Restrictions Payload (Android Enterprise)
An application restrictions payload sets restrictions for fully managed Android Enterprise devices. Each device can only use one restrictions payload. If there are multiple restrictions payloads applied to the folder the device is in, only the payload with the highest priority will be sent to the device. You can view the payloads that have been sent to the device by viewing device details.
When you are using a restrictions payload, ensure you are not locking down functionality that is required for other operations. For example, watch for the following scenarios:
•Ensure your white listed apps are installed on the device before you apply the payload.
•Do not block the Settings application if you are using a passcode payload, since the user needs to access Settings in order to set or change a passcode.
To deactivate app restrictions, edit the original payload, redeploy the payload, and sync the desired devices.
Admin password
Devices that receive a restrictions payload can be set to require an admin password to preform certain actions from the device, such as unenrolling. To set an admin password, create or edit an Android Enterprise Restrictions payload, select Enable Admin Override, then enter a password. When attempting to preform a restricted action, the device user will be prompted for the admin password.
|
Factory reset protection
|
Factory reset protection requires an authorized account to sign in on the device after a factory reset. The authorized account is an account that was on the device before the factory reset. Using a corporate account on a device with factory reset protection provides another layer of device security by ensuring the company will retain control over the device, even after a factory reset. Factory reset protection is enabled by default. Select this option to disable it.
|
|
Factory resetting from the settings app
|
Prevents the user from factory resetting the device from the settings app.
|
|
Enable kiosk mode
|
Puts fully managed devices into dedicated device mode. This mode locks the device to the launchpad included in the Android Enterprise enabler. Only apps whitelisted in this payload will be accessible through the launchpad.
|
|
Whitelisted Apps
|
Create a whitelist to lock the device to approved apps. Apps in the list will appear in the enabler launchpad.
To add a specific app to the white list, search for apps in the Google Play Store by clicking the Browse icon. You can also add apps manually by typing the friendly name for the app in the App Name field and the Android package name in the App package field. For example, in order to add a Gmail app, type: Gmail com.google.android.gm
|
|
Factory reset protection
|
Factory reset protection requires an authorized account to sign in on the device after a factory reset. The authorized account is an account that was on the device before the factory reset. Using a corporate account on a device with factory reset protection provides another layer of device security by ensuring the company will retain control over the device, even after a factory reset. Factory reset protection is enabled by default. Select this option to disable it.
|
|
Factory resetting from the settings app
|
Prevents the user from factory resetting the device from the settings app.
|
Dedicated device mode / kiosk mode