wi-Fi Direct. Samsung Knox with DO
Allow user to set mobile data limit The user can set a limit on the amount of cellular data that is used on the device. Samsung Knox with DO
Near Field Communication (NFC) The device uses Near Field Communication (NFC) for short-range communications. Samsung Knox with DO
Wifi timeout The device times out when the device attempts to connect to a wifi network.
  • Default: The device uses the default system setting.
  • Never: The timeout setting is disabled on the device.
  • Never when plugged in: The timeout setting is disabled when the device is connected to external hardware.
Samsung Knox with DO

Developer options

The following table describes the restrictions that developers can configure on an Android device:
Policy setting Description Supported devices
Allow background process limit The user can set the number of processes that are running in the background.

If this setting is disabled, the number of processes that run in the background is set at a maximum number.

Samsung Knox with DO
Allow killing activities on leave The device can kill all instances of an activity when the user logs out of the device.

If this setting is disabled, the Don't Keep Activities setting is disabled on the device and the user cannot enable the setting on the device.

Samsung Knox with DO
Allow Google crash report The device can send the logs for a crash report to Google. Samsung Knox with DO

Location sharing settings

Configure the following options to configure location sharing settings on Android devices:
Policy setting Description Supported devices
Location sharing mode
  • High Accuracy: The device uses all available resources for the most accurate location.
  • Sensors Only: The location of the device is tracked through sensors.
  • Battery Saving: The device location is not updated as often to save battery power on the device.
  • None: Location sharing mode is disabled.
Android 5.0 to Android 8.0 (DO)
Enable location on device Enables or disables the location services on the device. However, users can manually turn location services on or off from the Location settings on the device. Android 11.0+ (DO)
Disallow Location Configuration Prevents users from configuring location sharing information for their device. The default setting is disabled, or allows location sharing. Android 9+ DO
Configure delegated apps Allow delegation of enabling system apps: The MaaS360® for Android app grants access to enable system apps. Android 8+ (DO and PO)

Configure Package Delegation

Configure apps that are allowed to delegate permissions such as enabling system apps and installing existing packages to other apps on the device.
Policy Setting Description Supported devices
Configure delegated apps Configure apps that are allowed to grant permissions to specialized apps. Android 8.0+ (PO and DO)
Allow delegation of app restriction Grants access for restricting other apps. Enter comma separated package ids of specialized apps. Android 8.0+ (PO and DO)
Allow Delegation Block Uninstall Grant access for block removal of other apps. Enter comma separated package ids of specialized apps. Android 8.0+ (PO and DO)
Allow Delegation Permission Grant Grant access for managing permissions of other apps. Enter comma separated package ids of specialized apps. Android 8.0+ (PO and DO)
Allow Delegation Package Access Grant access for hiding/suspending other apps. Enter comma separated package ids of specialized apps. Android 8.0+ (PO and DO)
Allow delegation of enabling system apps Grant access to enable system apps. Enter comma separated package ids of specialized apps. Android 8.0+ (PO and DO)
Allow delegation for installing existing packages Grant access for installing packages that have been installed in another user, or have been kept after removal. Enter comma separated package ids of specialized apps. Android 9.0+ (PO and DO)
Allow delegation of management of uninstalled packages Grant access for keeping APKs of other apps on device. Enter comma separated package ids of specialized apps. Android 9.0+ (PO and DO)

Additional Settings

Add custom policy settings to configure restrictions that aren't built in to the MaaS360 portal. You can use these custom policies to control features and settings on managed Android Enterprise devices. For more information, see Configuring custom policy restrictions on Android devices.