Restrictions configuration (Android Enterprise work profile policy)

With the Restrictions configuration you set restrictions for Android Enterprise work profile devices.

Security

Setting

Description

Allow screen capture

Users can capture the screen content of apps installed in the work profile.

Allow user to configure credentials

Users can install or remove certificates in the work profile.

Allow work clipboard in personal apps

Users can copy text from an app in the work profile and paste it into a personal app.

Pasting clipboard text from a personal app into an app in the work profile is always possible.

Allow Smart Lock

Users can turn on the Android Smart Lock feature that automatically unlocks the device in certain situations.

Note This setting affects the device lock. It is ignored if there is also a work profile lock configured.

Allow location sharing

Apps in the work profile can access the device’s location features.

If the check box is cleared, apps in the work profile can’t access the device’s location features, even if the user has turned location sharing on.

Allow opening web links in personal apps

Web links that the user taps in an app in the work profile can be opened by a personal browser app.

Allow debugging

Users can turn on the debugging features in the Android developer options.

Allow unlocking device by fingerprint

Users can use the fingerprint sensor to unlock the device.

Allow work contact info for personal calls

The personal phone app displays the caller’s name for incoming calls from work contacts.

Allow work contact info for Bluetooth devices

Connected Bluetooth devices display the caller’s name for incoming personal calls from work contacts.

Allow searches of work contacts in personal profile

The personal phone app includes results from work contacts when searching for caller’s names.

Accounts

Setting

Description

Allow managing accounts

Users can add or remove non-Google accounts such as app accounts from the work profile.

Network and communication

Setting

Description

Allow VPN

Users can use VPN connections for apps in the work profile.

Allow Android Beam

Users can send data from apps in the work profile through Android Beam (data transfer through NFC).

Hardware

Setting

Description

Allow camera

Apps in the work profile can access the camera.

Applications

Setting

Description

Allow app uninstall

Users can uninstall apps from the work profile.

Allow installing apps from unknown sources

If the check box is cleared, users can only install apps in the work profile from Google Play, not from unknown sources or through Android Debug Bridge (ADB).

Allow managing apps

If the check box is cleared, users can’t perform the following tasks for apps in the work profile:
  • Uninstall apps
  • Disable apps
  • Stop apps
  • Clear app cache
  • Clear app data
  • Clear setting Open by default

Allow disabling Google security scans

Users can turn off the Google security setting Scan device for security threats.

The setting is available in the Settings app, under Google > Security > Google Play Protect.

Short message

A company-specific support message that is displayed to the user when functionality has been turned off.
Note If you enter more than 200 characters, the message may be truncated.

Long message

Additional text to complement the short message. The text is displayed when the user taps More details in screens that display the short message.
Note This text is also displayed on the Android Device administrator screen for the Sophos Mobile Control app.