skip to main content
EN : Mobile Device Management : Setting Restrictions : Setting Restrictions for Android Groups
Setting Restrictions for Android Groups
The restrictions can be set in the following location:
MDM > Groups > Android > Restrictions tab
Samsung SAFE V2+ certified – Administrators can manage SAFE Android smartphones and tablets securely and remotely by deploying mobile applications and controlling overall device functionality.
Device Functionality
> Allow camera – select the checkbox to allow the user to launch the camera through a camera app. Clear the checkbox to disable the camera. The default camera can always be launched. This setting only works for camera apps other than the default camera app.
> Allow microphone (SAFE v2+, Device Owner)select the checkbox to disable the microphone used voice calls. The built-in voice recorder can still use the microphone if this checkbox is cleared (depending on the device manufacturer).
> Allow screen capture (SAFE v2+, Device Owner, Profile Owner) – select the checkbox to allow user to capture the screen. Clear the checkbox to disable this feature. The user will not be able to take a screenshot on the mobile device if the checkbox is not selected.
> Allow adding accounts (SAFE v2+, Profile Owner, Device Owner) – select the checkbox to allow users to add accounts on the device. Clear the checkbox to disable this feature. The Add Accounts option on the mobile device will be disabled if this option is not selected.
Sync and Storage
> Allow Google Account Sync (SAFE v2+) – select the checkbox to allow users to automatically sync Google Account. The options in Settings > Accounts > Accounts > Google are disabled if this option is not selected.
> Allow use of SD card (SAFE v2+)select the checkbox to allow Secure Digital (SD) cards on mobile devices. SD cards cannot be used on mobile devices if this option is not selected. The SD card will be shown as Not inserted and the user will not have an access to the SD card if this option is not selected.
> Allow use of USB (SAFE v2+) – select the checkbox to allow USB devices to connect to the mobile device. If this option is not selected, USB devices will not be detected by the mobile device.
> Allow USB storage device (SAFE v2+) select the checkbox to allow USB storage devices to connect to the mobile device. This option can be enabled only if Allow use of USB is enabled.
For Samsung devices (supporting Knox SDK) in Device Owner mode, clearing Allow use of USB, will only disable USB data transfer between device and the computer. However, storage media (like OTG pen drive) will be mounted to device if Allow USB storage device is selected.
> Enforce Storage Encryption – select the checkbox to encrypt data on the mobile devices for security. Data will not be encrypted if this option is not selected. If the device has been encrypted previously, it cannot be decrypted by clearing the checkbox.
Default Runtime Permissions for Work apps
> Default Apps Permission: select the appropriate permission for all the apps. Select Prompt (to prompt the user), Auto Grant (automatically grant permission to run the app) or Auto Deny (automatically deny permission to run the app). Permissions for each apps can be set manually from MDM > Apps > Android > Manage Permission & Configurations > Permissions tab. The settings in the Permissions tab set for each individual app overrides the default app permission.
Applications
> Allow uninstall (SAFE v2+ Profile Owner Device Owner) – select the checkbox to allow users to uninstall apps. Users will not be able to uninstall apps from the mobile device if this option is not selected and the message Uninstall unsuccessful will be shown.
> Allow stopping of system apps (SAFE v2+) – select the checkbox to allow users to stop Android System apps. If this option is not selected, the option Settings > Apps > [System_App_Name] > Force Stop will be disabled.
> Allow YouTube (SAFE v2+ Profile Owner, Device Owner) – select the checkbox to allow users to launch YouTube on the mobile device. Users will be prevented from launching you tube if this option is not selected.
> Allow Gmail (SAFE v2+ Profile Owner, Device Owner) – select the checkbox to allow users to launch the Gmail app. Users will not be able to launch Gmail if this option is not selected.
If the Allow Gmail option is not selected, the Gmail app cannot be launched. However, users can still access Gmail via the browser.
> Allow Google Maps (SAFE v2+, Device Owner) – select the checkbox to allow users to launch Google Maps on the mobile device.
Security
> Allow Restore Factory Settings (SAFE v2+ Device Owner) – select the checkbox to allow users to restore to factory settings. Users will not be able to restore the device to factory settings if this option is not selected.
If the Allow Restore to Factory Settings option is not selected, administrators can still restore the device to factory settings remotely from the Deep Freeze MDM web interface.
> Allow installation from unknown sources (SAFE v2+ Profile Owner Device Owner) – select this option to allow users to install apps from locations other than the Google Play Store.
> Allow Airplane mode SAFE v2+ – select the checkbox to allow users to put the mobile devices into Aeroplane mode.
Network
> Allow MDM provisioned Wi-Fi only – select this option if you want the mobile device to connect only to the Wi-Fi defined in the Deep Freeze MDM. If this option is selected the user will not be able to connect to any other Wi-Fi Network.
> Allow Bluetooth – select this option to allow users to enable Bluetooth on their mobile devices and connect to other devices. If this option is not selected, users cannot enable Bluetooth on their devices.
> Allow Wi-Fi Direct (SAFE v2+) – select this option allow mobile devices to connect to other devices through Wi-Fi direct. Mobile devices will not be able to connect to he other devices through Wi-Fi direct if this option is not selected.
Miscellaneous
> Allow turning device off using the power button (SAFE v2+) – select this option to allow users to power off the mobile devices using the power button on the phone.
> Allow date/time change (SAFE v2+ Device Owner) – select this option to allow the users to change the time. Users will not be able to change the date or time manually if this option is not selected.
> Use network time (SAFE v2+) – select the checkbox to use the time from the mobile network.
Sort the restrictions from the drop-down as follows:
All Features
Core Android
SAFE V2+
Device Owner
Profile Owner
Only devices running Android 5.0 or above can be provisioned as Profile Owner or Device Owner.