Miradore Management Suite Portal

Support

Support

Knowledge base, self-service support

Restrictions for Android

Follow

Restriction configuration profiles are described thoroughly in the About restrictions article. It explains how to configure and deploy restrictions for managed devices, and also how the restrictions can be lifted.

This article focuses on introducing what restrictions are supported for Android devices and whether there are any platform-specific requirements for the use of restrictions.

Requirements

Generally, restriction configuration profiles can be applied to Samsung SAFE enabled devices running Android version 4.2 or newer, but this requires Miradore Online Android client version 2.2.10 or newer and the device end-user must also accept the Samsung For Enterprise Privacy Policy from the client. Any further restriction-specific requirements are mentioned in the descriptions below.

Restriction configuration profiles are available in the Miradore Online Business and Enterprise plans. The restriction configuration profiles are not included in the Miradore Online Free plan.

 

Available restrictions

Below you can find a list of all restrictions supported on the Android platform. Tab names are underlined.

 

Data and connectivity

Wi-Fi

Defines whether the use of Wi-Fi is allowed or denied.

Bluetooth

Defines whether the use of Bluetooth is allowed or denied.

Cellular data

Defines whether the use of cellular data is allowed or denied.

Data roaming

Defines whether the use of cellular data is allowed or denied while the device is roaming.

 

Administration 

Application uninstall

Defines whether the device end-users are allowed or denied to uninstall applications.

Camera

Defines whether the use of camera is allowed or denied. User or third-party applications cannot enable the camera once it is disabled.

Factory reset

Defines whether the user is allowed or denied to reset his/her device to its factory settings.

Safe mode restart

Defines whether restarting the device to Samsung Safe mode is allowed or denied.

Firmware flashing

Defines whether firmware flashing via Download mode, Over-the-Air (OTA) or via computer using Samsung Kies is allowed. This requires a device that supports Samsung KNOX Standard 5 or later (Android version 4.4.2) and has Miradore Online client version 2.3.12 or later installed.

Google Play store

Defines whether the use of Google Play store is allowed or denied.

Install from unknown sources

Defines whether installing applications from unknown sources, i.e. other than Google Play, is allowed or denied. Note: Denying installation of applications from sources other than Google Play Store effectively blocks application installations from other app markets and manual installations of APK packages, but it does not disable APK installations via ADB. So although this blocks most end-users from installing unwanted applications, end-users with proper knowledge can work their way around this.

Device administration removal

Defines whether the user is allowed or denied to remove device administration rights from the Miradore Online Android client application. Note: Denying removal of administration rights from Miradore Online client also blocks the uninstallation of client, since uninstallation of applications with administration rights is not possible.

Setting changes

Defines whether accessing or modifying device settings is allowed or denied.

Force GPS state

Forces the GPS state to enabled or disabled. When this restriction is set, the end-user can't change GPS state.

Over-the-Air system upgrades

Defines whether the Over-the-Air operating system upgrades are allowed or denied.

Deny force stop applications

Defines a list of applications (package names) that cannot be force stopped by the user. Requires Miradore client version 2.3.12 or newer.

Deny device admin removal applications

Defines a list of applications (package names) whose device administration rights the user can't remove. If the specified application is installed after this has already been deployed, the rule will be enforced when the device syncs with the Miradore Online server for the first time after installation. Requires client version 2.3.14 or newer.

 

Safety feature for disabling restrictions

Because it is possible to get the device to a bricked state by deploying a restrictions configuration with certain combinations, there is a safety feature in place. For example, it is possible to create a restrictions configuration that blocks Both cellular data usage and WiFi. This will block all data traffic and thus the client will no longer be able to contact the server, and there is no way to remove the configuration through Miradore Online.

If you accidentally deploy such a configuration, you can remove the configuration manually. First open the device form of the target device in Miradore Online. On the Main tab, there is a section named Miradore client under which there is a device specific security code displayed. You can use this security code to disable the configuration by opening the Miradore Online client on the device, then going to settings and selecting Disable restrictions. The client will prompt for a security code. When you enter the code shown on the device form, all active restrictions will be removed.

 

 

More information:

About restrictions

About configuration profiles

Creating a configuration profile 

Deploying a configuration profile 

Removing deployed configuration profiles


Please send comments to contact@miradore.com.