Restriction configuration profiles are described thoroughly in the About restrictions article. It explains how to configure and deploy restrictions for managed devices, and also how the restrictions can be lifted.
This article focuses on introducing what restrictions are supported for Android devices and whether there are any platform-specific requirements for the use of restrictions.
Restriction configuration profiles are available in the Miradore Online Business and Enterprise plans. The restriction configuration profiles are not included in the Miradore Online Free plan.
Below you can find a list of all restrictions supported on the Android platform. Tab names are underlined.
Data and connectivity
Defines whether the use of Wi-Fi is allowed or denied.
Defines whether the use of Bluetooth is allowed or denied.
Defines whether the use of cellular data is allowed or denied.
Defines whether the use of cellular data is allowed or denied while the device is roaming.
Defines whether the device end-users are allowed or denied to uninstall applications.
Defines whether the use of camera is allowed or denied. User or third-party applications cannot enable the camera once it is disabled.
Defines whether the user is allowed or denied to reset his/her device to its factory settings.
Safe mode restart
Defines whether restarting the device to Samsung Safe mode is allowed or denied.
Defines whether firmware flashing via Download mode, Over-the-Air (OTA) or via computer using Samsung Kies is allowed. This requires a device that supports Samsung KNOX Standard 5 or later (Android version 4.4.2) and has Miradore Online client version 2.3.12 or later installed.
Google Play store
Defines whether the use of Google Play store is allowed or denied.
Install from unknown sources
Defines whether installing applications from unknown sources, i.e. other than Google Play, is allowed or denied. Note: Denying installation of applications from sources other than Google Play Store effectively blocks application installations from other app markets and manual installations of APK packages, but it does not disable APK installations via ADB. So although this blocks most end-users from installing unwanted applications, end-users with proper knowledge can work their way around this.
Device administration removal
Defines whether the user is allowed or denied to remove device administration rights from the Miradore Online Android client application. Note: Denying removal of administration rights from Miradore Online client also blocks the uninstallation of client, since uninstallation of applications with administration rights is not possible.
Defines whether accessing or modifying device settings is allowed or denied.
Force GPS state
Forces the GPS state to enabled or disabled. When this restriction is set, the end-user can't change GPS state.
Over-the-Air system upgrades
Defines whether the Over-the-Air operating system upgrades are allowed or denied.
Deny force stop applications
Defines a list of applications (package names) that cannot be force stopped by the user. Requires Miradore client version 2.3.12 or newer.
Defines a list of applications (package names) whose device administration rights the user can't remove. If the specified application is installed after this has already been deployed, the rule will be enforced when the device syncs with the Miradore Online server for the first time after installation. Requires client version 2.3.14 or newer.
Safety feature for disabling restrictions
Because it is possible to get the device to a bricked state by deploying a restrictions configuration with certain combinations, there is a safety feature in place. For example, it is possible to create a restrictions configuration that blocks Both cellular data usage and WiFi. This will block all data traffic and thus the client will no longer be able to contact the server, and there is no way to remove the configuration through Miradore Online.
If you accidentally deploy such a configuration, you can remove the configuration manually. First open the device form of the target device in Miradore Online. On the Main tab, there is a section named Miradore client under which there is a device specific security code displayed.
You can use this security code to disable the configuration by opening the Miradore Online client on the device, then going to settings and selecting Disable restrictions. The client will prompt for a security code. When you enter the code shown on the device form, all active restrictions will be removed.
Please send comments to firstname.lastname@example.org.