Restrictions
The Restrictions settings restrict specific features, network settings, developer options, and location detection policies on Android devices.
Device features
Policy setting | Description | Supported devices |
---|---|---|
Allow camera | If this setting is turned on, the device can use the camera. In addition to enabling this setting, enable the camera app in native app compliance. | Android 5.0+ PO and DO |
Allow camera on personal profile | If this setting is turned on, MaaS360 allows the use of the camera on the personal profile of Work Profile on Corporate Owned (WPCO) devices. | |
Mute master volume | If this setting is turned on, the volume is muted at the device level and no sound through any audio connections. | Android 5.0+ DO |
Allow unmuting of microphone | If this setting is turned on, MaaS360 grants access to the microphone. If this setting is turned off, the audio is transmitted through the microphone through the phone or any other applications that use this capability. | Android 5.0+ DO |
Allow volume adjustments | If this setting is turned on, users can adjust the volume. If this setting is turned off, the device volume remains at the last set value. | Android 5.0+ DO |
Allow Bluetooth configuration | If this setting is turned on, users can modify the Bluetooth settings and configurations. If this setting is turned off, MaaS360 locks down existing settings. | Android 5.0+ DO |
Allow outgoing beam | If this setting is turned on, the device can send information externally with Near Field Communication (NFC). | Android 5.1.1+ PO and DO |
Allow sharing of locations | If this setting is turned on, the apps are enabled to access the device's location information. Turn on this setting if you are configuring Wi-Fi policies, Trusteer policies, or Wi-Fi or Bluetooth settings within the kiosk. Location permission is required for identifying the list of configured networks, the presently connected network, and the discovery of other Bluetooth networks. | Android 5.0+ PO and DO |
Enable work contacts across profiles | If this setting is turned on, users are allowed to access contacts in the work profile from across other profiles. Requires Google messages app to work with SMS. If this setting is turned off, users are restricted from accessing work contacts across multiple profiles. | Android 7.0+ PO |
Allow Bluetooth | If this setting is turned on, the device can use Bluetooth. | Android 8.0+ DO |
Allow Bluetooth sharing | The device cannot share data externally through Bluetooth. | Android 8.0+ PO and DO |
Allow backup service | If this setting is turned on, MaaS360 allows backups by using embedded services. This setting does not impact the ability to backup data by using third-party content management applications. | Android 8.0+ DO |
Disable screen dim | When this setting is turned on, the screen remains active until the device is locked. Enabling this setting makes sure that the MaaS360 app or kiosk launcher are not turned off because of timeouts. This setting does not apply to other native or third-party apps. | Android 8.0+ DO |
Allow audio recording | If this setting is turned on, users can record audio on the device. Note: Even after you
disable this setting, the device microphone is still available so that the user can make calls and
use audio streaming for VoIP.
|
Samsung Knox with DO |
Allow SVoice | If this setting is turned on, the user can use the SVoice app on the device. | Samsung Knox with DO |
Allow video recording | If this setting is turned on, MaaS360 allows users to record video on the device. If this setting is turned off, the user can still take pictures with the camera. | Samsung Knox with DO |
Allow apps to manage certificates on Android TrustStore | Determines which apps can install or list or remove certs to/in/from the TrustStore. Enter a comma-separated list of apps allowed to install/list/remove certificates to/in/from Android TrustStore. | Samsung Knox with DO |
Disallow Printing | If this setting is turned off, printing is enabled from the device. | Android 9.0+ (DO, PO) |
Disable Date & Time Configuration | If this setting is turned off, it allows users to manually set the date and time on the device. If disabled in Device Owner (DO) mode, MaaS360 disables the date, time, and time zone setting on the entire device. All users on the device are affected. | Android 9.0+ (DO) |
Disable Ambient Display | If this setting is turned off, it allows users to use the Ambient Display feature that exhibits device notifications on the wake screen display. | Android 9.0+ (DO) |
Disable Brightness Configuration | If this setting is turned off, it allows users to alter screen brightness settings. | Android 9.0+ (DO) |
Disallow Locale Configuration | If this setting is turned off, it allows users to set the locale on the device. This can impact other features such as time and date. | Android 9.0+ (DO) |
Disallow System Error Dialogs | If this setting is turned on, the device cannot display system errors for items like crashed apps or when processes stop working. | Android 9.0+ (DO) |
Disable Airplane Mode | If this setting is turned on, disables Airplane mode on the entire device. | Android 9.0+ (DO) |
Network restrictions
Policy setting | Description | Supported devices |
---|---|---|
Allow outgoing calls | The device can make outgoing calls. (This setting does not impact emergency phone numbers). | Android 5.0+ DO |
Allow SMS | The device can use SMS (send and receive text messages). (This setting does not impact the visibility of the SMS app on the device, just the functionality of sending and receiving messages). | Android 5.0+ DO |
Allow Wi-Fi | If this setting is disabled, users are not allowed to change Wi-Fi access points through
Settings. This restriction does not affect Wi-Fi tethering settings on the device. Note: The Wi-Fi
connection remains uninterrupted and stays connected to the previously associated network. While the
Wi-Fi can be turned on or off, it is not possible to change the Wi-Fi access point.
|
Android 5.0+ DO |
Allow or block Wi-Fi networks by SSID | The admin can define a Wi-Fi SSID restriction policy that the network must satisfy to be
eligible for a connection. You can use Add allowlist or Add
blocklist to define the list of Wi-Fi networks to be allowed or blocked for a device. You
can also set the value to No Restrictions on Wi-Fi SSIDs.Note: Admin-configured
networks are not exempt from this restriction.
|
Android 13.0+ DO |
Allowed Wi-Fi networks/ Blocked Wi-Fi networks |
Note: In Allow or block Wi-Fi networks by SSID, select
Add
allowlist , Add blocklist from the drop-down list to view this
setting.The admin can do the following actions.
|
Android 13.0+ DO |
Minimum Wi-Fi security level | The admin can set the minimum Wi-Fi security levels that are required to connect to the
Wi-Fi networks for the device. The device fails to connect to networks that do not meet the minimum
security level. Make sure that you select a suitable level to avoid connectivity issues or else the
device gets disconnected. The following values are available.
|
Android 13.0+ DO |
Allow configuring Wi-Fi | This setting enables the user to configure and add Wi-Fi networks. If this setting is disabled, the user cannot access Wi-Fi on the devices if no Wi-Fi SSIDs are pushed to the devices through policies. | Android 13.0+ DO |
Allow change Wi-Fi State | This setting enables the user to change the Wi-Fi state. | Android 13.0+ DO |
Allow Wi-Fi Tethering | This setting enables the user to use Wi-Fi Tethering or portable hotspots from the device Settings. | Android 13.0+ DO |
Allow VPN | The device can access a VPN. If this setting is disabled, the user cannot access the VPN configuration screen to establish a VPN session. |
Android 5.0+ DO and 6.0+ PO |
Allow Mobile Network configuration | If this setting is disabled, the user cannot modify Mobile network settings on the
device. Note: Do not use this setting to enable or disable mobile data on the
device.
|
Android 5.0+ DO |
Allow data roaming | The device can use data roaming. | Android 7.0+ DO |
Allow configuration of cell broadcasts | The user can modify cellular settings on the device. | Android 5.0+ DO |
Allow network reset | The user can reset network settings on the device. | Android 6.0+ DO |
Allow tethering | The device can connect (tether) to other devices through wifi, Bluetooth, or USB. If this setting is disabled, the device cannot connect to other devices through wifi, Bluetooth, or USB. Note: You can block third-party apps that allow tethering. |
Android 5.0+ DO |
Enable separate dialer for work profile | The device allows a separate dialer specifically for the work profile. | Android 7.0+ DO |
Allow S-Beam | The device uses S Beam to share data through Wi-Fi Direct. | Samsung Knox with DO |
Allow Wi-Fi Direct | The device can use Wi-Fi Direct. | Samsung Knox with DO, Android 13.0+ DO |
Allow user to set mobile data limit | The user can set a limit on the amount of cellular data that is used on the device. | Samsung Knox with DO |
Near Field Communication (NFC) | The device uses Near Field Communication (NFC) for short-range communications. | Samsung Knox with DO |
Wifi timeout | The device times out when the device attempts to connect to a wifi network.
|
Samsung Knox with DO |
Developer options
Policy setting | Description | Supported devices |
---|---|---|
Allow background process limit | The user can set the number of processes that are running in the background. If this setting is disabled, the number of processes that run in the background is set at a maximum number. |
Samsung Knox with DO |
Allow killing activities on leave | The device can end all instances of an activity when the user logs out of the device. If this setting is disabled, the Don't Keep Activities setting is disabled on the device, and the user cannot enable the setting on the device. |
Samsung Knox with DO |
Allow Google crash report | The device can send the logs for a crash report to Google. | Samsung Knox with DO |
Location sharing settings
Policy setting | Description | Supported devices |
---|---|---|
Location sharing mode |
|
Android 5.0 to Android 8.0 (DO) |
Enable location on device | Enables or disables the location services on the device. However, users can manually turn location services on or off from the Location settings on the device. | Android 11.0+ (DO) |
Disallow Location Configuration | Prevents users from configuring location sharing information for their device. The default setting is disabled, or allows location sharing. | Android 9+ DO |
Configure delegated apps | Allow delegation of enabling system apps: The MaaS360® for Android app grants access to enable system apps. | Android 8+ (DO and PO) |
Configure Package Delegation
Policy Setting | Description | Supported devices |
---|---|---|
Configure delegated apps | Configure apps that are allowed to grant permissions to specialized apps. | Android 8.0+ (PO and DO) |
Allow delegation of app restriction | Grants access for restricting other apps. Enter comma-separated package IDs of specialized apps. | Android 8.0+ (PO and DO) |
Allow Delegation Block Uninstall | Grant access for block removal of other apps. Enter comma-separated package IDs of specialized apps. | Android 8.0+ (PO and DO) |
Allow Delegation Permission Grant | Grant access for managing permissions of other apps. Enter comma-separated package IDs of specialized apps. | Android 8.0+ (PO and DO) |
Allow Delegation Package Access | Grant access for hiding or suspending other apps. Enter comma-separated package IDs of specialized apps. | Android 8.0+ (PO and DO) |
Allow delegation of enabling system apps | Grant access to enable system apps. Enter comma-separated package IDs of specialized apps. | Android 8.0+ (PO and DO) |
Allow delegation for installing existing packages | Grant access for installing packages that are installed in another user, or are kept after removal. Enter comma-separated package IDs of specialized apps. | Android 9.0+ (PO and DO) |
Allow delegation of management of uninstalled packages | Grant access for keeping APKs of other apps on the device. Enter comma-separated package IDs of specialized apps. | Android 9.0+ (PO and DO) |
Additional Settings
Add custom policy settings to configure restrictions that aren't built in to the MaaS360 portal. You can use these custom policies to control features and settings on managed Android Enterprise devices. For more information, see Configuring policy restrictions on Android devices.