Lockdown policy fields for all Android devices and Android Enterprise devices

These lockdown options apply to all Android devices and all Android Enterprise devices.

Table 28.   Lockdown policy fields: Android and Android Enterprise devices
Item Description Default Policy Setting

Lockscreen Widgets

Enable or disable the ability to add widgets to the lockscreen. Placing widgets on the lockscreen means device users can perform tasks without unlocking the device.

Though Samsung Knox devices have a feature that is very similar, it is not the Android lockscreen widgets feature, which is what Ivanti EPMM controls. This option has no effect on Knox devices.

See also: Block Fingerprint and Block SmartLock settings in the Device Management Guide for Android Devices.

Enable

Microphone

Enable or disable access by apps to the microphone. This feature does not impact voice calls.

Enable

Always Connect Device to Managed Wi‑Fi

When enabled, device will automatically connect to a managed Wi‑Fi if one is available. This prevents users from connecting to a nearby access point if a managed Wi‑Fi is available.

If a managed Wi‑Fi is listed under Turn Off Wi-Fi for these SSIDs, enabling Always Connect Device to Managed Wi‑Fi will overrule that setting and will connect to the managed Wi‑Fi.

Disable

Debugging (USB, work profile and managed device)

Enable or disable the device user’s ability to enable debugging on the USB, work profile, and managed profile.

Enable

Enable Network Logging on Android

Enable Network Logging on Android - When enabled, network and connectivity information is collected. Network logging can be used to troubleshoot any issues with device connectivity for work apps and can be used for historical forensics. Once enabled, Ivanti EPMM allows administrators to collect the logs on-demand. Network logs contain DNS lookup and connect() library call events. These library functions are recorded while network logging is active:

  • getaddrinfo()
  • gethostbyname()
  • connect()

When network logging is enabled for Work Profile devices, the network logs will only include work profile network activity, not activity on the personal profile.

Disable

Related topics 

Lockdown policies