Restrictions configuration (Android enterprise device policy)

With the Restrictions configuration you define restrictions for devices.




Force encryption

Users must encrypt their devices.

Allow factory reset

Users can reset the device to its factory settings.

Allow safe mode

Users can boot the device in safe mode.

Allow debugging

Users can turn on the debugging features in the Android developer options.

Allow screen capture

Users can take a screenshot of the display.

Allow user to configure credentials

Users can install or remove certificates.

Allow Smart Lock

Users can turn on the Android Smart Lock feature that automatically unlocks the device in certain situations.

Allow location sharing

Users can turn on location sharing.

Allow unlocking device by fingerprint

Users can use the fingerprint sensor to unlock the device.

Allow adding user

If supported by the device, users can add user accounts on the device.

Allow removing user

Users can remove user accounts from the device.

Allow changing the account picture

Users can change the photo used for their user account.

Hide sensitive information on lock screen

If notifications on the lock screen are turned on, sensitive notification content is hidden.

System update policy

Select when system updates are installed:

  • No policy: The user can decide when to install system updates.
  • Install automatically: System updates are installed automatically as soon as they are available.
  • Install within maintenance window: System updates are installed automatically within a daily maintenance window. Enter start and end time of the day.
  • Postpone: System updates (except for security updates) are blocked for 30 days.




Allow managing accounts

Users can add or remove accounts from the device, but not the Google account.

Network and communication



Allow SMS

If the check box is cleared, users cannot send text messages.

Allow mobile data connection while roaming

If the check box is cleared, mobile data connections while roaming are turned off.

Allow VPN

If the check box is cleared, users cannot use VPN connections.

Allow Android Beam

Users can send data from work apps through Android Beam (data transfer through NFC).

Allow Bluetooth

If the check box is cleared, Bluetooth is turned off.

Allow outgoing phone calls

Users can make phone calls.

Allow network reset

Users can reset network settings to their defaults.

Enable Wi-Fi settings

Users can change the Wi-Fi settings.

Allow configuring cell broadcasts

Users can turn cell broadcast (CB) messages on or off in their messaging app.

Enable cellular networks settings

Users can change the cellular network settings.

Enable tethering settings

Users can change the tethering and portable hotspot settings.




Allow camera

If the check box is cleared, the camera is unavailable.

Allow microphone

If the check box is cleared, the microphone is unavailable.

Allow external media

Users can connect external media like USB storage to the device.




Allow app uninstall

Users can uninstall apps.

Allow installing apps from unknown sources

If the check box is cleared, users can only install apps from Google Play, not from unknown sources or through Android Debug Bridge (ADB).

Allow wallpaper change

If the check box is cleared, users cannot change the wallpaper.

Allow managing apps

If the check box is cleared, users can’t perform the following tasks for apps:
  • Uninstall apps
  • Disable apps
  • Stop apps
  • Clear app cache
  • Clear app data
  • Clear setting Open by default

Allow disabling Google security scans

Users can turn off the Google security setting Scan device for security threats.

The setting is available in the Settings app, under Google > Security > Google Play Protect.

Allow setting date and time

Users can set the date and time.

If the check box is cleared, network date and time is used.

Short message

A company-specific support message that is displayed to the user when functionality has been turned off.
Note If you enter more than 200 characters, the message may be truncated.

Long message

Additional text to complement the short message. The text is displayed when the user taps More details in screens that display the short message.
Note This text is also displayed on the Android Device administrator screen for the Sophos Mobile Control app.

Allowed accessibility services

Restrict the list of apps that can provide accessibility services:

  • If you select All available apps, users can use all accessibility services.
  • If you select Only system apps, users can only use accessibility services from system apps.
  • If you select an app group, users can only use accessibility services from apps within that group, and from system apps.