Category Filter

How to set up Android Device Restrictions?

Setting up device and app restrictions features on the work managed devices reduces distractions and improves it’s security. Controlling the device settings and restricting access also prevents third-party apps from accessing corporate data and resources.

The availability of the device restrictions might differ based on the MDM plan you’ve subscribed to, the device make, and the operating system of the endpoint. Some of the features listed here are built exclusively for Samsung Knox devices, LG’s GATE (Guarded Access to Enterprise) devices, Kyocera business phones, and Android Enterprise enrolled devices.

Configuring Restrictions for Android Devices

To configure Android device restrictions via the Hexnode MDM portal,

  1. From your Hexnode portal, head on to Policies tab.
  2. Set up a new policy by clicking on New Policy button or continue with an existing one.
  3. From Android, choose Restrictions or Advanced Restrictions. You can set up device restrictions from there.
Notes:

  • The Advanced Device Restrictions in Hexnode UEM lets you have enhanced control over Samsung Knox, LG GATE, Kyocera business phones and Android Enterprise enrolled devices.
  • Restrictions set up for devices enrolled in Profile Owner mode is only applicable for the apps within the work container.

Basic Restrictions

Set up Android MDM restrictions for mobile devices

Allow Basic Device Functionality

Device Functions
Restrictions Description Supported Devices
Camera Prevents the users to access the camera app on the device. Camera usage is allowed by default. On Android 10+ devices, the restriction works only on devices enrolled in Android Enterprise program. Samsung Knox Standard SDK 2.0 and up, LG GATE, Kyocera business phones, Device Owner, Profile Owner, Standard Android Devices.
USB Mass Storage Disables access to external mass storage devices. Allowed by default. LG GATE, Samsung Knox Standard SDK 2.0 and up, Kyocera business phones.
USB file transfer Blocks file transfer via USB entirely. USB file transfer is allowed by default. Samsung Knox Standard SDK 2.0 and up, Android Enterprise – Device Owner.
Home button Home button will not work if this option is unchecked. Home button can be used by default. Samsung Knox Standard SDK 2.0 and up.
Power Off Disabling this option prevents users from turning off the device. By default, it is permitted to turn the device off. Samsung Knox Standard SDK 3.0 and up.
Safe mode Prevents users from booting their devices into safe mode. Booting into safe mode is allowed by default. Samsung Knox 1.0 and up, Android Enterprise – Device Owner, Standard Android Devices running versions below 7.0.
Airplane mode Disallow the users to turn airplane mode on. Allowed by default. Samsung Knox 2.0 and up, Android Enterprise – Device Owner (Android 9.0+).
Lock screen shortcuts Uncheck this option to prevent users from placing app icons on the device’s lock screen. This option is enabled by default. Samsung Knox 1.0 and up.
Widgets on lock screen Prevents the user from adding widgets to the lock screen. Allowed by default. Samsung Knox 1.0 and up (below Android 5.0).
Screen Orientation Users can configure screen orientation of their choice on the device if User can choose option is selected. You can make your selection from the following options to enforce screen orientation on user’s device: · User can choose · Auto-rotate · Portrait · Left · Right · Invert Samsung Knox, LG GATE, Kyocera business phones, Standard Android Devices, Android Enterprise – Device Owner.
Screen Timeout Configure screen timeout for devices. Choose between – Never, Keep Current Settings, or set a time between 1-5, 10 or 15 minutes. Kyocera business phones, Samsung Knox, Standard Android Devices, LG GATE, Android Enterprise – Device Owner.

Allow Network Settings

Network Restrictions
Restrictions Description Supported Devices
Wi-Fi Uncheck to disable Wi-Fi on the devices. Note: On standard Android devices, Wi-Fi turns off automatically even if the user tries to turn it on. On Android 10+ devices except Samsung Knox, users will be prompted to turn off Wi-Fi manually. On Samsung Knox devices, Wi-Fi option gets disabled on the device. On Android 10+ devices enrolled in Android Enterprise- Profile Owner mode, the users will be prompted to turn-off Wi-Fi as they open the Hexnode MDM app. LG GATE, Kyocera business phones, Android Enterprise – Device Owner, Android Enterprise – Profile Owner, Standard Android Devices, Samsung Knox Standard SDK 2.0 and up.
Force Wi-Fi (Works only when the option Wi-Fi is enabled) Enabling this option restricts users to turn off the Wi-Fi. Note: On Samsung Knox devices, users will not be able to turn off the Wi-Fi. On standard Android devices, even if the users turn off the Wi-Fi, it will be turned back on automatically. On Android 10+ devices, users will be prompted to turn on Wi-Fi manually. On Android 10+ devices enrolled in Android Enterprise-Profile Owner mode, the users will be prompted to turn-off Wi-Fi as they open the Hexnode MDM app. LG GATE, Kyocera business phones, Android Enterprise – Device Owner, Android Enterprise – Profile Owner, Standard Android Devices Samsung Knox Standard SDK 2.0 and up.
Bluetooth Uncheck this option to restrict users to turn on Bluetooth. By default, the users are allowed to use Bluetooth on their devices. Samsung Knox Standard SDK 2.0 and up, Kyocera business phones, Android Enterprise – Device Owner, Android Enterprise – Profile Owner, Standard Android Devices, LG GATE.
Force Bluetooth (Works only when the option Bluetooth is enabled) Enabling this option restricts the users to turn off Bluetooth. On Samsung Knox devices, users will not be able to turn off Bluetooth. On standard Android devices, even if the users turn off Bluetooth, it will be turned back on automatically. LG GATE, Samsung Knox Standard SDK 2.0 and up, Kyocera business phones, Android Enterprise – Device Owner, Android Enterprise – Profile Owner, Standard Android Devices.
Mobile data Uncheck this option to prevent the use of mobile data. Mobile data is allowed by default. Kyocera business phones, Samsung Knox Standard SDK 2.0 and up, LG GATE.
Tethering Prevents tethering on devices. Tethering is allowed by default.
USB tethering (Unable to modify if Tethering is disallowed) Uncheck this option to prevent users from sharing mobile data with other devices via USB. USB tethering is allowed by default. Samsung Knox Standard SDK 2.0 and up.
Bluetooth tethering (Unable to modify if Tethering is disallowed) Disallows the users to share their mobile data with other devices over Bluetooth if this option is selected. Bluetooth tethering is allowed by default. Samsung Knox Standard SDK 2.0 and up.
Portable Wi-Fi hotspot (Unable to modify if Tethering is disallowed) Select an option to tether the portable Wi-Fi hotspot: Users can choose, Always Off, and Always On.
Note: Users cannot connect to any Wi-Fi network if Wi-Fi hotspot is set to ‘Always On’.
Samsung Knox Standard SDK 2.0 and up, Kyocera business phones, Android Enterprise – Device Owner and Standard Android Devices running versions below 8.0, LG GATE.
Data roaming Uncheck this option to disallow users to turn on Data Roaming and use mobile data outside their home networks. Data roaming may incur additional charges. Data roaming is allowed by default. Samsung Knox Standard SDK 1.0 and up, Android Enterprise – Device Owner.

Allow Location Settings

Location Settings
Restrictions Description Supported Devices
Mock location Unchecking this option prevents users from turning on Mock locations which can be enabled from developer options. Enabling Mock location tricks the GPS with a fake location. By default, users are allowed to do so.
Note:

For Device owner mode, unchecking this option completely disables the entire developer options on the device.

LG GATE, Samsung Knox Standard SDK 2.0 and up, Kyocera business phones.
GPS Unchecking this option disallows the users from turning GPS on/off. Allowed by default. LG GATE, Samsung Knox Standard SDK 3.0 and up, Kyocera business phones.
Force GPS to fetch location Force GPS to be always ON. Users won’t be able to turn it OFF. Location services are forced by default. LG GATE, Samsung Knox, Kyocera business phones.

Allow Basic Sync Settings

Sync Settings
Restrictions Description Supported Devices
Backup service Unchecking this option prevents user’s data from being backed up to or restored from Google drive. Android Enterprise Device Owner running Android 8.0+.

Basic Security Options

Security Options
Restrictions Description Supported Devices
Allow MDM administration removal Unchecking this option prevents the removal of Hexnode MDM app from devices.
Note: On LG GATE devices running android 7 and above, disabling this option restricts the removal of both Hexnode MDM and LG Service apps. On devices running Android 6 and below, disabling the option restricts only the removal of Hexnode MDM app and not the LG Service app.
Samsung Knox Standard SDK 2.0 and up, LG GATE.

Advanced Restrictions

Android advanced restrictions profile

Allow Advanced Device Functionality

Device Functions
Restrictions Description Supported Devices
Microphone If this option is unchecked, the microphone will be disabled while using any apps except phone calls. Microphone is allowed by default. Android Enterprise – Device Owner, Samsung Knox Standard SDK 2.0 and up.
Screen capture Unchecking this option prevents users from capturing a screenshot directly from their device or from Android Studio. Allowed by default. Samsung Knox Standard SDK 2.0 and up, Android Enterprise – Profile Owner, Android Enterprise – Device Owner.
Clipboard When you copy or cut a text on the system, it’ll go to the clipboard for temporary use. The text is pasted directly from the clipboard. So, disabling this option prevents using clipboard to Cut, Copy and Paste functions. Copying another piece of text will replace the previous one in the clipboard. Clipboard is enabled by default. Samsung Knox Standard SDK 2.0 and up.
Copy contents between normal and work profiles Allow users to copy contents from an app in normal profile to an app in work profile and vice-versa. Android Enterprise – Profile Owner.
Share via other apps Disable data sharing between apps using the share option on the device. Enabled by default. Samsung Knox 1.0 and up.
Users can adjust volume Prevents users from adjusting the device volume, if this option is unchecked. Android Enterprise – Device Owner, Android Enterprise – Profile Owner on devices running Android version 6 and up.
Make a call Users are allowed to make calls on their devices by default. Unchecking this option disallows outgoing calls. Android Enterprise – Device Owner.
Receive calls Unchecking the option disables incoming calls on the device, preventing the user from receiving any calls. Samsung Knox
USB Host Storage Allow users to connect an external USB device, such as an external hard disk or a flash drive on their devices. If disabled, it blocks all external USB devices (except those specified under the USB Exception list) from connecting to the devices. Enabled by default. Samsung Knox 2.9+
USB Exception list This setting works only if the option ‘USB Host Storage’ is disabled. You can select the type of USB storage devices that can connect to your Android devices. Any USB device classes not specified here will be blocked. The available USB device classes include:
  • Audio: Speaker, microphone, sound card, MIDI
  • CDC Data: Devices used together with USB Communication Device Class (CDC)
  • Communication: Modem, Ethernet adapter, Wi-Fi adapter, RS-232 serial adapter
  • Human Interface Device: Keyboard, mouse, joystick and other human-interface devices (HIDs)
  • Mass Storage: USB Flash drive, memory card reader, digital camera, digital audio player, external drive
  • Miscellaneous: ActiveSync device
  • Still Image: Webcam, Scanner
  • Vendor Specific: Devices that need vendor-specific drivers
  • Wireless Controller: Bluetooth adapter, Microsoft RNDIS
Samsung Knox 2.9+

Display Settings

Display Settings
Restrictions Description Supported Devices
Hide System Bars Hides the system bars – the status bar, the navigation bar, and the settings toggles. They are shown on devices by default. Samsung Knox
Hide Status Bar Hides the status bar (notification icons, network signal bar, time etc.) at the top of the handset screen. Hiding the status bar will deny access to the notifications bar and the quick settings tray. The status bar is shown by default. Samsung Knox 1.0 and up, Android Enterprise – Device Owner.
Hide Navigation Bar Hides the on-screen navigation bar with the back, home and recent apps buttons. Other system bars will not be affected. The navigation bar is shown by default. Samsung Knox 1.0 and up.
Split-screen mode Disabling this option restricts the user from accessing the multi-window or split-screen feature on the device. Samsung Knox
Display dialogs/windows Unchecking this option blocks dialogs/windows for system overlays, alerts, toast messages, incoming/outgoing calls, and application overlays. It also blocks Hexnode’s password prompt, broadcast message alerts and floating kiosk peripheral settings icon. Android Enterprise – Device Owner.
Keep Screen On while charging Select the type of power source that can cause the device’s screen to stay on while plugged in. The available options include:
  • On AC charger: The screen stays on when the device is plugged in using an AC charger.
    Note:
    • This option may not work if the device is plugged in using an unsupported power supply. Make sure to use the supported device chargers for charging devices.

  • On USB charger: The screen stays on if the device is charging via USB.
  • On wireless charger: The device screen stays on while it is charging wirelessly.

Notes:

This restriction will not work if:

  • The device screen is manually turned off.
  • The ‘Auto-lock after’ option under Policies > Android > Password is enabled.
  • The user disables the ‘Stay Awake’ option under ‘Developer options’. In this case, the policy will have to be pushed again for this feature to work.

Android Enterprise – Device Owner (Android 6.0+).

Allow Connectivity Options

Connectivity Options
Restrictions Description Supported Devices
NFC If this option is disabled, NFC, Android Beam and S Beam are turned off, and users cannot perform operations that use Near Field Communication on devices that support it. NFC is enabled by default. Samsung Knox Standard SDK 2.0 and up.
Android Beam Disabling Android Beam will disable S Beam as well. Allowed by default. Samsung Knox 1.0 and up.
Beam from the device Unchecking this option disallows outgoing Android Beam. Allowed by default. Android Enterprise – Device Owner, Android Enterprise -Profile Owner.
Transfer data via Bluetooth Uncheck this option prevents the device from transferring data over a Bluetooth connection, turning this option off will also affect Android Beam transfers. Allowed by default. Samsung Knox Standard SDK 2.0 and up, Android Enterprise – Device Owner, Android Enterprise – Profile Owner.
Configure Bluetooth Disallows users to configure Bluetooth on their devices if this option is unchecked. Android Enterprise – Device Owner.
Configure cell broadcast Disabling this option will prevent users from configuring cell broadcasts. Allowed by default. Android Enterprise – Device Owner.
Configure cellular network If disabled, restricts users from configuring cellular network settings on their devices. Allowed by default. Android Enterprise – Device Owner, Android Enterprise – Profile Owner.
Users can reset network settings Users are allowed to reset network settings on their devices by default. Disabling this option disallows users to reset current cellular and Wi-Fi settings, VPN settings, Wi-Fi passwords and so on. Allowed by default
Note: This feature works for Android devices running version 6 and above.
Android Enterprise – Device Owner.
Configure Wi-Fi Unchecking this option prevents users from configuring Wi-Fi on their devices. Allowed by default. Android Enterprise – Device Owner, Android Enterprise -Profile Owner.
Configure managed Wi-Fi profile Unchecking this option prevents the user from modifying the managed Wi-Fi configurations pushed from Hexnode. Android Enterprise – Device Owner
Configure hotspot and tethering If this option is disabled, users can’t configure portable hotspot and tethering on their devices. Allowed by default. Samsung Knox, Android Enterprise – Device Owner.

Note:

Both Android Beam and S Beam identify a device using NFC. Android Beam send files via Bluetooth whereas S Beam will transfer files with Wi-Fi Direct.

Advanced Security options

Security options

Minimum Wi-Fi security level – Set a minimum-security level to establish a Wi-fi connection on the device. Open is selected as default. The device will not connect to a network which is less secure than the value chosen here.

Warning:

Once the policy gets applied on the device, the current Wi-Fi connection will get disconnected immediately if it has a security level below the minimum level set in the policy.

Security Type Supported Devices
WEP

WPA/WPA2 PSK

EAP- LEAP

EAP-FAST

EAP- PEAP

EAP-TTLS

EAP-TLS

All Samsung Knox versions.
FT- PSK

EAP-PEAP-FT

EAP-PEAP-CCKM

EAP-TTLS-FT

EAP-TTLS-CCKM

EAP-TLS-FT

EAP-TLS-CCKM

Knox 2.4+
EAP-LEAP-FT

EAP-LEAP-CCKM

EAP-FAST-FT

EAP-FAST-CCKM

EAP-PWD

EAP-PWD-FT

EAP-PWD-CCKM

EAP-SIM

EAP-SIM-FT

EAP-SIM-CCKM

EAP-AKA

EAP-AKA-FT

EAP-AKA-CCKM

EAP-AKA’

EAP-AKA’-FT

EAP-AKA’-CCKM

Knox 2.5+

Allow Advanced Sync Settings

Limiting Data Sync
Restrictions Description Supported Devices
Sync data in background Unchecking this option prevents the apps from auto-syncing data in the background. By default, users can toggle it on/off.

Note:

If this option is disabled, the device will go into Data Saver mode and the end-user will not be able to exit from it. Enable this option to allow the user to make changes to the Data Saver mode.

Samsung Knox Standard SDK 2.0 and up.
Sync data with Google account Uncheck this option to disallow the Google apps on the device to sync data with the user’s Google Account. This includes contact, calendar, emails and everything Google except Play Store apps. Allowed by default. Samsung Knox 2.0 and up.

Allow Account Settings

Account Settings
Restrictions Description Supported Devices
SMS Uncheck to disable incoming and outgoing SMS. Samsung Knox Standard SDK 3.0 and up, Android Enterprise – Device Owner.
Receive messages If disabled, the device can’t retrieve the text messages sent to its user. Allowed by default. Samsung Knox Standard SDK 3.0 and up.
Send messages Blocking this feature will restrict the users from sending text messages from their Samsung devices. Allowed by default. Samsung Knox Standard SDK 3.0 and up.
Modify Accounts/Users If disabled, restricts users from adding, removing and switching between the users. For Android Enterprise enabled devices, this option allows the users to add, remove or switch between Google Accounts. Allowed by default. Samsung Knox, Android Enterprise – Device Owner, Android Enterprise – Profile Owner.
Add Users User will not be allowed to add other users if this option is unchecked. Allowed by default. Samsung Knox
Remove Users User will not be allowed to delete other users if this option is unchecked. Allowed by default. Samsung Knox
Configure user credentials Allow users to configure user credentials. Android Enterprise – Device Owner, Android Enterprise – Profile Owner.

Allow Settings

Restrict Device Settings Modification

Notes:


Make sure you have the latest versions of the Hexnode MDM app or Hexnode for Work app installed on the devices.

Restrictions Description Supported Devices
Developer mode Unchecking this option will disable developer mode. This will reset any manually-configured developer settings. Allowed by default. Samsung Knox 2.0 and up.
USB debugging (If Developer mode is enabled) If allowed, users can turn USB debugging on/off. If disallowed, users won’t be able to turn it back on. Allowed by default. Samsung Knox Standard SDK 2.0, Android Enterprise – Device Owner.
Modify settings Disabling this option blocks all future changes to the device settings, until this option is turned back on. By default, Settings can be modified. Samsung Knox Standard SDK 2.0 and up.
Power saving mode If disallowed the device won’t be able to switch to power saving mode. Allowed by default. Samsung Knox 2.8 and up.
Users can enable location sharing This option allows users to enable real time location sharing with others. Disabling this option prevents the user from turning on location sharing. Allowed by default. Android Enterprise – Device Owner, Android Enterprise -Profile Owner
Factory reset Allow users to reset their device to factory settings. Unchecking the option prevents factory reset. Allowed by default. Samsung Knox Standard SDK 2.0, Android Enterprise -Device Owner.
Read any connected physical external media Users are allowed to connect the devices to external physical media by default. Disabling the option prevents it. Android Enterprise – Device Owner, Android Enterprise -Profile Owner.
Update date and time automatically Allows automatic update of date, time and time zone on the device, if this option is selected. Allowed by default. This feature may not work on devices that do not support the option to set the time zone automatically. Android Enterprise – Device Owner.
Set time zone automatically Unchecking this option disallows users to choose whether the device can update the time zone automatically. Allowed by default. This feature may not work on devices that do not support the option to set the time zone automatically. Android Enterprise – Device Owner.
Disable screen lock if the screen was turned off If this option is enabled, the screen lock option (Settings > Security > Screen Lock) will be disabled on the device. Any unlock pattern, password, PIN on the device will get cleared. Disabled by default. Samsung Knox 2.0 and up.
Configure VPN Allows users to configure VPN. When disabled, network and data usage restrictions set under Android > Mobile Data Management won’t work. Samsung Knox Standard SDK 2.2 and up, Android Enterprise – Device Owner, Android Enterprise – Profile Owner (6.0 and above).
Automatically power off a device when USB is detached Enable this option to power off a device whenever a USB is detached from it. This will not work if ‘Power Off’ under Policy > Android > Restriction is disabled.
Notes:


This option works only if:

  • A KPE Premium license key is attached to the devices. Head on to General Settings > Knox Platform for Enterprise > Configure to select the key already added to the portal.
  • The ‘Power Off’ option under Policy > Android > Restrictions is enabled.

Samsung Knox 2.8 and up.
Automatically power on a device when USB is connected Check this option to automatically turn on the device when a USB is connected.
Note:


This option works only if:

  • Attach the KPE Premium license key to the devices. Head on to General Settings > Knox Platform for Enterprise > Configure to select the key already added to the portal.

Samsung Knox 2.6 and up.

Lock Screen Customizations

Lock screen restrictions

Notes:
  • Lock Screen customizations are supported only on devices with a secured lock screen (Devices protected by a PIN, pattern or password lock).
  • To customize the lock screen, the device should be be updated with the latest version of the Hexnode For Work app.

Restrictions Description Supported Devices
Lock Screen Camera Uncheck this option to disable camera and face unlock feature on a secured lock screen.
Notes:
  • Face unlock configured through trust agents for smart lock may not be disabled even if this option is unchecked.
  • Enabling or disabling this feature will have no effect, if Camera under Policies > Android > Restrictions is disabled.
  • This feature will have no effect on Samsung Knox devices, if Lock screen shortcuts under Policies > Android > Restrictions is disabled.

Android Enterprise Device Owner (Android v5.0 & later).
Trust Agents for Smart Lock If disabled, this would prevent trusted agents like device connected via Bluetooth, NFC, etc. from unlocking the device. Android Enterprise Device Owner (Android v5.0 & later), Android Enterprise Profile Owner (Android v6.0 & later).
Lock Screen Notifications If disabled, notifications will not be shown on the secured lock screen. Android Enterprise Device Owner (Android v5.0 & later).
Unredacted Notifications If disabled, only redacted notifications will be shown on the locked screen. Redacted notifications are sensitive notifications with contents hidden on the lock screen. This feature can only be enabled if Lock Screen Notifications is enabled. Android Enterprise Profile Owner (Android v6.0 & later), Android Enterprise Device Owner (Android v5.0 & later).
Fingerprint Unlock If unchecked, fingerprint unlock will be disabled on a secured lock screen. Android Enterprise – Device Owner (Android v5.0 & later), Android Enterprise Profile Owner (Android v6.0 & later).
Iris Scanner Uncheck to disable iris scanner feature on the secured lock screen. Android Enterprise Device & Profile Owner (Android v9.0 & later).
Face Unlock If unchecked, users cannot unlock the device via the face unlock feature.
Notes:
  • Even if this option is disabled, Face unlock configured through trust agents for smart lock may not be disabled.
  • If Policies > Android > Restrictions is disabled, enabling or disabling this feature will have no effect.

Android Enterprise Device & Profile Owner (Android v9.0 & later).

Allow App Settings

App-based Restrictions
Restrictions Description Supported Devices
Install apps Disabling this option will block any apps from installing on the device. Allowed by default. Samsung Knox Standard SDK 2.0, Android Enterprise – Device Owner, Android Enterprise – Profile Owner.
Uninstall apps To disallow a user from uninstalling any apps from the device, disable this option. Allowed by default. Samsung Knox Standard SDK 2.2, Android Enterprise – Device Owner, Android Enterprise – Profile Owner.
Control apps Enabling this option allows users to modify applications in Settings or launchers. If this option is disabled, users can’t uninstall apps, disable apps, clear app data and cache, force stopping apps, clear app defaults and so on. Android Enterprise – Device Owner, Android Enterprise – Profile Owner.
Google Play Store Unchecking this option will hide Google Play Store’s icon from the user’s device. Allowed by default. Samsung Knox Standard SDK 2.0 and up.
Verify apps before install  Enabling this option allows Google to verify the app content for any harmful behaviour before installation begins. If disallowed, it prevents Google app verification before installation. Android Enterprise – Device Owner, Android Enterprise – Profile Owner.
Install apps from unknown sources If allowed, it enables the users to install apps from Play Store and other sources. Unchecking this option will block app installation from unknown sources and users can’t turn it back on from the device. Samsung Knox Standard SDK 2.0, Android Enterprise – Profile Owner, Android Enterprise – Device Owner. Samsung Knox Standard SDK 2.0, Android Enterprise – Profile Owner, Android Enterprise – Device Owner.
App Runtime Permissions Set runtime permissions for apps. You can grant, deny specific permissions or, set default permissions for the app.
Note:


The app runtime permissions can only be granted on Android 10 or later devices.

Android Enterprise – Device Owner, Android Enterprise -Profile Owner.
Parent profile app linking Disabling this option prevents apps in the parent profile to handle web links from managed profile.
Note: This feature works for Android devices running version 6 and above.
Android Enterprise – Device Owner, Android Enterprise – Profile Owner.

Factory Reset Protection (Google Account Verification)

Google Factory Reset Protection (FRP) is a security feature enabled by default on devices running Android v5.1+, designed to prevent the use of devices if it gets reset to factory settings without your permission. If you have a Google account set on your device and your device is reset, the device remains unusable until you log in using the Google account previously set on your device.
Default’ option takes the default device settings for FRP.
Bypass Factory Reset Protection‘ enforces the Google account verification step. Add G Suite email address and/or Google Plus Profile IDs to log in to your devices in situations where you forget/do not know the previously configured Google account credentials. Integrate your G Suite account with the Hexnode MDM server to add the accounts to the list.
Disable Factory Reset Protection‘ lets you skip the Google account verification step. When asked to enter the Google account credentials, the user can skip the verification by clicking SKIP.

How to Apply the Restrictions to Devices/Groups?

If you haven’t saved the policy yet,

  1. Proceed to the Policy Targets.
  2. Click on + Add Devices, search and select all devices to which the policy is to be applied.
  3. Press OK button to finish adding devices.

Missed a device? No worries. Click on + Add Devices again and you can add more of them.

To associate the policies with a device group instead, select Device Groups from the left pane under Policy Targets, and follow the above instructions. You can associate the policy with users, user groups, or domains from the same pane.

If you’ve saved the policy and you’re taken to the page which displays the policy list,

  1. Check a policy.
  2. From Manage, select Associate Targets.
  3. Add as many devices as you need.