Restrictions
The Restrictions settings restrict specific features, network settings, developer options, and location detection policies on Android devices.
Device restrictions
The following table describes the restrictions that you can configure on a device:
| Policy setting | Description | Supported devices |
|---|---|---|
| Allow camera | The device can use a camera. | Android 5.0+ PO and DO |
| Mute master volume | The volume is muted for the whole device. | Android 5.0+ DO |
| Allow unmuting of microphone | The device can use the microphone. | Android 5.0+ DO |
| Allow volume adjustments | The user can adjust the volume of the device. | Android 5.0+ DO |
| Allow Bluetooth configuration | The user can configure additional settings for Bluetooth on the device. | Android 5.0+ DO |
| Allow outgoing beam | The device can send information externally with Near Field Communication (NFC). | Android 5.1.1+ PO and DO |
| Allow sharing of locations | The device allows apps to access the device's location information. | Android 5.0+ PO and DO |
| Enable work contacts across profiles | The device can access contacts in the work profile across other profiles. | Android 7.0+ PO |
| Allow Bluetooth | The device can use Bluetooth. | Android 8.0+ DO |
| Allow Bluetooth sharing | The device cannot share data externally through Bluetooth. | Android 8.0+ PO and DO |
| Allow backup service | The device can use backup services to back up device data. | Android 8.0+ DO |
| Disable screen dim | The device screen remains active until the device is locked. | Android 8.0+ DO |
| Allow audio recording | The user can record audio on the device. | Samsung Knox with DO |
| Allow S-Voice | The user can use the S Voice app on the device. | Samsung Knox with DO |
| Allow video recording | The user can record video on the device. If this setting is disabled, the user can still take pictures with the camera. |
Samsung Knox with DO |
| Allow apps to manage certificates on Android Trust Store | The device allows apps to manage (install, list, remove) certificates in the Android Trust Store. | Samsung Knox with DO |
Network restrictions
The following table describes the network restrictions that you can configure on a
device:
| Policy setting | Description | Supported devices |
|---|---|---|
| Allow outgoing calls | The device can make outgoing calls. (This setting does not impact emergency phone numbers). | Android 5.0+ DO |
| Allow SMS | The device can use SMS (send and receive text messages). (This setting does not impact the visibility of the SMS app on the device, just the functionality of sending and receiving messages). | Android 5.0+ DO |
| Allow WiFi | The device can use wifi. If this setting is disabled, access to wifi is still available for wifi-only devices. |
Android 5.0+ DO |
| Allow VPN | The device can access a VPN. If this setting is disabled, the user cannot access the VPN configuration screen to establish a VPN session. |
Android 5.0+ and 6.0+ DO |
| Allow mobile network configuration | The user can modify network settings on the device. | Android 5.0+ DO |
| Allow data roaming | The device can use data roaming. | Android 7.0+ DO |
| Allow configuration of cell broadcasts | The user can modify cellular settings on the device. | Android 5.0+ DO |
| Allow network reset | The user can reset network settings on the device. | Android 6.0+ DO |
| Allow tethering | The device can connect (tether) to other devices through wifi, Bluetooth, or USB. If this setting is disabled, the device cannot connect to other devices through wifi, Bluetooth, or USB. Note: You can block third-party apps that allow tethering. |
Android 5.0+ DO |
| Enable separate dialer for work profile | The device allows a separate dialer specifically for the work profile. | Android 7.0+ DO |
| Allow S-Beam | The device uses S Beam to share data through Wi-Fi Direct. | Samsung Knox with DO |
| Allow Wi-Fi Direct | The device can use Wi-Fi Direct. | Samsung Knox with DO |
| Allow user to set mobile data limit | The user can set a limit on the amount of cellular data that is used on the device. | Samsung Knox with DO |
| Near Field Communication (NFC) | The device uses Near Field Communication (NFC) for short-range communications. | Samsung Knox with DO |
| Wifi timeout | The device times out when the device attempts to connect to a wifi network.
|
Samsung Knox with DO |
Developer options
The following table describes the restrictions that developers can configure on an Android
device:
| Policy setting | Description | Supported devices |
|---|---|---|
| Allow background process limit | The user can set the number of processes that are running in the background. If this setting is disabled, the number of processes that run in the background is set at a maximum number. |
Samsung Knox with DO |
| Allow killing activities on leave | The device can kill all instances of an activity when the user logs out of the device.
If this setting is disabled, the Don't Keep Activities setting is disabled on the device and the user cannot enable the setting on the device. |
Samsung Knox with DO |
| Allow Google crash report | The device can send the logs for a crash report to Google. | Samsung Knox with DO |
Location sharing settings
Configure the following options to configure location sharing settings on Android
devices:
| Policy setting | Description | Supported devices |
|---|---|---|
| Location sharing mode |
|
Android 5.0 to Android 8.0 (DO) |
| Enable location on device | Enables or disables the location services on the device. However, users can manually turn location services on or off from the Location settings on the device. | Android 11.0+ (DO) |
| Disallow Location Configuration | Prevents users from configuring location sharing information for their device. The default setting is disabled, or allows location sharing. | Android 9+ DO |
| Configure delegated apps | Allow delegation of enabling system apps: The MaaS360® for Android app grants access to enable system apps. | Android 8+ (DO and PO) |
Configure Package Delegation
Configure apps that are allowed to delegate permissions such as enabling system apps and
installing existing packages to other apps on the device.
| Policy Setting | Description | Supported devices |
|---|---|---|
| Configure delegated apps | Configure apps that are allowed to grant permissions to specialized apps. | Android 8.0+ (PO and DO) |
| Allow delegation of app restriction | Grants access for restricting other apps. Enter comma separated package ids of specialized apps. | Android 8.0+ (PO and DO) |
| Allow Delegation Block Uninstall | Grant access for block removal of other apps. Enter comma separated package ids of specialized apps. | Android 8.0+ (PO and DO) |
| Allow Delegation Permission Grant | Grant access for managing permissions of other apps. Enter comma separated package ids of specialized apps. | Android 8.0+ (PO and DO) |
| Allow Delegation Package Access | Grant access for hiding/suspending other apps. Enter comma separated package ids of specialized apps. | Android 8.0+ (PO and DO) |
| Allow delegation of enabling system apps | Grant access to enable system apps. Enter comma separated package ids of specialized apps. | Android 8.0+ (PO and DO) |
| Allow delegation for installing existing packages | Grant access for installing packages that have been installed in another user, or have been kept after removal. Enter comma separated package ids of specialized apps. | Android 9.0+ (PO and DO) |
| Allow delegation of management of uninstalled packages | Grant access for keeping APKs of other apps on device. Enter comma separated package ids of specialized apps. | Android 9.0+ (PO and DO) |
Additional Settings
Add custom policy settings to configure restrictions that aren't built in to the MaaS360 portal. You can use these custom policies to control features and settings on managed Android Enterprise devices. For more information, see Configuring custom policy restrictions on Android devices.