Android profile configuration in the Restrictions menu item
New article with version: 1.28
This article refers to a Resellerpreview
-
RestrictionsRestrictions | ||||||
| Caption | Value | Description |  | |||
|---|---|---|---|---|---|---|
| Support Messages | ||||||
| Short support message | Deactivated by the IT department of ttt-Point AG | A message that is displayed to the user on the settings screen when the functionality has been disabled by the administrator. The maximum message length is 4096 characters. | ||||
| Long support message | Deactivated by the IT department of ttt-Point AG due to general security precautions. If you have any questions, please contact Support at: +49 4131-2401-0 | A message displayed to the user. The maximum message length is 4096 characters. See figure above. | ||||
| Permitted input methods | Add package name | If available, only the input methods provided by packages in this list are allowed. If this field exists, but the list is empty, only system input methods are allowed. | ||||
| Approved input support services | Add package name | Specifies the allowed input accessibility services. If the field is not set, any input accessibility service can be used. When the field is set, only the input assistance services included in this list and the input assistance services integrated in the system can be used. In particular, if the field is empty, only the system's built-in input accessibility services can be used. | ||||
| Accounts to unlock after factory reset | it-intern@anyideas.de | Factory Reset Protection (FRP). Email addresses of device administrators to protect against resetting to factory defaults. When the device is reset to factory defaults, one of these administrators must log in with the Google Account email address and password to unlock the device. If no administrators are specified, the device provides no protection against resetting to factory defaults. | ||||
| Location mode | Unspecified | Der Grad der Standorterkennung ist aktiviert. Der Benutzer kann den Wert ändern, es sei denn, der Benutzer kann nicht auf Geräteeinstellungen zugreifen. | ||||
| Disable screen capture | In order to provide data protection, it should not be possible to take screenshots. This also includes blocking screen sharing applications and similar applications (e.g. Google Assistant) that use the system's screenshot functions. | |||||
| Disable camera | The camera should be deactivated by default. | |||||
| Account types with management disabled | Account types that cannot be managed by the user | |||||
| Disable adding users | Shows whether adding new users and profiles is disabled | |||||
| Disable the volume setting | Shows whether adjusting the main volume is disabled | |||||
| Deactivate factory reset | The reset to factory settings should be deactivated. | |||||
| Disable mounting physical media | The mounting of external physical media by the user is to be deactivated. | |||||
| Disable modifying accounts | Add or remove accounts should be disabled.notempty If this item is not enabled, the user can create another Google Account, log into the Playstore and install any software.
| |||||
| Deactivate key lock | Indicates whether the key lock is deactivated | |||||
| Disable Bluetooth contact sharing | No contact data should leave the device via Bluetooth. | |||||
| Disable Bluetooth configuration | The Bluetooth configuration should be deactivated. | |||||
| Disable cell broadcast configuration | The configuration of Cell Broadcast should be disabled. | |||||
| Disable credentials configuration | The configuration of user credentials should be disabled.notempty If disabled, certificates can no longer be installed. If these security settings are to be used, it is recommended to deactivate the configuration of the login credentials only after the security settings have been implemented on all devices.
| |||||
| Disable mobile network configuration | The configuration of mobile radio networks should be disabled. | |||||
| Disable VPN configuration | The configuration of VPN should be disabled. | |||||
| Disable airplane mode notempty New as of 1.18 |
Disabled | Controls the current status of flight mode and indicates whether the user can turn it on or off. notempty Available from Android 9 or higher | ||||
| Disable creating windows | Specifies whether creating windows next to app windows is disabled. | |||||
| Disable resetting network settings | Indicates whether network settings reset is disabled. | |||||
| Disable sending via NFC | The use of NFC to transfer data from apps should be disabled. | |||||
| Disable outgoing calls | Indicates whether outgoing calls are disabled. | |||||
| Disable the removal of users | Shows whether the removal of other users is disabled. | |||||
| Disable location sharing | Indicates whether location sharing is disabled. | |||||
| Disable SMS | Shows whether sending and receiving SMS messages is disabled. | |||||
| Prevent microphone from being switched on | Shows whether the microphone is muted and the microphone volume cannot be adjusted. | |||||
| USB data access notempty New as of:1.24 |
Allow all | Controls what files and/or data can be transferred via USB. notempty Does not impact charging functions. notemptySupported only on company-owned devices.
| ||||
| Tethering Einstellungen notempty Aktualisiert |
Unspecified | Die Konfiguration von Tethering (z. B. WLAN-Tethering oder Bluetooth-Tethering) kann eingeschränkt werden. | ||||
| WLAN Konfigurieren notempty Aktualisiert |
Unspecified | Konfiguration von WLAN-Netzen durch Anwender | ||||
| Disable setting user icon | Indicates whether changing the user icon is disabled. | |||||
| Disable the background settings | Shows whether changing the background image is disabled. | |||||
| Disable roaming | Indicates whether roaming data services are disabled. | |||||
| Disable the Network Escape Hatch | Indicates whether the Network Escape Hatch is enabled. | |||||
| Disable Bluetooth | Shows whether Bluetooth is disabled. This setting is preferable to Bluetooth Configuration because Bluetooth Configuration can be bypassed by the user. | |||||
| Disable easter eggs | Whether the user is allowed to have fun. Controls whether the easter egg game is disabled in the settings. | |||||
| Automatic date & time zone | Unspecified | Indicates whether automatic date, time, and time zone are enabled on a company-owned device. | ||||
| Activate the custom kiosk launcher | Indicates whether the custom kiosk launcher is enabled. | |||||
| Skip hints on first user | Flag to skip first time use hints. The company administrator can enable the system recommendation for apps to skip the user tutorial and other introductory notes on first launch. | |||||
| Enable private key selection | Allows the user interface to be displayed on a device so that a user can select a private key alias if there are no matching rules in ChoosePrivateKeyRules. For Android P devices, this setting can attack company keys. | |||||
| Disable keyguard | Camera Ignore trust agents Remote input | Functions that are not available to the user in the lock screen. | ||||
| System Update | ||||||
| Activate the status message | After you have activated this, you can set the system update configuration. | |||||
| Update type | Unspecified | The type of system update to configure. | ||||
| Start Only with update type in window |
0 |
If the type is windowed, the start of the maintenance window, measured as the number of minutes after midnight in the device's local time. This value must be between 0 and 1439, inclusive. | ||||
| End Only with update type in window |
0 |
If the type is WINDOWED, the end of the maintenance window, measured as the number of minutes after midnight in device's local time. This value must be between 0 and 1439, inclusive. If this value is less than start_minutes, then the maintenance window spans midnight. If the maintenance window specified is smaller than 30 minutes, the actual window is extended to 30 minutes beyond the start time. | ||||
| Freeze periods | Add period | An annually recurring period of time when over-the-air (OTA) system updates are pushed to freeze the operating system version running on a device. To prevent the device from freezing indefinitely, each freeze period must be at least 60 days apart. | ||||
| Start | Start of the period | |||||
| End | End of period | |||||
| Rules for private keys | Add rule | Rules for automatically selecting a private key and certificate to authenticate the device to a server. The rules are ordered by priority. Thus, if an outgoing request matches more than one rule, the last rule defines which private key to use. | ||||
| URL-pattern | URL-pattern | The URL pattern to match with the URL of the outgoing request. The pattern may contain wildcards with asterisks (*). Any URL matches if it is not specified. | ||||
| Package names | Paketnamen hinzufügen | The package names for which outgoing requests are subject to this rule. If no package names are specified, the rule applies to all packages. For each listed package name, the rule applies to that package and all other packages that used the same Android UID. The SHA256 hash of the signature key signatures of each package name is compared to those provided by Play. | ||||
| Alias for private key | Alias | Der Alias des zu verwendenden privaten Schlüssels. | ||||
| Untrusted apps policy | Unspecified | The policy for untrusted apps (apps from unknown sources) enforced on the device. | ||||
| Force app verification through 'Google Play Protect' | Unspecified | Specifies whether app verification is enforced by 'Google Play Protect'. | ||||
| Developer settings | Unspecified | Controls access to developer settings: Developer Options and Safe Launch. | ||||
| Common Criteria mode | Unspecified | Controls Common Criteria mode - security standards defined in the Common Criteria for Information Technology Security Evaluation (CC). | ||||
| Personal apps that can read work notifications | Add package name | Personal apps that can read work profile notifications with a NotificationListenerService. By default, no personal apps (except system apps) can read work notifications. Each value in the list must be a package name. | ||||
| Power-Button-Actions | Unspecified | Sets the behavior of a device in kiosk mode when a user presses and holds the On / Off button. | ||||
| System error warnings | Unspecified | Specifies whether to block system error dialogs for crashed or unresponsive apps in kiosk mode. | ||||
| System navigation | Unspecified | Indicates which navigation functions are enabled in kiosk mode (e.g. Home, overview keys). | ||||
| Status bar | Unspecified | Specifies whether system information and notifications are disabled in kiosk mode. | ||||
| Device settings | Unspecified | Specifies whether a user can access the app settings of the device in kiosk mode. | ||||
