Restrictions

You can allow or restrict users to access various features of the device like, Bluetooth, Camera, encrypting device data etc,.

Only devices running Android 5.0 or above can be provisioned as Profile Owner or Device Owner.

FEATURE DESCRIPTION SAMSUNG NON-SAMSUNG
CORE ANDROID PROFILE OWNER DEVICE OWNER

DEVICE FUNCTIONALITY

Camera(Supported from Android 4.0)

By disabling this users will be not be allowed to use the camera on their mobile device. On restricting this on the device, the camera will remain restricted within the Knox container also.

Access Camera from Lock Screen(Supported from Android 4.0)

By disabling this, the users are restricted from accessing the camera from the lock screen of the device. This can be configured only when camera is allowed on the device.

Applicable for devices running 4.2 or later versions Applicable for devices running 4.2 or later versions
Video Recording(Supported from Android 4.2.2)

By disabling this users will be not be able to record videos on their mobile device. Video Recording can be allowed only when camera is allowed on the device.

No separate restriction - Restricted when Camera is restricted No separate restriction - Restricted when Camera is restricted
Microphone

By enabling this users will be allowed to use microphone. If this is disabled, users can use the microphone only for receiving and making calls. All other voice applications which requires microphone usage will be restricted.

On restricting this on the device, the microphone will remain restricted within the Knox container also.

Audio Recording(Supported from Android 4.2.2)

By disabling this users will be not be able to record audios on their mobile device. Audio recording can be enabled only when microphone is enabled on the device.

No separate restriction - Restricted when Microphone is restricted
Firmware Recovery(Samsung-only feature)

By disabling this, users cannot perform firmware recovery on the device.

OS Upgrade(Samsung-only feature, supported from Android 4.1)

By enabling this, users will be able to perform OS upgrades on their devices.

Screen Capture

By enabling this users will be allowed to capture the screen on the devices.

Smart Clip Mode(Samsung-only feature, supported from Android 5.0)

By enabling this, users will be allowed to access smart clip mode on their devices.

S-Voice(Samsung-only feature, supported from Android 4.1 )

By disabling this, users will be unable to use S-Voice feature on their device. S-Voice can be enabled only when microphone is enabled on the device.

Add Accounts(Supported from 4.1)

Enabling this will allow users to add email, exchange, LDAP and Google accounts.

Enforce Storage Encryption(Supported from Android 4.0)

All data stored in the internal memory of the device must be encrypted. Ensure your devices are charges upto 80% to begin the encryption process. This restriction is applied only if the device is secured through a passcode. If there is no passcode on the device, you can associate a Passcode policy first and then distribute the restrictions policy.

Encrypted by default Encrypted by default
Enforce SD Card Encryption(Samsung-only feature, supported from Android 4.0)

Encryption is forced on the SD Card. This restriction is applied only if the device is secured by a passcode. If there is no passcode on the device, you can associate a Passcode policy first and then distribute the restrictions policy.

SECURITY

Restore Factory Settings

By restricting this admins can prevent users from resetting devices to their factory settings. Admins can also prevent users from removing devices from management by performing a hard reset by restricting this and also configuring EFRP on devices.

Reactivation lock(Samsung-only feature, supported from Android 4.4)

By disabling this, users will be unable to use Reactivation Lock feature on their device to prevent device activation by anyone else in case the device is stolen.

Lock Screen Notification Preference

Configure how the notifications appear on the lock screen of the device. Either choose to show all content, hide sensitive content, or completely hide notifications.

Applicable for devices running 5.0 or later versions
Installing Non-Market apps

Allow/Restrict to install apps not listed on the Play Store. Restricting this disables Install apps from unknown sources settings, for app installation.

Restricted by default
Clipboard(Supported from Android 4.2.2)

By enabling this users will be allowed to use Clipboard memory.

Not Required
Clipboard Share(Supported from Android 4.2.2)

By enabling this, users can share the clipboard content between different applications. This can be enabled only when Clip Board feature is enabled on the device.

No separate restriction - Restricted when Clipboard is restricted
Safe mode(Samsung-only feature, supported from Android 4.2)

By enabling this, users can boot device in Safe mode.

Developer Mode

By enabling this, users can use developer options on the device.

Restricted by default
'Share via' list(Samsung-only feature, supported from Android 4.2.2)

By enabling this, users will be allowed to use share list on their device.

Google Play Protect

Google Play Protect regularly checks apps and the devices for any harmful behaviour. You can choose to disable this option, if necessary.

SYNC AND STORAGE

Backup data in Google Server(Samsung-only feature)

By enabling this option, users will be allowed to backup the device data like images, videos, etc. in Google server.

Google Account Auto-Sync(Samsung-only feature, supported from Android 4.4)

By enabling this option, users will be allowed to sync their Google Account on the device.

Report Crash to Google(Samsung-only feature, supported from Android 4.1)

By enabling this crash reports will be sent to Google.

SD Card

By enabling this, users will be allowed to use SD Card on their device.

Storing data in SD Card(Supported from Android 4.1)

By enabling this users will be allowed to store data on SD Cards of the devices.

No separate restriction - Restricted when SD Card is restricted
Move apps to SD Card(Samsung-only feature, supported from Android 4.4)

By enabling this, users will be able to move applications installed in device memory to SD card.

USB

By enabling this, users will be allowed to use USB on their devices.

Connections using USB

By enabling this users will be allowed to use USB to establish connections for debugging.

No separate restriction - Restricted when USB is restricted
Connect a USB storage device

By enabling this, users will be allowed to connect USB Storage devices. This can be enabled only when USB is enabled on a device.

No separate restriction - Restricted when USB is restricted

APPLICATIONS

Users can install unapproved apps

If installing unapproved apps is restricted, all apps previously installed by users get disabled and in case of subsequent installations of unapproved, it gets installed momentarily before being uninstalled automatically as only apps distributed via MDM MSP can be installed on device. Once this restriction is removed, apps previously disabled gets automatically enabled.

Uninstalling apps (Supported from Android 4.1)

By enabling this users will be allowed to use uninstall applications from the device.

Stop system apps (Samsung-only feature, supported from Android 4.2.2) By enabling this, users can stop the system apps present in their devices.
Application notification mode (Samsung-only feature, supported from Android 4.1)

By enabling this, the user can choose to allow or restrict app notification If restricted the app notifications would be disabled.

YouTube

By enabling this users will be allowed to access Youtube from the device.

Gmail

By enabling this, users will be allowed to access Gmail on their device.

S-Finder (Samsung-only feature, supported from Android 4.3)

By enabling this, users will be allowed to use "S Finder" to search for Apps and settings on the device. This is applicable only for Samsung Knox devices.

Global App Permission policy

Configuring this ensures you can choose to automatically deny/allow permissions for apps present on the device. Optionally, you can also leave it to the user.

BROWSER (Applicable only for Google Chrome in Core Android)

Android browser

By enabling this, users will be allowed to use default Android web browser.

Fraud warning settings

By enabling this, users will be allowed to use Fraud Warning Settings on the device.

Pop-ups

By enabling this, user Pop-Ups will be enabled on the device.

JavaScript

By enabling this, users will be allowed to use applications running on Java scripts.

Auto-fill

By enabling this option, users will be allowed to use Auto-Fill Settings.

Cookies

By enabling this option, users will be allowed to use Cookies Settings on the device.

NETWORK AND ROAMING

Airplane Mode (supported for Samsung and devices running Android 9.0 and above)

If this is restricted, users will be unable to use airplane mode on their devices.

Background data (Samsung-only feature)

If Allow is chosen, users will be able to disable the background data whereas background data will be enabled by default. (This profile does not get applied automatically and the user has to accept this profile).

Wi-Fi

If 'User Controlled' is chosen, users will be allowed to disable or enable wifi on the device. If Wi-Fi is Always On on the device, end users will not have permissions to disable it. If Wi-Fi is Always Off on the device, end users will not have permissions to enable it. The managed mobile device will be out of network connectivity and even MDM MSP server cannot reach the device until cellular data is enabled on the device.

Wi-Fi Direct (Samsung-only feature - Supported from Android 4.2.2)

By enabling this, users will be allowed to access Wi-Fi Direct on their devices.

Connecting to Wi-Fi, only if distributed via MDM MSP

Restrict/Allow users to connect to Wi-Fi networks only if Wi-Fi configurations have been distributed as a profile via MDM MSP. If no Wi-Fi has been configured via MDM MSP, enabling this ensures, the device connects only to the secure Wi-Fi network configured using MDM MSP. If restricted, the device will not connect to any network, due to which it cannot communicate to the MDM MSP server. Also, if the Wi-Fi SSID has been changed, then the profile must be modified to include the new SSID and then re-distributed to the device, for continued management.

Allow users to configure VPN (Supported from Android 4.1)

Restricting this ensures only MDM MSP-distributed VPN configurations can be utilized on the device.

Roaming data (Samsung-only feature)

By restricting this, users will not be allowed to use any of the features like roaming data, data sync etc., while roaming.

Sync data while Roaming (Samsung-only feature)

By enabling this users will be allowed to use Sync feature while roaming.

Roaming Push (Samsung-only feature)

By enabling this data will be pushed to devices even if they are in roaming.

Voice Call while Roaming (Samsung-only feature, supported from Android 4.1)

By enabling this users will be allowed to receive/make voice calls during roaming.

DEVICE CONNECTIONS

NFC

By enabling this users can utilize Near Field Communication(NFC).

Android Beam (Supported from Android 4.2.2)

By enabling this users can utilize Android Beam to transfer data to other supported devices.

Restricted by default
S Beam (Samsung-only feature, supported up to Android 4.2.2)

By enabling this users can utilize S Beam to share files with other supported devices.

Bluetooth

By enabling this, users will be allowed to use Bluetooth in their device.

Bluetooth discovery (Samsung-only feature)

By enabling this, users can allow other devices to detect and connect to their device.

Bluetooth pairing (Samsung-only feature)

By enabling this, users will be allowed to pair their device with other devices to enable transfer of data.

Make outgoing calls using Bluetooth (Samsung-only feature)

By enabling this, users will be allowed to place outgoing calls using bluetooth.

Connect to Laptop/Desktop via Bluetooth (Samsung-only feature)

By enabling this, users can connect their devices to desktops/laptops using bluetooth.

Data transfer via Bluetooth (Samsung-only feature)

By enabling this, users will be allowed to transfer data from their devices to other devices using bluetooth.

Printing (Supported from Android 9.0)

By enabling this, users will be allowed to use bluetooth printers through their devices.

TETHERING

Tethering

Disabling this, restricts managed devices from tethering with other devices, for sharing the cellular network.

Bluetooth Tethering

By enabling this users will be allowed to share Internet connectivity via Bluetooth with other devices. This can be enabled only when Bluetooth is enabled on a device.

No separate restriction - Restricted when Tethering is restricted
Wi-Fi Tethering

By enabling this users will be allowed to share Internet connectivity via Wi-Fi with other devices. This can be enabled only when Wi-Fi and Wi-fi Direct are enabled on the device.

No separate restriction - Restricted when Tethering is restricted
USB Tethering

By enabling this users will be allowed to share Internet connectivity via USB with other devices. This can be enabled only when USB is enabled on the device.

No separate restriction - Restricted when Tethering is restricted

LOCATION SERVICES

Location Services (Supported in Core Android from OS 4.1)

When set as Always On, Location Services is forcefully enabled. Even if users turn it Off, it automatically reverts to On state. This is applicable for Always Off option as well. In case, you configure it as User Controlled, device users can enable/disable it as per their needs.

Mock location (Samsung-only feature)

Allow/Restrict users from showing falsifying location data.

Google Maps

By enabling this, users can utilize Google Maps.

PHONE

Google Voice search (Samsung-only feature, supported from Android 4.4.2)

By enabling this users will be allowed to use Voice Dialer feature. Voice dialer can be enabled only when microphone is enabled on the device.

SMS (Supported from Android 4.1 in Samsung devices)

By disabling this, users will not be able to use Short Messaging Service(SMS) in the managed devices.

Incoming SMS (Supported up to Android 4.1 in Samsung devices)

By disabling this, users will not be able to receive any incoming message on their devices.

No separate restriction - Restricted when SMS is restricted
Outgoing SMS (Supported from Android 4.1 in Samsung devices)

By disabling this, users will not be able to send any outgoing message from their devices.

No separate restriction - Restricted when SMS is restricted
MMS (Supported from Android 4.1 in Samsung devices)

By disabling this, users will not be able to use Multimedia Messaging Service (MMS) in the managed devices.

No separate restriction - Restricted when SMS is restricted
Incoming MMS (Supported from Android 4.1 in Samsung devices)

By disabling this, users will not be able to receive any incoming MMS to their devices.

No separate restriction - Restricted when SMS is restricted
Outgoing MMS (Supported from Android 4.1 in Samsung devices)

By disabling this, users will not be able to send any outgoing MMS from their devices

No separate restriction - Restricted when SMS is restricted
Call (Samsung-only feature)

If disabled, users cannot make/receive calls.

Incoming Call (Samsung-only feature)

By disabling this, users will not be able to receive any incoming call on their device. Even when it is allowed, incoming calls will work only when microphone is enabled on the device.

Outgoing Call

By disabling this, users will not be able to place any outgoing call on their devices. Even when it is allowed, outgoing calls will work only when microphone is on the device.

DATE/TIME SETTINGS

Device Timezone

Select whether the device time should be set based on the network time or manually by selecting the timezone.

Timezone

Select the timezone based on which, the time on the devices will be displayed if the device time settings is configured as set timezone manually.

Modify date/time settings (Supported from Android 9.0 and above)

Restricting this prevents the users from modifying date/time settings such as time format, date format etc.

Modify date/time (Supported from Android 4.3 in Samsung devices)

Restricting this prevents the users from modifying the date/time already set on the device.

DISPLAY SETTINGS(Supported from Android 9.0)

Screen Timeout

The duration(between 5 and 1800 seconds) of inactivity, after which the device goes to sleep.

Modify Screen Timeout Settings

Disabling this, ensures the screen timeout configured above or on the device cannot be modified.

Brightness

Provide the level of brightness to be configured on the device.

Modify Brightness Settings

Disabling this, ensures the brightness configured above or on the device cannot be modified.

Ambient Display

Enable/Disable displaying details such as the time, date etc, on the device lockscreen, when it is in sleep.

MISCELLANEOUS

Add user (Supported from Android 4.4.2 in Samsung devices)

Disabling this, will restrict creating multiple users on the device.

Turn the device off, using Power button (Samsung-only feature, supported from Android 4.1)

By disabling this, users will not be able to turn off their devices using Power Button.

Background process limit (Samsung-only feature, supported up to Android 4.2.2)

By enabling this, the background processes running on the device can be restricted.

Killing activity on leave (Samsung-only feature, supported from Android 4.2.2)

By enabling this, you can permit the user to kill current activity on the device when the user exits.

Modify default device settings (Samsung-only feature)

By enabling this, the device can be restored to default settings.

Air Command (Samsung-only feature, supported from Android 4.4.4)

Enabling this will allow users to access featues related to S Pen, such as Notepad, virtual keyboard, Memo etc. This is applicable only for Samsung Knox devices.

Air View (Samsung-only feature, supported from Android 4.4.4)

Enabling this will allow users to access various features by hovering the finger over Samsung devices. This is applicable only for Samsung Knox devices.

 

See Also: Associating Profiles to Groups, Associating Profiles to Devices, App Management, Distribute Apps to Devices, Distribute Apps to Groups
Copyright © 2019, ZOHO Corp. All Rights Reserved.
ManageEngine