Skip to content

Restrictions configuration (Android device policy)

With the Restrictions configuration you set restrictions for devices.

Security

Setting Description
Force encryption Users must encrypt their devices.
Force SD card encryption When the policy is assigned to a device, the user must encrypt the SD card.

For some device types, users can choose to cancel the encryption. They will be reminded again on the next SD card mount.

Allow fast encryption Users can change the fast encryption options in the device settings.
Allow factory reset Users can reset their devices to factory state.
Allow "Developer options" Users can change the developer options.
Allow safe mode Users can boot the device in safe mode.
Allow USB debugging Users can turn on USB debugging.

For Sony devices with Enterprise API level 9 or later, clearing the Allow USB debugging check box makes all developer options unavailable.

Allow firmware recovery All types of firmware updates (like over-the-air, download etc.) are allowed.
Allow backup Users can create system backups.

If the check box is cleared, Google backup is turned off but other backup methods (for example Sophos Mobile backups) remain available.

Allow settings changes Users can change device settings.

You must turn this on for Samsung devices on which you want to configure a Knox container.

Allow clipboard Users can copy any contents to the clipboard.
Enable shared clipboard Allows users to copy clipboard content between apps.

If the check box is cleared, each app has an individual clipboard.

This setting is only available if you select Allow clipboard.

Allow screen capture Users can take a screenshot of the display.
Allow mock GPS locations Users can select a mock location app in the Android developer options.
Allow over-the-air firmware updates Over-the-air firmware updates are allowed.
Allow audio recording Users can perform audio recording.
Allow video recording Users can record videos.

If the check box is cleared, users can still take pictures and stream videos.

Allow Activation Lock Users can change the Activation Lock options in the device settings.
Allow S Beam Users can start the Samsung S Beam app.
Allow S Voice Users can start the Samsung S Voice app.
Allow "Share via" The Share via feature is available.

Accounts

Setting Description
Allow multiple user accounts If the check box is cleared, multi-user support is turned off. Users or other apps cannot create additional user accounts.
Allow adding email accounts If the check box is cleared, users cannot add email accounts.

This does not affect the account creation through a device policy.

Allow removal of the Google account If the check box is cleared, users cannot remove the Google account from the device.
Allow auto-sync for Google accounts If the check box is cleared, Google accounts are not synchronized automatically. Users are still able to perform a manual sync from inside some apps like Gmail.

Network and communication

Setting Description
Allow airplane mode If the check box is cleared, users cannot enable airplane mode.
Allow sync while roaming If the check box is cleared, synchronization while roaming is turned off.
Allow emergency calls only Only emergency calls are allowed. All other calls will be blocked.
Force manual sync during roaming Automatic data synchronization is turned off when the device is roaming. This affects all configured accounts, such as Google or Exchange.
Force mobile data connection Users cannot turn off cellular data.
Allow SMS If the check box is cleared, users cannot send text messages.
Allow mobile data connection while roaming If the check box is cleared, mobile data connections while roaming are turned off.
Allow voice calls while roaming If the check box is cleared, voice calls while roaming are turned off.
Allow user mobile data limit If the check box is cleared, users cannot set a mobile data limit.
Allow VPN If the check box is cleared, users cannot use VPN connections.
Allow Wi-Fi Direct If the check box is cleared, data transfer through Wi-Fi Direct is turned off.
Allow Android Beam If the check box is cleared, data transfer through Android Beam is turned off. This includes the Samsung S Beam app.
Allow Miracast policy If the check box is cleared, data transfer through Miracast is turned off.
Allow Bluetooth Users can connect to Bluetooth devices.

When you turn this setting off, users can’t connect to new Bluetooth devices. Users can continue to connect to already paired Bluetooth devices.

Allow Advanced Audio Distribution Profile (A2DP) To allow individual Bluetooth profiles, first select the Allow Bluetooth check box and then select the profiles you want to allow.

If the Allow Bluetooth check box is cleared, the settings have no effect, i.e. all profiles are forbidden.

Allow Audio/Video Remote Control Profile (AVRCP)
Allow Hands-Free Profile (HFP)
Allow Headset Profile (HSP)
Allow Phone Book Access Profile (PBAP)
Allow Serial Port Profile (SPP)
Allow NFC If the check box is cleared, NFC (near-field communication) is turned off.
Allow Wi-Fi If the check box is cleared, Wi-Fi is turned off.

Tethering

Setting Description
Allow tethering If the check box is cleared, all tethering is turned off. This includes tethering over Wi-Fi, USB and Bluetooth.

If the check box is cleared, the settings Allow Wi-Fi tethering, Allow USB tethering and Allow Bluetooth tethering have no effect.

Allow Wi-Fi tethering If the check box is cleared, Wi-Fi tethering (Wi-Fi hotspot) is turned off.
Allow USB tethering If the check box is cleared, USB tethering is turned off.
Allow Bluetooth tethering If the check box is cleared, Bluetooth tethering is turned off.
Allow configuring Wi-Fi tethering The user can configure the settings of the Wi-Fi hotspot.

Hardware

Setting Description
Allow camera If the check box is cleared, the camera is unavailable.
Allow camera on lock screen If the check box is cleared, the camera is unavailable when the screen is locked.

To allow the camera on the lock screen you must also select the Allow camera option.

Force GPS for location queries GPS information is used for device location.
Allow SD card If the check box is cleared, SD cards cannot be used in devices.
Allow moving apps to the SD card If the check box is cleared, users cannot move apps from the internal storage to the SD card.
Allow writing to unencrypted SD card If the check box is cleared, it is not possible to write to unencrypted SD cards.
Allow microphone If the check box is cleared, the microphone is unavailable.
Allow USB The USB mass storage mode and the USB media device mode (MTP) are available on the device.
Allow USB media player If the check box is cleared, the Media Transfer Protocol (MTP) is unavailable. Because Android uses MTP for USB file transfer, any file transfer over USB is blocked.
Allow power saving mode If the check box is cleared, the device doesn’t enter power saving mode.
Allow USB host storage All external storage devices the user connects are mounted. This includes portable USB storage devices, external HD drives and SD card readers.

If the check box is cleared, external storage devices are not mounted.

Applications

Setting Description
Allow app install If the check box is cleared, users cannot install apps.
Allow app uninstall If the check box is cleared, users cannot uninstall apps.
Allow unsigned app install If the check box is cleared, users can only install signed APK files.
Allow Play Store If the check box is cleared, the Google Play Store app is unavailable.
Allow apps from unknown sources If the check box is cleared, users can only install apps through the Google Play Store app.
Allow native browser If the check box is cleared, the native browser is unavailable. Third-party browser apps are not affected.
Allow app crash reports If the check box is cleared, apps cannot send crash reports.
Allow wallpaper change If the check box is cleared, users cannot change the wallpaper.
Show caller info If the check box is cleared, caller details are not displayed for incoming phone calls. All callers are displayed as “unknown”.
Allow autofill in browser The user can enable autofill in the settings of the native Android browser. If enabled, web pages can provide suggestions when the user is filling in form data.

If the check box is cleared, autofill is turned off and the browser setting is unavailable.

Allow cookies in browser The user can enable cookies in the settings of the native Android browser. If enabled, web pages can store cookies on the device.

If the check box is cleared, cookies are turned off and the browser setting is unavailable.

Allow JavaScript in browser The user can enable JavaScript in the settings of the native Android browser. If enabled, web pages can execute JavaScript code on the device.

If the check box is cleared, JavaScript is turned off and the browser setting is unavailable.

Allow pop-ups in browser The user can enable pop-ups in the settings of the native Android browser. If enabled, web pages can open new browser windows.

If the check box is cleared, pop-ups are turned off and the browser setting is unavailable.

Allow changing date and time settings The user can change the date and time settings.
Filter type Select either Allowed apps or Forbidden apps and then select the app group containing the apps you want to allow or forbid.

Apps you install with Sophos Mobile are not restricted by this setting.