Restrictions configuration (Android Enterprise device policy)
With the Restrictions configuration you set restrictions for Android Enterprise fully managed devices.
|Users must encrypt their devices.
|Allow factory reset
|Users can reset the device to its factory settings.
|Allow safe mode
|Users can boot the device in safe mode.
|Users can turn on the debugging features in the Android developer options.
|Allow screen capture
|Users can take a screenshot of the display.
|Allow user to configure credentials
|Users can install or remove certificates.
|Allow Smart Lock
Users can turn on the Android Smart Lock feature that automatically unlocks the device in certain situations.
This setting affects the device lock. It is ignored if there is also a work profile lock configured.
|Allow location services
Allow users to share the device location with apps and services. If you clear the checkbox, location services are turned off, and users can’t turn them on.
Sophos Mobile can’t find the device if you clear the checkbox.
|Allow unlocking device by fingerprint
|Users can use the fingerprint sensor to unlock the device.
|Allow changing the account picture
|Users can change the photo used for their user account.
|Hide sensitive information on lock screen
|If notifications on the lock screen are turned on, sensitive notification content is hidden.
|System update policy
Select when system updates are installed:
|Allow managing accounts
|Users can add or remove non-Google accounts such as app accounts from the device.
|Allow managing Google accounts
|Users can add or remove Google accounts from the device.
Network and communication
|If the check box is cleared, users cannot send text messages.
|Allow mobile data connection while roaming
|If the check box is cleared, mobile data connections while roaming are turned off.
|If the check box is cleared, users cannot use VPN connections.
|Allow Android Beam
|Users can send data from apps through Android Beam (data transfer through NFC).
Users can connect to Bluetooth devices.
When you turn this setting off, users can’t connect to new Bluetooth devices. Users can continue to connect to already paired Bluetooth devices.
|Allow outgoing phone calls
|Users can make phone calls.
|Allow network reset
|Users can reset network settings to their defaults.
|Enable Wi-Fi settings
|Users can change the Wi-Fi settings.
|Allow configuring cell broadcasts
|Users can turn cell broadcast (CB) messages on or off in their messaging app.
|Enable cellular networks settings
|Users can change the cellular network settings.
|Enable tethering settings
|Users can change the tethering and portable hotspot settings.
|If the check box is cleared, the camera is unavailable.
|If the check box is cleared, the microphone is unavailable.
|Allow external media
|Users can connect external media like USB storage to the device.
|Enable USB storage
Users can connect the device in USB Mass Storage mode (USB MSC) to a host computer, i.e. as an external hard drive.
If you clear the check box, users can still connect the device in Media Transfer mode (USB MTP) or Picture Transfer mode (USB PTP) to transfer files.
|Allow transferring files over USB
|Users can transfer files between the device and external USB storage.
|Allow app uninstall
|Users can uninstall apps.
|Allow installing apps from unknown sources
|If the check box is cleared, users can only install apps from Google Play, not from unknown sources or through Android Debug Bridge (ADB).
|Enable system apps
By default, most system apps (apps that are preinstalled by the device manufacturer) are disabled. Users can only access system apps that provide basic device features, such as Phone, Contacts, or Messages. The list may vary depending on the device model.
Turn this setting on to enable all system apps.
Note that you can’t disable system apps after you enable them.
|Allow wallpaper change
|If the check box is cleared, users cannot change the wallpaper.
|Allow managing apps
If the check box is cleared, users can’t perform the following tasks for apps:
|Allow disabling Google security scans
Users can turn off the Google security setting Scan device for security threats.
The setting is available in the Settings app, under Google > Security > Google Play Protect.
|Allow setting date and time
Users can set the date and time.
If the check box is cleared, network date and time is used.
A company-specific support message that is displayed to the user when functionality has been turned off.
If you enter more than 200 characters, the message may be truncated.
Additional text to complement the short message. The text is displayed when the user taps More details in screens that display the short message.
This text is also displayed on the Android Device administrator screen for the Sophos Mobile Control app.
|Allowed accessibility services
Restrict the list of apps that can provide accessibility services: