Get
|
|||||
|
|
||||
Gets a policy
Authorization
To use this building block you will have to grant access to at least one of the following scopes:
- Manage Android devices and apps for your customers
Input
This building block consumes 1 input parameters
| Name | Format | Description |
|---|---|---|
name Required |
STRING |
The name of the policy in the form enterprises/{enterpriseId}/policies/{policyId} |
= Parameter name
= Format
|
name STRING Required The name of the policy in the form enterprises/{enterpriseId}/policies/{policyId} |
Output
This building block provides 179 output parameters
| Name | Format | Description | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
kioskCustomLauncherEnabled |
BOOLEAN |
Whether the kiosk custom launcher is enabled. This replaces the home screen with a launcher that locks down the device to the apps installed via the applications setting. The apps appear on a single page in alphabetical order. It is recommended to also use status_bar_disabled to block access to device settings |
||||||||||||||||
longSupportMessage |
OBJECT |
Provides a user-facing message with locale info. The maximum message length is 4096 characters |
||||||||||||||||
longSupportMessage.defaultMessage |
STRING |
The default message displayed if no localized message is specified or the user's locale doesn't match with any of the localized messages. A default message must be provided if any localized messages are provided |
||||||||||||||||
longSupportMessage.localizedMessages |
OBJECT |
A map containing <locale, message> pairs, where locale is a well-formed BCP 47 language (https://www.w3.org/International/articles/language-tags/) code, such as en-US, es-ES, or fr |
||||||||||||||||
longSupportMessage.localizedMessages.customKey.value |
STRING |
A map containing <locale, message> pairs, where locale is a well-formed BCP 47 language (https://www.w3.org/International/articles/language-tags/) code, such as en-US, es-ES, or fr |
||||||||||||||||
keyguardDisabledFeatures[] |
ENUMERATION |
|||||||||||||||||
vpnConfigDisabled |
BOOLEAN |
Whether configuring VPN is disabled |
||||||||||||||||
cameraDisabled |
BOOLEAN |
Whether all cameras on the device are disabled |
||||||||||||||||
factoryResetDisabled |
BOOLEAN |
Whether factory resetting from settings is disabled |
||||||||||||||||
wifiConfigDisabled |
BOOLEAN |
Whether configuring Wi-Fi access points is disabled |
||||||||||||||||
policyEnforcementRules[] |
OBJECT |
A rule that defines the actions to take if a device or work profile is not compliant with the policy specified in settingName |
||||||||||||||||
policyEnforcementRules[].wipeAction |
OBJECT |
An action to reset a fully managed device or delete a work profile. Note: blockAction must also be specified |
||||||||||||||||
policyEnforcementRules[].wipeAction.preserveFrp |
BOOLEAN |
Whether the factory-reset protection data is preserved on the device. This setting doesn’t apply to work profiles |
||||||||||||||||
policyEnforcementRules[].wipeAction.wipeAfterDays |
INTEGER |
Number of days the policy is non-compliant before the device or work profile is wiped. wipeAfterDays must be greater than blockAfterDays |
||||||||||||||||
policyEnforcementRules[].settingName |
STRING |
The top-level policy to enforce. For example, applications or passwordPolicies |
||||||||||||||||
policyEnforcementRules[].blockAction |
OBJECT |
An action to block access to apps and data on a fully managed device or in a work profile. This action also triggers a device or work profile to displays a user-facing notification with information (where possible) on how to correct the compliance issue. Note: wipeAction must also be specified |
||||||||||||||||
policyEnforcementRules[].blockAction.blockAfterDays |
INTEGER |
Number of days the policy is non-compliant before the device or work profile is blocked. To block access immediately, set to 0. blockAfterDays must be less than wipeAfterDays |
||||||||||||||||
addUserDisabled |
BOOLEAN |
Whether adding new users and profiles is disabled |
||||||||||||||||
setUserIconDisabled |
BOOLEAN |
Whether changing the user icon is disabled |
||||||||||||||||
setWallpaperDisabled |
BOOLEAN |
Whether changing the wallpaper is disabled |
||||||||||||||||
shortSupportMessage |
OBJECT |
Provides a user-facing message with locale info. The maximum message length is 4096 characters |
||||||||||||||||
shortSupportMessage.defaultMessage |
STRING |
The default message displayed if no localized message is specified or the user's locale doesn't match with any of the localized messages. A default message must be provided if any localized messages are provided |
||||||||||||||||
shortSupportMessage.localizedMessages |
OBJECT |
A map containing <locale, message> pairs, where locale is a well-formed BCP 47 language (https://www.w3.org/International/articles/language-tags/) code, such as en-US, es-ES, or fr |
||||||||||||||||
shortSupportMessage.localizedMessages.customKey.value |
STRING |
A map containing <locale, message> pairs, where locale is a well-formed BCP 47 language (https://www.w3.org/International/articles/language-tags/) code, such as en-US, es-ES, or fr |
||||||||||||||||
ensureVerifyAppsEnabled |
BOOLEAN |
Whether app verification is force-enabled |
||||||||||||||||
debuggingFeaturesAllowed |
BOOLEAN |
Whether the user is allowed to enable debugging features |
||||||||||||||||
openNetworkConfiguration |
OBJECT |
Network configuration for the device. See configure networks for more information |
||||||||||||||||
openNetworkConfiguration.customKey.value |
ANY |
Network configuration for the device. See configure networks for more information |
||||||||||||||||
cellBroadcastsConfigDisabled |
BOOLEAN |
Whether configuring cell broadcast is disabled |
||||||||||||||||
shareLocationDisabled |
BOOLEAN |
Whether location sharing is disabled |
||||||||||||||||
androidDevicePolicyTracks[] |
ENUMERATION |
|||||||||||||||||
modifyAccountsDisabled |
BOOLEAN |
Whether adding or removing accounts is disabled |
||||||||||||||||
frpAdminEmails[] |
STRING |
|||||||||||||||||
locationMode |
ENUMERATION |
The degree of location detection enabled. The user may change the value unless the user is otherwise blocked from accessing device settings |
||||||||||||||||
installUnknownSourcesAllowed |
BOOLEAN |
Whether the user is allowed to enable the "Unknown Sources" setting, which allows installation of apps from unknown sources |
||||||||||||||||
privateKeySelectionEnabled |
BOOLEAN |
Allows showing UI on a device for a user to choose a private key alias if there are no matching rules in ChoosePrivateKeyRules. For devices below Android P, setting this may leave enterprise keys vulnerable |
||||||||||||||||
persistentPreferredActivities[] |
OBJECT |
A default activity for handling intents that match a particular intent filter |
||||||||||||||||
persistentPreferredActivities[].actions[] |
STRING |
|||||||||||||||||
persistentPreferredActivities[].categories[] |
STRING |
|||||||||||||||||
persistentPreferredActivities[].receiverActivity |
STRING |
The activity that should be the default intent handler. This should be an Android component name, e.g. com.android.enterprise.app/.MainActivity. Alternatively, the value may be the package name of an app, which causes Android Device Policy to choose an appropriate activity from the app to handle the intent |
||||||||||||||||
setupActions[] |
OBJECT |
An action executed during setup |
||||||||||||||||
setupActions[].launchApp |
OBJECT |
An action to launch an app |
||||||||||||||||
setupActions[].launchApp.packageName |
STRING |
Package name of app to be launched |
||||||||||||||||
setupActions[].description |
OBJECT |
Provides a user-facing message with locale info. The maximum message length is 4096 characters |
||||||||||||||||
setupActions[].description.defaultMessage |
STRING |
The default message displayed if no localized message is specified or the user's locale doesn't match with any of the localized messages. A default message must be provided if any localized messages are provided |
||||||||||||||||
setupActions[].description.localizedMessages |
OBJECT |
A map containing <locale, message> pairs, where locale is a well-formed BCP 47 language (https://www.w3.org/International/articles/language-tags/) code, such as en-US, es-ES, or fr |
||||||||||||||||
setupActions[].description.localizedMessages.customKey.value |
STRING |
A map containing <locale, message> pairs, where locale is a well-formed BCP 47 language (https://www.w3.org/International/articles/language-tags/) code, such as en-US, es-ES, or fr |
||||||||||||||||
setupActions[].title |
OBJECT |
Provides a user-facing message with locale info. The maximum message length is 4096 characters |
||||||||||||||||
setupActions[].title.defaultMessage |
STRING |
The default message displayed if no localized message is specified or the user's locale doesn't match with any of the localized messages. A default message must be provided if any localized messages are provided |
||||||||||||||||
setupActions[].title.localizedMessages |
OBJECT |
A map containing <locale, message> pairs, where locale is a well-formed BCP 47 language (https://www.w3.org/International/articles/language-tags/) code, such as en-US, es-ES, or fr |
||||||||||||||||
setupActions[].title.localizedMessages.customKey.value |
STRING |
A map containing <locale, message> pairs, where locale is a well-formed BCP 47 language (https://www.w3.org/International/articles/language-tags/) code, such as en-US, es-ES, or fr |
||||||||||||||||
bluetoothContactSharingDisabled |
BOOLEAN |
Whether bluetooth contact sharing is disabled |
||||||||||||||||
createWindowsDisabled |
BOOLEAN |
Whether creating windows besides app windows is disabled |
||||||||||||||||
autoTimeRequired |
BOOLEAN |
Whether auto time is required, which prevents the user from manually setting the date and time |
||||||||||||||||
removeUserDisabled |
BOOLEAN |
Whether removing other users is disabled |
||||||||||||||||
complianceRules[] |
OBJECT |
A rule declaring which mitigating actions to take when a device is not compliant with its policy. For every rule, there is always an implicit mitigating action to set policy_compliant to false for the Device resource, and display a message on the device indicating that the device is not compliant with its policy. Other mitigating actions may optionally be taken as well, depending on the field values in the rule |
||||||||||||||||
complianceRules[].apiLevelCondition |
OBJECT |
A compliance rule condition which is satisfied if the Android Framework API level on the device doesn't meet a minimum requirement. There can only be one rule with this type of condition per policy |
||||||||||||||||
complianceRules[].apiLevelCondition.minApiLevel |
INTEGER |
The minimum desired Android Framework API level. If the device doesn't meet the minimum requirement, this condition is satisfied. Must be greater than zero |
||||||||||||||||
complianceRules[].nonComplianceDetailCondition |
OBJECT |
A compliance rule condition which is satisfied if there exists any matching NonComplianceDetail for the device. A NonComplianceDetail matches a NonComplianceDetailCondition if all the fields which are set within the NonComplianceDetailCondition match the corresponding NonComplianceDetail fields |
||||||||||||||||
complianceRules[].nonComplianceDetailCondition.packageName |
STRING |
The package name of the app that's out of compliance. If not set, then this condition matches any package name |
||||||||||||||||
complianceRules[].nonComplianceDetailCondition.settingName |
STRING |
The name of the policy setting. This is the JSON field name of a top-level Policy field. If not set, then this condition matches any setting name |
||||||||||||||||
complianceRules[].nonComplianceDetailCondition.nonComplianceReason |
ENUMERATION |
The reason the device is not in compliance with the setting. If not set, then this condition matches any reason |
||||||||||||||||
complianceRules[].packageNamesToDisable[] |
STRING |
|||||||||||||||||
complianceRules[].disableApps |
BOOLEAN |
If set to true, the rule includes a mitigating action to disable apps so that the device is effectively disabled, but app data is preserved. If the device is running an app in locked task mode, the app will be closed and a UI showing the reason for non-compliance will be displayed |
||||||||||||||||
smsDisabled |
BOOLEAN |
Whether sending and receiving SMS messages is disabled |
||||||||||||||||
systemUpdate |
OBJECT |
Configuration for managing system updates |
||||||||||||||||
systemUpdate.endMinutes |
INTEGER |
If the type is WINDOWED, the end of the maintenance window, measured as the number of minutes after midnight in device's local time. This value must be between 0 and 1439, inclusive. If this value is less than start_minutes, then the maintenance window spans midnight. If the maintenance window specified is smaller than 30 minutes, the actual window is extended to 30 minutes beyond the start time |
||||||||||||||||
systemUpdate.type |
ENUMERATION |
The type of system update to configure |
||||||||||||||||
systemUpdate.startMinutes |
INTEGER |
If the type is WINDOWED, the start of the maintenance window, measured as the number of minutes after midnight in the device's local time. This value must be between 0 and 1439, inclusive |
||||||||||||||||
installAppsDisabled |
BOOLEAN |
Whether user installation of apps is disabled |
||||||||||||||||
appAutoUpdatePolicy |
ENUMERATION |
The app auto update policy, which controls when automatic app updates can be applied |
||||||||||||||||
uninstallAppsDisabled |
BOOLEAN |
Whether user uninstallation of applications is disabled |
||||||||||||||||
statusBarDisabled |
BOOLEAN |
Whether the status bar is disabled. This disables notifications, quick settings, and other screen overlays that allow escape from full-screen mode |
||||||||||||||||
deviceOwnerLockScreenInfo |
OBJECT |
Provides a user-facing message with locale info. The maximum message length is 4096 characters |
||||||||||||||||
deviceOwnerLockScreenInfo.defaultMessage |
STRING |
The default message displayed if no localized message is specified or the user's locale doesn't match with any of the localized messages. A default message must be provided if any localized messages are provided |
||||||||||||||||
deviceOwnerLockScreenInfo.localizedMessages |
OBJECT |
A map containing <locale, message> pairs, where locale is a well-formed BCP 47 language (https://www.w3.org/International/articles/language-tags/) code, such as en-US, es-ES, or fr |
||||||||||||||||
deviceOwnerLockScreenInfo.localizedMessages.customKey.value |
STRING |
A map containing <locale, message> pairs, where locale is a well-formed BCP 47 language (https://www.w3.org/International/articles/language-tags/) code, such as en-US, es-ES, or fr |
||||||||||||||||
credentialsConfigDisabled |
BOOLEAN |
Whether configuring user credentials is disabled |
||||||||||||||||
blockApplicationsEnabled |
BOOLEAN |
Whether applications other than the ones configured in applications are blocked from being installed. When set, applications that were installed under a previous policy but no longer appear in the policy are automatically uninstalled |
||||||||||||||||
accountTypesWithManagementDisabled[] |
STRING |
|||||||||||||||||
safeBootDisabled |
BOOLEAN |
Whether rebooting the device into safe boot is disabled |
||||||||||||||||
applications[] |
OBJECT |
Policy for an individual app |
||||||||||||||||
applications[].defaultPermissionPolicy |
ENUMERATION |
The default policy for all permissions requested by the app. If specified, this overrides the policy-level default_permission_policy which applies to all apps. It does not override the permission_grants which applies to all apps |
||||||||||||||||
applications[].disabled |
BOOLEAN |
Whether the app is disabled. When disabled, the app data is still preserved |
||||||||||||||||
applications[].delegatedScopes[] |
ENUMERATION |
|||||||||||||||||
applications[].packageName |
STRING |
The package name of the app. For example, com.google.android.youtube for the YouTube app |
||||||||||||||||
applications[].installType |
ENUMERATION |
The type of installation to perform |
||||||||||||||||
applications[].minimumVersionCode |
INTEGER |
The minimum version of the app that runs on the device. If set, the device attempts to update the app to at least this version code. If the app is not up-to-date, the device will contain a NonComplianceDetail with non_compliance_reason set to APP_NOT_UPDATED. The app must already be published to Google Play with a version code greater than or equal to this value. At most 20 apps may specify a minimum version code per policy |
||||||||||||||||
applications[].permissionGrants[] |
OBJECT |
Configuration for an Android permission and its grant state |
||||||||||||||||
applications[].permissionGrants[].permission |
STRING |
The Android permission or group, e.g. android.permission.READ_CALENDAR or android.permission_group.CALENDAR |
||||||||||||||||
applications[].permissionGrants[].policy |
ENUMERATION |
The policy for granting the permission |
||||||||||||||||
applications[].lockTaskAllowed |
BOOLEAN |
Whether the app is allowed to lock itself in full-screen mode |
||||||||||||||||
applications[].managedConfiguration |
OBJECT |
Managed configuration applied to the app. The format for the configuration is dictated by the ManagedProperty values supported by the app. Each field name in the managed configuration must match the key field of the ManagedProperty. The field value must be compatible with the type of the ManagedProperty:
|
||||||||||||||||
applications[].managedConfiguration.customKey.value |
ANY |
Managed configuration applied to the app. The format for the configuration is dictated by the ManagedProperty values supported by the app. Each field name in the managed configuration must match the key field of the ManagedProperty. The field value must be compatible with the type of the ManagedProperty:
|
||||||||||||||||
applications[].managedConfigurationTemplate |
OBJECT |
The managed configurations template for the app, saved from the managed configurations iframe |
||||||||||||||||
applications[].managedConfigurationTemplate.configurationVariables |
OBJECT |
Optional, a map containing <key, value> configuration variables defined for the configuration |
||||||||||||||||
applications[].managedConfigurationTemplate.configurationVariables.customKey.value |
STRING |
Optional, a map containing <key, value> configuration variables defined for the configuration |
||||||||||||||||
applications[].managedConfigurationTemplate.templateId |
STRING |
The ID of the managed configurations template |
||||||||||||||||
minimumApiLevel |
INTEGER |
The minimum allowed Android API level |
||||||||||||||||
usbMassStorageEnabled |
BOOLEAN |
Whether USB storage is enabled. Deprecated |
||||||||||||||||
keyguardDisabled |
BOOLEAN |
Whether the keyguard is disabled |
||||||||||||||||
choosePrivateKeyRules[] |
OBJECT |
A rule for automatically choosing a private key and certificate to authenticate the device to a server |
||||||||||||||||
choosePrivateKeyRules[].privateKeyAlias |
STRING |
The alias of the private key to be used |
||||||||||||||||
choosePrivateKeyRules[].packageNames[] |
STRING |
|||||||||||||||||
choosePrivateKeyRules[].urlPattern |
STRING |
The URL pattern to match against the URL of the outgoing request. The pattern may contain asterisk (*) wildcards. Any URL is matched if unspecified |
||||||||||||||||
permissionGrants[] |
OBJECT |
Configuration for an Android permission and its grant state |
||||||||||||||||
permissionGrants[].permission |
STRING |
The Android permission or group, e.g. android.permission.READ_CALENDAR or android.permission_group.CALENDAR |
||||||||||||||||
permissionGrants[].policy |
ENUMERATION |
The policy for granting the permission |
||||||||||||||||
permittedInputMethods |
OBJECT |
A list of package names |
||||||||||||||||
permittedInputMethods.packageNames[] |
STRING |
|||||||||||||||||
screenCaptureDisabled |
BOOLEAN |
Whether screen capture is disabled |
||||||||||||||||
passwordPolicies[] |
OBJECT |
Requirements for the password used to unlock a device |
||||||||||||||||
passwordPolicies[].passwordMinimumNonLetter |
INTEGER |
Minimum number of non-letter characters (numerical digits or symbols) required in the password. Only enforced when password_quality is COMPLEX |
||||||||||||||||
passwordPolicies[].passwordHistoryLength |
INTEGER |
The length of the password history. After setting this field, the user won't be able to enter a new password that is the same as any password in the history. A value of 0 means there is no restriction |
||||||||||||||||
passwordPolicies[].maximumFailedPasswordsForWipe |
INTEGER |
Number of incorrect device-unlock passwords that can be entered before a device is wiped. A value of 0 means there is no restriction |
||||||||||||||||
passwordPolicies[].passwordQuality |
ENUMERATION |
The required password quality |
||||||||||||||||
passwordPolicies[].passwordScope |
ENUMERATION |
The scope that the password requirement applies to |
||||||||||||||||
passwordPolicies[].passwordMinimumNumeric |
INTEGER |
Minimum number of numerical digits required in the password. Only enforced when password_quality is COMPLEX |
||||||||||||||||
passwordPolicies[].passwordMinimumSymbols |
INTEGER |
Minimum number of symbols required in the password. Only enforced when password_quality is COMPLEX |
||||||||||||||||
passwordPolicies[].passwordMinimumLetters |
INTEGER |
Minimum number of letters required in the password. Only enforced when password_quality is COMPLEX |
||||||||||||||||
passwordPolicies[].passwordMinimumLowerCase |
INTEGER |
Minimum number of lower case letters required in the password. Only enforced when password_quality is COMPLEX |
||||||||||||||||
passwordPolicies[].passwordMinimumLength |
INTEGER |
The minimum allowed password length. A value of 0 means there is no restriction. Only enforced when password_quality is NUMERIC, NUMERIC_COMPLEX, ALPHABETIC, ALPHANUMERIC, or COMPLEX |
||||||||||||||||
passwordPolicies[].passwordExpirationTimeout |
ANY |
Password expiration timeout |
||||||||||||||||
passwordPolicies[].passwordMinimumUpperCase |
INTEGER |
Minimum number of upper case letters required in the password. Only enforced when password_quality is COMPLEX |
||||||||||||||||
networkResetDisabled |
BOOLEAN |
Whether resetting network settings is disabled |
||||||||||||||||
mobileNetworksConfigDisabled |
BOOLEAN |
Whether configuring mobile networks is disabled |
||||||||||||||||
networkEscapeHatchEnabled |
BOOLEAN |
Whether the network escape hatch is enabled. If a network connection can't be made at boot time, the escape hatch prompts the user to temporarily connect to a network in order to refresh the device policy. After applying policy, the temporary network will be forgotten and the device will continue booting. This prevents being unable to connect to a network if there is no suitable network in the last policy and the device boots into an app in lock task mode, or the user is otherwise unable to reach device settings |
||||||||||||||||
name |
STRING |
The name of the policy in the form enterprises/{enterpriseId}/policies/{policyId} |
||||||||||||||||
playStoreMode |
ENUMERATION |
This mode controls which apps are available to the user in the Play Store and the behavior on the device when apps are removed from the policy |
||||||||||||||||
unmuteMicrophoneDisabled |
BOOLEAN |
Whether the microphone is muted and adjusting microphone volume is disabled |
||||||||||||||||
encryptionPolicy |
ENUMERATION |
Whether encryption is enabled |
||||||||||||||||
recommendedGlobalProxy |
OBJECT |
Configuration info for an HTTP proxy. For a direct proxy, set the host, port, and excluded_hosts fields. For a PAC script proxy, set the pac_uri field |
||||||||||||||||
recommendedGlobalProxy.pacUri |
STRING |
The URI of the PAC script used to configure the proxy |
||||||||||||||||
recommendedGlobalProxy.port |
INTEGER |
The port of the direct proxy |
||||||||||||||||
recommendedGlobalProxy.host |
STRING |
The host of the direct proxy |
||||||||||||||||
recommendedGlobalProxy.excludedHosts[] |
STRING |
|||||||||||||||||
skipFirstUseHintsEnabled |
BOOLEAN |
Flag to skip hints on the first use. Enterprise admin can enable the system recommendation for apps to skip their user tutorial and other introductory hints on first start-up |
||||||||||||||||
usbFileTransferDisabled |
BOOLEAN |
Whether transferring files over USB is disabled |
||||||||||||||||
outgoingCallsDisabled |
BOOLEAN |
Whether outgoing calls are disabled |
||||||||||||||||
adjustVolumeDisabled |
BOOLEAN |
Whether adjusting the master volume is disabled |
||||||||||||||||
defaultPermissionPolicy |
ENUMERATION |
The default permission policy for runtime permission requests |
||||||||||||||||
stayOnPluggedModes[] |
ENUMERATION |
|||||||||||||||||
bluetoothConfigDisabled |
BOOLEAN |
Whether configuring bluetooth is disabled |
||||||||||||||||
outgoingBeamDisabled |
BOOLEAN |
Whether using NFC to beam data from apps is disabled |
||||||||||||||||
dataRoamingDisabled |
BOOLEAN |
Whether roaming data services are disabled |
||||||||||||||||
wifiConfigsLockdownEnabled |
BOOLEAN |
DEPRECATED - Use wifi_config_disabled |
||||||||||||||||
bluetoothDisabled |
BOOLEAN |
Whether bluetooth is disabled. Prefer this setting over bluetooth_config_disabled because bluetooth_config_disabled can be bypassed by the user |
||||||||||||||||
alwaysOnVpnPackage |
OBJECT |
Configuration for an always-on VPN connection |
||||||||||||||||
alwaysOnVpnPackage.lockdownEnabled |
BOOLEAN |
Disallows networking when the VPN is not connected |
||||||||||||||||
alwaysOnVpnPackage.packageName |
STRING |
The package name of the VPN app |
||||||||||||||||
version |
INTEGER |
The version of the policy. This is a read-only field. The version is incremented each time the policy is updated |
||||||||||||||||
mountPhysicalMediaDisabled |
BOOLEAN |
Whether the user mounting physical external media is disabled |
||||||||||||||||
passwordRequirements |
OBJECT |
Requirements for the password used to unlock a device |
||||||||||||||||
passwordRequirements.passwordMinimumNonLetter |
INTEGER |
Minimum number of non-letter characters (numerical digits or symbols) required in the password. Only enforced when password_quality is COMPLEX |
||||||||||||||||
passwordRequirements.passwordHistoryLength |
INTEGER |
The length of the password history. After setting this field, the user won't be able to enter a new password that is the same as any password in the history. A value of 0 means there is no restriction |
||||||||||||||||
passwordRequirements.maximumFailedPasswordsForWipe |
INTEGER |
Number of incorrect device-unlock passwords that can be entered before a device is wiped. A value of 0 means there is no restriction |
||||||||||||||||
passwordRequirements.passwordQuality |
ENUMERATION |
The required password quality |
||||||||||||||||
passwordRequirements.passwordScope |
ENUMERATION |
The scope that the password requirement applies to |
||||||||||||||||
passwordRequirements.passwordMinimumNumeric |
INTEGER |
Minimum number of numerical digits required in the password. Only enforced when password_quality is COMPLEX |
||||||||||||||||
passwordRequirements.passwordMinimumSymbols |
INTEGER |
Minimum number of symbols required in the password. Only enforced when password_quality is COMPLEX |
||||||||||||||||
passwordRequirements.passwordMinimumLetters |
INTEGER |
Minimum number of letters required in the password. Only enforced when password_quality is COMPLEX |
||||||||||||||||
passwordRequirements.passwordMinimumLowerCase |
INTEGER |
Minimum number of lower case letters required in the password. Only enforced when password_quality is COMPLEX |
||||||||||||||||
passwordRequirements.passwordMinimumLength |
INTEGER |
The minimum allowed password length. A value of 0 means there is no restriction. Only enforced when password_quality is NUMERIC, NUMERIC_COMPLEX, ALPHABETIC, ALPHANUMERIC, or COMPLEX |
||||||||||||||||
passwordRequirements.passwordExpirationTimeout |
ANY |
Password expiration timeout |
||||||||||||||||
passwordRequirements.passwordMinimumUpperCase |
INTEGER |
Minimum number of upper case letters required in the password. Only enforced when password_quality is COMPLEX |
||||||||||||||||
tetheringConfigDisabled |
BOOLEAN |
Whether configuring tethering and portable hotspots is disabled |
||||||||||||||||
statusReportingSettings |
OBJECT |
Settings controlling the behavior of status reports |
||||||||||||||||
statusReportingSettings.softwareInfoEnabled |
BOOLEAN |
Whether software info reporting is enabled |
||||||||||||||||
statusReportingSettings.applicationReportsEnabled |
BOOLEAN |
Whether app reports are enabled |
||||||||||||||||
statusReportingSettings.hardwareStatusEnabled |
BOOLEAN |
Whether hardware status reporting is enabled |
||||||||||||||||
statusReportingSettings.memoryInfoEnabled |
BOOLEAN |
Whether memory reporting is enabled |
||||||||||||||||
statusReportingSettings.displayInfoEnabled |
BOOLEAN |
Whether displays reporting is enabled |
||||||||||||||||
statusReportingSettings.powerManagementEventsEnabled |
BOOLEAN |
Whether power management event reporting is enabled |
||||||||||||||||
statusReportingSettings.deviceSettingsEnabled |
BOOLEAN |
Whether device settings reporting is enabled |
||||||||||||||||
statusReportingSettings.networkInfoEnabled |
BOOLEAN |
Whether network info reporting is enabled |
||||||||||||||||
statusReportingSettings.applicationReportingSettings |
OBJECT |
Settings controlling the behavior of application reports |
||||||||||||||||
statusReportingSettings.applicationReportingSettings.includeRemovedApps |
BOOLEAN |
Whether removed apps are included in application reports |
||||||||||||||||
maximumTimeToLock |
INTEGER |
Maximum time in milliseconds for user activity until the device locks. A value of 0 means there is no restriction |
||||||||||||||||
funDisabled |
BOOLEAN |
Whether the user is allowed to have fun. Controls whether the Easter egg game in Settings is disabled |
= Parameter name
= Format
|
kioskCustomLauncherEnabled BOOLEAN Whether the kiosk custom launcher is enabled. This replaces the home screen with a launcher that locks down the device to the apps installed via the applications setting. The apps appear on a single page in alphabetical order. It is recommended to also use status_bar_disabled to block access to device settings |
||||||||||||||||
|
longSupportMessage OBJECT Provides a user-facing message with locale info. The maximum message length is 4096 characters |
||||||||||||||||
|
longSupportMessage.defaultMessage STRING The default message displayed if no localized message is specified or the user's locale doesn't match with any of the localized messages. A default message must be provided if any localized messages are provided |
||||||||||||||||
|
longSupportMessage.localizedMessages OBJECT A map containing <locale, message> pairs, where locale is a well-formed BCP 47 language (https://www.w3.org/International/articles/language-tags/) code, such as en-US, es-ES, or fr |
||||||||||||||||
|
longSupportMessage.localizedMessages.customKey.value STRING A map containing <locale, message> pairs, where locale is a well-formed BCP 47 language (https://www.w3.org/International/articles/language-tags/) code, such as en-US, es-ES, or fr |
||||||||||||||||
|
keyguardDisabledFeatures[] ENUMERATION |
||||||||||||||||
|
vpnConfigDisabled BOOLEAN Whether configuring VPN is disabled |
||||||||||||||||
|
cameraDisabled BOOLEAN Whether all cameras on the device are disabled |
||||||||||||||||
|
factoryResetDisabled BOOLEAN Whether factory resetting from settings is disabled |
||||||||||||||||
|
wifiConfigDisabled BOOLEAN Whether configuring Wi-Fi access points is disabled |
||||||||||||||||
|
policyEnforcementRules[] OBJECT A rule that defines the actions to take if a device or work profile is not compliant with the policy specified in settingName |
||||||||||||||||
|
policyEnforcementRules[].wipeAction OBJECT An action to reset a fully managed device or delete a work profile. Note: blockAction must also be specified |
||||||||||||||||
|
policyEnforcementRules[].wipeAction.preserveFrp BOOLEAN Whether the factory-reset protection data is preserved on the device. This setting doesn’t apply to work profiles |
||||||||||||||||
|
policyEnforcementRules[].wipeAction.wipeAfterDays INTEGER Number of days the policy is non-compliant before the device or work profile is wiped. wipeAfterDays must be greater than blockAfterDays |
||||||||||||||||
|
policyEnforcementRules[].settingName STRING The top-level policy to enforce. For example, applications or passwordPolicies |
||||||||||||||||
|
policyEnforcementRules[].blockAction OBJECT An action to block access to apps and data on a fully managed device or in a work profile. This action also triggers a device or work profile to displays a user-facing notification with information (where possible) on how to correct the compliance issue. Note: wipeAction must also be specified |
||||||||||||||||
|
policyEnforcementRules[].blockAction.blockAfterDays INTEGER Number of days the policy is non-compliant before the device or work profile is blocked. To block access immediately, set to 0. blockAfterDays must be less than wipeAfterDays |
||||||||||||||||
|
addUserDisabled BOOLEAN Whether adding new users and profiles is disabled |
||||||||||||||||
|
setUserIconDisabled BOOLEAN Whether changing the user icon is disabled |
||||||||||||||||
|
setWallpaperDisabled BOOLEAN Whether changing the wallpaper is disabled |
||||||||||||||||
|
shortSupportMessage OBJECT Provides a user-facing message with locale info. The maximum message length is 4096 characters |
||||||||||||||||
|
shortSupportMessage.defaultMessage STRING The default message displayed if no localized message is specified or the user's locale doesn't match with any of the localized messages. A default message must be provided if any localized messages are provided |
||||||||||||||||
|
shortSupportMessage.localizedMessages OBJECT A map containing <locale, message> pairs, where locale is a well-formed BCP 47 language (https://www.w3.org/International/articles/language-tags/) code, such as en-US, es-ES, or fr |
||||||||||||||||
|
shortSupportMessage.localizedMessages.customKey.value STRING A map containing <locale, message> pairs, where locale is a well-formed BCP 47 language (https://www.w3.org/International/articles/language-tags/) code, such as en-US, es-ES, or fr |
||||||||||||||||
|
ensureVerifyAppsEnabled BOOLEAN Whether app verification is force-enabled |
||||||||||||||||
|
debuggingFeaturesAllowed BOOLEAN Whether the user is allowed to enable debugging features |
||||||||||||||||
|
openNetworkConfiguration OBJECT Network configuration for the device. See configure networks for more information |
||||||||||||||||
|
openNetworkConfiguration.customKey.value ANY Network configuration for the device. See configure networks for more information |
||||||||||||||||
|
cellBroadcastsConfigDisabled BOOLEAN Whether configuring cell broadcast is disabled |
||||||||||||||||
|
shareLocationDisabled BOOLEAN Whether location sharing is disabled |
||||||||||||||||
|
androidDevicePolicyTracks[] ENUMERATION |
||||||||||||||||
|
modifyAccountsDisabled BOOLEAN Whether adding or removing accounts is disabled |
||||||||||||||||
|
frpAdminEmails[] STRING |
||||||||||||||||
|
locationMode ENUMERATION The degree of location detection enabled. The user may change the value unless the user is otherwise blocked from accessing device settings |
||||||||||||||||
|
installUnknownSourcesAllowed BOOLEAN Whether the user is allowed to enable the "Unknown Sources" setting, which allows installation of apps from unknown sources |
||||||||||||||||
|
privateKeySelectionEnabled BOOLEAN Allows showing UI on a device for a user to choose a private key alias if there are no matching rules in ChoosePrivateKeyRules. For devices below Android P, setting this may leave enterprise keys vulnerable |
||||||||||||||||
|
persistentPreferredActivities[] OBJECT A default activity for handling intents that match a particular intent filter |
||||||||||||||||
|
persistentPreferredActivities[].actions[] STRING |
||||||||||||||||
|
persistentPreferredActivities[].categories[] STRING |
||||||||||||||||
|
persistentPreferredActivities[].receiverActivity STRING The activity that should be the default intent handler. This should be an Android component name, e.g. com.android.enterprise.app/.MainActivity. Alternatively, the value may be the package name of an app, which causes Android Device Policy to choose an appropriate activity from the app to handle the intent |
||||||||||||||||
|
setupActions[] OBJECT An action executed during setup |
||||||||||||||||
|
setupActions[].launchApp OBJECT An action to launch an app |
||||||||||||||||
|
setupActions[].launchApp.packageName STRING Package name of app to be launched |
||||||||||||||||
|
setupActions[].description OBJECT Provides a user-facing message with locale info. The maximum message length is 4096 characters |
||||||||||||||||
|
setupActions[].description.defaultMessage STRING The default message displayed if no localized message is specified or the user's locale doesn't match with any of the localized messages. A default message must be provided if any localized messages are provided |
||||||||||||||||
|
setupActions[].description.localizedMessages OBJECT A map containing <locale, message> pairs, where locale is a well-formed BCP 47 language (https://www.w3.org/International/articles/language-tags/) code, such as en-US, es-ES, or fr |
||||||||||||||||
|
setupActions[].description.localizedMessages.customKey.value STRING A map containing <locale, message> pairs, where locale is a well-formed BCP 47 language (https://www.w3.org/International/articles/language-tags/) code, such as en-US, es-ES, or fr |
||||||||||||||||
|
setupActions[].title OBJECT Provides a user-facing message with locale info. The maximum message length is 4096 characters |
||||||||||||||||
|
setupActions[].title.defaultMessage STRING The default message displayed if no localized message is specified or the user's locale doesn't match with any of the localized messages. A default message must be provided if any localized messages are provided |
||||||||||||||||
|
setupActions[].title.localizedMessages OBJECT A map containing <locale, message> pairs, where locale is a well-formed BCP 47 language (https://www.w3.org/International/articles/language-tags/) code, such as en-US, es-ES, or fr |
||||||||||||||||
|
setupActions[].title.localizedMessages.customKey.value STRING A map containing <locale, message> pairs, where locale is a well-formed BCP 47 language (https://www.w3.org/International/articles/language-tags/) code, such as en-US, es-ES, or fr |
||||||||||||||||
|
bluetoothContactSharingDisabled BOOLEAN Whether bluetooth contact sharing is disabled |
||||||||||||||||
|
createWindowsDisabled BOOLEAN Whether creating windows besides app windows is disabled |
||||||||||||||||
|
autoTimeRequired BOOLEAN Whether auto time is required, which prevents the user from manually setting the date and time |
||||||||||||||||
|
removeUserDisabled BOOLEAN Whether removing other users is disabled |
||||||||||||||||
|
complianceRules[] OBJECT A rule declaring which mitigating actions to take when a device is not compliant with its policy. For every rule, there is always an implicit mitigating action to set policy_compliant to false for the Device resource, and display a message on the device indicating that the device is not compliant with its policy. Other mitigating actions may optionally be taken as well, depending on the field values in the rule |
||||||||||||||||
|
complianceRules[].apiLevelCondition OBJECT A compliance rule condition which is satisfied if the Android Framework API level on the device doesn't meet a minimum requirement. There can only be one rule with this type of condition per policy |
||||||||||||||||
|
complianceRules[].apiLevelCondition.minApiLevel INTEGER The minimum desired Android Framework API level. If the device doesn't meet the minimum requirement, this condition is satisfied. Must be greater than zero |
||||||||||||||||
|
complianceRules[].nonComplianceDetailCondition OBJECT A compliance rule condition which is satisfied if there exists any matching NonComplianceDetail for the device. A NonComplianceDetail matches a NonComplianceDetailCondition if all the fields which are set within the NonComplianceDetailCondition match the corresponding NonComplianceDetail fields |
||||||||||||||||
|
complianceRules[].nonComplianceDetailCondition.packageName STRING The package name of the app that's out of compliance. If not set, then this condition matches any package name |
||||||||||||||||
|
complianceRules[].nonComplianceDetailCondition.settingName STRING The name of the policy setting. This is the JSON field name of a top-level Policy field. If not set, then this condition matches any setting name |
||||||||||||||||
|
complianceRules[].nonComplianceDetailCondition.nonComplianceReason ENUMERATION The reason the device is not in compliance with the setting. If not set, then this condition matches any reason |
||||||||||||||||
|
complianceRules[].packageNamesToDisable[] STRING |
||||||||||||||||
|
complianceRules[].disableApps BOOLEAN If set to true, the rule includes a mitigating action to disable apps so that the device is effectively disabled, but app data is preserved. If the device is running an app in locked task mode, the app will be closed and a UI showing the reason for non-compliance will be displayed |
||||||||||||||||
|
smsDisabled BOOLEAN Whether sending and receiving SMS messages is disabled |
||||||||||||||||
|
systemUpdate OBJECT Configuration for managing system updates |
||||||||||||||||
|
systemUpdate.endMinutes INTEGER If the type is WINDOWED, the end of the maintenance window, measured as the number of minutes after midnight in device's local time. This value must be between 0 and 1439, inclusive. If this value is less than start_minutes, then the maintenance window spans midnight. If the maintenance window specified is smaller than 30 minutes, the actual window is extended to 30 minutes beyond the start time |
||||||||||||||||
|
systemUpdate.type ENUMERATION The type of system update to configure |
||||||||||||||||
|
systemUpdate.startMinutes INTEGER If the type is WINDOWED, the start of the maintenance window, measured as the number of minutes after midnight in the device's local time. This value must be between 0 and 1439, inclusive |
||||||||||||||||
|
installAppsDisabled BOOLEAN Whether user installation of apps is disabled |
||||||||||||||||
|
appAutoUpdatePolicy ENUMERATION The app auto update policy, which controls when automatic app updates can be applied |
||||||||||||||||
|
uninstallAppsDisabled BOOLEAN Whether user uninstallation of applications is disabled |
||||||||||||||||
|
statusBarDisabled BOOLEAN Whether the status bar is disabled. This disables notifications, quick settings, and other screen overlays that allow escape from full-screen mode |
||||||||||||||||
|
deviceOwnerLockScreenInfo OBJECT Provides a user-facing message with locale info. The maximum message length is 4096 characters |
||||||||||||||||
|
deviceOwnerLockScreenInfo.defaultMessage STRING The default message displayed if no localized message is specified or the user's locale doesn't match with any of the localized messages. A default message must be provided if any localized messages are provided |
||||||||||||||||
|
deviceOwnerLockScreenInfo.localizedMessages OBJECT A map containing <locale, message> pairs, where locale is a well-formed BCP 47 language (https://www.w3.org/International/articles/language-tags/) code, such as en-US, es-ES, or fr |
||||||||||||||||
|
deviceOwnerLockScreenInfo.localizedMessages.customKey.value STRING A map containing <locale, message> pairs, where locale is a well-formed BCP 47 language (https://www.w3.org/International/articles/language-tags/) code, such as en-US, es-ES, or fr |
||||||||||||||||
|
credentialsConfigDisabled BOOLEAN Whether configuring user credentials is disabled |
||||||||||||||||
|
blockApplicationsEnabled BOOLEAN Whether applications other than the ones configured in applications are blocked from being installed. When set, applications that were installed under a previous policy but no longer appear in the policy are automatically uninstalled |
||||||||||||||||
|
accountTypesWithManagementDisabled[] STRING |
||||||||||||||||
|
safeBootDisabled BOOLEAN Whether rebooting the device into safe boot is disabled |
||||||||||||||||
|
applications[] OBJECT Policy for an individual app |
||||||||||||||||
|
applications[].defaultPermissionPolicy ENUMERATION The default policy for all permissions requested by the app. If specified, this overrides the policy-level default_permission_policy which applies to all apps. It does not override the permission_grants which applies to all apps |
||||||||||||||||
|
applications[].disabled BOOLEAN Whether the app is disabled. When disabled, the app data is still preserved |
||||||||||||||||
|
applications[].delegatedScopes[] ENUMERATION |
||||||||||||||||
|
applications[].packageName STRING The package name of the app. For example, com.google.android.youtube for the YouTube app |
||||||||||||||||
|
applications[].installType ENUMERATION The type of installation to perform |
||||||||||||||||
|
applications[].minimumVersionCode INTEGER The minimum version of the app that runs on the device. If set, the device attempts to update the app to at least this version code. If the app is not up-to-date, the device will contain a NonComplianceDetail with non_compliance_reason set to APP_NOT_UPDATED. The app must already be published to Google Play with a version code greater than or equal to this value. At most 20 apps may specify a minimum version code per policy |
||||||||||||||||
|
applications[].permissionGrants[] OBJECT Configuration for an Android permission and its grant state |
||||||||||||||||
|
applications[].permissionGrants[].permission STRING The Android permission or group, e.g. android.permission.READ_CALENDAR or android.permission_group.CALENDAR |
||||||||||||||||
|
applications[].permissionGrants[].policy ENUMERATION The policy for granting the permission |
||||||||||||||||
|
applications[].lockTaskAllowed BOOLEAN Whether the app is allowed to lock itself in full-screen mode |
||||||||||||||||
|
applications[].managedConfiguration OBJECT Managed configuration applied to the app. The format for the configuration is dictated by the ManagedProperty values supported by the app. Each field name in the managed configuration must match the key field of the ManagedProperty. The field value must be compatible with the type of the ManagedProperty:
|
||||||||||||||||
|
applications[].managedConfiguration.customKey.value ANY Managed configuration applied to the app. The format for the configuration is dictated by the ManagedProperty values supported by the app. Each field name in the managed configuration must match the key field of the ManagedProperty. The field value must be compatible with the type of the ManagedProperty:
|
||||||||||||||||
|
applications[].managedConfigurationTemplate OBJECT The managed configurations template for the app, saved from the managed configurations iframe |
||||||||||||||||
|
applications[].managedConfigurationTemplate.configurationVariables OBJECT Optional, a map containing <key, value> configuration variables defined for the configuration |
||||||||||||||||
|
applications[].managedConfigurationTemplate.configurationVariables.customKey.value STRING Optional, a map containing <key, value> configuration variables defined for the configuration |
||||||||||||||||
|
applications[].managedConfigurationTemplate.templateId STRING The ID of the managed configurations template |
||||||||||||||||
|
minimumApiLevel INTEGER The minimum allowed Android API level |
||||||||||||||||
|
usbMassStorageEnabled BOOLEAN Whether USB storage is enabled. Deprecated |
||||||||||||||||
|
keyguardDisabled BOOLEAN Whether the keyguard is disabled |
||||||||||||||||
|
choosePrivateKeyRules[] OBJECT A rule for automatically choosing a private key and certificate to authenticate the device to a server |
||||||||||||||||
|
choosePrivateKeyRules[].privateKeyAlias STRING The alias of the private key to be used |
||||||||||||||||
|
choosePrivateKeyRules[].packageNames[] STRING |
||||||||||||||||
|
choosePrivateKeyRules[].urlPattern STRING The URL pattern to match against the URL of the outgoing request. The pattern may contain asterisk (*) wildcards. Any URL is matched if unspecified |
||||||||||||||||
|
permissionGrants[] OBJECT Configuration for an Android permission and its grant state |
||||||||||||||||
|
permissionGrants[].permission STRING The Android permission or group, e.g. android.permission.READ_CALENDAR or android.permission_group.CALENDAR |
||||||||||||||||
|
permissionGrants[].policy ENUMERATION The policy for granting the permission |
||||||||||||||||
|
permittedInputMethods OBJECT A list of package names |
||||||||||||||||
|
permittedInputMethods.packageNames[] STRING |
||||||||||||||||
|
screenCaptureDisabled BOOLEAN Whether screen capture is disabled |
||||||||||||||||
|
passwordPolicies[] OBJECT Requirements for the password used to unlock a device |
||||||||||||||||
|
passwordPolicies[].passwordMinimumNonLetter INTEGER Minimum number of non-letter characters (numerical digits or symbols) required in the password. Only enforced when password_quality is COMPLEX |
||||||||||||||||
|
passwordPolicies[].passwordHistoryLength INTEGER The length of the password history. After setting this field, the user won't be able to enter a new password that is the same as any password in the history. A value of 0 means there is no restriction |
||||||||||||||||
|
passwordPolicies[].maximumFailedPasswordsForWipe INTEGER Number of incorrect device-unlock passwords that can be entered before a device is wiped. A value of 0 means there is no restriction |
||||||||||||||||
|
passwordPolicies[].passwordQuality ENUMERATION The required password quality |
||||||||||||||||
|
passwordPolicies[].passwordScope ENUMERATION The scope that the password requirement applies to |
||||||||||||||||
|
passwordPolicies[].passwordMinimumNumeric INTEGER Minimum number of numerical digits required in the password. Only enforced when password_quality is COMPLEX |
||||||||||||||||
|
passwordPolicies[].passwordMinimumSymbols INTEGER Minimum number of symbols required in the password. Only enforced when password_quality is COMPLEX |
||||||||||||||||
|
passwordPolicies[].passwordMinimumLetters INTEGER Minimum number of letters required in the password. Only enforced when password_quality is COMPLEX |
||||||||||||||||
|
passwordPolicies[].passwordMinimumLowerCase INTEGER Minimum number of lower case letters required in the password. Only enforced when password_quality is COMPLEX |
||||||||||||||||
|
passwordPolicies[].passwordMinimumLength INTEGER The minimum allowed password length. A value of 0 means there is no restriction. Only enforced when password_quality is NUMERIC, NUMERIC_COMPLEX, ALPHABETIC, ALPHANUMERIC, or COMPLEX |
||||||||||||||||
|
passwordPolicies[].passwordExpirationTimeout ANY Password expiration timeout |
||||||||||||||||
|
passwordPolicies[].passwordMinimumUpperCase INTEGER Minimum number of upper case letters required in the password. Only enforced when password_quality is COMPLEX |
||||||||||||||||
|
networkResetDisabled BOOLEAN Whether resetting network settings is disabled |
||||||||||||||||
|
mobileNetworksConfigDisabled BOOLEAN Whether configuring mobile networks is disabled |
||||||||||||||||
|
networkEscapeHatchEnabled BOOLEAN Whether the network escape hatch is enabled. If a network connection can't be made at boot time, the escape hatch prompts the user to temporarily connect to a network in order to refresh the device policy. After applying policy, the temporary network will be forgotten and the device will continue booting. This prevents being unable to connect to a network if there is no suitable network in the last policy and the device boots into an app in lock task mode, or the user is otherwise unable to reach device settings |
||||||||||||||||
|
name STRING The name of the policy in the form enterprises/{enterpriseId}/policies/{policyId} |
||||||||||||||||
|
playStoreMode ENUMERATION This mode controls which apps are available to the user in the Play Store and the behavior on the device when apps are removed from the policy |
||||||||||||||||
|
unmuteMicrophoneDisabled BOOLEAN Whether the microphone is muted and adjusting microphone volume is disabled |
||||||||||||||||
|
encryptionPolicy ENUMERATION Whether encryption is enabled |
||||||||||||||||
|
recommendedGlobalProxy OBJECT Configuration info for an HTTP proxy. For a direct proxy, set the host, port, and excluded_hosts fields. For a PAC script proxy, set the pac_uri field |
||||||||||||||||
|
recommendedGlobalProxy.pacUri STRING The URI of the PAC script used to configure the proxy |
||||||||||||||||
|
recommendedGlobalProxy.port INTEGER The port of the direct proxy |
||||||||||||||||
|
recommendedGlobalProxy.host STRING The host of the direct proxy |
||||||||||||||||
|
recommendedGlobalProxy.excludedHosts[] STRING |
||||||||||||||||
|
skipFirstUseHintsEnabled BOOLEAN Flag to skip hints on the first use. Enterprise admin can enable the system recommendation for apps to skip their user tutorial and other introductory hints on first start-up |
||||||||||||||||
|
usbFileTransferDisabled BOOLEAN Whether transferring files over USB is disabled |
||||||||||||||||
|
outgoingCallsDisabled BOOLEAN Whether outgoing calls are disabled |
||||||||||||||||
|
adjustVolumeDisabled BOOLEAN Whether adjusting the master volume is disabled |
||||||||||||||||
|
defaultPermissionPolicy ENUMERATION The default permission policy for runtime permission requests |
||||||||||||||||
|
stayOnPluggedModes[] ENUMERATION |
||||||||||||||||
|
bluetoothConfigDisabled BOOLEAN Whether configuring bluetooth is disabled |
||||||||||||||||
|
outgoingBeamDisabled BOOLEAN Whether using NFC to beam data from apps is disabled |
||||||||||||||||
|
dataRoamingDisabled BOOLEAN Whether roaming data services are disabled |
||||||||||||||||
|
wifiConfigsLockdownEnabled BOOLEAN DEPRECATED - Use wifi_config_disabled |
||||||||||||||||
|
bluetoothDisabled BOOLEAN Whether bluetooth is disabled. Prefer this setting over bluetooth_config_disabled because bluetooth_config_disabled can be bypassed by the user |
||||||||||||||||
|
alwaysOnVpnPackage OBJECT Configuration for an always-on VPN connection |
||||||||||||||||
|
alwaysOnVpnPackage.lockdownEnabled BOOLEAN Disallows networking when the VPN is not connected |
||||||||||||||||
|
alwaysOnVpnPackage.packageName STRING The package name of the VPN app |
||||||||||||||||
|
version INTEGER The version of the policy. This is a read-only field. The version is incremented each time the policy is updated |
||||||||||||||||
|
mountPhysicalMediaDisabled BOOLEAN Whether the user mounting physical external media is disabled |
||||||||||||||||
|
passwordRequirements OBJECT Requirements for the password used to unlock a device |
||||||||||||||||
|
passwordRequirements.passwordMinimumNonLetter INTEGER Minimum number of non-letter characters (numerical digits or symbols) required in the password. Only enforced when password_quality is COMPLEX |
||||||||||||||||
|
passwordRequirements.passwordHistoryLength INTEGER The length of the password history. After setting this field, the user won't be able to enter a new password that is the same as any password in the history. A value of 0 means there is no restriction |
||||||||||||||||
|
passwordRequirements.maximumFailedPasswordsForWipe INTEGER Number of incorrect device-unlock passwords that can be entered before a device is wiped. A value of 0 means there is no restriction |
||||||||||||||||
|
passwordRequirements.passwordQuality ENUMERATION The required password quality |
||||||||||||||||
|
passwordRequirements.passwordScope ENUMERATION The scope that the password requirement applies to |
||||||||||||||||
|
passwordRequirements.passwordMinimumNumeric INTEGER Minimum number of numerical digits required in the password. Only enforced when password_quality is COMPLEX |
||||||||||||||||
|
passwordRequirements.passwordMinimumSymbols INTEGER Minimum number of symbols required in the password. Only enforced when password_quality is COMPLEX |
||||||||||||||||
|
passwordRequirements.passwordMinimumLetters INTEGER Minimum number of letters required in the password. Only enforced when password_quality is COMPLEX |
||||||||||||||||
|
passwordRequirements.passwordMinimumLowerCase INTEGER Minimum number of lower case letters required in the password. Only enforced when password_quality is COMPLEX |
||||||||||||||||
|
passwordRequirements.passwordMinimumLength INTEGER The minimum allowed password length. A value of 0 means there is no restriction. Only enforced when password_quality is NUMERIC, NUMERIC_COMPLEX, ALPHABETIC, ALPHANUMERIC, or COMPLEX |
||||||||||||||||
|
passwordRequirements.passwordExpirationTimeout ANY Password expiration timeout |
||||||||||||||||
|
passwordRequirements.passwordMinimumUpperCase INTEGER Minimum number of upper case letters required in the password. Only enforced when password_quality is COMPLEX |
||||||||||||||||
|
tetheringConfigDisabled BOOLEAN Whether configuring tethering and portable hotspots is disabled |
||||||||||||||||
|
statusReportingSettings OBJECT Settings controlling the behavior of status reports |
||||||||||||||||
|
statusReportingSettings.softwareInfoEnabled BOOLEAN Whether software info reporting is enabled |
||||||||||||||||
|
statusReportingSettings.applicationReportsEnabled BOOLEAN Whether app reports are enabled |
||||||||||||||||
|
statusReportingSettings.hardwareStatusEnabled BOOLEAN Whether hardware status reporting is enabled |
||||||||||||||||
|
statusReportingSettings.memoryInfoEnabled BOOLEAN Whether memory reporting is enabled |
||||||||||||||||
|
statusReportingSettings.displayInfoEnabled BOOLEAN Whether displays reporting is enabled |
||||||||||||||||
|
statusReportingSettings.powerManagementEventsEnabled BOOLEAN Whether power management event reporting is enabled |
||||||||||||||||
|
statusReportingSettings.deviceSettingsEnabled BOOLEAN Whether device settings reporting is enabled |
||||||||||||||||
|
statusReportingSettings.networkInfoEnabled BOOLEAN Whether network info reporting is enabled |
||||||||||||||||
|
statusReportingSettings.applicationReportingSettings OBJECT Settings controlling the behavior of application reports |
||||||||||||||||
|
statusReportingSettings.applicationReportingSettings.includeRemovedApps BOOLEAN Whether removed apps are included in application reports |
||||||||||||||||
|
maximumTimeToLock INTEGER Maximum time in milliseconds for user activity until the device locks. A value of 0 means there is no restriction |
||||||||||||||||
|
funDisabled BOOLEAN Whether the user is allowed to have fun. Controls whether the Easter egg game in Settings is disabled |