Restrictions configuration (Android device policy)

With the Restrictions configuration you set restrictions for devices.

Security

Setting

Description

Force encryption

Users must encrypt their devices.

Force SD card encryption

When the policy is assigned to a device, the user must encrypt the SD card.
Note For some device types, users can choose to cancel the encryption. They will be reminded again on the next SD card mount.

Allow fast encryption

Users can change the fast encryption options in the device settings.

Allow factory reset

Users can reset their devices to factory state.

Allow "Developer options"

Users can change the developer options.

Allow safe mode

Users can boot the device in safe mode.

Allow USB debugging

Users can turn on USB debugging.
Note For Sony devices with Enterprise API level 9 or later, clearing the Allow USB debugging check box makes all developer options unavailable.

Allow firmware recovery

All types of firmware updates (like over-the-air, download etc.) are allowed.

Allow backup

Users can create system backups.

If the check box is cleared, Google backup is turned off but other backup methods (for example Sophos Mobile backups) remain available.

Allow settings changes

Users can change device settings.

Note You must turn this on for Samsung devices on which you want to configure a Knox container.

Allow clipboard

Users can copy any contents to the clipboard.

Enable shared clipboard

Allows users to copy clipboard content between apps.

If the check box is cleared, each app has an individual clipboard.

This setting is only available if you select Allow clipboard.

Allow screen capture

Users can take a screenshot of the display.

Allow mock GPS locations

Users can select a mock location app in the Android developer options.

Allow over-the-air firmware updates

Over-the-air firmware updates are allowed.

Allow audio recording

Users can perform audio recording.

Allow video recording

Users can record videos.

If the check box is cleared, users can still take pictures and stream videos.

Allow Activation Lock

Users can change the Activation Lock options in the device settings.

Allow S Beam

Users can start the Samsung S Beam app.

Allow S Voice

Users can start the Samsung S Voice app.

Allow "Share via"

The Share via feature is available.

Accounts

Setting

Description

Allow multiple user accounts

If the check box is cleared, multi-user support is turned off. Users or other apps cannot create additional user accounts.

Allow adding email accounts

If the check box is cleared, users cannot add email accounts.

This does not affect the account creation through a device policy.

Allow removal of the Google account

If the check box is cleared, users cannot remove the Google account from the device.

Allow auto-sync for Google accounts

If the check box is cleared, Google accounts are not synchronized automatically. Users are still able to perform a manual sync from inside some apps like Gmail.

Network and communication

Setting

Description

Allow airplane mode

If the check box is cleared, users cannot enable airplane mode.

Allow sync while roaming

If the check box is cleared, synchronization while roaming is turned off.

Allow emergency calls only

Only emergency calls are allowed. All other calls will be blocked.

Force manual sync during roaming

Automatic data synchronization is turned off when the device is roaming. This affects all configured accounts, such as Google or Exchange.

Force mobile data connection

Users cannot turn off cellular data.

Allow SMS

If the check box is cleared, users cannot send text messages.

Allow mobile data connection while roaming

If the check box is cleared, mobile data connections while roaming are turned off.

Allow voice calls while roaming

If the check box is cleared, voice calls while roaming are turned off.

Allow user mobile data limit

If the check box is cleared, users cannot set a mobile data limit.

Allow VPN

If the check box is cleared, users cannot use VPN connections.

Allow Wi-Fi Direct

If the check box is cleared, data transfer through Wi-Fi Direct is turned off.

Allow Android Beam

If the check box is cleared, data transfer through Android Beam is turned off. This includes the Samsung S Beam app.

Allow Miracast policy

If the check box is cleared, data transfer through Miracast is turned off.

Allow Bluetooth

If the check box is cleared, Bluetooth is turned off.

Allow Advanced Audio Distribution Profile (A2DP)

To allow individual Bluetooth profiles, first select the Allow Bluetooth check box and then select the profiles you want to allow.

If the Allow Bluetooth check box is cleared, the settings have no effect, i.e. all profiles are forbidden.

Allow Audio/Video Remote Control Profile (AVRCP)

Allow Hands-Free Profile (HFP)

Allow Headset Profile (HSP)

Allow Phone Book Access Profile (PBAP)

Allow Serial Port Profile (SPP)

Allow NFC

If the check box is cleared, NFC (near-field communication) is turned off.

Allow Wi-Fi

If the check box is cleared, Wi-Fi is turned off.

Tethering

Setting

Description

Allow tethering

If the check box is cleared, all tethering is turned off. This includes tethering over Wi-Fi, USB and Bluetooth.
Note If the check box is cleared, the settings Allow Wi-Fi tethering, Allow USB tethering and Allow Bluetooth tethering have no effect.

Allow Wi-Fi tethering

If the check box is cleared, Wi-Fi tethering (Wi-Fi hotspot) is turned off.

Allow USB tethering

If the check box is cleared, USB tethering is turned off.

Allow Bluetooth tethering

If the check box is cleared, Bluetooth tethering is turned off.

Allow configuring Wi-Fi tethering

The user can configure the settings of the Wi-Fi hotspot.

Hardware

Setting

Description

Allow camera

If the check box is cleared, the camera is unavailable.

Allow camera on lock screen

If the check box is cleared, the camera is unavailable when the screen is locked.

To allow the camera on the lock screen you must also select the Allow camera option.

Force GPS for location queries

GPS information is used for device location.

Allow SD card

If the check box is cleared, SD cards cannot be used in devices.

Allow moving apps to the SD card

If the check box is cleared, users cannot move apps from the internal storage to the SD card.

Allow writing to unencrypted SD card

If the check box is cleared, it is not possible to write to unencrypted SD cards.

Allow microphone

If the check box is cleared, the microphone is unavailable.

Allow USB

The USB mass storage mode and the USB media device mode (MTP) are available on the device.

Allow USB media player

If the check box is cleared, the Media Transfer Protocol (MTP) is unavailable. Because Android uses MTP for USB file transfer, any file transfer over USB is blocked.

Allow power saving mode

If the check box is cleared, the device doesn’t enter power saving mode.

Allow USB host storage

All external storage devices the user connects are mounted. This includes portable USB storage devices, external HD drives and SD card readers.

If the check box is cleared, external storage devices are not mounted.

Applications

Setting

Description

Allow app install

If the check box is cleared, users cannot install apps.

Allow app uninstall

If the check box is cleared, users cannot uninstall apps.

Allow unsigned app install

If the check box is cleared, users can only install signed APK files.

Allow Play Store

If the check box is cleared, the Google Play Store app is unavailable.

Allow apps from unknown sources

If the check box is cleared, users can only install apps through the Google Play Store app.

Allow native browser

If the check box is cleared, the native browser is unavailable. Third-party browser apps are not affected.

Allow app crash reports

If the check box is cleared, apps cannot send crash reports.

Allow wallpaper change

If the check box is cleared, users cannot change the wallpaper.

Show caller info

If the check box is cleared, caller details are not displayed for incoming phone calls. All callers are displayed as “unknown”.

Allow autofill in browser

The user can enable autofill in the settings of the native Android browser. If enabled, web pages can provide suggestions when the user is filling in form data.

If the check box is cleared, autofill is turned off and the browser setting is unavailable.

Allow cookies in browser

The user can enable cookies in the settings of the native Android browser. If enabled, web pages can store cookies on the device.

If the check box is cleared, cookies are turned off and the browser setting is unavailable.

Allow JavaScript in browser

The user can enable JavaScript in the settings of the native Android browser. If enabled, web pages can execute JavaScript code on the device.

If the check box is cleared, JavaScript is turned off and the browser setting is unavailable.

Allow pop-ups in browser

The user can enable pop-ups in the settings of the native Android browser. If enabled, web pages can open new browser windows.

If the check box is cleared, pop-ups are turned off and the browser setting is unavailable.

Allow changing date and time settings

The user can change the date and time settings.

Filter type

Select either Allowed apps or Forbidden apps and then select the app group containing the apps you want to allow or forbid.

Apps you install with Sophos Mobile are not restricted by this setting.