Now Loading
Logo Image

Proget Console

Home  /  Proget Console  /  Administrator guide  /  Policies  /  Android Enterprise Profile Owner

Android Enterprise Profile Owner

Password – Devices
Password required
  • Policy defines requirements for device password. Once done, user must set the device password.
    • Force complicated password
  • The user must have entered a password containing at least numeric characters with no repeating (4444) or ordered (1234, 4321, 2468) sequences.
    • Password length
  • The policy defines the minimum length of the password used on the device.
    • Required number of numerical characters
  • Policy defines the number of numerical characters in the device password.
    • Required number of lower case characters
  • Policy defines the number of lower case characters in the device password.
    • Required number of capital characters
  • Policy defines the number of A-Z capital characters in the device password.
    • Required number of special characters
  • Policy defines the number of special !@#$%^&*()_+<>:”?{}| characters in the device password.
    • Number of attempts to unlock
  • Policy defines the number of incorrect password attempts followed by a container wipe. For COPE activation, the device data will be wiped. The policy does not support Direct Boot if restoring the device to factory settings is forbidden.
  • Number of passwords saved
  • Policy defines how many prior passwords the device should remember while changing the password.
    • Allow unlock device using fingerprint
  • Policy determines whether the user can use a fingerprint to unlock the device. If the policy is disabled, the user must enter a password to unlock the device.
    • Allow the iris scanner
  • The function allows the user to configure the iris scanner and use this function to unlock the device. This rule applies only to devices running Android 9.0 and later.
    • Allow face recognition
  • The function allows the user to configure face recognition and use this function to unlock the device. This rule applies only to devices running Android 9.0 and later.
    • Require lock screen message (COPE only)
  • Policy determines whether a defined message is visible on the locked screen of the device.
    • Lock screen message (COPE only)
  • In the window you can define the message that is sent to the device and displayed on the locked screen of the device. The global variables are active in the popup pane. So, if you set {UserDisplayName} to a device with this policy, a value matching the global variable for that user will be sent.
    • Password – Container
    Password required
  • The policy specifies the password requirements for the container. Upon application, the user has to set a password for the container, in case of missing password requirements the container takes into account the password policy of the device.
    • Force complicated password
  • The user must have entered a password containing at least numeric characters with no repeating (4444) or ordered (1234, 4321, 2468) sequences.
    • Password length
  • The policy defines the minimum length of the password used on the device.
    • Required number of numerical characters
  • Policy defines the number of numerical characters in the device password.
    • Required number of lower case characters
  • Policy defines the number of lower case characters in the device password.
    • Required number of capital characters
  • Policy defines the number of A-Z capital characters in the device password.
    • Required number of special characters
  • Policy defines the number of special !@#$%^&*()_+<>:”?{}| characters in the device password.
    • Number of attempts to unlock
  • Policy defines the number of incorrect password attempts followed by a container wipe. For COPE activation, the device data will be wiped. The policy does not support Direct Boot if restoring the device to factory settings is forbidden.
    • Number of passwords saved
  • Policy defines how many prior passwords the device should remember while changing the password.
    • Password expiration
  • Policy defines how long the password may be used and sets the time for the user to change the password on the device.
    • Allow unlock device using fingerprint
  • Policy determines whether the user can use a fingerprint to unlock the device. If the policy is disabled, the user must enter a password to unlock the device.
    • Allow the iris scanner
  • The function allows the user to configure the iris scanner and use this function to unlock the device. This rule applies only to devices running Android 9.0 and later.
    • Allow face recognition
  • The function allows the user to configure face recognition and use this function to unlock the device. This rule applies only to devices running Android 9.0 and later.
    • Apps
    Allow uninstall apps
  • Policy determines whether the user can uninstall the applications installed in the container.
    • Allow access to public apps in the Google Play Store
  • The policy determines whether a user has access to public apps in the Google Play Store.
    • Specify how to grant permissions for apps
  • Policy determines how the permissions for applications are granted. Policy determines whether application permissions are granted automatically, are automatically discarded, or whether the user can decide. For devices with Android 12 and above, automatic permissions related to sensors (e.g. permission.CAMERA) do not work.
    • Business apps updates
  • The policy allows to define how business apps should be updated.
    • Allow install apps in metered connections
  • The policy determines whether the device can install applications in metered connections. If your network has a data limit, you can define whether the device will install applications.
    • Force the use of Play Protect
  • The policy forces the use of Play Protect to verify the security of unknown apps.
    • Suspend use of private apps (COPE only)
  • The policy allows to suspend the use of private apps. When personal apps are suspended the device can only be used for calls.
    • Functionality
    Allowed input methods
  • Policy determines whether the user can use any input method (for example, a keyboard), only the input methods provided by the device, or only the input methods provided by the device plus additional input methods you specify.
    • Allowed App
  • Add an allowed app package ID, e.g. com.android.example
    • Allow camera
  • The policy allows to use of camera. If unchecked, the camera will not work in all apps, including the Proget app.
    • Allowed accessibility services
  • Policy determine accessibility services that the user can access. By default the user can use any accessibility service. System accessibility services may be for example Voice Assistant.
    • Allowed App
  • Add an allowed app package ID, e.g. com.android.example
    • Limit mobile data usage by apps
  • Provide the package ID of apps that will not be able to use the internet via mobile data. Available from Android 9.
    • Allow Airplane Mode (COPE only)
  • Policy allows to enable airplane mode on your device.
    • Allow use of Bluetooth (COPE only)
  • Policy determines whether you can use Bluetooth
    • Allow sharing via Bluetooth (COPE only)
  • The policy specifies whether the user can share data via Bluetooth.
    • Allow camera (COPE only)
  • The policy allows to use of camera. If unchecked, the camera will not work in all apps, including the Proget app.
    • Allow cell broadcast configuration (COPE only)
  • The policy allows for cell broadcast configuration. Cell broadcast consists in sending information to network users within the range of one BTS base station.
    • Allow date configuration (COPE only)
  • The policy allows to configure the date, time and timezone in the settings.
    • Allow configuring mobile networks (COPE only)
  • Policy determines whether the user can change the mobile network settings such as network access points, operating mode, network operators.
    • Allow private DNS configuration (COPE only)
  • The policy allows to change the private DNS configuration.
    • Allow tethering configuration and mobile hotspots (COPE only)
  • Policy determines whether the user can set up a tethering and mobile hotspot.
    • Allow edit Wi-Fi configuration (COPE only)
  • Policy determines whether the user can add new Wi-Fi connections. If policy is disabled, the ability to set up new connections is blocked. Wi-Fi connections which was added before policy implementation will continue to be active but will be not editable.
    • Allow content capture (COPE only)
  • The policy determines whether capturing content for later use by AI is allowed.
    • Allow content suggestions (COPE only)
  • The policy determines whether the user can receive tailored content suggestions based on content capture.
    • Maximum turn off time of work profile in days (COPE only)
  • The policy determines maximum time the work profile is allowed to be turned off. If the profile is turned off for longer, personal apps are suspended on the device.
    • Turn off time (in days)
    Allow all input methods (COPE only)
  • Policy allows the use of all data input methods (e.g. keyboard), after unchecking, only system methods are allowed. This rule applies only to devices running Android 12 and later.
    • Force Always on VPN
  • The policy forces indicated VPN app to maintain the connection continuously.
    • Add VPN app
    Block internet access when VPN is not connected
  • The policy disable internet access if the VPN connection with the selected apps is not established. Available from Android 10.
    • Add exceptions
  • After adding apps to the exceptions, they will be able to connect to the internet despite the blockade being set. Available from Android 10.
    • Security
    Allow take screenshots
  • Policy defines if user can take screenshots. This rule applies only to container.
    • Allow copying of text between the container and the device
  • Policy determines whether the user can copy between spaces, content generated in the container or device.
    • Allow searching for business contacts in private space
  • The Policy determines whether user can search for business contacts in private space.
    • Allow you to identify your work contact for incoming calls
  • The Policy determines whether caller ID information from the managed profile will be shown in the personal space.
    • Allow the user to deactivate the MDM agent
  • The policy determines whether the user can deactivate the device from the MDM agent.
    • Allow clearing of application data
  • Policy allows to clear Proget app data. Clearing the data will disconnect the device from the system.
    • Allow adding and deleting Google accounts
  • Policy determines whether a user can add and delete Google accounts in the Android Enterprise container. If the policy is turned off, the user can not add new or delete existing Google accounts.
    • Require device registration in Microsoft Entra ID
  • The policy enforces user registration in Microsoft Entra ID. If the policy is enabled, the device will be instructed to sign in to a Microsoft account in purpose of its registration.
    • Automatically set the user login
  • Setting this field will automatically insert the specified user login when logging into Microsoft account.
    • Force device periodically connection to the server
  • Policy determines whether the device have to connect to the MDM server at a specific time interval. Enabling this policy forces the device to contact the server periodically. The date of the last connection will be saved on the server each time.
    • Maximum time to lock
  • Policy set the maximum time for user activity until the device will lock. This limits the length that the user can set in device settings.
    • Time to lock (in minutes)
    Action after exceeding the inactivity time
  • Policy determines whether a defined action should be taken (Clear company data or Clear device data for COPE) after a specified period of inactivity. Action will be taken automatically if the last contact of the device with the server exceeds the defined inactivity time.
    • Inactivity time (in days)
    Action
    Allow Bluetooth contacts sharing
  • Policy determines whether a user can share contacts from the workspace via Bluetooth.
    • Allow using Smart Lock
  • The policy defines the possibility of using Smart Lock on device.
    • Bluetooth
  • The policy allows you to automatically unlock your phone when it is connected via Bluetooth to a trusted device, such as a watch or an in-car speakerphone.
    • NFC
  • The policy allows you to automatically unlock your phone using a trusted NFC tag.
    • Trusted places
  • The policy allows you to configure Trusted places. The device will stay automatically unlocked within a radius of up to 80 meters from the Trusted place.
    • Face
  • The device will automatically unlock when it recognizes your face. If you set up a trusted face, the device will search for it each time it starts, and it will unlock when it recognizes it.
    • On-body
  • The policy allows you to leave the device unlocked when the device is next to the user (e.g. in his hand, pocket or bag). The device will be locked only after the device has been put down (e.g. on a table); the lock will be activated automatically within a minute.
    • Voice
  • The policy allows you to unlock the Google Assistant when saying “Ok Google” on the lock screen, after the device recognized the previously recorded voice. You can give Google commands or open websites without the need to manually unlock the device.
    • Service password
  • The service password allows to define a password to unlock a blocked device, i.e. lost mode. The password defined in the policy works simultaneously with the password on the device card.
    • Allow installation of non Google Play apps
  • The policy determines whether the user can install non-Google Play store apps. ‘Do not allow’ policy is available on devices with Android 10 or later, for devices with Android older than 10 the policy will work as ‘Allow only in private space’.
    • Allow take screenshots (COPE only)
  • Policy defines if user may do screenshots
    • Use Factory Reset Protection (COPE only)
    Get Google ID
  • The policy force the use of Factory Reset Protection. If the device is restored to factory settings, you will be required to enter the Google ID account details listed below.
    • Allow adding and delete user accounts (COPE only)
  • Policy determines whether the user can add and delete accounts such as the email account.
    • Allow developer mode (COPE only)
  • Policy determines whether the user can enable Developer Mode. If the policy is disabled, the Developer Mode return to the default settings.
    • Managing operating system updates (COPE only)
  • The policy allows to specify how system updates are managed on your device.
    • Mode
    From
    To