Restrictions configuration (Android Enterprise work profile policy)
With the Restrictions configuration you set restrictions for Android Enterprise work profile devices.
Security
| Setting | Description |
|---|---|
| Allow screen capture | Users can capture the screen content of apps installed in the work profile. |
| Allow user to configure credentials | Users can install or remove certificates in the work profile. |
| Allow work clipboard in personal apps | Users can copy text from an app in the work profile and paste it into a personal app. Pasting clipboard text from a personal app into an app in the work profile is always possible. |
| Allow Smart Lock | Users can turn on the Android Smart Lock feature that automatically unlocks the device in certain situations. This setting affects the device lock. It is ignored if there is also a work profile lock configured. |
| Allow location services | Allow users to share the device location with apps and services in the work profile. If you clear the checkbox, location services are turned off, and users can’t turn them on. Sophos Mobile can’t find the device if you clear the checkbox. |
| Allow opening web links in personal apps | Web links that the user taps in an app in the work profile can be opened by a personal browser app. |
| Allow debugging | Users can turn on the debugging features in the Android developer options. |
| Allow unlocking device by fingerprint | Users can use the fingerprint sensor to unlock the device. |
| Allow work contact info for personal calls | The personal phone app displays the caller’s name for incoming calls from work contacts. |
| Allow work contact info for Bluetooth devices | Connected Bluetooth devices display the caller’s name for incoming personal calls from work contacts. |
| Allow searches of work contacts in personal profile | The personal phone app includes results from work contacts when searching for caller’s names. |
Accounts
| Setting | Description |
|---|---|
| Allow managing accounts | Users can add or remove accounts in the work profile. |
Network and communication
| Setting | Description |
|---|---|
| Allow VPN | Users can use VPN connections for apps in the work profile. |
| Allow Android Beam | Users can send data from apps in the work profile through Android Beam (data transfer through NFC). |
| Allow sharing of managed Wi-Fi connections | If the checkbox is cleared, users can’t share Wi-Fi connections configured by Sophos Mobile. This setting applies to Android 13 and later. |
Hardware
| Setting | Description |
|---|---|
| Allow camera | Apps in the work profile can access the camera. |
Applications
| Setting | Description |
|---|---|
| Allow app uninstall | When you turn this setting off, apps in the work profile can’t be uninstalled. This also prevents administrators from uninstalling these apps via Sophos Mobile. |
| Allow installing apps from unknown sources | If the check box is cleared, users can only install apps in the work profile from Google Play, not from unknown sources or through Android Debug Bridge (ADB). |
| Enable vendor-specific system apps | Vendor-specific system apps, such as Samsung Calendar, are available in the work profile. |
| Allow managing apps | If the check box is cleared, users can’t perform the following tasks for apps in the work profile:
|
| Allow disabling Google security scans | Users can turn off the Google security setting Scan device for security threats. The setting is available in the Settings app, under Google > Security > Google Play Protect. |
| Short message | A company-specific support message that is displayed to the user when functionality has been turned off. If you enter more than 200 characters, the message may be truncated. |
| Long message | Additional text to complement the short message. The text is displayed when the user taps More details in screens that display the short message. This text is also displayed on the Android Device administrator screen for the Sophos Mobile Control app. |