pdf icon
Category Filter

Android Device Management Profiles

You can design a profile to impose policies and restrictions on the managed mobile device. The following profile specifications can be customized and stored in specific versions, to be associated with devices/groups at any point of time. These profiles are tailored for managing Android devices enrolled using Android Device Policy app.

Passcode

FEATURE DESCRIPTION
APPLY PASSCODE
(Specify if you want the passcode to be applied to the whole device or only to the work profile container)
Device Passcode will be applied to the whole device.
Work profile (Applicable for devices running 7.0 or later versions) Passcode will be applied only to the work profile container (created as the device is provisioned as Profile Owner).
CONFIGURE
Passcode requirements You can select the conditions that need to be met when the users configure a passcode on devices.
Default passcode You can enter the common passcode that must be enforced on the devices. The user cannot modify the passcode set.
Password removal In the case of digital signage, organizations must set up the device without a passcode. Using this option, any existing passcode on the device can be removed and users can be prevented from manually configuring a passcode on these devices. Not applicable for devices running Android 11.0 or above
Note: Password set by the user can not be removed from Samsung devices running Android 9.0 or above, enrolled via invite method
PASSCODE COMPLEXITY
(Applicable only for devices running Android 12.0 and above)
Low A Pattern or PIN should be configured with repeating or ordered sequence (Example: 4444, 1234, 4321, 2468).
Medium The passcode should contain a PIN with no repeating or ordered sequences (Example: 4444, 1234, 4321, 2468), alphabetic, or alphanumeric password with a length of at least 4 elements.
High The passcode should contain a PIN with no repeating or ordered sequences (Example: 4444, 1234, 4321, 2468) and a length of at least 8 elements or alphabetic or alphanumeric passwords with a length of at least 6 elements.
FOR ANDROID 11.0 AND BELOW
Passcode should contain (Applicable when Passcode Requirements is selected) You can define the minimum passcode type required or allowed to create a passcode. The increasing order of security in the passcode type is Simple value-> Numbers-> Alphabet-> Alphanumeric-> Complex Value. On choosing a minimum required passcode type for example, as 'Numbers', then the passcode that is set on the device can contain numbers, alphabets, alphanumeric characters or complex values.
'Simple Value (Pattern)' enables you to set patterns, pin or passwords for the device. Not applicable for devices running Android 11.0 or above
On choosing 'Numbers', you can set either a pin or password for the device. The password can contain numbers, alphabets, alphanumeric or complex values.
'Alphabet' allows you to set only passwords for the device. The password can contain alphabets, alphanumeric or complex values.
'Alphanumeric' passcode allows you to set a password that contains both numbers and alphabets. Special characters can also be included.
'Complex Value' type of passcode enables you to set a password that contains alphabets, numbers and at least one special character.
Minimum passcode length
(Cannot be configured if Minimum passcode requirement is pattern)
You can define a minimum length for the passcode here. Applicable only for devices running Android 11.0 and below.
OTHER SETTINGS
Maximum number of failed attempts (Applicable when Passcode Requirements is selected) Maximum number of failed attempts allowed can be specified. When the number of attempts exceeds, the device will be reset, completely wiping all the data in the device.
Strong Authentication timeout (Applicable only for devices running Android 8.0 and above) After the Strong Authentication timeout period set by the admin, biometrics (such as fingerprint, face unlock) are turned off automatically. Users will be forced to unlock the device using strong authentication passcode (such as PIN or password).
Number of passcodes to be maintained in the history (Supported from Android 5.0 and applicable when Passcode Requirements is selected) Total number of previous passcodes to be maintained, so that it cannot be reused.
Maximum passcode age (Supported from Android 5.0 and applicable when Passcode Requirements is selected) User will be notified to reset the Passcode based on the days specified here
Smart Lock (Applicable when Passcode Requirements is selected) Allow or restrict users from setting up Smart Lock on their devices, with which they can bypass the password prompt on the lock screen by configuring trust agents such as On-Body detection, Trusted places/devices/voice.
BIOMETRIC PASSCODES
Use Fingerprint as passcode Allow/Restrict usage of fingerprints as device passcode
Use iris scanning as passcode Allow/Restrict usage of iris scanning as device passcode
Use face scanning as passcode Allow/Restrict usage of face scanning as device passcode

Restrictions

FEATURE DESCRIPTION
DEVICE FUNCTIONALITY
Add Accounts Enabling this will allow users to add email, exchange, LDAP, and Google accounts on managed devices. Disabling this prevents users from adding any of these accounts. The account addition is prevented only after the restriction is applied to the devices and the accounts that were already present, are not affected.
Screen Capture By enabling this, users will be allowed to capture the screen on the devices.
SECURITY
Installing Non-Market Apps Allow/Restrict to install apps not listed on the Play Store. Restricting this disables Install apps from unknown sources settings, for app installation.
Google Play Protect Google Play Protect regularly checks apps and the devices for any harmful behavior.
Lock Screen Notification Preference Configure how the notifications appear on the lock screen of the device. Either choose to show all content, hide sensitive content, or completely hide notifications.
Allow users to install or modify certificates Allow/Restrict users to install or modify certificates
APPLICATIONS
Install Apps If installing unapproved apps is restricted, all apps previously installed by users get disabled and in the case of subsequent installations of unapproved apps, although the apps get downloaded and installed, the apps are automatically uninstalled. This ensures that, only those apps distributed via MDM are installed on the device. Once this restriction is removed, apps previously disabled get enabled automatically. Note: System pre-installed apps from other stores like Samsung Galaxy Store, Huawei, etc. will be automatically updated even if installing unapproved apps is restricted.
Uninstall Apps By enabling this, users will be allowed to uninstall applications from the device. Note: Despite this setting, apps silently installed on devices cannot be uninstalled by users.
Global App Permission Policy Configuring this ensures you can choose to automatically deny/allow permissions for apps present on the device. In case if Auto-deny is chosen, for some apps such as Camera, the app will be disabled and the user will not be prompted to accept the permission. While in other apps such as Phone, a display message will be shown notifying the user of the denied access. Optionally, you can also leave it to the user.

Workspace Security

FEATURE DESCRIPTION
Share documents from unmanaged apps to Work Profile Specify if users can share or access documents stored in unmanaged apps to apps installed on the Work Profile. 
Clipboard Specify if clipboard sharing is allowed between apps in Work Profile and unmanaged apps.
Allow native Phone app to view contact details in the Work Profile Specify if managed incoming/outgoing caller details can be viewed in native Phone app. 
Allow the app(s) to be connected between work and personal space Allow/Restrict data sharing between work and personal space for same apps. This allows the users to sync their corporate events and tasks with personal apps and view them together. This way, employees don't miss their important tasks and events scheduled.
  • You can allow users to sync apps such as Calendar, Contacts, Notes etc.
  • For example, by connecting the calendar app across Work Profiles, users can view both work and personal events together. This can enhance the way users use their device and improve employee productivity.
  • You can choose to allow this setting for all apps or only specific apps.
Note: If this setting is allowed, users have to manually enable the 'Connect these apps' option under App info.

Learn more about securing corporate data.

Wi-Fi

FEATURE DESCRIPTION
Wireless Network identification Specify the name of your Wi-Fi network
Automatically join network Enabling this option, will allow the device to automatically join the Wi-Fi network
Security type Choose the security type as None/WEP/WPA/WPA2 PSK/ 802.1x EAP
Password
(Can be configured only if Security type is configured)
Specify the Password if you have chosen the security type as WEP / WPA/WPA2 PSK
EAP Method
(Can be configured only if Security type is '802.1x EAP')
If you have chosen the security type as 802.1x EAP, then you need to specify the type of authentication as PEAP/TLS/TTLS
Phase 2 Authentication
(Can be configured only if Security type is '802.1x EAP')
Specify the Phase 2 Authentication type as PAP/MSCHAPV2
Domain Name
(Can be configured only if Security type is '802.1x EAP')
Specify the domain name of the authentication server that verifies the Wi-Fi credentials. Applicable only for devices running Android 6.0 and above.
Identity Using %UserName% will fetch the appropriate user name mapped with the device. You can also specify a user name if you wanted to distribute this profile to one device. If you distribute a profile by providing a user name to more than one device, then all the devices will try to establish Wi-Fi connectivity with the same user name.
Anonymous Identity If you do not want to disclose the user name mapped with the device, while establishing the Wi-Fi connection then you can use anonymous user name. Anonymous user name will use a dummy, anonymous identity to establish the connection
CA Certificate (Supported from Android 6.0) Choose the existing Global Certificate or add a Global certificate to authenticate the device in order to establish the Wi-Fi connectivity. This will work only if the Wi-Fi certificate is configured in the Wi-Fi server. User specific certificates will be supported soon
Identity Certificate Specify the ceritificate to be used for Certificate-based authentication(CBA).

Note:

  1. Ensure the SSID, password and the security type are correctly specified.
  2. If a device is already connected to a particular Wi-Fi connection, it cannot be re-configured using a Wi-Fi policy.
  3. If the distributed Wi-Fi configuration isn't working properly, try adding it manually on the Android device and ensure the correctness of the configuration. If you're able to add manually but not through MDM, contact MDM Support(MDM-support@manageengine.com). 

VPN

FEATURE DESCRIPTION
Connection type Specify the VPN type, to be provisioned on the device.
Always On VPN Enabling Always On VPN helps maintain a persistent connection between the managed devices and their organizational network, without the need for the users to manually connect to the VPN every time.

Note:

The selected VPN app needs to be added to the App Repository and setup using Managed App Configuration.

Certificate

The managed device must have a passcode set, for Certificate to be installed in the device.

Profile Specification Description
Certificate File The file to be pushed to the managed devices
Password This optional parameter must be entered if the certificate is password protected
  1. The certificates are added only if the certificate files are not corrupt and the correct password is provided in case of password-protected certificates.
  2. On certificate expiry, upload the renewed certificate as a new certificate in the profile and then push it to the managed devices.
Jump To