Skip to content

Restrictions configuration (Android Enterprise work profile policy)

With the Restrictions configuration you set restrictions for Android Enterprise work profile devices.

Security

Setting Description
Allow screen capture Users can capture the screen content of apps installed in the work profile.
Allow user to configure credentials Users can install or remove certificates in the work profile.
Allow work clipboard in personal apps Users can copy text from an app in the work profile and paste it into a personal app.

Pasting clipboard text from a personal app into an app in the work profile is always possible.

Allow Smart Lock Users can turn on the Android Smart Lock feature that automatically unlocks the device in certain situations.

This setting affects the device lock. It is ignored if there is also a work profile lock configured.

Allow location sharing Apps in the work profile can access the device’s location features.

If the check box is cleared, apps in the work profile can’t access the device’s location features, even if the user has turned location sharing on.

Allow opening web links in personal apps Web links that the user taps in an app in the work profile can be opened by a personal browser app.
Allow debugging Users can turn on the debugging features in the Android developer options.
Allow unlocking device by fingerprint Users can use the fingerprint sensor to unlock the device.
Allow work contact info for personal calls The personal phone app displays the caller’s name for incoming calls from work contacts.
Allow work contact info for Bluetooth devices Connected Bluetooth devices display the caller’s name for incoming personal calls from work contacts.
Allow searches of work contacts in personal profile The personal phone app includes results from work contacts when searching for caller’s names.

Accounts

Setting Description
Allow managing accounts Users can add or remove non-Google accounts such as app accounts from the work profile.

Network and communication

Setting Description
Allow VPN Users can use VPN connections for apps in the work profile.
Allow Android Beam Users can send data from apps in the work profile through Android Beam (data transfer through NFC).

Hardware

Setting Description
Allow camera Apps in the work profile can access the camera.

Applications

Setting Description
Allow app uninstall Users can uninstall apps from the work profile.
Allow installing apps from unknown sources If the check box is cleared, users can only install apps in the work profile from Google Play, not from unknown sources or through Android Debug Bridge (ADB).
Allow managing apps If the check box is cleared, users can’t perform the following tasks for apps in the work profile:
  • Uninstall apps
  • Disable apps
  • Stop apps
  • Clear app cache
  • Clear app data
  • Clear setting Open by default
Allow disabling Google security scans Users can turn off the Google security setting Scan device for security threats.

The setting is available in the Settings app, under Google > Security > Google Play Protect.

Short message A company-specific support message that is displayed to the user when functionality has been turned off.

If you enter more than 200 characters, the message may be truncated.

Long message Additional text to complement the short message. The text is displayed when the user taps More details in screens that display the short message.

This text is also displayed on the Android Device administrator screen for the Sophos Mobile Control app.