Restrictions
You can allow or restrict users to access various features of the device like Bluetooth, Camera, encrypting device data, etc.
Only devices running Android 5.0 or above can be provisioned as Profile Owner or Device Owner.
FEATURE | DESCRIPTION | SAMSUNG | NON-SAMSUNG | ||
---|---|---|---|---|---|
LEGACY | PROFILE OWNER | DEVICE OWNER | |||
DEVICE FUNCTIONALITY | |||||
Camera (Supported from Android 4.0) | By disabling this, users will not be allowed to use the Camera on their devices. On restricting this, the Camera will remain restricted within the Knox container also. | ||||
Access Camera from Lock Screen (Supported from Android 4.0) | By disabling this, the users are restricted from accessing the Camera from the lock screen of the device. This can be configured only when Camera is allowed on the device. | Applicable for devices running 4.2 or later versions | Applicable for devices running 4.2 or later versions | ||
Video Recording (Supported from Android 4.2.2) | By disabling this, users will not be able to record videos on their devices. Video Recording can be allowed only when Camera is allowed on the device. | No separate restriction - Restricted when Camera is restricted | No separate restriction - Restricted when Camera is restricted | ||
Microphone | By enabling this, users will be allowed to use the Microphone. If this is disabled, users can use the Microphone only for receiving and making calls. All other voice applications which require the Microphone usage will be restricted. On restricting this on the device, the Microphone will remain restricted within the Knox container also. |
||||
Audio Recording (Supported from Android 4.2.2) | By disabling this, users will not be able to record audios on their devices. Audio recording can be enabled only when the Microphone is enabled on the device. | No separate restriction - Restricted when the Microphone is restricted | |||
Firmware Recovery (Samsung-only feature) | By disabling this, users cannot perform firmware recovery on the device. | ||||
OS Upgrade (Samsung-only feature, supported from Android 4.1) | By enabling this, users will be able to perform OS upgrades on their devices. | ||||
Screen Capture | By enabling this, users will be allowed to capture the screen on the devices. | ||||
Smart Clip Mode (Samsung-only feature, supported from Android 5.0) | By enabling this, users will be allowed to access smart clip mode on their devices. | ||||
S-Voice (Samsung-only feature, supported from Android 4.1 ) | By disabling this, users will be unable to use the S-Voice feature on their devices. S-Voice can be enabled only when the Microphone is enabled on the device. | ||||
Add Accounts (Supported from 4.1) | Enabling this will allow users to add email, exchange, LDAP, and Google accounts on managed devices. Disabling this prevents users from adding any of these accounts. The account addition is prevented only after the restriction is applied to the devices and the accounts that were already present, are not affected. |
||||
Enforce Storage Encryption (Supported from Android 4.0) | All data stored in the internal memory of the device must be encrypted. Ensure your devices are charges up to 80% to begin the encryption process. This restriction is applied only if the device is secured through a passcode. If there is no passcode on the device, you can associate a Passcode policy first and then distribute the restrictions policy. | Encrypted by default | Encrypted by default | ||
Enforce SD Card Encryption (Samsung-only feature, supported from Android 4.0) | Encryption is forced on the SD Card. This restriction is applied only if the device is secured by a passcode. If there is no passcode on the device, you can associate a Passcode policy first and then distribute the restrictions policy. | ||||
SECURITY | |||||
Restore Factory Settings | By restricting this, admins can prevent users from resetting devices to their factory settings. Admins can also prevent users from removing devices from management by performing a hard reset by restricting this and also configuring EFRP on the devices. | ||||
Reactivation lock (Samsung-only feature, supported from Android 4.4) | By disabling this, users will be unable to use the Reactivation Lock feature on their devices to prevent device activation by anyone else in case the device is stolen. | ||||
Lock Screen Notification Preference | Configure how the notifications appear on the lock screen of the device. Either choose to show all content, hide sensitive content, or completely hide notifications. | Applicable for devices running 5.0 or later versions | |||
Installing Non-Market apps | Allow/Restrict to install apps not listed on the Play Store. Restricting this disables Install apps from unknown sources settings, for app installation. | Restricted by default | |||
Clipboard (Supported from Android 4.2.2) | By enabling this, users will be allowed to use the Clipboard memory. | Not Required | |||
Clipboard Share (Supported from Android 4.2.2) | By enabling this, users can share the Clipboard content between different applications. This can be enabled only when Clipboard feature is enabled on the device. | No separate restriction - Restricted when Clipboard is restricted | |||
Safe mode (Samsung-only feature, supported from Android 4.2) | By enabling this, users can boot device in Safe mode. | ||||
Developer Mode | By enabling this, users can use developer options on the device. | Restricted by default | |||
'Share via' list (Samsung-only feature, supported from Android 4.2.2) | By enabling this, users will be allowed to use the share list on their devices. | ||||
Google Play Protect | Google Play Protect regularly checks apps and the devices for any harmful behavior. You can choose to disable this option, if necessary. | ||||
SYNC AND STORAGE | |||||
Backup and restore data | By enabling this option, users will be allowed to backup the device data and restore it. | ||||
Backup data in Google Server (Samsung-only feature) | By enabling this option, users will be allowed to backup the device data like images, videos, etc. in the Google server. | ||||
Google Account Auto-Sync (Samsung-only feature, supported from Android 4.4) | By enabling this option, users will be allowed to sync their Google Accounts on their devices. | ||||
Report Crash to Google (Samsung-only feature, supported from Android 4.1) | By enabling this, crash reports will be sent to Google. | ||||
SD Card | By enabling this, users will be allowed to use an SD Card on their devices. | ||||
Storing data in SD Card (Supported from Android 4.1) | By enabling this, users will be allowed to store data on SD Cards of the devices. | No separate restriction - Restricted when SD Card is restricted | |||
Move apps to SD Card (Samsung-only feature, supported from Android 4.4) | By enabling this, users will be able to move applications installed in device memory to the SD card. | ||||
USB | By enabling this, users will be allowed to use USB on their devices. | ||||
Connections using USB | By enabling this, users will be allowed to use USB to establish connections for debugging. | No separate restriction - Restricted when USB is restricted | |||
Connect a USB storage device | By enabling this, users will be allowed to connect USB Storage devices. This can be enabled only when USB is enabled on a device. | No separate restriction - Restricted when USB is restricted | |||
APPLICATIONS | |||||
Users can install unapproved apps | If installing unapproved apps is restricted, all apps previously installed by users get disabled and in the case of subsequent installations of unapproved apps, although the apps get downloaded and installed, the apps are automatically uninstalled. This ensures that, only those apps distributed via MDM are installed on the device. Once this restriction is removed, apps previously disabled get enabled automatically. | ||||
Uninstalling apps (Supported from Android 4.1) | By enabling this, users will be allowed to use uninstall applications from the device. | ||||
Stop system apps (Samsung-only feature, supported from Android 4.2.2) | By enabling this, users can stop the system apps present in their devices. | ||||
Application notification mode (Samsung-only feature, supported from Android 4.1) | By enabling this, the user can choose to allow or restrict app notification If restricted the app notifications would be disabled. | ||||
YouTube | By enabling this, users will be allowed to access Youtube from the device. | ||||
Gmail | By enabling this, users will be allowed to access Gmail on their devices. | ||||
S-Finder (Samsung-only feature, supported from Android 4.3) | By enabling this, users will be allowed to use "S Finder" to search for Apps and settings on the device. This is applicable only for Samsung Knox devices. | ||||
Global App Permission policy | Configuring this ensures you can choose to automatically deny/allow permissions for apps present on the device. In case if Auto-deny is chosen, for some apps such as Camera, the app will be disabled and the user will not be prompted to accept the permission. While in other apps such as Phone, a display message will be shown notifying the user of the denied access. Optionally, you can also leave it to the user. | ||||
BROWSER (Applicable only for Google Chrome in Legacy) | |||||
Android browser | By enabling this, users will be allowed to use the default Android web browser. | ||||
Fraud warning settings | By enabling this, users will be allowed to use Fraud Warning Settings on the device. | ||||
Pop-ups | By enabling this, user Pop-Ups will be enabled on the device. | ||||
JavaScript | By enabling this, users will be allowed to use applications running on Java scripts. | ||||
Auto-fill | By enabling this option, users will be allowed to use Auto-Fill Settings. | ||||
Cookies | By enabling this option, users will be allowed to use Cookies Settings on the device. | ||||
NETWORK AND ROAMING | |||||
Airplane Mode (supported for Samsung and devices running Android 9.0 and above) | If this is restricted, users will be unable to use airplane mode on their devices. | ||||
Background data (Samsung-only feature) | If Allow is chosen, users will be able to disable the background data whereas background data will be enabled by default. (This profile does not get applied automatically and the user has to accept this profile). | ||||
Wi-Fi | If 'User Controlled' is chosen, users will be allowed to disable or enable Wi-Fi on the device. If Wi-Fi is Always On on the device, users will not have permission to disable it. If Wi-Fi is Always Off on the device, users will not have permission to enable it. The managed devices will be out of network connectivity and even the MDM server cannot reach the device until cellular data is enabled on the device. This is supported only till Android 9.0. | ||||
Wi-Fi Direct (Samsung-only feature - Supported from Android 4.2.2) | By enabling this, users will be allowed to access Wi-Fi Direct on their devices. | ||||
Connecting to Wi-Fi, only if distributed via MDM (Supported from Android 2.3 to 9.0) | Restrict/Allow users to connect to Wi-Fi networks only if Wi-Fi configurations have been distributed as a profile via MDM. If no Wi-Fi has been configured via MDM, enabling this ensures, the device connects only to the secure Wi-Fi network configured using MDM. If restricted, the device will not connect to any network, due to which it cannot communicate to the MDM server. Also, if the Wi-Fi SSID has been changed, then the profile must be modified to include the new SSID and then re-distributed to the device, for continued management. Note: In non-Samsung devices running Android 10.0 or later, once the Wi-Fi profile is distributed, the users will be prompted to connect to the Wi-Fi. In Device Owner devices, the users will be prompted continuously until they connect to the Wi-Fi. While in Profile Owner devices, the users will only be prompted 5 times. |
||||
Allow users to configure VPN (Supported from Android 4.1) | Users are restricted from configuring VPN on devices, apart from any VPN configurations distributed through the MDM server. If this restriction is enabled on Samsung devices (running on OS 4.3 and above), any VPN configured by the user gets deleted. | ||||
Roaming data (Samsung-only feature) | By restricting this, users will not be allowed to use any of the features like roaming data, data sync, etc., while roaming. | ||||
Sync data while Roaming (Samsung-only feature) | By enabling this, users will be allowed to use Sync feature while roaming. | ||||
Roaming Push (Samsung-only feature) | By enabling this, data will be pushed to devices even if they are in roaming. | ||||
Voice Call while Roaming (Samsung-only feature, supported from Android 4.1) | By enabling this, users will be allowed to receive/make voice calls during roaming. | ||||
DEVICE CONNECTIONS | |||||
NFC | By enabling this, users can utilize Near Field Communication (NFC). | ||||
Android Beam (Supported from Android 4.2.2) | By enabling this, users can utilize Android Beam to transfer data to other supported devices. | Restricted by default | |||
S Beam (Samsung-only feature, supported up to Android 4.2.2) | By enabling this, users can utilize S Beam to share files with other supported devices. | ||||
Bluetooth | By enabling this, users will be allowed to use Bluetooth in their devices. | ||||
Bluetooth discovery (Samsung-only feature) | By enabling this, users can allow other devices to detect and connect to their devices. | ||||
Bluetooth pairing (Samsung-only feature) | By enabling this, users will be allowed to pair their devices with other devices to enable data transfer. | ||||
Make outgoing calls using Bluetooth (Samsung-only feature) | By enabling this, users will be allowed to place outgoing calls using Bluetooth. | ||||
Connect to Laptop/Desktop via Bluetooth (Samsung-only feature) | By enabling this, users can connect their devices to desktops/laptops using Bluetooth. | ||||
Data transfer via Bluetooth (Samsung-only feature) | By enabling this, users will be allowed to transfer data from their devices to other devices using Bluetooth. | ||||
Printing (Supported from Android 9.0) | By enabling this, users will be allowed to use bluetooth printers through their devices. | ||||
TETHERING | |||||
Tethering | Disabling this, restricts managed devices from tethering with other devices, for sharing the cellular network. | ||||
Bluetooth Tethering | By enabling this, users will be allowed to share Internet connection via Bluetooth with other devices. This can be enabled only when Bluetooth is enabled on a device. | No separate restriction - Restricted when Tethering is restricted | |||
Wi-Fi Tethering | By enabling this, users will be allowed to share Internet connection via Wi-Fi with other devices. This can be enabled only when Wi-Fi and Wi-fi Direct are enabled on the device. | No separate restriction - Restricted when Tethering is restricted | |||
USB Tethering | By enabling this, users will be allowed to share Internet connection via USB with other devices. This can be enabled only when USB is enabled on the device. | No separate restriction - Restricted when Tethering is restricted | |||
LOCATION SERVICES | |||||
Location Services (Supported in Legacy from OS 4.1) | When set as Always On, Location Services is forcefully enabled. Even if users turn it Off, it automatically reverts to On state. This is applicable for Always Off option as well. In case, you configure it as User Controlled, device users can enable/disable it as per their needs. | ||||
Mock location (Samsung-only feature) | Allow/Restrict users from showing falsifying location data. | ||||
Google Maps | By enabling this, users can utilize Google Maps. | ||||
PHONE | |||||
Google Voice search (Samsung-only feature, supported from Android 4.4.2) | By enabling this, users will be allowed to use Voice Dialer feature. Voice dialer can be enabled only when the Microphone is enabled on the device. | ||||
SMS (Supported from Android 4.1 in Samsung devices) | By disabling this, users will not be able to use Short Messaging Service(SMS) in the managed devices. | ||||
Incoming SMS (Supported up to Android 4.1 in Samsung devices) | By disabling this, users will not be able to receive any incoming message on their devices. | No separate restriction - Restricted when SMS is restricted | |||
Outgoing SMS (Supported from Android 4.1 in Samsung devices) | By disabling this, users will not be able to send any outgoing message from their devices. | No separate restriction - Restricted when SMS is restricted | |||
MMS (Supported from Android 4.1 in Samsung devices) | By disabling this, users will not be able to use Multimedia Messaging Service (MMS) in the managed devices. | No separate restriction - Restricted when SMS is restricted | |||
Incoming MMS (Supported from Android 4.1 in Samsung devices) | By disabling this, users will not be able to receive any incoming MMS to their devices. | No separate restriction - Restricted when SMS is restricted | |||
Outgoing MMS (Supported from Android 4.1 in Samsung devices) | By disabling this, users will not be able to send any outgoing MMS from their devices | No separate restriction - Restricted when SMS is restricted | |||
Call (Samsung-only feature) | If disabled, users cannot make/receive calls. | ||||
Incoming Call (Samsung-only feature) | By disabling this, users will not be able to receive any incoming calls on their devices. Even when it is allowed, incoming calls will work only when the Microphone is enabled on the device. | ||||
Outgoing Call | By disabling this, users will not be able to place any outgoing calls on their devices. Even when it is allowed, outgoing calls will work only when the Microphone is on the device. | ||||
DATE/TIME SETTINGS | |||||
Device Timezone | Select whether the device time should be set based on the network time or manually by selecting the timezone. | ||||
Timezone | Select the timezone based on which, the time on the devices will be displayed if the device time settings is configured as set timezone manually. | ||||
Modify date/time settings (Supported from Android 9.0 and above) | Restricting this prevents the users from modifying date/time settings such as time format, date format, etc. | ||||
Modify date/time (Supported from Android 4.3 in Samsung devices) | Restricting this prevents the users from modifying the date/time already set on the device. | ||||
DISPLAY SETTINGS (Supported from Android 9.0) | |||||
Screen Timeout | The duration(between 5 and 1800 seconds) of inactivity, after which the device goes to sleep. Note: Screen Timeout duration cannot be higher than Maximum idle time allowed before auto-lock configured in Passcode profile. |
||||
Modify Screen Timeout Settings | Disabling this, ensures the screen timeout configured above or on the device cannot be modified. | ||||
Brightness | Provide the level of brightness to be configured on the device. | ||||
Modify Brightness Settings | Disabling this, ensures the brightness configured above or on the device cannot be modified. | ||||
Ambient Display | Enable/Disable displaying details such as the time, date, etc, on the device lock screen, when it is in sleep. | ||||
MISCELLANEOUS | |||||
Add user (Supported from Android 4.4.2 in Samsung devices) | Disabling this, will restrict creating multiple users on the device. | ||||
Turn the device off, using Power button (Samsung-only feature, supported from Android 4.1) | By disabling this, users will not be able to turn off their devices using the Power Button. | ||||
Background process limit (Samsung-only feature, supported up to Android 4.2.2) | By enabling this, the background processes running on the device can be restricted. | ||||
Killing activity on leave (Samsung-only feature, supported from Android 4.2.2) | By enabling this, you can permit the user to kill current activity on the device when the user exits. | ||||
Modify default device settings (Samsung-only feature) | By enabling this, the device can be restored to the default settings. | ||||
Air Command (Samsung-only feature, supported from Android 4.4.4) | Enabling this will allow users to the access featues related to S Pen, such as Notepad, virtual keyboard, Memo, etc. This is applicable only for Samsung Knox devices. | ||||
Air View (Samsung-only feature, supported from Android 4.4.4) | Enabling this will allow users to access various features by hovering the finger over Samsung devices. This is applicable only for Samsung Knox devices. |
Jump To