REST Resource: enterprises.policies

منبع: سیاست

یک منبع سیاست، گروهی از تنظیمات را نشان می‌دهد که رفتار یک دستگاه مدیریت‌شده و برنامه‌های نصب‌شده روی آن را کنترل می‌کنند.

نمایش JSON 
{
  "name": string,
  "version": string,
  "applications": [
    {
      object (ApplicationPolicy)
    }
  ],
  "maximumTimeToLock": string,
  "screenCaptureDisabled": boolean,
  "cameraDisabled": boolean,
  "keyguardDisabledFeatures": [
    enum (KeyguardDisabledFeature)
  ],
  "defaultPermissionPolicy": enum (PermissionPolicy),
  "persistentPreferredActivities": [
    {
      object (PersistentPreferredActivity)
    }
  ],
  "openNetworkConfiguration": {
    object
  },
  "systemUpdate": {
    object (SystemUpdate)
  },
  "accountTypesWithManagementDisabled": [
    string
  ],
  "addUserDisabled": boolean,
  "adjustVolumeDisabled": boolean,
  "factoryResetDisabled": boolean,
  "installAppsDisabled": boolean,
  "mountPhysicalMediaDisabled": boolean,
  "modifyAccountsDisabled": boolean,
  "safeBootDisabled": boolean,
  "uninstallAppsDisabled": boolean,
  "statusBarDisabled": boolean,
  "keyguardDisabled": boolean,
  "minimumApiLevel": integer,
  "statusReportingSettings": {
    object (StatusReportingSettings)
  },
  "bluetoothContactSharingDisabled": boolean,
  "shortSupportMessage": {
    object (UserFacingMessage)
  },
  "longSupportMessage": {
    object (UserFacingMessage)
  },
  "passwordRequirements": {
    object (PasswordRequirements)
  },
  "wifiConfigsLockdownEnabled": boolean,
  "bluetoothConfigDisabled": boolean,
  "cellBroadcastsConfigDisabled": boolean,
  "credentialsConfigDisabled": boolean,
  "mobileNetworksConfigDisabled": boolean,
  "tetheringConfigDisabled": boolean,
  "vpnConfigDisabled": boolean,
  "wifiConfigDisabled": boolean,
  "createWindowsDisabled": boolean,
  "networkResetDisabled": boolean,
  "outgoingBeamDisabled": boolean,
  "outgoingCallsDisabled": boolean,
  "removeUserDisabled": boolean,
  "shareLocationDisabled": boolean,
  "smsDisabled": boolean,
  "unmuteMicrophoneDisabled": boolean,
  "usbFileTransferDisabled": boolean,
  "ensureVerifyAppsEnabled": boolean,
  "permittedInputMethods": {
    object (PackageNameList)
  },
  "stayOnPluggedModes": [
    enum (BatteryPluggedMode)
  ],
  "recommendedGlobalProxy": {
    object (ProxyInfo)
  },
  "setUserIconDisabled": boolean,
  "setWallpaperDisabled": boolean,
  "choosePrivateKeyRules": [
    {
      object (ChoosePrivateKeyRule)
    }
  ],
  "alwaysOnVpnPackage": {
    object (AlwaysOnVpnPackage)
  },
  "frpAdminEmails": [
    string
  ],
  "deviceOwnerLockScreenInfo": {
    object (UserFacingMessage)
  },
  "dataRoamingDisabled": boolean,
  "locationMode": enum (LocationMode),
  "networkEscapeHatchEnabled": boolean,
  "bluetoothDisabled": boolean,
  "complianceRules": [
    {
      object (ComplianceRule)
    }
  ],
  "blockApplicationsEnabled": boolean,
  "installUnknownSourcesAllowed": boolean,
  "debuggingFeaturesAllowed": boolean,
  "funDisabled": boolean,
  "autoTimeRequired": boolean,
  "permittedAccessibilityServices": {
    object (PackageNameList)
  },
  "appAutoUpdatePolicy": enum (AppAutoUpdatePolicy),
  "kioskCustomLauncherEnabled": boolean,
  "androidDevicePolicyTracks": [
    enum (AppTrack)
  ],
  "skipFirstUseHintsEnabled": boolean,
  "privateKeySelectionEnabled": boolean,
  "encryptionPolicy": enum (EncryptionPolicy),
  "usbMassStorageEnabled": boolean,
  "permissionGrants": [
    {
      object (PermissionGrant)
    }
  ],
  "playStoreMode": enum (PlayStoreMode),
  "setupActions": [
    {
      object (SetupAction)
    }
  ],
  "passwordPolicies": [
    {
      object (PasswordRequirements)
    }
  ],
  "policyEnforcementRules": [
    {
      object (PolicyEnforcementRule)
    }
  ],
  "kioskCustomization": {
    object (KioskCustomization)
  },
  "advancedSecurityOverrides": {
    object (AdvancedSecurityOverrides)
  },
  "personalUsagePolicies": {
    object (PersonalUsagePolicies)
  },
  "autoDateAndTimeZone": enum (AutoDateAndTimeZone),
  "oncCertificateProviders": [
    {
      object (OncCertificateProvider)
    }
  ],
  "crossProfilePolicies": {
    object (CrossProfilePolicies)
  },
  "preferentialNetworkService": enum (PreferentialNetworkService),
  "usageLog": {
    object (UsageLog)
  },
  "cameraAccess": enum (CameraAccess),
  "microphoneAccess": enum (MicrophoneAccess),
  "deviceConnectivityManagement": {
    object (DeviceConnectivityManagement)
  },
  "deviceRadioState": {
    object (DeviceRadioState)
  },
  "credentialProviderPolicyDefault": enum (CredentialProviderPolicyDefault),
  "printingPolicy": enum (PrintingPolicy),
  "displaySettings": {
    object (DisplaySettings)
  },
  "assistContentPolicy": enum (AssistContentPolicy),
  "workAccountSetupConfig": {
    object (WorkAccountSetupConfig)
  },
  "wipeDataFlags": [
    enum (WipeDataFlag)
  ],
  "enterpriseDisplayNameVisibility": enum (EnterpriseDisplayNameVisibility),
  "appFunctions": enum (AppFunctions),
  "defaultApplicationSettings": [
    {
      object (DefaultApplicationSetting)
    }
  ]
}
فیلدها
name

string

نام سیاست به شکل enterprises/{enterpriseId}/policies/{policyId} .

version

string ( int64 format)

نسخه سیاست. این یک فیلد فقط خواندنی است. هر بار که سیاست به‌روزرسانی می‌شود، نسخه آن افزایش می‌یابد.

applications[]

object ( ApplicationPolicy )

سیاستی که برای برنامه‌ها اعمال می‌شود. این می‌تواند حداکثر ۳۰۰۰ عنصر داشته باشد.

maximumTimeToLock

string ( int64 format)

حداکثر زمان فعالیت کاربر تا قفل شدن دستگاه (برحسب میلی‌ثانیه). مقدار ۰ به معنی عدم وجود محدودیت است.

screenCaptureDisabled

boolean

اینکه آیا ضبط صفحه نمایش غیرفعال است یا خیر.

cameraDisabled
(deprecated)

boolean

اگر cameraAccess روی هر مقداری غیر از CAMERA_ACCESS_UNSPECIFIED تنظیم شود، این هیچ تاثیری ندارد. در غیر این صورت، این فیلد غیرفعال بودن یا نبودن دوربین‌ها را کنترل می‌کند: اگر درست باشد، همه دوربین‌ها غیرفعال می‌شوند، در غیر این صورت در دسترس هستند. برای دستگاه‌های کاملاً مدیریت‌شده، این فیلد برای همه برنامه‌های روی دستگاه اعمال می‌شود. برای پروفایل‌های کاری، این فیلد فقط برای برنامه‌های موجود در پروفایل کاری اعمال می‌شود و دسترسی دوربین برنامه‌های خارج از پروفایل کاری بدون تغییر باقی می‌ماند.

keyguardDisabledFeatures[]

enum ( KeyguardDisabledFeature )

شخصی‌سازی‌های محافظ صفحه کلید، مانند ابزارک‌ها، غیرفعال شده‌اند.

defaultPermissionPolicy

enum ( PermissionPolicy )

سیاست پیش‌فرض مجوز برای درخواست‌های مجوز زمان اجرا.

persistentPreferredActivities[]

object ( PersistentPreferredActivity )

فعالیت‌های پیش‌فرضِ مدیریت‌کننده‌ی اینتنت.

openNetworkConfiguration

object ( Struct format)

پیکربندی شبکه برای دستگاه. برای اطلاعات بیشتر به پیکربندی شبکه‌ها مراجعه کنید.

systemUpdate

object ( SystemUpdate )

سیاست به‌روزرسانی سیستم، که نحوه اعمال به‌روزرسانی‌های سیستم‌عامل را کنترل می‌کند. اگر نوع به‌روزرسانی WINDOWED باشد، پنجره به‌روزرسانی به‌طور خودکار برای به‌روزرسانی‌های برنامه Play نیز اعمال می‌شود.

توجه: به‌روزرسانی‌های سیستمی گوگل پلی (که به‌روزرسانی‌های اصلی نیز نامیده می‌شوند) به‌طور خودکار دانلود می‌شوند و برای نصب آنها نیاز به راه‌اندازی مجدد دستگاه است. برای جزئیات بیشتر به بخش اصلی در مدیریت به‌روزرسانی‌های سیستم مراجعه کنید.

accountTypesWithManagementDisabled[]

string

انواع حساب‌هایی که توسط کاربر قابل مدیریت نیستند.

addUserDisabled

boolean

اینکه آیا افزودن کاربران و پروفایل‌های جدید غیرفعال است یا خیر. برای دستگاه‌هایی که managementMode آنها DEVICE_OWNER است، این فیلد نادیده گرفته می‌شود و کاربر هرگز مجاز به اضافه کردن یا حذف کاربران نیست.

adjustVolumeDisabled

boolean

آیا تنظیم صدای اصلی غیرفعال است یا خیر. همچنین دستگاه را بی‌صدا می‌کند. این تنظیم فقط روی دستگاه‌های کاملاً مدیریت‌شده تأثیر دارد.

factoryResetDisabled

boolean

اینکه آیا بازنشانی به تنظیمات کارخانه غیرفعال است یا خیر.

installAppsDisabled

boolean

اینکه آیا نصب برنامه‌ها توسط کاربر غیرفعال است یا خیر.

mountPhysicalMediaDisabled

boolean

اینکه آیا نصب رسانه خارجی فیزیکی توسط کاربر غیرفعال است یا خیر.

modifyAccountsDisabled

boolean

اینکه آیا افزودن یا حذف حساب‌ها غیرفعال است یا خیر.

safeBootDisabled
(deprecated)

boolean

اینکه آیا راه‌اندازی مجدد دستگاه به حالت بوت ایمن غیرفعال است یا خیر.

uninstallAppsDisabled

boolean

آیا حذف نصب برنامه‌ها توسط کاربر غیرفعال است؟ این گزینه از حذف نصب برنامه‌ها، حتی برنامه‌هایی که با استفاده از applications حذف می‌شوند، جلوگیری می‌کند.

statusBarDisabled
(deprecated)

boolean

اینکه آیا نوار وضعیت غیرفعال است یا خیر. این گزینه اعلان‌ها، تنظیمات سریع و سایر پوشش‌های صفحه را که امکان خروج از حالت تمام صفحه را فراهم می‌کنند، غیرفعال می‌کند. منسوخ شده. برای غیرفعال کردن نوار وضعیت در دستگاه کیوسک، از InstallType KIOSK یا kioskCustomLauncherEnabled استفاده کنید.

keyguardDisabled

boolean

اگر درست باشد، این گزینه قفل صفحه را برای نمایشگرهای اصلی و/یا ثانویه غیرفعال می‌کند. این خط‌مشی فقط در حالت مدیریت دستگاه اختصاصی پشتیبانی می‌شود.

minimumApiLevel

integer

حداقل سطح API مجاز اندروید.

statusReportingSettings

object ( StatusReportingSettings )

تنظیمات گزارش وضعیت

bluetoothContactSharingDisabled

boolean

اینکه آیا اشتراک‌گذاری مخاطب از طریق بلوتوث غیرفعال است یا خیر.

shortSupportMessage

object ( UserFacingMessage )

پیامی که در صفحه تنظیمات به کاربر نمایش داده می‌شود، هر جا که قابلیتی توسط مدیر غیرفعال شده باشد. اگر پیام بیش از ۲۰۰ کاراکتر باشد، ممکن است کوتاه شود.

longSupportMessage

object ( UserFacingMessage )

پیامی که در صفحه تنظیمات مدیر دستگاه به کاربر نمایش داده می‌شود.

passwordRequirements
(deprecated)

object ( PasswordRequirements )

الزامات رمز عبور. فیلد passwordRequirements.require_password_unlock نباید تنظیم شود. منسوخ شده - از passwordPolicies استفاده کنید.

توجه:

مقادیر مبتنی بر پیچیدگی PasswordQuality ، یعنی COMPLEXITY_LOW ، COMPLEXITY_MEDIUM و COMPLEXITY_HIGH ، در اینجا قابل استفاده نیستند. unifiedLockSettings نیز نمی‌توان در اینجا استفاده کرد.

wifiConfigsLockdownEnabled
(deprecated)

boolean

این منسوخ شده است.

bluetoothConfigDisabled

boolean

اینکه آیا پیکربندی بلوتوث غیرفعال است یا خیر.

cellBroadcastsConfigDisabled

boolean

اینکه آیا پیکربندی پخش سلولی غیرفعال است یا خیر.

credentialsConfigDisabled

boolean

اینکه آیا پیکربندی اعتبارنامه‌های کاربر غیرفعال است یا خیر.

mobileNetworksConfigDisabled

boolean

اینکه آیا پیکربندی شبکه‌های تلفن همراه غیرفعال است یا خیر.

tetheringConfigDisabled
(deprecated)

boolean

آیا پیکربندی اتصال به اینترنت و هات‌اسپات‌های قابل حمل غیرفعال است یا خیر. اگر tetheringSettings روی هر چیزی غیر از TETHERING_SETTINGS_UNSPECIFIED تنظیم شده باشد، این تنظیم نادیده گرفته می‌شود.

vpnConfigDisabled

boolean

اینکه آیا پیکربندی VPN غیرفعال است یا خیر.

wifiConfigDisabled
(deprecated)

boolean

اینکه آیا پیکربندی شبکه‌های Wi-Fi غیرفعال است یا خیر. در دستگاه‌های کاملاً مدیریت‌شده و پروفایل‌های کاری در دستگاه‌های متعلق به شرکت پشتیبانی می‌شود. برای دستگاه‌های کاملاً مدیریت‌شده، تنظیم این گزینه روی true، تمام شبکه‌های پیکربندی‌شده را حذف کرده و فقط شبکه‌های پیکربندی‌شده با استفاده از openNetworkConfiguration را حفظ می‌کند. برای پروفایل‌های کاری در دستگاه‌های متعلق به شرکت، شبکه‌های پیکربندی‌شده موجود تحت تأثیر قرار نمی‌گیرند و کاربر مجاز به اضافه کردن، حذف یا تغییر شبکه‌های Wi-Fi نیست. اگر configureWifi روی هر چیزی غیر از CONFIGURE_WIFI_UNSPECIFIED تنظیم شده باشد، این تنظیم نادیده گرفته می‌شود. توجه: اگر اتصال شبکه در زمان بوت امکان‌پذیر نباشد و پیکربندی Wi-Fi غیرفعال باشد، دریچه فرار شبکه برای به‌روزرسانی خط‌مشی دستگاه نمایش داده می‌شود (به networkEscapeHatchEnabled مراجعه کنید).

createWindowsDisabled

boolean

اینکه آیا ایجاد پنجره‌ها علاوه بر پنجره‌های برنامه غیرفعال است یا خیر.

networkResetDisabled

boolean

اینکه آیا بازنشانی تنظیمات شبکه غیرفعال است یا خیر.

outgoingBeamDisabled

boolean

اینکه آیا استفاده از NFC برای ارسال داده از برنامه‌ها غیرفعال است یا خیر.

outgoingCallsDisabled

boolean

اینکه آیا تماس‌های خروجی غیرفعال هستند یا خیر.

removeUserDisabled

boolean

اینکه آیا حذف سایر کاربران غیرفعال است یا خیر.

shareLocationDisabled

boolean

آیا اشتراک‌گذاری موقعیت مکانی غیرفعال است؟ shareLocationDisabled هم برای دستگاه‌های کاملاً مدیریت‌شده و هم برای پروفایل‌های کاری شخصی پشتیبانی می‌شود.

smsDisabled

boolean

آیا ارسال و دریافت پیامک غیرفعال است یا خیر.

unmuteMicrophoneDisabled
(deprecated)

boolean

اگر microphoneAccess روی هر مقداری غیر از MICROPHONE_ACCESS_UNSPECIFIED تنظیم شده باشد، این هیچ تاثیری ندارد. در غیر این صورت، این فیلد غیرفعال بودن میکروفون‌ها را کنترل می‌کند: اگر درست باشد، همه میکروفون‌ها غیرفعال می‌شوند، در غیر این صورت در دسترس هستند. این فقط در دستگاه‌های کاملاً مدیریت‌شده در دسترس است.

usbFileTransferDisabled
(deprecated)

boolean

آیا انتقال فایل‌ها از طریق USB غیرفعال است؟ این قابلیت فقط در دستگاه‌های متعلق به شرکت پشتیبانی می‌شود.

ensureVerifyAppsEnabled
(deprecated)

boolean

اینکه آیا تأیید برنامه به صورت اجباری فعال است یا خیر.

permittedInputMethods

object ( PackageNameList )

در صورت وجود، فقط روش‌های ورودی ارائه شده توسط بسته‌های موجود در این لیست مجاز هستند. اگر این فیلد وجود داشته باشد، اما لیست خالی باشد، فقط روش‌های ورودی سیستم مجاز هستند.

stayOnPluggedModes[]

enum ( BatteryPluggedMode )

حالت‌های اتصال باتری که در آن‌ها دستگاه روشن می‌ماند. هنگام استفاده از این تنظیم، توصیه می‌شود که maximumTimeToLock پاک کنید تا دستگاه هنگام روشن ماندن، خودش قفل نشود.

recommendedGlobalProxy

object ( ProxyInfo )

پروکسی HTTP سراسری مستقل از شبکه. معمولاً پروکسی‌ها باید برای هر شبکه در openNetworkConfiguration پیکربندی شوند. با این حال، برای پیکربندی‌های غیرمعمول مانند فیلتر داخلی عمومی، یک پروکسی HTTP سراسری ممکن است مفید باشد. اگر پروکسی در دسترس نباشد، ممکن است دسترسی به شبکه قطع شود. پروکسی سراسری فقط یک توصیه است و برخی از برنامه‌ها ممکن است آن را نادیده بگیرند.

setUserIconDisabled

boolean

اینکه آیا تغییر آیکون کاربر غیرفعال است یا خیر. این تنظیم فقط روی دستگاه‌های کاملاً مدیریت‌شده اعمال می‌شود.

setWallpaperDisabled

boolean

اینکه آیا تغییر تصویر زمینه غیرفعال است یا خیر.

choosePrivateKeyRules[]

object ( ChoosePrivateKeyRule )

قوانینی برای تعیین دسترسی برنامه‌ها به کلیدهای خصوصی. برای جزئیات بیشتر به ChoosePrivateKeyRule مراجعه کنید. اگر برنامه‌ای دارای دامنه‌ی واگذاری CERT_SELECTION باشد، این باید خالی باشد.

alwaysOnVpnPackage

object ( AlwaysOnVpnPackage )

پیکربندی برای اتصال VPN همیشه روشن. برای جلوگیری از تغییر این تنظیم، از آن به همراه vpnConfigDisabled استفاده کنید.

frpAdminEmails[]

string

آدرس‌های ایمیل مدیران دستگاه برای محافظت در برابر بازنشانی کارخانه. هنگامی که دستگاه بازنشانی کارخانه می‌شود، برای باز کردن قفل دستگاه، به یکی از این مدیران نیاز است تا با ایمیل و رمز عبور حساب گوگل خود وارد سیستم شود. اگر هیچ مدیری مشخص نشده باشد، دستگاه محافظت در برابر بازنشانی کارخانه را ارائه نمی‌دهد.

deviceOwnerLockScreenInfo

object ( UserFacingMessage )

اطلاعات مالک دستگاه که قرار است روی صفحه قفل نمایش داده شود.

dataRoamingDisabled

boolean

آیا سرویس‌های داده رومینگ غیرفعال هستند یا خیر.

locationMode

enum ( LocationMode )

میزان تشخیص موقعیت مکانی فعال شده.

networkEscapeHatchEnabled

boolean

آیا دریچه فرار شبکه فعال است یا خیر. اگر اتصال شبکه در زمان بوت برقرار نشود، دریچه فرار از کاربر می‌خواهد که به طور موقت به یک شبکه متصل شود تا سیاست دستگاه به‌روزرسانی شود. پس از اعمال سیاست، شبکه موقت فراموش می‌شود و دستگاه به بوت شدن ادامه می‌دهد. این امر مانع از عدم امکان اتصال به شبکه در صورت عدم وجود شبکه مناسب در آخرین سیاست و بوت شدن دستگاه به یک برنامه در حالت قفل وظیفه یا عدم دسترسی کاربر به تنظیمات دستگاه می‌شود.

توجه: تنظیم wifiConfigDisabled روی true، این تنظیم را تحت شرایط خاص لغو می‌کند. برای جزئیات بیشتر لطفاً به wifiConfigDisabled مراجعه کنید. تنظیم configureWifi روی DISALLOW_CONFIGURING_WIFI این تنظیم را تحت شرایط خاص لغو می‌کند. لطفاً برای جزئیات بیشتر به DISALLOW_CONFIGURING_WIFI مراجعه کنید.

bluetoothDisabled

boolean

آیا بلوتوث غیرفعال است یا خیر. این تنظیم را به bluetoothConfigDisabled ترجیح دهید زیرا bluetoothConfigDisabled می‌تواند توسط کاربر نادیده گرفته شود.

complianceRules[]
(deprecated)

object ( ComplianceRule )

قوانینی که اعلام می‌کنند در صورت عدم تطابق دستگاه با خط‌مشی‌اش، کدام اقدامات کاهش‌دهنده باید انجام شوند. هنگامی که شرایط برای چندین قانون برآورده شود، تمام اقدامات کاهش‌دهنده برای قوانین انجام می‌شود. حداکثر ۱۰۰ قانون وجود دارد. به جای آن از قوانین اجرای خط‌مشی استفاده کنید.

blockApplicationsEnabled
(deprecated)

boolean

اینکه آیا برنامه‌هایی غیر از برنامه‌های پیکربندی‌شده در applications از نصب مسدود شده‌اند یا خیر. وقتی این گزینه تنظیم شود، برنامه‌هایی که تحت یک خط‌مشی قبلی نصب شده‌اند اما دیگر در خط‌مشی ظاهر نمی‌شوند، به‌طور خودکار حذف نصب می‌شوند.

installUnknownSourcesAllowed
(deprecated)

boolean

این میدان هیچ تاثیری ندارد.

debuggingFeaturesAllowed
(deprecated)

boolean

اینکه آیا کاربر مجاز به فعال کردن ویژگی‌های اشکال‌زدایی است یا خیر.

funDisabled

boolean

اینکه آیا کاربر مجاز به تفریح ​​است یا خیر. کنترل می‌کند که آیا بازی تخم‌مرغ عید پاک در تنظیمات غیرفعال است یا خیر.

autoTimeRequired
(deprecated)

boolean

آیا زمان خودکار مورد نیاز است، که مانع از تنظیم دستی تاریخ و زمان توسط کاربر می‌شود. اگر autoDateAndTimeZone تنظیم شده باشد، این فیلد نادیده گرفته می‌شود.

permittedAccessibilityServices

object ( PackageNameList )

سرویس‌های دسترسی مجاز را مشخص می‌کند. اگر فیلد تنظیم نشده باشد، می‌توان از هر سرویس دسترسی استفاده کرد. اگر فیلد تنظیم شده باشد، فقط سرویس‌های دسترسی موجود در این لیست و سرویس دسترسی داخلی سیستم قابل استفاده هستند. به طور خاص، اگر فیلد روی خالی تنظیم شده باشد، فقط سرویس‌های دسترسی داخلی سیستم قابل استفاده هستند. این قابلیت را می‌توان روی دستگاه‌های کاملاً مدیریت‌شده و روی پروفایل‌های کاری تنظیم کرد. وقتی روی یک پروفایل کاری اعمال شود، هم روی پروفایل شخصی و هم روی پروفایل کاری تأثیر می‌گذارد.

appAutoUpdatePolicy

enum ( AppAutoUpdatePolicy )

جایگزین پیشنهادی: autoUpdateMode که برای هر برنامه تنظیم می‌شود، انعطاف‌پذیری بیشتری در مورد فرکانس به‌روزرسانی ارائه می‌دهد.

وقتی autoUpdateMode روی AUTO_UPDATE_POSTPONED یا AUTO_UPDATE_HIGH_PRIORITY تنظیم شده باشد، این فیلد هیچ تاثیری ندارد.

سیاست به‌روزرسانی خودکار برنامه، که زمان اعمال به‌روزرسانی‌های خودکار برنامه را کنترل می‌کند.

kioskCustomLauncherEnabled

boolean

فعال بودن یا نبودن لانچر سفارشی کیوسک. این گزینه صفحه اصلی را با لانچری جایگزین می‌کند که دستگاه را به برنامه‌های نصب شده از طریق تنظیمات applications قفل می‌کند. برنامه‌ها در یک صفحه و به ترتیب حروف الفبا نمایش داده می‌شوند. برای پیکربندی بیشتر رفتار دستگاه کیوسک، از kioskCustomization استفاده کنید.

androidDevicePolicyTracks[]
(deprecated)

enum ( AppTrack )

این تنظیم پشتیبانی نمی‌شود. هر مقداری نادیده گرفته می‌شود.

skipFirstUseHintsEnabled

boolean

برای رد کردن نکات در اولین استفاده، علامت بزنید. مدیر سازمان می‌تواند سیستم توصیه را برای برنامه‌ها فعال کند تا آموزش کاربری و سایر نکات مقدماتی خود را در اولین راه‌اندازی رد کنند.

privateKeySelectionEnabled

boolean

در صورت عدم وجود قوانین منطبق در ChoosePrivateKeyRules، امکان نمایش رابط کاربری روی دستگاه برای کاربر جهت انتخاب نام مستعار کلید خصوصی را فراهم می‌کند. برای دستگاه‌های پایین‌تر از اندروید P، تنظیم این مقدار ممکن است کلیدهای سازمانی را آسیب‌پذیر کند. اگر برنامه‌ای دارای دامنه تفویض اختیار CERT_SELECTION باشد، این مقدار هیچ تاثیری نخواهد داشت.

encryptionPolicy

enum ( EncryptionPolicy )

آیا رمزگذاری فعال است؟

usbMassStorageEnabled
(deprecated)

boolean

اینکه آیا حافظه USB فعال است یا خیر. منسوخ شده.

permissionGrants[]

object ( PermissionGrant )

مجوز صریح یا اعطای مجوز گروهی یا رد مجوز برای همه برنامه‌ها. این مقادیر، defaultPermissionPolicy لغو می‌کنند.

playStoreMode

enum ( PlayStoreMode )

این حالت، برنامه‌هایی را که در فروشگاه Play برای کاربر در دسترس هستند و همچنین رفتار دستگاه را هنگام حذف برنامه‌ها از این خط‌مشی کنترل می‌کند.

setupActions[]

object ( SetupAction )

اقدامی که باید در طول فرآیند راه‌اندازی انجام شود. حداکثر یک اقدام می‌تواند مشخص شود.

passwordPolicies[]

object ( PasswordRequirements )

سیاست‌های الزام رمز عبور. با تنظیم فیلد passwordScope در سیاست، می‌توان سیاست‌های مختلفی را برای پروفایل کاری یا دستگاه‌های کاملاً مدیریت‌شده تنظیم کرد.

policyEnforcementRules[]

object ( PolicyEnforcementRule )

قوانینی که رفتار را در زمانی که یک سیاست خاص نمی‌تواند روی دستگاه اعمال شود، تعریف می‌کنند.

kioskCustomization

object ( KioskCustomization )

تنظیماتی که رفتار دستگاه را در حالت کیوسک کنترل می‌کنند. برای فعال کردن حالت کیوسک، kioskCustomLauncherEnabled روی true تنظیم کنید یا یک برنامه را در خط‌مشی با installType KIOSK مشخص کنید.

advancedSecurityOverrides

object ( AdvancedSecurityOverrides )

تنظیمات امنیتی پیشرفته. در بیشتر موارد، تنظیم این موارد ضروری نیست.

personalUsagePolicies

object ( PersonalUsagePolicies )

سیاست‌های مدیریت استفاده شخصی از دستگاه متعلق به شرکت.

autoDateAndTimeZone

enum ( AutoDateAndTimeZone )

آیا تاریخ، زمان و منطقه زمانی خودکار در دستگاه متعلق به شرکت فعال است یا خیر. اگر این تنظیم شده باشد، autoTimeRequired نادیده گرفته می‌شود.

oncCertificateProviders[]

object ( OncCertificateProvider )

این قابلیت به صورت عمومی در دسترس نیست.

crossProfilePolicies

object ( CrossProfilePolicies )

سیاست‌های چند پروفایلی روی دستگاه اعمال می‌شوند.

preferentialNetworkService

enum ( PreferentialNetworkService )

کنترل می‌کند که آیا سرویس شبکه ترجیحی در نمایه کاری یا در دستگاه‌های کاملاً مدیریت‌شده فعال باشد. به عنوان مثال، یک سازمان ممکن است با یک اپراتور مخابراتی توافق داشته باشد که تمام داده‌های کاری از دستگاه‌های کارمندانش از طریق یک سرویس شبکه اختصاصی برای استفاده سازمانی ارسال شود. نمونه‌ای از یک سرویس شبکه ترجیحی پشتیبانی‌شده، بخش سازمانی در شبکه‌های 5G است. اگر preferentialNetworkServiceSettings یا ApplicationPolicy.preferentialNetworkId در دستگاه‌هایی که اندروید 13 یا بالاتر دارند تنظیم شده باشد، این خط‌مشی هیچ تاثیری ندارد.

usageLog

object ( UsageLog )

پیکربندی ثبت فعالیت‌های دستگاه.

cameraAccess

enum ( CameraAccess )

استفاده از دوربین و اینکه آیا کاربر به دکمه‌ی دسترسی به دوربین دسترسی دارد یا خیر را کنترل می‌کند.

microphoneAccess

enum ( MicrophoneAccess )

استفاده از میکروفون و اینکه آیا کاربر به دکمه‌ی دسترسی میکروفون دسترسی دارد یا خیر را کنترل می‌کند. این مورد فقط در دستگاه‌های کاملاً مدیریت‌شده اعمال می‌شود.

deviceConnectivityManagement

object ( DeviceConnectivityManagement )

کنترل‌های اتصال دستگاه مانند Wi-Fi، دسترسی به داده USB، اتصالات صفحه کلید/ماوس و موارد دیگر را پوشش می‌دهد.

deviceRadioState

object ( DeviceRadioState )

کنترل‌های مربوط به وضعیت رادیو مانند وای‌فای، بلوتوث و موارد دیگر را پوشش می‌دهد.

credentialProviderPolicyDefault

enum ( CredentialProviderPolicyDefault )

کنترل می‌کند که کدام برنامه‌ها مجاز به عمل به عنوان ارائه‌دهنده اعتبارنامه در اندروید ۱۴ و بالاتر هستند. این برنامه‌ها اعتبارنامه‌ها را ذخیره می‌کنند، برای جزئیات بیشتر به این و این مراجعه کنید. همچنین credentialProviderPolicy مراجعه کنید.

printingPolicy

enum ( PrintingPolicy )

اختیاری. کنترل می‌کند که آیا چاپ مجاز است یا خیر. این قابلیت در دستگاه‌هایی که اندروید ۹ و بالاتر دارند پشتیبانی می‌شود.

displaySettings

object ( DisplaySettings )

اختیاری. کنترل‌هایی برای تنظیمات نمایشگر.

assistContentPolicy

enum ( AssistContentPolicy )

اختیاری. کنترل می‌کند که آیا AssistContent اجازه ارسال به یک برنامه‌ی دارای امتیاز مانند یک برنامه‌ی دستیار را دارد یا خیر. AssistContent شامل اسکرین‌شات‌ها و اطلاعات مربوط به یک برنامه، مانند نام بسته، می‌شود. این قابلیت در اندروید ۱۵ و بالاتر پشتیبانی می‌شود.

workAccountSetupConfig

object ( WorkAccountSetupConfig )

اختیاری. پیکربندی تنظیمات حساب کاری، مانند جزئیات مربوط به نیاز به حساب تأیید شده گوگل، را کنترل می‌کند.

wipeDataFlags[]

enum ( WipeDataFlag )

اختیاری. پرچم‌های پاک کردن برای نشان دادن اینکه چه داده‌هایی هنگام پاک کردن یک دستگاه یا پروفایل به هر دلیلی (مثلاً عدم انطباق) پاک می‌شوند. این مورد در مورد متد enterprises.devices.delete صدق نمی‌کند. این لیست نباید تکراری باشد.

enterpriseDisplayNameVisibility

enum ( EnterpriseDisplayNameVisibility )

اختیاری. کنترل می‌کند که آیا enterpriseDisplayName در دستگاه قابل مشاهده باشد یا خیر (مثلاً پیام قفل صفحه در دستگاه‌های متعلق به شرکت).

appFunctions

enum ( AppFunctions )

اختیاری. کنترل می‌کند که آیا برنامه‌های روی دستگاه برای دستگاه‌های کاملاً مدیریت‌شده یا در نمایه کاری برای دستگاه‌های دارای نمایه‌های کاری، مجاز به نمایش عملکردهای برنامه هستند یا خیر.

defaultApplicationSettings[]

object ( DefaultApplicationSetting )

اختیاری. تنظیم پیش‌فرض برنامه برای انواع پشتیبانی‌شده. اگر برنامه پیش‌فرض حداقل برای یک نوع برنامه در یک پروفایل با موفقیت تنظیم شود، کاربران از تغییر هیچ برنامه پیش‌فرض در آن پروفایل منع می‌شوند.

فقط یک DefaultApplicationSetting برای هر DefaultApplicationType مجاز است.

برای جزئیات بیشتر به راهنمای تنظیمات پیش‌فرض برنامه مراجعه کنید.

سیاست برنامه

خط‌مشی برای یک برنامه‌ی خاص. توجه: در صورت فعال بودن installAppsDisabled ، نمی‌توان با استفاده از این خط‌مشی، دسترسی به برنامه را در یک دستگاه خاص تغییر داد. حداکثر تعداد برنامه‌هایی که می‌توانید برای هر خط‌مشی تعیین کنید، ۳۰۰۰ است.

نمایش JSON 
{
  "packageName": string,
  "installType": enum (InstallType),
  "lockTaskAllowed": boolean,
  "defaultPermissionPolicy": enum (PermissionPolicy),
  "permissionGrants": [
    {
      object (PermissionGrant)
    }
  ],
  "managedConfiguration": {
    object
  },
  "disabled": boolean,
  "minimumVersionCode": integer,
  "delegatedScopes": [
    enum (DelegatedScope)
  ],
  "managedConfigurationTemplate": {
    object (ManagedConfigurationTemplate)
  },
  "accessibleTrackIds": [
    string
  ],
  "connectedWorkAndPersonalApp": enum (ConnectedWorkAndPersonalApp),
  "autoUpdateMode": enum (AutoUpdateMode),
  "extensionConfig": {
    object (ExtensionConfig)
  },
  "alwaysOnVpnLockdownExemption": enum (AlwaysOnVpnLockdownExemption),
  "workProfileWidgets": enum (WorkProfileWidgets),
  "credentialProviderPolicy": enum (CredentialProviderPolicy),
  "customAppConfig": {
    object (CustomAppConfig)
  },
  "installConstraint": [
    {
      object (InstallConstraint)
    }
  ],
  "installPriority": integer,
  "userControlSettings": enum (UserControlSettings),
  "preferentialNetworkId": enum (PreferentialNetworkId),
  "signingKeyCerts": [
    {
      object (ApplicationSigningKeyCert)
    }
  ],
  "roles": [
    {
      object (Role)
    }
  ]
}
فیلدها
packageName

string

نام بسته برنامه. به عنوان مثال، com.google.android.youtube برای برنامه YouTube.

installType

enum ( InstallType )

نوع نصبی که باید انجام شود.

lockTaskAllowed
(deprecated)

boolean

اینکه آیا برنامه اجازه دارد در حالت تمام صفحه خود را قفل کند یا خیر. منسوخ شده. برای پیکربندی یک دستگاه اختصاصی از InstallType KIOSK یا kioskCustomLauncherEnabled استفاده کنید.

defaultPermissionPolicy

enum ( PermissionPolicy )

سیاست پیش‌فرض برای همه مجوزهای درخواستی برنامه. در صورت مشخص شدن، این سیاست، سیاست defaultPermissionPolicy در سطح سیاست را که برای همه برنامه‌ها اعمال می‌شود، لغو می‌کند. این سیاست، سیاست permissionGrants را که برای همه برنامه‌ها اعمال می‌شود، لغو نمی‌کند.

permissionGrants[]

object ( PermissionGrant )

اعطای یا رد صریح مجوز برای برنامه. این مقادیر، defaultPermissionPolicy و permissionGrants را که برای همه برنامه‌ها اعمال می‌شوند، لغو می‌کنند.

managedConfiguration

object ( Struct format)

پیکربندی مدیریت‌شده (ManagedProperty) اعمال‌شده بر برنامه. قالب پیکربندی توسط مقادیر ManagedProperty پشتیبانی‌شده توسط برنامه تعیین می‌شود. نام هر فیلد در پیکربندی مدیریت‌شده باید با فیلد key ManagedProperty مطابقت داشته باشد. مقدار فیلد باید با type ManagedProperty سازگار باشد:

نوع مقدار JSON
BOOL true یا false
STRING رشته
INTEGER شماره
CHOICE رشته
MULTISELECT آرایه‌ای از رشته‌ها
HIDDEN رشته
BUNDLE_ARRAY آرایه‌ای از اشیاء

disabled

boolean

آیا برنامه غیرفعال است یا خیر. در صورت غیرفعال بودن، داده‌های برنامه همچنان حفظ می‌شوند.

minimumVersionCode

integer

حداقل نسخه برنامه‌ای که روی دستگاه اجرا می‌شود. در صورت تنظیم، دستگاه تلاش می‌کند برنامه را حداقل به این کد نسخه به‌روزرسانی کند. اگر برنامه به‌روز نباشد، دستگاه حاوی یک NonComplianceDetail با nonComplianceReason تنظیم شده روی APP_NOT_UPDATED خواهد بود. برنامه باید از قبل با کد نسخه‌ای بزرگتر یا مساوی این مقدار در Google Play منتشر شده باشد. حداکثر 20 برنامه می‌توانند برای هر خط‌مشی، حداقل کد نسخه را مشخص کنند.

delegatedScopes[]

enum ( DelegatedScope )

حوزه‌هایی که از طریق خط‌مشی دستگاه اندروید به برنامه واگذار شده‌اند. این حوزه‌ها امتیازات اضافی را برای برنامه‌هایی که به آنها اعمال می‌شوند، فراهم می‌کنند.

managedConfigurationTemplate

object ( ManagedConfigurationTemplate )

الگوی پیکربندی‌های مدیریت‌شده برای برنامه، که از iframe پیکربندی‌های مدیریت‌شده ذخیره شده است. اگر managedConfiguration تنظیم شده باشد، این فیلد نادیده گرفته می‌شود.

accessibleTrackIds[]

string

فهرست شناسه‌های مسیر برنامه که یک دستگاه متعلق به شرکت می‌تواند به آنها دسترسی داشته باشد. اگر این فهرست شامل چندین شناسه مسیر باشد، دستگاه‌ها آخرین نسخه را از بین تمام مسیرهای قابل دسترسی دریافت می‌کنند. اگر این فهرست حاوی هیچ شناسه مسیر نباشد، دستگاه‌ها فقط به مسیر تولید برنامه دسترسی دارند. جزئیات بیشتر در مورد هر مسیر در AppTrackInfo موجود است.

connectedWorkAndPersonalApp

enum ( ConnectedWorkAndPersonalApp )

کنترل می‌کند که آیا برنامه می‌تواند با خودش در پروفایل‌های کاری و شخصی دستگاه ارتباط برقرار کند یا خیر، البته منوط به رضایت کاربر.

autoUpdateMode

enum ( AutoUpdateMode )

حالت به‌روزرسانی خودکار برنامه را کنترل می‌کند.

extensionConfig
(deprecated)

object ( ExtensionConfig )

پیکربندی برای فعال کردن این برنامه به عنوان یک برنامه افزودنی، با قابلیت تعامل با خط‌مشی دستگاه اندروید به صورت آفلاین.

این فیلد حداکثر برای یک برنامه قابل تنظیم است. اگر برنامه‌ای با نقش COMPANION_APP وجود داشته باشد، این فیلد قابل تنظیم نیست.

اثر انگشت گواهی کلید امضای برنامه روی دستگاه باید با یکی از ورودی‌های ApplicationPolicy.signingKeyCerts یا ExtensionConfig.signingKeyFingerprintsSha256 (منسوخ شده) یا اثر انگشت‌های گواهی کلید امضای به‌دست‌آمده از Play Store مطابقت داشته باشد تا برنامه بتواند با Android Device Policy ارتباط برقرار کند. اگر برنامه در Play Store نباشد و ApplicationPolicy.signingKeyCerts و ExtensionConfig.signingKeyFingerprintsSha256 (منسوخ شده) تنظیم نشده باشند، خطای NonComplianceDetail با INVALID_VALUE گزارش می‌شود.

alwaysOnVpnLockdownExemption

enum ( AlwaysOnVpnLockdownExemption )

مشخص می‌کند که آیا برنامه در صورت عدم اتصال VPN مجاز به اتصال به شبکه است یا خیر و alwaysOnVpnPackage.lockdownEnabled فعال است. اگر روی VPN_LOCKDOWN_ENFORCED تنظیم شود، برنامه مجاز به اتصال به شبکه نیست و اگر روی VPN_LOCKDOWN_EXEMPTION تنظیم شود، برنامه مجاز به اتصال به شبکه است. فقط در دستگاه‌هایی که اندروید ۱۰ و بالاتر را اجرا می‌کنند پشتیبانی می‌شود. اگر این مورد توسط دستگاه پشتیبانی نشود، دستگاه حاوی یک NonComplianceDetail با nonComplianceReason تنظیم شده روی API_LEVEL و یک fieldPath خواهد بود. اگر این مورد برای برنامه قابل اجرا نباشد، دستگاه حاوی یک NonComplianceDetail با nonComplianceReason تنظیم شده روی UNSUPPORTED و یک fieldPath خواهد بود. fieldPath روی applications[i].alwaysOnVpnLockdownExemption تنظیم شده است، که در آن i اندیس بسته در سیاست applications است.

workProfileWidgets

enum ( WorkProfileWidgets )

مشخص می‌کند که آیا برنامه نصب شده در نمایه کاری مجاز به اضافه کردن ابزارک به صفحه اصلی است یا خیر.

credentialProviderPolicy

enum ( CredentialProviderPolicy )

اختیاری. اینکه آیا برنامه مجاز است به عنوان ارائه دهنده اعتبارنامه در اندروید ۱۴ و بالاتر عمل کند یا خیر.

customAppConfig

object ( CustomAppConfig )

اختیاری. پیکربندی برای این برنامه سفارشی.

برای تنظیم این مورد، باید installType روی CUSTOM تنظیم شود.

installConstraint[]

object ( InstallConstraint )

اختیاری. محدودیت‌های نصب برنامه. شما می‌توانید حداکثر یک InstallConstraint تعیین کنید. چندین محدودیت رد می‌شوند.

installPriority

integer

اختیاری. در میان برنامه‌هایی که installType روی: تنظیم شده است

این اولویت نسبی نصب را کنترل می‌کند. مقدار ۰ (پیش‌فرض) به این معنی است که این برنامه هیچ اولویتی نسبت به سایر برنامه‌ها ندارد. برای مقادیر بین ۱ تا ۱۰۰۰۰، مقدار کمتر به معنای اولویت بالاتر است. مقادیر خارج از محدوده ۰ تا ۱۰۰۰۰ رد می‌شوند.

userControlSettings

enum ( UserControlSettings )

اختیاری. مشخص می‌کند که آیا کنترل کاربر برای برنامه مجاز است یا خیر. کنترل کاربر شامل اقدامات کاربر مانند توقف اجباری و پاک کردن داده‌های برنامه می‌شود. انواع خاصی از برنامه‌ها دارای رفتار ویژه‌ای هستند، برای جزئیات بیشتر به USER_CONTROL_SETTINGS_UNSPECIFIED و USER_CONTROL_ALLOWED مراجعه کنید.

preferentialNetworkId

enum ( PreferentialNetworkId )

اختیاری. شناسه شبکه ترجیحی که برنامه از آن استفاده می‌کند. باید پیکربندی برای شناسه شبکه مشخص شده در preferentialNetworkServiceConfigs وجود داشته باشد. اگر روی PREFERENTIAL_NETWORK_ID_UNSPECIFIED تنظیم شود، برنامه از شناسه شبکه پیش‌فرض مشخص شده در defaultPreferentialNetworkId استفاده خواهد کرد. برای لیست برنامه‌هایی که از این پیش‌فرض‌سازی مستثنی هستند، به مستندات defaultPreferentialNetworkId مراجعه کنید. این مورد هم در پروفایل‌های کاری و هم در دستگاه‌های کاملاً مدیریت‌شده در اندروید ۱۳ و بالاتر اعمال می‌شود.

signingKeyCerts[]

object ( ApplicationSigningKeyCert )

اختیاری. امضای گواهی‌های کلیدی برنامه.

این فیلد در موارد زیر الزامی است:

  • installType برنامه روی CUSTOM تنظیم شده است (یعنی یک برنامه سفارشی).
  • roles برنامه روی یک لیست غیرخالی تنظیم شده‌اند و برنامه در فروشگاه Play وجود ندارد.
  • این برنامه دارای تنظیمات extensionConfig است (یعنی یک برنامه افزونه) اما ExtensionConfig.signingKeyFingerprintsSha256 (منسوخ شده) تنظیم نشده است و برنامه در فروشگاه Play وجود ندارد.

اگر این فیلد برای یک برنامه سفارشی تنظیم نشده باشد، خط‌مشی رد می‌شود. اگر در صورت نیاز برای یک برنامه غیرسفارشی تنظیم نشده باشد، NonComplianceDetail با INVALID_VALUE گزارش می‌شود.

برای موارد دیگر، این فیلد اختیاری است و از گواهی‌های کلید امضای دریافت شده از فروشگاه Play استفاده می‌شود.

برای مشاهده نحوه استفاده از این فیلد، تنظیمات خط‌مشی زیر را مشاهده کنید:

roles[]

object ( Role )

اختیاری. نقش‌هایی که برنامه دارد.

برنامه‌هایی که نقش‌های خاصی دارند را می‌توان از محدودیت‌های اجرا در پس‌زمینه و مصرف برق، تعلیق و خواب زمستانی در اندروید ۱۴ و بالاتر معاف کرد. همچنین می‌توان کنترل کاربر را برای برنامه‌هایی با نقش‌های خاص در اندروید ۱۱ و بالاتر غیرفعال کرد. برای جزئیات بیشتر به مستندات هر RoleType مراجعه کنید.

اگر برنامه دارای سرویس دریافت اعلان با <meta-data android:name="com.google.android.managementapi.notification.NotificationReceiverService.SERVICE_APP_ROLES" android:value="" /> در مورد نقش‌هایی که برای آن تنظیم شده است، مطلع می‌شود. هر زمان که نقش‌های آن به‌روزرسانی شوند یا پس از نصب برنامه، زمانی که لیست نقش‌ها خالی نباشد، برنامه مطلع می‌شود. برنامه می‌تواند پس از نصب از این اعلان برای راه‌اندازی مجدد خود استفاده کند. برای جزئیات بیشتر در مورد الزامات سرویس، به راهنماهای Integrate with the AMAPI SDK و Manage app roles مراجعه کنید.

برای اعمال معافیت‌ها و اطلاع‌رسانی به برنامه در مورد نقش‌ها، اثر انگشت گواهی کلید امضای برنامه روی دستگاه باید با یکی از اثر انگشت‌های گواهی کلید امضای به‌دست‌آمده از فروشگاه Play یا یکی از ورودی‌های ApplicationPolicy.signingKeyCerts مطابقت داشته باشد. در غیر این صورت، NonComplianceDetail با APP_SIGNING_CERT_MISMATCH گزارش می‌شود.

نباید نقش‌های تکراری با roleType یکسان وجود داشته باشند. چندین برنامه نمی‌توانند نقشی با roleType یکسان داشته باشند. نقشی با نوع ROLE_TYPE_UNSPECIFIED مجاز نیست.

نوع نصب

نوع نصبی که قرار است برای یک برنامه انجام شود. اگر setupAction به یک برنامه اشاره کند، باید installType آن را روی REQUIRED_FOR_SETUP تنظیم کرده باشید، در غیر این صورت نصب با شکست مواجه خواهد شد.

انوم‌ها
INSTALL_TYPE_UNSPECIFIED نامشخص. پیش‌فرض روی AVAILABLE.
PREINSTALLED این برنامه به صورت خودکار نصب می‌شود و کاربر می‌تواند آن را حذف کند.
FORCE_INSTALLED این برنامه صرف نظر از بازه زمانی تعیین شده برای تعمیر و نگهداری، به طور خودکار نصب می‌شود و کاربر نمی‌تواند آن را حذف کند.
BLOCKED برنامه مسدود شده و قابل نصب نیست. اگر برنامه تحت سیاست قبلی نصب شده باشد، حذف نصب خواهد شد. این امر همچنین عملکرد برنامه فوری آن را مسدود می‌کند.
AVAILABLE برنامه برای نصب در دسترس است.
REQUIRED_FOR_SETUP این برنامه به طور خودکار نصب می‌شود و کاربر نمی‌تواند آن را حذف کند و تا زمان تکمیل نصب، از تکمیل تنظیمات جلوگیری می‌کند.
KIOSK

برنامه به طور خودکار در حالت کیوسک نصب می‌شود: به عنوان مقصد اصلی ترجیحی تنظیم شده و برای حالت وظیفه قفل در لیست سفید قرار می‌گیرد. راه‌اندازی دستگاه تا زمانی که برنامه نصب نشود، کامل نمی‌شود. پس از نصب، کاربران نمی‌توانند برنامه را حذف کنند. شما فقط می‌توانید این installType برای هر برنامه در هر خط‌مشی تنظیم کنید. وقتی این در خط‌مشی وجود داشته باشد، نوار وضعیت به طور خودکار غیرفعال می‌شود.

اگر برنامه‌ای با نقش KIOSK وجود داشته باشد، این نوع نصب را نمی‌توان برای هیچ برنامه‌ای تنظیم کرد.

CUSTOM

این برنامه فقط از طریق دستور AMAPI SDK قابل نصب و به‌روزرسانی است.

توجه:

  • این فقط روی دستگاه‌های کاملاً مدیریت‌شده تأثیر می‌گذارد.
  • فیلدهای مرتبط با Play شامل minimumVersionCode ، accessibleTrackIds ، autoUpdateMode ، installConstraint و installPriority را نمی‌توان برای برنامه تنظیم کرد.
  • این برنامه در فروشگاه Play موجود نیست.
  • برنامه نصب شده روی دستگاه، applicationSource را روی CUSTOM تنظیم کرده است.
  • اثر انگشت گواهی کلید امضای برنامه روی دستگاه باید با یکی از ورودی‌های ApplicationPolicy.signingKeyCerts مطابقت داشته باشد. در غیر این صورت، خطای NonComplianceDetail با APP_SIGNING_CERT_MISMATCH گزارش می‌شود.
  • تغییر installType به و از CUSTOM ، در صورتی که اثر انگشت گواهی کلید امضای برنامه فعلی با اثر انگشت موجود در منبع برنامه جدید مطابقت نداشته باشد، آن را حذف نصب می‌کند.
  • حذف برنامه از applications ، در صورتی که برنامه‌ی فعلی با playStoreMode مطابقت داشته باشد، آن را حذف نصب نمی‌کند.
  • همچنین به customAppConfig مراجعه کنید.
  • این با ویژگی انتشار سفارشی اپلیکیشن گوگل پلی متفاوت است.

سیاست مجوزها

سیاست اعطای درخواست مجوز به برنامه‌ها.

انوم‌ها
PERMISSION_POLICY_UNSPECIFIED خط‌مشی مشخص نشده است. اگر هیچ خط‌مشی برای مجوزی در هیچ سطحی مشخص نشده باشد، رفتار PROMPT به طور پیش‌فرض استفاده می‌شود.
PROMPT از کاربر بخواهید که مجوزی را اعطا کند.
GRANT

به طور خودکار مجوز اعطا کند.

در اندروید ۱۲ و بالاتر، مجوزهای READ_SMS و مجوزهای مرتبط با حسگر زیر فقط در دستگاه‌های کاملاً مدیریت‌شده قابل اعطا هستند:

DENY به طور خودکار یک مجوز را رد کنید.

مجوز

پیکربندی برای یک مجوز اندروید و وضعیت اعطای آن.

نمایش JSON 
{
  "permission": string,
  "policy": enum (PermissionPolicy)
}
فیلدها
permission

string

مجوز یا گروه اندروید، مثلاً android.permission.READ_CALENDAR یا android.permission_group.CALENDAR .

policy

enum ( PermissionPolicy )

سیاست اعطای مجوز.

محدوده واگذار شده

حوزه‌های واگذاری اختیارات (Delegation scopes) که یک بسته دیگر می‌تواند از خط‌مشی دستگاه اندروید (Android Device Policy) به دست آورد. این حوزه‌ها، امتیازات اضافی را برای برنامه‌هایی که به آنها اعمال می‌شوند، فراهم می‌کنند.

انوم‌ها
DELEGATED_SCOPE_UNSPECIFIED هیچ محدوده تفویض اختیار مشخص نشده است.
CERT_INSTALL دسترسی به نصب و مدیریت گواهی را اعطا می‌کند. این حوزه را می‌توان به چندین برنامه واگذار کرد.
MANAGED_CONFIGURATIONS دسترسی به مدیریت پیکربندی‌های مدیریت‌شده را اعطا می‌کند. این حوزه را می‌توان به چندین برنامه واگذار کرد.
BLOCK_UNINSTALL دسترسی به مسدود کردن حذف نصب را می‌دهد. این محدوده را می‌توان به چندین برنامه واگذار کرد.
PERMISSION_GRANT دسترسی به سیاست مجوز و وضعیت اعطای مجوز را اعطا می‌کند. این محدوده را می‌توان به چندین برنامه واگذار کرد.
PACKAGE_ACCESS دسترسی به وضعیت دسترسی به بسته را اعطا می‌کند. این محدوده را می‌توان به چندین برنامه واگذار کرد.
ENABLE_SYSTEM_APP دسترسی برای فعال کردن برنامه‌های سیستمی را اعطا می‌کند. این محدوده را می‌توان به چندین برنامه واگذار کرد.
NETWORK_ACTIVITY_LOGS دسترسی به گزارش‌های فعالیت شبکه را اعطا می‌کند. به برنامه‌ی واگذار شده اجازه می‌دهد تا متدهای setNetworkLoggingEnabled ، isNetworkLoggingEnabled و retrieveNetworkLogs فراخوانی کند. این محدوده می‌تواند حداکثر به یک برنامه واگذار شود. برای دستگاه‌های کاملاً مدیریت‌شده در اندروید ۱۰ و بالاتر پشتیبانی می‌شود. برای یک پروفایل کاری در اندروید ۱۲ و بالاتر پشتیبانی می‌شود. هنگامی که واگذاری پشتیبانی و تنظیم می‌شود، NETWORK_ACTIVITY_LOGS نادیده گرفته می‌شود.
SECURITY_LOGS دسترسی به گزارش‌های امنیتی را اعطا می‌کند. به برنامه‌ی واگذار شده اجازه می‌دهد تا متدهای setSecurityLoggingEnabled ، isSecurityLoggingEnabled ، retrieveSecurityLogs و retrievePreRebootSecurityLogs را فراخوانی کند. این محدوده می‌تواند حداکثر به یک برنامه واگذار شود. برای دستگاه‌های کاملاً مدیریت شده و دستگاه‌های متعلق به شرکت با نمایه کاری در اندروید ۱۲ و بالاتر پشتیبانی می‌شود. هنگامی که واگذاری پشتیبانی و تنظیم می‌شود، SECURITY_LOGS نادیده گرفته می‌شود.
CERT_SELECTION Grants access to selection of KeyChain certificates on behalf of requesting apps. Once granted, the delegated application will start receiving DelegatedAdminReceiver#onChoosePrivateKeyAlias . Allows the delegated application to call grantKeyPairToApp and revokeKeyPairFromApp methods. This scope can be delegated to at most one application. choosePrivateKeyRules must be empty and privateKeySelectionEnabled has no effect if certificate selection is delegated to an application.

ManagedConfigurationTemplate

The managed configurations template for the app, saved from the managed configurations iframe .

JSON representation 
{
  "templateId": string,
  "configurationVariables": {
    string: string,
    ...
  }
}
فیلدها
templateId

string

The ID of the managed configurations template.

configurationVariables

map (key: string, value: string)

Optional, a map containing <key, value> configuration variables defined for the configuration.

An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" } .

ConnectedWorkAndPersonalApp

Controls whether the app can communicate with itself cross-profile, subject to user consent.

انوم‌ها
CONNECTED_WORK_AND_PERSONAL_APP_UNSPECIFIED Unspecified. Defaults to CONNECTED_WORK_AND_PERSONAL_APPS_DISALLOWED.
CONNECTED_WORK_AND_PERSONAL_APP_DISALLOWED Default. Prevents the app from communicating cross-profile.
CONNECTED_WORK_AND_PERSONAL_APP_ALLOWED Allows the app to communicate across profiles after receiving user consent.

AutoUpdateMode

Controls the auto-update mode for the app. If a device user makes changes to the device settings manually, these choices are ignored by AutoUpdateMode as it takes precedence.

انوم‌ها
AUTO_UPDATE_MODE_UNSPECIFIED Unspecified. Defaults to AUTO_UPDATE_DEFAULT .
AUTO_UPDATE_DEFAULT

The default update mode.

The app is automatically updated with low priority to minimize the impact on the user.

The app is updated when all of the following constraints are met:

  • The device is not actively used.
  • The device is connected to an unmetered network.
  • The device is charging.
  • The app to be updated is not running in the foreground.

The device is notified about a new update within 24 hours after it is published by the developer, after which the app is updated the next time the constraints above are met.

AUTO_UPDATE_POSTPONED

The app is not automatically updated for a maximum of 90 days after the app becomes out of date.

90 days after the app becomes out of date, the latest available version is installed automatically with low priority (see AUTO_UPDATE_DEFAULT ). After the app is updated it is not automatically updated again until 90 days after it becomes out of date again.

The user can still manually update the app from the Play Store at any time.

AUTO_UPDATE_HIGH_PRIORITY

The app is updated as soon as possible. No constraints are applied.

The device is notified as soon as possible about a new update after it becomes available.

NOTE: Updates to apps with larger deployments across Android's ecosystem can take up to 24h.

ExtensionConfig

Configuration to enable an app as an extension app, with the capability of interacting with Android Device Policy offline. For Android versions 11 and above, extension apps are exempt from battery restrictions so will not be placed into the restricted App Standby Bucket . Extensions apps are also protected against users clearing their data or force-closing the application, although admins can continue to use the clear app data command on extension apps if needed for Android 11 and above.

JSON representation 
{
  "signingKeyFingerprintsSha256": [
    string
  ],
  "notificationReceiver": string
}
فیلدها
signingKeyFingerprintsSha256[]
(deprecated)

string

Hex-encoded SHA-256 hashes of the signing key certificates of the extension app. Only hexadecimal string representations of 64 characters are valid.

The signing key certificate fingerprints are always obtained from the Play Store and this field is used to provide additional signing key certificate fingerprints. However, if the application is not available on the Play Store, this field needs to be set. A NonComplianceDetail with INVALID_VALUE is reported if this field is not set when the application is not available on the Play Store.

The signing key certificate fingerprint of the extension app on the device must match one of the signing key certificate fingerprints obtained from the Play Store or the ones provided in this field for the app to be able to communicate with Android Device Policy.

In production use cases, it is recommended to leave this empty.

notificationReceiver
(deprecated)

string

Fully qualified class name of the receiver service class for Android Device Policy to notify the extension app of any local command status updates. The service must be exported in the extension app's AndroidManifest.xml and extend NotificationReceiverService (see Integrate with the AMAPI SDK guide for more details).

AlwaysOnVpnLockdownExemption

Controls whether an app is exempt from the alwaysOnVpnPackage.lockdownEnabled setting.

انوم‌ها
ALWAYS_ON_VPN_LOCKDOWN_EXEMPTION_UNSPECIFIED Unspecified. Defaults to VPN_LOCKDOWN_ENFORCED .
VPN_LOCKDOWN_ENFORCED The app respects the always-on VPN lockdown setting.
VPN_LOCKDOWN_EXEMPTION The app is exempt from the always-on VPN lockdown setting.

WorkProfileWidgets

Controls if a work profile application is allowed to add widgets to the home screen.

انوم‌ها
WORK_PROFILE_WIDGETS_UNSPECIFIED Unspecified. Defaults to workProfileWidgetsDefault
WORK_PROFILE_WIDGETS_ALLOWED Work profile widgets are allowed. This means the application will be able to add widgets to the home screen.
WORK_PROFILE_WIDGETS_DISALLOWED Work profile widgets are disallowed. This means the application will not be able to add widgets to the home screen.

CredentialProviderPolicy

Whether the app is allowed to act as a credential provider on Android 14 and above.

انوم‌ها
CREDENTIAL_PROVIDER_POLICY_UNSPECIFIED Unspecified. The behaviour is governed by credentialProviderPolicyDefault .
CREDENTIAL_PROVIDER_ALLOWED App is allowed to act as a credential provider.

CustomAppConfig

Configuration for a custom app.

JSON representation 
{
  "userUninstallSettings": enum (UserUninstallSettings)
}
فیلدها
userUninstallSettings

enum ( UserUninstallSettings )

Optional. User uninstall settings of the custom app.

UserUninstallSettings

Specifies if a user is allowed to uninstall the custom app.

انوم‌ها
USER_UNINSTALL_SETTINGS_UNSPECIFIED Unspecified. Defaults to DISALLOW_UNINSTALL_BY_USER .
DISALLOW_UNINSTALL_BY_USER User is not allowed to uninstall the custom app.
ALLOW_UNINSTALL_BY_USER User is allowed to uninstall the custom app.

InstallConstraint

Amongst apps with InstallType set to:

this defines a set of restrictions for the app installation. At least one of the fields must be set. When multiple fields are set, then all the constraints need to be satisfied for the app to be installed.

JSON representation 
{
  "networkTypeConstraint": enum (NetworkTypeConstraint),
  "chargingConstraint": enum (ChargingConstraint),
  "deviceIdleConstraint": enum (DeviceIdleConstraint)
}
فیلدها
networkTypeConstraint

enum ( NetworkTypeConstraint )

Optional. Network type constraint.

chargingConstraint

enum ( ChargingConstraint )

Optional. Charging constraint.

deviceIdleConstraint

enum ( DeviceIdleConstraint )

Optional. Device idle constraint.

NetworkTypeConstraint

Network type constraint.

انوم‌ها
NETWORK_TYPE_CONSTRAINT_UNSPECIFIED Unspecified. Default to INSTALL_ON_ANY_NETWORK .
INSTALL_ON_ANY_NETWORK Any active networks (Wi-Fi, cellular, etc.).
INSTALL_ONLY_ON_UNMETERED_NETWORK Any unmetered network (eg Wi-FI).

ChargingConstraint

Charging constraint.

انوم‌ها
CHARGING_CONSTRAINT_UNSPECIFIED Unspecified. Default to CHARGING_NOT_REQUIRED .
CHARGING_NOT_REQUIRED Device doesn't have to be charging.
INSTALL_ONLY_WHEN_CHARGING Device has to be charging.

DeviceIdleConstraint

Device idle state constraint.

انوم‌ها
DEVICE_IDLE_CONSTRAINT_UNSPECIFIED Unspecified. Default to DEVICE_IDLE_NOT_REQUIRED .
DEVICE_IDLE_NOT_REQUIRED Device doesn't have to be idle, app can be installed while the user is interacting with the device.
INSTALL_ONLY_WHEN_DEVICE_IDLE Device has to be idle.

UserControlSettings

Specifies whether user control is permitted for a given app. User control includes user actions like force-stopping and clearing app data.

انوم‌ها
USER_CONTROL_SETTINGS_UNSPECIFIED

Uses the default behaviour of the app to determine if user control is allowed or disallowed. User control is allowed by default for most apps but disallowed for following types of apps:

  • extension apps (see extensionConfig for more details)
  • kiosk apps (see KIOSK install type for more details)
  • apps with roles set to a nonempty list
  • other critical system apps
USER_CONTROL_ALLOWED

User control is allowed for the app. Kiosk apps can use this to allow user control. For extension apps (see extensionConfig for more details), user control is disallowed even if this value is set.

For apps with roles set to a nonempty list (except roles containing only KIOSK role), this value cannot be set.

For kiosk apps (see KIOSK install type and KIOSK role type for more details), this value can be used to allow user control.

USER_CONTROL_DISALLOWED User control is disallowed for the app. This is supported on Android 11 and above. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 11.

PreferentialNetworkId

Preferential network identifier.

انوم‌ها
PREFERENTIAL_NETWORK_ID_UNSPECIFIED Whether this value is valid and what it means depends on where it is used, and this is documented on the relevant fields.
NO_PREFERENTIAL_NETWORK Application does not use any preferential network.
PREFERENTIAL_NETWORK_ID_ONE Preferential network identifier 1.
PREFERENTIAL_NETWORK_ID_TWO Preferential network identifier 2.
PREFERENTIAL_NETWORK_ID_THREE Preferential network identifier 3.
PREFERENTIAL_NETWORK_ID_FOUR Preferential network identifier 4.
PREFERENTIAL_NETWORK_ID_FIVE Preferential network identifier 5.

ApplicationSigningKeyCert

The application signing key certificate.

JSON representation 
{
  "signingKeyCertFingerprintSha256": string
}
فیلدها
signingKeyCertFingerprintSha256

string ( bytes format)

Required. The SHA-256 hash value of the signing key certificate of the app. This must be a valid SHA-256 hash value, ie 32 bytes. Otherwise, the policy is rejected.

A base64-encoded string.

نقش

Role an app can have.

JSON representation 
{
  "roleType": enum (RoleType)
}
فیلدها
roleType

enum ( RoleType )

Required. The type of the role an app can have.

RoleType

The type of the role an app can hold.

انوم‌ها
ROLE_TYPE_UNSPECIFIED The role type is unspecified. This value must not be used.
COMPANION_APP

The role type for companion apps. This role enables the app as a companion app with the capability of interacting with Android Device Policy offline. This is the recommended way to configure an app as a companion app. For legacy way, see extensionConfig .

On Android 14 and above, the app with this role is exempted from power and background execution restrictions, suspension and hibernation. On Android 11 and above, the user control is disallowed for the app with this role. userControlSettings cannot be set to USER_CONTROL_ALLOWED for the app with this role.

Android Device Policy notifies the companion app of any local command status updates if the app has a service with <meta-data android:name="com.google.android.managementapi.notification.NotificationReceiverService.SERVICE_COMMAND_STATUS" android:value="" /> . See Integrate with the AMAPI SDK guide for more details on the requirements for the service.

KIOSK

The role type for kiosk apps. An app can have this role only if it has installType set to REQUIRED_FOR_SETUP or CUSTOM . Before adding this role to an app with CUSTOM install type, the app must already be installed on the device.

The app having this role type is set as the preferred home intent and allowlisted for lock task mode. When there is an app with this role type, status bar will be automatically disabled.

This is preferable to setting installType to KIOSK .

On Android 11 and above, the user control is disallowed but userControlSettings can be set to USER_CONTROL_ALLOWED to allow user control for the app with this role.

MOBILE_THREAT_DEFENSE_ENDPOINT_DETECTION_RESPONSE

The role type for Mobile Threat Defense (MTD) / Endpoint Detection & Response (EDR) apps.

On Android 14 and above, the app with this role is exempted from power and background execution restrictions, suspension and hibernation. On Android 11 and above, the user control is disallowed and userControlSettings cannot be set to USER_CONTROL_ALLOWED for the app with this role.

SYSTEM_HEALTH_MONITORING

The role type for system health monitoring apps.

On Android 14 and above, the app with this role is exempted from power and background execution restrictions, suspension and hibernation. On Android 11 and above, the user control is disallowed and userControlSettings cannot be set to USER_CONTROL_ALLOWED for the app with this role.

KeyguardDisabledFeature

Keyguard (lock screen) features that can be disabled..

انوم‌ها
KEYGUARD_DISABLED_FEATURE_UNSPECIFIED This value is ignored.
CAMERA Disable the camera on secure keyguard screens (eg PIN).
NOTIFICATIONS Disable showing all notifications on secure keyguard screens.
UNREDACTED_NOTIFICATIONS Disable unredacted notifications on secure keyguard screens.
TRUST_AGENTS Ignore trust agent state on secure keyguard screens.
DISABLE_FINGERPRINT Disable fingerprint sensor on secure keyguard screens.
DISABLE_REMOTE_INPUT On devices running Android 6 and below, disables text entry into notifications on secure keyguard screens. Has no effect on Android 7 and above.
FACE Disable face authentication on secure keyguard screens.
IRIS Disable iris authentication on secure keyguard screens.
BIOMETRICS Disable all biometric authentication on secure keyguard screens.
SHORTCUTS Disable all shortcuts on secure keyguard screen on Android 14 and above.
ALL_FEATURES Disable all current and future keyguard customizations.

PersistentPreferredActivity

A default activity for handling intents that match a particular intent filter. Note: To set up a kiosk, use InstallType to KIOSK rather than use persistent preferred activities.

JSON representation 
{
  "receiverActivity": string,
  "actions": [
    string
  ],
  "categories": [
    string
  ]
}
فیلدها
receiverActivity

string

The activity that should be the default intent handler. This should be an Android component name, eg com.android.enterprise.app/.MainActivity . Alternatively, the value may be the package name of an app, which causes Android Device Policy to choose an appropriate activity from the app to handle the intent.

actions[]

string

The intent actions to match in the filter. If any actions are included in the filter, then an intent's action must be one of those values for it to match. If no actions are included, the intent action is ignored.

categories[]

string

The intent categories to match in the filter. An intent includes the categories that it requires, all of which must be included in the filter in order to match. In other words, adding a category to the filter has no impact on matching unless that category is specified in the intent.

SystemUpdate

Configuration for managing system updates

Note: Google Play system updates (also called Mainline updates) are automatically downloaded but require a device reboot to be installed. Refer to the mainline section in Manage system updates for further details.

JSON representation 
{
  "type": enum (SystemUpdateType),
  "startMinutes": integer,
  "endMinutes": integer,
  "freezePeriods": [
    {
      object (FreezePeriod)
    }
  ]
}
فیلدها
type

enum ( SystemUpdateType )

The type of system update to configure.

startMinutes

integer

If the type is WINDOWED , the start of the maintenance window, measured as the number of minutes after midnight in the device's local time. This value must be between 0 and 1439, inclusive.

endMinutes

integer

If the type is WINDOWED , the end of the maintenance window, measured as the number of minutes after midnight in device's local time. This value must be between 0 and 1439, inclusive. If this value is less than startMinutes , then the maintenance window spans midnight. If the maintenance window specified is smaller than 30 minutes, the actual window is extended to 30 minutes beyond the start time.

freezePeriods[]

object ( FreezePeriod )

An annually repeating time period in which over-the-air (OTA) system updates are postponed to freeze the OS version running on a device. To prevent freezing the device indefinitely, each freeze period must be separated by at least 60 days.

SystemUpdateType

The type of system update configuration.

انوم‌ها
SYSTEM_UPDATE_TYPE_UNSPECIFIED Follow the default update behavior for the device, which typically requires the user to accept system updates.
AUTOMATIC Install automatically as soon as an update is available.
WINDOWED

Install automatically within a daily maintenance window. This also configures Play apps to be updated within the window. This is strongly recommended for kiosk devices because this is the only way apps persistently pinned to the foreground can be updated by Play.

If autoUpdateMode is set to AUTO_UPDATE_HIGH_PRIORITY for an app, then the maintenance window is ignored for that app and it is updated as soon as possible even outside of the maintenance window.

POSTPONE Postpone automatic install up to a maximum of 30 days. This policy does not affect security updates (eg monthly security patches).

FreezePeriod

A system freeze period. When a device's clock is within the freeze period, all incoming system updates (including security patches) are blocked and won't be installed.

When the device is outside any set freeze periods, the normal policy behavior (automatic, windowed, or postponed) applies.

Leap years are ignored in freeze period calculations, in particular:

  • If Feb. 29th is set as the start or end date of a freeze period, the freeze period will start or end on Feb. 28th instead.
  • When a device's system clock reads Feb. 29th, it's treated as Feb. 28th.
  • When calculating the number of days in a freeze period or the time between two freeze periods, Feb. 29th is ignored and not counted as a day.

Note: For Freeze Periods to take effect, SystemUpdateType cannot be specified as SYSTEM_UPDATE_TYPE_UNSPECIFIED , because freeze periods require a defined policy to be specified.

JSON representation 
{
  "startDate": {
    object (Date)
  },
  "endDate": {
    object (Date)
  }
}
فیلدها
startDate

object ( Date )

The start date (inclusive) of the freeze period. Note: day and month must be set. year should not be set as it is not used. For example, {"month": 1,"date": 30} .

endDate

object ( Date )

The end date (inclusive) of the freeze period. Must be no later than 90 days from the start date. If the end date is earlier than the start date, the freeze period is considered wrapping year-end. Note: day and month must be set. year should not be set as it is not used. For example, {"month": 1,"date": 30} .

تاریخ

Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following:

  • A full date, with non-zero year, month, and day values.
  • A month and day, with a zero year (for example, an anniversary).
  • A year on its own, with a zero month and a zero day.
  • A year and month, with a zero day (for example, a credit card expiration date).

Related types:

JSON representation 
{
  "year": integer,
  "month": integer,
  "day": integer
}
فیلدها
year

integer

Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

month

integer

Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

day

integer

Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

StatusReportingSettings

Settings controlling the behavior of status reports.

JSON representation 
{
  "applicationReportsEnabled": boolean,
  "deviceSettingsEnabled": boolean,
  "softwareInfoEnabled": boolean,
  "memoryInfoEnabled": boolean,
  "networkInfoEnabled": boolean,
  "displayInfoEnabled": boolean,
  "powerManagementEventsEnabled": boolean,
  "hardwareStatusEnabled": boolean,
  "systemPropertiesEnabled": boolean,
  "applicationReportingSettings": {
    object (ApplicationReportingSettings)
  },
  "commonCriteriaModeEnabled": boolean,
  "defaultApplicationInfoReportingEnabled": boolean
}
فیلدها
applicationReportsEnabled

boolean

Whether app reports are enabled.

deviceSettingsEnabled

boolean

Whether device settings reporting is enabled.

softwareInfoEnabled

boolean

Whether software info reporting is enabled.

memoryInfoEnabled

boolean

Whether memory event reporting is enabled.

networkInfoEnabled

boolean

Whether network info reporting is enabled.

displayInfoEnabled

boolean

Whether displays reporting is enabled. Report data is not available for personally owned devices with work profiles.

powerManagementEventsEnabled

boolean

Whether power management event reporting is enabled. Report data is not available for personally owned devices with work profiles.

hardwareStatusEnabled

boolean

Whether hardware status reporting is enabled. Report data is not available for personally owned devices with work profiles.

systemPropertiesEnabled

boolean

Whether system properties reporting is enabled.

applicationReportingSettings

object ( ApplicationReportingSettings )

Application reporting settings. Only applicable if applicationReportsEnabled is true.

commonCriteriaModeEnabled

boolean

Whether Common Criteria Mode reporting is enabled. This is supported only on company-owned devices.

defaultApplicationInfoReportingEnabled

boolean

Optional. Whether defaultApplicationInfo reporting is enabled.

ApplicationReportingSettings

Settings controlling the behavior of application reports.

JSON representation 
{
  "includeRemovedApps": boolean
}
فیلدها
includeRemovedApps

boolean

Whether removed apps are included in application reports.

PackageNameList

A list of package names.

JSON representation 
{
  "packageNames": [
    string
  ]
}
فیلدها
packageNames[]

string

A list of package names.

BatteryPluggedMode

Modes for plugging in the battery.

انوم‌ها
BATTERY_PLUGGED_MODE_UNSPECIFIED This value is ignored.
AC Power source is an AC charger.
USB Power source is a USB port.
WIRELESS Power source is wireless.

ProxyInfo

Configuration info for an HTTP proxy. For a direct proxy, set the host , port , and excludedHosts fields. For a PAC script proxy, set the pacUri field.

JSON representation 
{
  "host": string,
  "port": integer,
  "excludedHosts": [
    string
  ],
  "pacUri": string
}
فیلدها
host

string

The host of the direct proxy.

port

integer

The port of the direct proxy.

excludedHosts[]

string

For a direct proxy, the hosts for which the proxy is bypassed. The host names may contain wildcards such as *.example.com.

pacUri

string

The URI of the PAC script used to configure the proxy.

ChoosePrivateKeyRule

Controls apps' access to private keys. The rule determines which private key, if any, Android Device Policy grants to the specified app. Access is granted either when the app calls KeyChain.choosePrivateKeyAlias (or any overloads) to request a private key alias for a given URL, or for rules that are not URL-specific (that is, if urlPattern is not set, or set to the empty string or .* ) on Android 11 and above, directly so that the app can call KeyChain.getPrivateKey , without first having to call KeyChain.choosePrivateKeyAlias .

When an app calls KeyChain.choosePrivateKeyAlias if more than one choosePrivateKeyRules matches, the last matching rule defines which key alias to return.

JSON representation 
{
  "urlPattern": string,
  "packageNames": [
    string
  ],
  "privateKeyAlias": string
}
فیلدها
urlPattern

string

The URL pattern to match against the URL of the request. If not set or empty, it matches all URLs. This uses the regular expression syntax of java.util.regex.Pattern .

packageNames[]

string

The package names to which this rule applies. The signing key certificate fingerprint of the app is verified against the signing key certificate fingerprints provided by Play Store and ApplicationPolicy.signingKeyCerts . If no package names are specified, then the alias is provided to all apps that call KeyChain.choosePrivateKeyAlias or any overloads (but not without calling KeyChain.choosePrivateKeyAlias , even on Android 11 and above). Any app with the same Android UID as a package specified here will have access when they call KeyChain.choosePrivateKeyAlias .

privateKeyAlias

string

The alias of the private key to be used.

AlwaysOnVpnPackage

Configuration for an always-on VPN connection.

JSON representation 
{
  "packageName": string,
  "lockdownEnabled": boolean
}
فیلدها
packageName

string

The package name of the VPN app.

lockdownEnabled

boolean

Disallows networking when the VPN is not connected.

LocationMode

The degree of location detection enabled on work profile and fully managed devices.

انوم‌ها
LOCATION_MODE_UNSPECIFIED Defaults to LOCATION_USER_CHOICE .
HIGH_ACCURACY

On Android 8 and below, all location detection methods are enabled, including GPS, networks, and other sensors. On Android 9 and above, this is equivalent to LOCATION_ENFORCED .

SENSORS_ONLY

On Android 8 and below, only GPS and other sensors are enabled. On Android 9 and above, this is equivalent to LOCATION_ENFORCED .

BATTERY_SAVING

On Android 8 and below, only the network location provider is enabled. On Android 9 and above, this is equivalent to LOCATION_ENFORCED .

OFF

On Android 8 and below, location setting and accuracy are disabled. On Android 9 and above, this is equivalent to LOCATION_DISABLED .

LOCATION_USER_CHOICE Location setting is not restricted on the device. No specific behavior is set or enforced.
LOCATION_ENFORCED Enable location setting on the device.
LOCATION_DISABLED Disable location setting on the device.

ComplianceRule

A rule declaring which mitigating actions to take when a device is not compliant with its policy. For every rule, there is always an implicit mitigating action to set policyCompliant to false for the Device resource, and display a message on the device indicating that the device is not compliant with its policy. Other mitigating actions may optionally be taken as well, depending on the field values in the rule.

JSON representation 
{
  "disableApps": boolean,
  "packageNamesToDisable": [
    string
  ],

  // Union field condition can be only one of the following:
  "nonComplianceDetailCondition": {
    object (NonComplianceDetailCondition)
  },
  "apiLevelCondition": {
    object (ApiLevelCondition)
  }
  // End of list of possible types for union field condition.
}
فیلدها
disableApps

boolean

If set to true, the rule includes a mitigating action to disable apps so that the device is effectively disabled, but app data is preserved. If the device is running an app in locked task mode, the app will be closed and a UI showing the reason for non-compliance will be displayed.

packageNamesToDisable[]

string

If set, the rule includes a mitigating action to disable apps specified in the list, but app data is preserved.

Union field condition . The condition, which when satisfied, triggers the mitigating actions defined in the rule. Exactly one of the conditions must be set. condition can be only one of the following:
nonComplianceDetailCondition

object ( NonComplianceDetailCondition )

A condition which is satisfied if there exists any matching NonComplianceDetail for the device.

apiLevelCondition

object ( ApiLevelCondition )

A condition which is satisfied if the Android Framework API level on the device doesn't meet a minimum requirement.

NonComplianceDetailCondition

A compliance rule condition which is satisfied if there exists any matching NonComplianceDetail for the device. A NonComplianceDetail matches a NonComplianceDetailCondition if all the fields which are set within the NonComplianceDetailCondition match the corresponding NonComplianceDetail fields.

JSON representation 
{
  "settingName": string,
  "nonComplianceReason": enum (NonComplianceReason),
  "packageName": string
}
فیلدها
settingName

string

The name of the policy setting. This is the JSON field name of a top-level Policy field. If not set, then this condition matches any setting name.

nonComplianceReason

enum ( NonComplianceReason )

The reason the device is not in compliance with the setting. If not set, then this condition matches any reason.

packageName

string

The package name of the app that's out of compliance. If not set, then this condition matches any package name.

ApiLevelCondition

A compliance rule condition which is satisfied if the Android Framework API level on the device doesn't meet a minimum requirement. There can only be one rule with this type of condition per policy.

JSON representation 
{
  "minApiLevel": integer
}
فیلدها
minApiLevel

integer

The minimum desired Android Framework API level. If the device doesn't meet the minimum requirement, this condition is satisfied. Must be greater than zero.

AppAutoUpdatePolicy

Recommended alternative: autoUpdateMode which is set per app, provides greater flexibility around update frequency.

When autoUpdateMode is set to AUTO_UPDATE_POSTPONED or AUTO_UPDATE_HIGH_PRIORITY , this field has no effect.

The app auto-update policy, which controls when automatic app updates can be applied.

انوم‌ها
APP_AUTO_UPDATE_POLICY_UNSPECIFIED The auto-update policy is not set. Equivalent to CHOICE_TO_THE_USER .
CHOICE_TO_THE_USER The user can control auto-updates.
NEVER Apps are never auto-updated.
WIFI_ONLY Apps are auto-updated over Wi-Fi only.
ALWAYS Apps are auto-updated at any time. Data charges may apply.

AppTrack

A Google Play app release track.

انوم‌ها
APP_TRACK_UNSPECIFIED This value is ignored.
PRODUCTION The production track, which provides the latest stable release.
BETA The beta track, which provides the latest beta release.

EncryptionPolicy

Type of encryption

انوم‌ها
ENCRYPTION_POLICY_UNSPECIFIED This value is ignored, ie no encryption required
ENABLED_WITHOUT_PASSWORD Encryption required but no password required to boot
ENABLED_WITH_PASSWORD Encryption required with password required to boot

PlayStoreMode

Possible values for Play Store mode policy.

انوم‌ها
PLAY_STORE_MODE_UNSPECIFIED Unspecified. Defaults to WHITELIST.
WHITELIST Only apps that are in the policy are available and any app not in the policy will be automatically uninstalled from the device.
BLACKLIST All apps are available and any app that should not be on the device should be explicitly marked as 'BLOCKED' in the applications policy.

SetupAction

An action executed during setup.

JSON representation 
{
  "title": {
    object (UserFacingMessage)
  },
  "description": {
    object (UserFacingMessage)
  },

  // Union field action can be only one of the following:
  "launchApp": {
    object (LaunchAppAction)
  }
  // End of list of possible types for union field action.
}
فیلدها
title

object ( UserFacingMessage )

Title of this action.

description

object ( UserFacingMessage )

Description of this action.

Union field action . The action to execute during setup. action can be only one of the following:
launchApp

object ( LaunchAppAction )

An action to launch an app. The app will be launched with an intent containing an extra with key com.google.android.apps.work.clouddpc.EXTRA_LAUNCHED_AS_SETUP_ACTION set to the boolean value true to indicate that this is a setup action flow. If SetupAction references an app, the corresponding installType in the application policy must be set as REQUIRED_FOR_SETUP or said setup will fail.

LaunchAppAction

An action to launch an app.

JSON representation 
{

  // Union field launch can be only one of the following:
  "packageName": string
  // End of list of possible types for union field launch.
}
فیلدها
Union field launch . Description of launch action to be executed launch can be only one of the following:
packageName

string

Package name of app to be launched

PolicyEnforcementRule

A rule that defines the actions to take if a device or work profile is not compliant with the policy specified in settingName . In the case of multiple matching or multiple triggered enforcement rules, a merge will occur with the most severe action being taken. However, all triggered rules are still kept track of: this includes initial trigger time and all associated non-compliance details. In the situation where the most severe enforcement rule is satisfied, the next most appropriate action is applied.

JSON representation 
{
  "blockAction": {
    object (BlockAction)
  },
  "wipeAction": {
    object (WipeAction)
  },

  // Union field trigger can be only one of the following:
  "settingName": string
  // End of list of possible types for union field trigger.
}
فیلدها
blockAction

object ( BlockAction )

An action to block access to apps and data on a company owned device or in a work profile. This action also triggers a user-facing notification with information (where possible) on how to correct the compliance issue. Note: wipeAction must also be specified.

wipeAction

object ( WipeAction )

An action to reset a company owned device or delete a work profile. Note: blockAction must also be specified.

Union field trigger . Condition which will trigger this rule. trigger can be only one of the following:
settingName

string

The top-level policy to enforce. For example, applications or passwordPolicies .

BlockAction

An action to block access to apps and data on a fully managed device or in a work profile. This action also triggers a device or work profile to displays a user-facing notification with information (where possible) on how to correct the compliance issue. Note: wipeAction must also be specified.

JSON representation 
{
  "blockAfterDays": integer,
  "blockScope": enum (BlockScope)
}
فیلدها
blockAfterDays

integer

Number of days the policy is non-compliant before the device or work profile is blocked. To block access immediately, set to 0. blockAfterDays must be less than wipeAfterDays .

blockScope

enum ( BlockScope )

Specifies the scope of this BlockAction . Only applicable to devices that are company-owned.

BlockScope

Specifies the scope of BlockAction . Only applicable to devices that are company-owned.

انوم‌ها
BLOCK_SCOPE_UNSPECIFIED Unspecified. Defaults to BLOCK_SCOPE_WORK_PROFILE .
BLOCK_SCOPE_WORK_PROFILE Block action is only applied to apps in the work profile. Apps in the personal profile are unaffected.
BLOCK_SCOPE_DEVICE Block action is applied to the entire device, including apps in the personal profile.

WipeAction

An action to reset a company owned device or delete a work profile. Note: blockAction must also be specified.

JSON representation 
{
  "wipeAfterDays": integer,
  "preserveFrp": boolean
}
فیلدها
wipeAfterDays

integer

Number of days the policy is non-compliant before the device or work profile is wiped. wipeAfterDays must be greater than blockAfterDays .

preserveFrp

boolean

Whether the factory-reset protection data is preserved on the device. This setting doesn't apply to work profiles.

KioskCustomization

Settings controlling the behavior of a device in kiosk mode. To enable kiosk mode, set kioskCustomLauncherEnabled to true or specify an app in the policy with installType KIOSK .

JSON representation 
{
  "powerButtonActions": enum (PowerButtonActions),
  "systemErrorWarnings": enum (SystemErrorWarnings),
  "systemNavigation": enum (SystemNavigation),
  "statusBar": enum (StatusBar),
  "deviceSettings": enum (DeviceSettings)
}
فیلدها
powerButtonActions

enum ( PowerButtonActions )

Sets the behavior of a device in kiosk mode when a user presses and holds (long-presses) the Power button.

systemErrorWarnings

enum ( SystemErrorWarnings )

Specifies whether system error dialogs for crashed or unresponsive apps are blocked in kiosk mode. When blocked, the system will force-stop the app as if the user chooses the "close app" option on the UI.

systemNavigation

enum ( SystemNavigation )

Specifies which navigation features are enabled (eg Home, Overview buttons) in kiosk mode.

statusBar

enum ( StatusBar )

Specifies whether system info and notifications are disabled in kiosk mode.

deviceSettings

enum ( DeviceSettings )

Specifies whether the Settings app is allowed in kiosk mode.

PowerButtonActions

Sets the behavior of a device in kiosk mode when a user presses and holds (long-presses) the Power button.

انوم‌ها
POWER_BUTTON_ACTIONS_UNSPECIFIED Unspecified, defaults to POWER_BUTTON_AVAILABLE .
POWER_BUTTON_AVAILABLE The power menu (eg Power off, Restart) is shown when a user long-presses the Power button of a device in kiosk mode.
POWER_BUTTON_BLOCKED The power menu (eg Power off, Restart) is not shown when a user long-presses the Power button of a device in kiosk mode. Note: this may prevent users from turning off the device.

SystemErrorWarnings

Specifies whether system error dialogs for crashed or unresponsive apps are blocked in kiosk mode.

انوم‌ها
SYSTEM_ERROR_WARNINGS_UNSPECIFIED Unspecified, defaults to ERROR_AND_WARNINGS_MUTED .
ERROR_AND_WARNINGS_ENABLED All system error dialogs such as crash and app not responding (ANR) are displayed.
ERROR_AND_WARNINGS_MUTED All system error dialogs, such as crash and app not responding (ANR) are blocked. When blocked, the system force-stops the app as if the user closes the app from the UI.

SystemNavigation

Specifies which navigation features are enabled (eg Home, Overview buttons) in kiosk mode.

انوم‌ها
SYSTEM_NAVIGATION_UNSPECIFIED Unspecified, defaults to NAVIGATION_DISABLED .
NAVIGATION_ENABLED Home and overview buttons are enabled.
NAVIGATION_DISABLED The home and Overview buttons are not accessible.
HOME_BUTTON_ONLY Only the home button is enabled.

StatusBar

Specifies whether system info and notifications are disabled in kiosk mode.

انوم‌ها
STATUS_BAR_UNSPECIFIED Unspecified, defaults to INFO_AND_NOTIFICATIONS_DISABLED .
NOTIFICATIONS_AND_SYSTEM_INFO_ENABLED

System info and notifications are shown on the status bar in kiosk mode.

Note: For this policy to take effect, the device's home button must be enabled using kioskCustomization.systemNavigation .

NOTIFICATIONS_AND_SYSTEM_INFO_DISABLED System info and notifications are disabled in kiosk mode.
SYSTEM_INFO_ONLY Only system info is shown on the status bar.

DeviceSettings

Specifies whether a user can access the device's Settings app while in kiosk mode.

انوم‌ها
DEVICE_SETTINGS_UNSPECIFIED Unspecified, defaults to SETTINGS_ACCESS_ALLOWED .
SETTINGS_ACCESS_ALLOWED Access to the Settings app is allowed in kiosk mode.
SETTINGS_ACCESS_BLOCKED Access to the Settings app is not allowed in kiosk mode.

AdvancedSecurityOverrides

Advanced security settings. In most cases, setting these is not needed.

JSON representation 
{
  "untrustedAppsPolicy": enum (UntrustedAppsPolicy),
  "googlePlayProtectVerifyApps": enum (GooglePlayProtectVerifyApps),
  "developerSettings": enum (DeveloperSettings),
  "commonCriteriaMode": enum (CommonCriteriaMode),
  "personalAppsThatCanReadWorkNotifications": [
    string
  ],
  "mtePolicy": enum (MtePolicy),
  "contentProtectionPolicy": enum (ContentProtectionPolicy)
}
فیلدها
untrustedAppsPolicy

enum ( UntrustedAppsPolicy )

The policy for untrusted apps (apps from unknown sources) enforced on the device. Replaces installUnknownSourcesAllowed (deprecated).

googlePlayProtectVerifyApps

enum ( GooglePlayProtectVerifyApps )

Whether Google Play Protect verification is enforced. Replaces ensureVerifyAppsEnabled (deprecated).

developerSettings

enum ( DeveloperSettings )

Controls access to developer settings: developer options and safe boot. Replaces safeBootDisabled (deprecated) and debuggingFeaturesAllowed (deprecated). On personally-owned devices with a work profile, setting this policy will not disable safe boot. In this case, a NonComplianceDetail with MANAGEMENT_MODE is reported.

commonCriteriaMode

enum ( CommonCriteriaMode )

Controls Common Criteria Mode—security standards defined in the Common Criteria for Information Technology Security Evaluation (CC). Enabling Common Criteria Mode increases certain security components on a device, see CommonCriteriaMode for details.

Warning: Common Criteria Mode enforces a strict security model typically only required for IT products used in national security systems and other highly sensitive organizations. Standard device use may be affected. Only enabled if required. If Common Criteria Mode is turned off after being enabled previously, all user-configured Wi-Fi networks may be lost and any enterprise-configured Wi-Fi networks that require user input may need to be reconfigured.

personalAppsThatCanReadWorkNotifications[]

string

Personal apps that can read work profile notifications using a NotificationListenerService . By default, no personal apps (aside from system apps) can read work notifications. Each value in the list must be a package name.

mtePolicy

enum ( MtePolicy )

Optional. Controls Memory Tagging Extension (MTE) on the device. The device needs to be rebooted to apply changes to the MTE policy. On Android 15 and above, a NonComplianceDetail with PENDING is reported if the policy change is pending a device reboot.

contentProtectionPolicy

enum ( ContentProtectionPolicy )

Optional. Controls whether content protection, which scans for deceptive apps, is enabled. This is supported on Android 15 and above.

UntrustedAppsPolicy

The policy for untrusted apps (apps from unknown sources) enforced on the device. Replaces installUnknownSourcesAllowed (deprecated).

انوم‌ها
UNTRUSTED_APPS_POLICY_UNSPECIFIED Unspecified. Defaults to DISALLOW_INSTALL.
DISALLOW_INSTALL Default. Disallow untrusted app installs on entire device.
ALLOW_INSTALL_IN_PERSONAL_PROFILE_ONLY For devices with work profiles, allow untrusted app installs in the device's personal profile only.
ALLOW_INSTALL_DEVICE_WIDE Allow untrusted app installs on entire device.

GooglePlayProtectVerifyApps

Whether Google Play Protect verification is enforced. Replaces ensureVerifyAppsEnabled (deprecated).

انوم‌ها
GOOGLE_PLAY_PROTECT_VERIFY_APPS_UNSPECIFIED Unspecified. Defaults to VERIFY_APPS_ENFORCED.
VERIFY_APPS_ENFORCED Default. Force-enables app verification.
VERIFY_APPS_USER_CHOICE Allows the user to choose whether to enable app verification.

DeveloperSettings

Controls access to developer settings: developer options and safe boot. Replaces safeBootDisabled (deprecated) and debuggingFeaturesAllowed (deprecated).

انوم‌ها
DEVELOPER_SETTINGS_UNSPECIFIED Unspecified. Defaults to DEVELOPER_SETTINGS_DISABLED.
DEVELOPER_SETTINGS_DISABLED Default. Disables all developer settings and prevents the user from accessing them.
DEVELOPER_SETTINGS_ALLOWED Allows all developer settings. The user can access and optionally configure the settings.

CommonCriteriaMode

Controls Common Criteria Mode—security standards defined in the Common Criteria for Information Technology Security Evaluation (CC). Enabling Common Criteria Mode increases certain security components on a device, including:

  1. AES-GCM encryption of Bluetooth Long Term Keys
  2. Wi-Fi configuration stores
  3. Additional network certificates validation requiring the use of TLSv1.2 to connect to AM API destination hosts
  4. Cryptographic policy integrity check. It is recommended to set statusReportingSettings.commonCriteriaModeEnabled to true to obtain the status of policy integrity check. If the policy signature verification fails, then the policy is not applied on the device and commonCriteriaModeInfo.policy_signature_verification_status is set to POLICY_SIGNATURE_VERIFICATION_FAILED .

Common Criteria Mode is only supported on company-owned devices running Android 11 or above.

Warning: Common Criteria Mode enforces a strict security model typically only required for IT products used in national security systems and other highly sensitive organizations. Standard device use may be affected. Only enabled if required. If Common Criteria Mode is turned off after being enabled previously, all user-configured Wi-Fi networks may be lost and any enterprise-configured Wi-Fi networks that require user input may need to be reconfigured.

انوم‌ها
COMMON_CRITERIA_MODE_UNSPECIFIED Unspecified. Defaults to COMMON_CRITERIA_MODE_DISABLED.
COMMON_CRITERIA_MODE_DISABLED Default. Disables Common Criteria Mode.
COMMON_CRITERIA_MODE_ENABLED Enables Common Criteria Mode.

MtePolicy

Controls Memory Tagging Extension (MTE) on the device.

انوم‌ها
MTE_POLICY_UNSPECIFIED Unspecified. Defaults to MTE_USER_CHOICE .
MTE_USER_CHOICE The user can choose to enable or disable MTE on the device if the device supports this.
MTE_ENFORCED

MTE is enabled on the device and the user is not allowed to change this setting. This can be set on fully managed devices and work profiles on company-owned devices. A NonComplianceDetail with MANAGEMENT_MODE is reported for other management modes. A NonComplianceDetail with DEVICE_INCOMPATIBLE is reported if the device does not support MTE.

Supported on Android 14 and above. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 14.

MTE_DISABLED

MTE is disabled on the device and the user is not allowed to change this setting. This applies only on fully managed devices. In other cases, a NonComplianceDetail with MANAGEMENT_MODE is reported. A NonComplianceDetail with DEVICE_INCOMPATIBLE is reported if the device does not support MTE.

Supported on Android 14 and above. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 14.

ContentProtectionPolicy

Controls whether content protection, which scans for deceptive apps, is enabled. This is supported on Android 15 and above.

انوم‌ها
CONTENT_PROTECTION_POLICY_UNSPECIFIED Unspecified. Defaults to CONTENT_PROTECTION_DISABLED .
CONTENT_PROTECTION_DISABLED Content protection is disabled and the user cannot change this.
CONTENT_PROTECTION_ENFORCED

Content protection is enabled and the user cannot change this.

Supported on Android 15 and above. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 15.

CONTENT_PROTECTION_USER_CHOICE

Content protection is not controlled by the policy. The user is allowed to choose the behavior of content protection.

Supported on Android 15 and above. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 15.

PersonalUsagePolicies

Policies controlling personal usage on a company-owned device with a work profile.

JSON representation 
{
  "cameraDisabled": boolean,
  "screenCaptureDisabled": boolean,
  "accountTypesWithManagementDisabled": [
    string
  ],
  "maxDaysWithWorkOff": integer,
  "personalPlayStoreMode": enum (PlayStoreMode),
  "personalApplications": [
    {
      object (PersonalApplicationPolicy)
    }
  ],
  "privateSpacePolicy": enum (PrivateSpacePolicy),
  "bluetoothSharing": enum (BluetoothSharing)
}
فیلدها
cameraDisabled

boolean

If true, the camera is disabled on the personal profile.

screenCaptureDisabled

boolean

If true, screen capture is disabled for all users.

accountTypesWithManagementDisabled[]

string

Account types that can't be managed by the user.

maxDaysWithWorkOff

integer

Controls how long the work profile can stay off. The minimum duration must be at least 3 days. Other details are as follows:

  • If the duration is set to 0, the feature is turned off.
  • If the duration is set to a value smaller than the minimum duration, the feature returns an error.
Note: If you want to avoid personal profiles being suspended during long periods of off-time, you can temporarily set a large value for this parameter.

personalPlayStoreMode

enum ( PlayStoreMode )

Used together with personalApplications to control how apps in the personal profile are allowed or blocked.

personalApplications[]

object ( PersonalApplicationPolicy )

Policy applied to applications in the personal profile.

privateSpacePolicy

enum ( PrivateSpacePolicy )

Optional. Controls whether a private space is allowed on the device.

bluetoothSharing

enum ( BluetoothSharing )

Optional. Whether bluetooth sharing is allowed.

PlayStoreMode

Used together with personalApplications to control how apps in the personal profile are allowed or blocked.

انوم‌ها
PLAY_STORE_MODE_UNSPECIFIED Unspecified. Defaults to BLOCKLIST .
BLACKLIST

All Play Store apps are available for installation in the personal profile, except those whose installType is BLOCKED in personalApplications .

BLOCKLIST All Play Store apps are available for installation in the personal profile, except those whose installType is BLOCKED in personalApplications .
ALLOWLIST Only apps explicitly specified in personalApplications with installType set to AVAILABLE are allowed to be installed in the personal profile.

PersonalApplicationPolicy

Policies for apps in the personal profile of a company-owned device with a work profile.

JSON representation 
{
  "packageName": string,
  "installType": enum (InstallType)
}
فیلدها
packageName

string

The package name of the application.

installType

enum ( InstallType )

The type of installation to perform.

InstallType

Types of installation behaviors a personal profile application can have.

انوم‌ها
INSTALL_TYPE_UNSPECIFIED Unspecified. Defaults to AVAILABLE .
BLOCKED The app is blocked and can't be installed in the personal profile. If the app was previously installed in the device, it will be uninstalled.
AVAILABLE The app is available to install in the personal profile.

PrivateSpacePolicy

Controls whether a private space is allowed on the device.

انوم‌ها
PRIVATE_SPACE_POLICY_UNSPECIFIED Unspecified. Defaults to PRIVATE_SPACE_ALLOWED .
PRIVATE_SPACE_ALLOWED Users can create a private space profile.
PRIVATE_SPACE_DISALLOWED Users cannot create a private space profile. Supported only for company-owned devices with a work profile. Caution: Any existing private space will be removed.

BluetoothSharing

Whether bluetooth sharing is allowed in the personal profile of a company-owned device with a work profile.

انوم‌ها
BLUETOOTH_SHARING_UNSPECIFIED Unspecified. Defaults to BLUETOOTH_SHARING_ALLOWED .
BLUETOOTH_SHARING_ALLOWED

Bluetooth sharing is allowed on personal profile.

Supported on Android 8 and above. A NonComplianceDetail with MANAGEMENT_MODE is reported if this is set for a personal device.

BLUETOOTH_SHARING_DISALLOWED

Bluetooth sharing is disallowed on personal profile.

Supported on Android 8 and above. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 8. A NonComplianceDetail with MANAGEMENT_MODE is reported if this is set for a personal device.

AutoDateAndTimeZone

Whether auto date, time, and time zone is enabled on a company-owned device.

انوم‌ها
AUTO_DATE_AND_TIME_ZONE_UNSPECIFIED Unspecified. Defaults to AUTO_DATE_AND_TIME_ZONE_USER_CHOICE .
AUTO_DATE_AND_TIME_ZONE_USER_CHOICE Auto date, time, and time zone are left to user's choice.
AUTO_DATE_AND_TIME_ZONE_ENFORCED Enforce auto date, time, and time zone on the device.

OncCertificateProvider

This feature is not generally available.

JSON representation 
{
  "certificateReferences": [
    string
  ],

  // Union field endpoint can be only one of the following:
  "contentProviderEndpoint": {
    object (ContentProviderEndpoint)
  }
  // End of list of possible types for union field endpoint.
}
فیلدها
certificateReferences[]

string

This feature is not generally available.

Union field endpoint .

This feature is not generally available. endpoint can be only one of the following:

contentProviderEndpoint

object ( ContentProviderEndpoint )

This feature is not generally available.

ContentProviderEndpoint

This feature is not generally available.

JSON representation 
{
  "uri": string,
  "packageName": string,
  "signingCertsSha256": [
    string
  ]
}
فیلدها
uri

string

This feature is not generally available.

packageName

string

This feature is not generally available.

signingCertsSha256[]

string

Required. This feature is not generally available.

CrossProfilePolicies

Controls the data from the work profile that can be accessed from the personal profile and vice versa. A NonComplianceDetail with MANAGEMENT_MODE is reported if the device does not have a work profile.

JSON representation 
{
  "showWorkContactsInPersonalProfile": enum (ShowWorkContactsInPersonalProfile),
  "crossProfileCopyPaste": enum (CrossProfileCopyPaste),
  "crossProfileDataSharing": enum (CrossProfileDataSharing),
  "workProfileWidgetsDefault": enum (WorkProfileWidgetsDefault),
  "crossProfileAppFunctions": enum (CrossProfileAppFunctions),
  "exemptionsToShowWorkContactsInPersonalProfile": {
    object (PackageNameList)
  }
}
فیلدها
showWorkContactsInPersonalProfile

enum ( ShowWorkContactsInPersonalProfile )

Whether personal apps can access contacts stored in the work profile.

See also exemptionsToShowWorkContactsInPersonalProfile .

crossProfileCopyPaste

enum ( CrossProfileCopyPaste )

Whether text copied from one profile (personal or work) can be pasted in the other profile.

crossProfileDataSharing

enum ( CrossProfileDataSharing )

Whether data from one profile (personal or work) can be shared with apps in the other profile. Specifically controls simple data sharing via intents. Management of other cross-profile communication channels, such as contact search, copy/paste, or connected work & personal apps, are configured separately.

workProfileWidgetsDefault

enum ( WorkProfileWidgetsDefault )

Specifies the default behaviour for work profile widgets. If the policy does not specify workProfileWidgets for a specific application, it will behave according to the value specified here.

crossProfileAppFunctions

enum ( CrossProfileAppFunctions )

Optional. Controls whether personal profile apps can invoke app functions exposed by apps in the work profile.

exemptionsToShowWorkContactsInPersonalProfile

object ( PackageNameList )

List of apps which are excluded from the ShowWorkContactsInPersonalProfile setting. For this to be set, ShowWorkContactsInPersonalProfile must be set to one of the following values:

Supported on Android 14 and above. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 14.

ShowWorkContactsInPersonalProfile

Whether personal apps can access work profile contacts including contact searches and incoming calls

Note : Once a work contact is accessed by any personal app, it cannot be guaranteed to stay with the same app, as the contact could be shared or transferred to any other app, depending on the allowed app's behaviour.

انوم‌ها
SHOW_WORK_CONTACTS_IN_PERSONAL_PROFILE_UNSPECIFIED

Unspecified. Defaults to SHOW_WORK_CONTACTS_IN_PERSONAL_PROFILE_ALLOWED .

When this is set, exemptionsToShowWorkContactsInPersonalProfile must not be set.

SHOW_WORK_CONTACTS_IN_PERSONAL_PROFILE_DISALLOWED

Prevents personal apps from accessing work profile contacts and looking up work contacts.

When this is set, personal apps specified in exemptionsToShowWorkContactsInPersonalProfile are allowlisted and can access work profile contacts directly.

Supported on Android 7.0 and above. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 7.0.

SHOW_WORK_CONTACTS_IN_PERSONAL_PROFILE_ALLOWED

Default. Allows apps in the personal profile to access work profile contacts including contact searches and incoming calls.

When this is set, personal apps specified in exemptionsToShowWorkContactsInPersonalProfile are blocklisted and can not access work profile contacts directly.

Supported on Android 7.0 and above. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 7.0.

SHOW_WORK_CONTACTS_IN_PERSONAL_PROFILE_DISALLOWED_EXCEPT_SYSTEM

Prevents most personal apps from accessing work profile contacts including contact searches and incoming calls, except for the OEM default Dialer, Messages, and Contacts apps. Neither user-configured Dialer, Messages, and Contacts apps, nor any other system or play installed apps, will be able to query work contacts directly.

When this is set, personal apps specified in exemptionsToShowWorkContactsInPersonalProfile are allowlisted and can access work profile contacts.

Supported on Android 14 and above. If this is set on a device with Android version less than 14, the behaviour falls back to SHOW_WORK_CONTACTS_IN_PERSONAL_PROFILE_DISALLOWED and a NonComplianceDetail with API_LEVEL is reported.

CrossProfileCopyPaste

Whether text copied from one profile (personal or work) can be pasted in the other profile.

انوم‌ها
CROSS_PROFILE_COPY_PASTE_UNSPECIFIED Unspecified. Defaults to COPY_FROM_WORK_TO_PERSONAL_DISALLOWED
COPY_FROM_WORK_TO_PERSONAL_DISALLOWED Default. Prevents users from pasting into the personal profile text copied from the work profile. Text copied from the personal profile can be pasted into the work profile, and text copied from the work profile can be pasted into the work profile.
CROSS_PROFILE_COPY_PASTE_ALLOWED Text copied in either profile can be pasted in the other profile.

CrossProfileDataSharing

Whether data from one profile (personal or work) can be shared with apps in the other profile. Specifically controls simple data sharing via intents. This includes actions like opening a web browser, opening a map, sharing content, opening a document, etc. Management of other cross-profile communication channels, such as contact search, copy/paste, or connected work & personal apps, are configured separately.

انوم‌ها
CROSS_PROFILE_DATA_SHARING_UNSPECIFIED Unspecified. Defaults to DATA_SHARING_FROM_WORK_TO_PERSONAL_DISALLOWED.
CROSS_PROFILE_DATA_SHARING_DISALLOWED Prevents data from being shared from both the personal profile to the work profile and the work profile to the personal profile.
DATA_SHARING_FROM_WORK_TO_PERSONAL_DISALLOWED Default. Prevents users from sharing data from the work profile to apps in the personal profile. Personal data can be shared with work apps.
CROSS_PROFILE_DATA_SHARING_ALLOWED Data from either profile can be shared with the other profile.

WorkProfileWidgetsDefault

Controls if work profile applications are allowed to add widgets to the home screen, where no app-specific policy is defined. Otherwise, the app-specific policy will have priority over this.

انوم‌ها
WORK_PROFILE_WIDGETS_DEFAULT_UNSPECIFIED Unspecified. Defaults to WORK_PROFILE_WIDGETS_DEFAULT_DISALLOWED.
WORK_PROFILE_WIDGETS_DEFAULT_ALLOWED Work profile widgets are allowed by default. This means that if the policy does not specify workProfileWidgets as WORK_PROFILE_WIDGETS_DISALLOWED for the application, it will be able to add widgets to the home screen.
WORK_PROFILE_WIDGETS_DEFAULT_DISALLOWED Work profile widgets are disallowed by default. This means that if the policy does not specify workProfileWidgets as WORK_PROFILE_WIDGETS_ALLOWED for the application, it will be unable to add widgets to the home screen.

CrossProfileAppFunctions

Controls whether personal profile apps are allowed to invoke app functions exposed by apps in the work profile.

انوم‌ها
CROSS_PROFILE_APP_FUNCTIONS_UNSPECIFIED Unspecified. If appFunctions is set to APP_FUNCTIONS_ALLOWED , defaults to CROSS_PROFILE_APP_FUNCTIONS_ALLOWED . If appFunctions is set to APP_FUNCTIONS_DISALLOWED , defaults to CROSS_PROFILE_APP_FUNCTIONS_DISALLOWED .
CROSS_PROFILE_APP_FUNCTIONS_DISALLOWED Personal profile apps are not allowed to invoke app functions exposed by apps in the work profile.
CROSS_PROFILE_APP_FUNCTIONS_ALLOWED Personal profile apps can invoke app functions exposed by apps in the work profile. If this is set, appFunctions must not be set to APP_FUNCTIONS_DISALLOWED , otherwise the policy will be rejected.

PreferentialNetworkService

Controls whether preferential network service is enabled on the work profile or on fully managed devices. See preferentialNetworkService for details.

انوم‌ها
PREFERENTIAL_NETWORK_SERVICE_UNSPECIFIED Unspecified. Defaults to PREFERENTIAL_NETWORK_SERVICES_DISABLED .
PREFERENTIAL_NETWORK_SERVICE_DISABLED Preferential network service is disabled on the work profile.
PREFERENTIAL_NETWORK_SERVICE_ENABLED Preferential network service is enabled on the work profile. This setting is only supported on work profiles on devices running Android 12 or above. Starting with Android 13, fully managed devices are also supported.

UsageLog

Controls types of device activity logs collected from the device and reported via Pub/Sub notification .

JSON representation 
{
  "enabledLogTypes": [
    enum (LogType)
  ],
  "uploadOnCellularAllowed": [
    enum (LogType)
  ]
}
فیلدها
enabledLogTypes[]

enum ( LogType )

Specifies which log types are enabled. Note that users will receive on-device messaging when usage logging is enabled.

uploadOnCellularAllowed[]

enum ( LogType )

Specifies which of the enabled log types can be uploaded over mobile data. By default logs are queued for upload when the device connects to WiFi.

نوع گزارش

The types of device activity logs that are reported from the device.

انوم‌ها
LOG_TYPE_UNSPECIFIED This value is not used.
SECURITY_LOGS Enable logging of on-device security events, like when the device password is incorrectly entered or removable storage is mounted. See UsageLogEvent for a complete description of the logged security events. Supported for fully managed devices on Android 7 and above. Supported for company-owned devices with a work profile on Android 12 and above, on which only security events from the work profile are logged. Can be overridden by the application delegated scope SECURITY_LOGS
NETWORK_ACTIVITY_LOGS Enable logging of on-device network events, like DNS lookups and TCP connections. See UsageLogEvent for a complete description of the logged network events. Supported for fully managed devices on Android 8 and above. Supported for company-owned devices with a work profile on Android 12 and above, on which only network events from the work profile are logged. Can be overridden by the application delegated scope NETWORK_ACTIVITY_LOGS

CameraAccess

Controls the use of the camera and whether the user has access to the camera access toggle. The camera access toggle exists on Android 12 and above. As a general principle, the possibility of disabling the camera applies device-wide on fully managed devices and only within the work profile on devices with a work profile. The possibility of disabling the camera access toggle applies only on fully managed devices, in which case it applies device-wide. For specifics, see the enum values.

انوم‌ها
CAMERA_ACCESS_UNSPECIFIED If cameraDisabled is true, this is equivalent to CAMERA_ACCESS_DISABLED . Otherwise, this is equivalent to CAMERA_ACCESS_USER_CHOICE .
CAMERA_ACCESS_USER_CHOICE The field cameraDisabled is ignored. This is the default device behaviour: all cameras on the device are available. On Android 12 and above, the user can use the camera access toggle.
CAMERA_ACCESS_DISABLED

The field cameraDisabled is ignored. All cameras on the device are disabled (for fully managed devices, this applies device-wide and for work profiles this applies only to the work profile).

There are no explicit restrictions placed on the camera access toggle on Android 12 and above: on fully managed devices, the camera access toggle has no effect as all cameras are disabled. On devices with a work profile, this toggle has no effect on apps in the work profile, but it affects apps outside the work profile.

CAMERA_ACCESS_ENFORCED The field cameraDisabled is ignored. All cameras on the device are available. On fully managed devices running Android 12 and above, the user is unable to use the camera access toggle. On devices which are not fully managed or which run Android 11 or below, this is equivalent to CAMERA_ACCESS_USER_CHOICE .

MicrophoneAccess

On fully managed devices, controls the use of the microphone and whether the user has access to the microphone access toggle. This setting has no effect on devices which are not fully managed. The microphone access toggle exists on Android 12 and above.

انوم‌ها
MICROPHONE_ACCESS_UNSPECIFIED If unmuteMicrophoneDisabled is true, this is equivalent to MICROPHONE_ACCESS_DISABLED . Otherwise, this is equivalent to MICROPHONE_ACCESS_USER_CHOICE .
MICROPHONE_ACCESS_USER_CHOICE The field unmuteMicrophoneDisabled is ignored. This is the default device behaviour: the microphone on the device is available. On Android 12 and above, the user can use the microphone access toggle.
MICROPHONE_ACCESS_DISABLED

The field unmuteMicrophoneDisabled is ignored. The microphone on the device is disabled (for fully managed devices, this applies device-wide).

The microphone access toggle has no effect as the microphone is disabled.

MICROPHONE_ACCESS_ENFORCED The field unmuteMicrophoneDisabled is ignored. The microphone on the device is available. On devices running Android 12 and above, the user is unable to use the microphone access toggle. On devices which run Android 11 or below, this is equivalent to MICROPHONE_ACCESS_USER_CHOICE .

DeviceConnectivityManagement

Covers controls for device connectivity such as Wi-Fi, USB data access, keyboard/mouse connections, and more.

JSON representation 
{
  "usbDataAccess": enum (UsbDataAccess),
  "configureWifi": enum (ConfigureWifi),
  "wifiDirectSettings": enum (WifiDirectSettings),
  "tetheringSettings": enum (TetheringSettings),
  "wifiSsidPolicy": {
    object (WifiSsidPolicy)
  },
  "wifiRoamingPolicy": {
    object (WifiRoamingPolicy)
  },
  "bluetoothSharing": enum (BluetoothSharing),
  "preferentialNetworkServiceSettings": {
    object (PreferentialNetworkServiceSettings)
  },
  "apnPolicy": {
    object (ApnPolicy)
  }
}
فیلدها
usbDataAccess

enum ( UsbDataAccess )

Controls what files and/or data can be transferred via USB. Supported only on company-owned devices.

configureWifi

enum ( ConfigureWifi )

Controls Wi-Fi configuring privileges. Based on the option set, user will have either full or limited or no control in configuring Wi-Fi networks.

wifiDirectSettings

enum ( WifiDirectSettings )

Controls configuring and using Wi-Fi direct settings. Supported on company-owned devices running Android 13 and above.

tetheringSettings

enum ( TetheringSettings )

Controls tethering settings. Based on the value set, the user is partially or fully disallowed from using different forms of tethering.

wifiSsidPolicy

object ( WifiSsidPolicy )

Restrictions on which Wi-Fi SSIDs the device can connect to. Note that this does not affect which networks can be configured on the device. Supported on company-owned devices running Android 13 and above.

wifiRoamingPolicy

object ( WifiRoamingPolicy )

Optional. Wi-Fi roaming policy.

bluetoothSharing

enum ( BluetoothSharing )

Optional. Controls whether Bluetooth sharing is allowed.

preferentialNetworkServiceSettings

object ( PreferentialNetworkServiceSettings )

Optional. Preferential network service configuration. Setting this field will override preferentialNetworkService . This can be set on both work profiles and fully managed devices on Android 13 and above. See 5G network slicing guide for more details.

apnPolicy

object ( ApnPolicy )

Optional. Access Point Name (APN) policy. Configuration for Access Point Names (APNs) which may override any other APNs on the device. See OVERRIDE_APNS_ENABLED and overrideApns for details.

UsbDataAccess

Controls what files and/or data can be transferred via USB. Does not impact charging functions. Supported only on company-owned devices.

انوم‌ها
USB_DATA_ACCESS_UNSPECIFIED Unspecified. Defaults to DISALLOW_USB_FILE_TRANSFER .
ALLOW_USB_DATA_TRANSFER All types of USB data transfers are allowed. usbFileTransferDisabled is ignored.
DISALLOW_USB_FILE_TRANSFER Transferring files over USB is disallowed. Other types of USB data connections, such as mouse and keyboard connection, are allowed. usbFileTransferDisabled is ignored.
DISALLOW_USB_DATA_TRANSFER When set, all types of USB data transfers are prohibited. Supported for devices running Android 12 or above with USB HAL 1.3 or above. If the setting is not supported, DISALLOW_USB_FILE_TRANSFER will be set. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 12. A NonComplianceDetail with DEVICE_INCOMPATIBLE is reported if the device does not have USB HAL 1.3 or above. usbFileTransferDisabled is ignored.

ConfigureWifi

Controls Wi-Fi configuring privileges. Based on the option set, the user will have either full or limited or no control in configuring Wi-Fi networks.

انوم‌ها
CONFIGURE_WIFI_UNSPECIFIED Unspecified. Defaults to ALLOW_CONFIGURING_WIFI unless wifiConfigDisabled is set to true. If wifiConfigDisabled is set to true, this is equivalent to DISALLOW_CONFIGURING_WIFI .
ALLOW_CONFIGURING_WIFI The user is allowed to configure Wi-Fi. wifiConfigDisabled is ignored.
DISALLOW_ADD_WIFI_CONFIG Adding new Wi-Fi configurations is disallowed. The user is only able to switch between already configured networks. Supported on Android 13 and above, on fully managed devices and work profiles on company-owned devices. If the setting is not supported, ALLOW_CONFIGURING_WIFI is set. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 13. wifiConfigDisabled is ignored.
DISALLOW_CONFIGURING_WIFI Disallows configuring Wi-Fi networks. The setting wifiConfigDisabled is ignored when this value is set. Supported on fully managed devices and work profile on company-owned devices, on all supported API levels. For fully managed devices, setting this removes all configured networks and retains only the networks configured using openNetworkConfiguration policy. For work profiles on company-owned devices, existing configured networks are not affected and the user is not allowed to add, remove, or modify Wi-Fi networks. Note: If a network connection can't be made at boot time and configuring Wi-Fi is disabled then network escape hatch will be shown in order to refresh the device policy (see networkEscapeHatchEnabled ).

WifiDirectSettings

Controls Wi-Fi direct settings. Supported on company-owned devices running Android 13 and above.

انوم‌ها
WIFI_DIRECT_SETTINGS_UNSPECIFIED Unspecified. Defaults to ALLOW_WIFI_DIRECT
ALLOW_WIFI_DIRECT The user is allowed to use Wi-Fi direct.
DISALLOW_WIFI_DIRECT The user is not allowed to use Wi-Fi direct. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 13.

TetheringSettings

Controls the extent to which the user is allowed to use different forms of tethering like Wi-Fi tethering, bluetooth tethering, etc.

انوم‌ها
TETHERING_SETTINGS_UNSPECIFIED Unspecified. Defaults to ALLOW_ALL_TETHERING unless tetheringConfigDisabled is set to true. If tetheringConfigDisabled is set to true, this is equivalent to DISALLOW_ALL_TETHERING .
ALLOW_ALL_TETHERING Allows configuration and use of all forms of tethering. tetheringConfigDisabled is ignored.
DISALLOW_WIFI_TETHERING Disallows the user from using Wi-Fi tethering. Supported on company owned devices running Android 13 and above. If the setting is not supported, ALLOW_ALL_TETHERING will be set. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 13. tetheringConfigDisabled is ignored.
DISALLOW_ALL_TETHERING Disallows all forms of tethering. Supported on fully managed devices and work profile on company-owned devices, on all supported android versions. The setting tetheringConfigDisabled is ignored.

WifiSsidPolicy

Restrictions on which Wi-Fi SSIDs the device can connect to. Note that this does not affect which networks can be configured on the device. Supported on company-owned devices running Android 13 and above.

JSON representation 
{
  "wifiSsidPolicyType": enum (WifiSsidPolicyType),
  "wifiSsids": [
    {
      object (WifiSsid)
    }
  ]
}
فیلدها
wifiSsidPolicyType

enum ( WifiSsidPolicyType )

Type of the Wi-Fi SSID policy to be applied.

wifiSsids[]

object ( WifiSsid )

Optional. List of Wi-Fi SSIDs that should be applied in the policy. This field must be non-empty when WifiSsidPolicyType is set to WIFI_SSID_ALLOWLIST . If this is set to a non-empty list, then a NonComplianceDetail detail with API_LEVEL is reported if the Android version is less than 13 and a NonComplianceDetail with MANAGEMENT_MODE is reported for non-company-owned devices.

WifiSsidPolicyType

The types of Wi-Fi SSID policy that can be applied on the device.

انوم‌ها
WIFI_SSID_POLICY_TYPE_UNSPECIFIED Defaults to WIFI_SSID_DENYLIST . wifiSsids must not be set. There are no restrictions on which SSID the device can connect to.
WIFI_SSID_DENYLIST The device cannot connect to any Wi-Fi network whose SSID is in wifiSsids , but can connect to other networks.
WIFI_SSID_ALLOWLIST The device can make Wi-Fi connections only to the SSIDs in wifiSsids . wifiSsids must not be empty. The device will not be able to connect to any other Wi-Fi network.

WifiSsid

Represents a Wi-Fi SSID.

JSON representation 
{
  "wifiSsid": string
}
فیلدها
wifiSsid

string

Required. Wi-Fi SSID represented as a string.

WifiRoamingPolicy

Wi-Fi roaming policy.

JSON representation 
{
  "wifiRoamingSettings": [
    {
      object (WifiRoamingSetting)
    }
  ]
}
فیلدها
wifiRoamingSettings[]

object ( WifiRoamingSetting )

Optional. Wi-Fi roaming settings. SSIDs provided in this list must be unique, the policy will be rejected otherwise.

WifiRoamingSetting

Wi-Fi roaming setting.

JSON representation 
{
  "wifiSsid": string,
  "wifiRoamingMode": enum (WifiRoamingMode)
}
فیلدها
wifiSsid

string

Required. SSID of the Wi-Fi network.

wifiRoamingMode

enum ( WifiRoamingMode )

Required. Wi-Fi roaming mode for the specified SSID.

WifiRoamingMode

Wi-Fi roaming mode.

انوم‌ها
WIFI_ROAMING_MODE_UNSPECIFIED Unspecified. Defaults to WIFI_ROAMING_DEFAULT .
WIFI_ROAMING_DISABLED Wi-Fi roaming is disabled. Supported on Android 15 and above on fully managed devices and work profiles on company-owned devices. A NonComplianceDetail with MANAGEMENT_MODE is reported for other management modes. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 15.
WIFI_ROAMING_DEFAULT Default Wi-Fi roaming mode of the device.
WIFI_ROAMING_AGGRESSIVE Aggressive roaming mode which allows quicker Wi-Fi roaming. Supported on Android 15 and above on fully managed devices and work profiles on company-owned devices. A NonComplianceDetail with MANAGEMENT_MODE is reported for other management modes. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 15. A NonComplianceDetail with DEVICE_INCOMPATIBLE is reported if the device does not support aggressive roaming mode.

BluetoothSharing

Controls whether Bluetooth sharing is allowed.

انوم‌ها
BLUETOOTH_SHARING_UNSPECIFIED Unspecified. Defaults to BLUETOOTH_SHARING_DISALLOWED on work profiles and BLUETOOTH_SHARING_ALLOWED on fully managed devices.
BLUETOOTH_SHARING_ALLOWED

Bluetooth sharing is allowed.

Supported on Android 8 and above. A NonComplianceDetail with API_LEVEL is reported on work profiles if the Android version is less than 8.

BLUETOOTH_SHARING_DISALLOWED

Bluetooth sharing is disallowed.

Supported on Android 8 and above. A NonComplianceDetail with API_LEVEL is reported on fully managed devices if the Android version is less than 8.

PreferentialNetworkServiceSettings

Preferential network service settings.

JSON representation 
{
  "preferentialNetworkServiceConfigs": [
    {
      object (PreferentialNetworkServiceConfig)
    }
  ],
  "defaultPreferentialNetworkId": enum (PreferentialNetworkId)
}
فیلدها
preferentialNetworkServiceConfigs[]

object ( PreferentialNetworkServiceConfig )

Required. Preferential network service configurations which enables having multiple enterprise slices. There must not be multiple configurations with the same preferentialNetworkId . If a configuration is not referenced by any application by setting ApplicationPolicy.preferentialNetworkId or by setting defaultPreferentialNetworkId , it will be ignored. For devices on 4G networks, enterprise APN needs to be configured additionally to set up data call for preferential network service. These APNs can be added using apnPolicy .

defaultPreferentialNetworkId

enum ( PreferentialNetworkId )

Required. Default preferential network ID for the applications that are not in applications or if ApplicationPolicy.preferentialNetworkId is set to PREFERENTIAL_NETWORK_ID_UNSPECIFIED . There must be a configuration for the specified network ID in preferentialNetworkServiceConfigs , unless this is set to NO_PREFERENTIAL_NETWORK . If set to PREFERENTIAL_NETWORK_ID_UNSPECIFIED or unset, this defaults to NO_PREFERENTIAL_NETWORK . Note: If the default preferential network is misconfigured, applications with no ApplicationPolicy.preferentialNetworkId set are not able to access the internet. This setting does not apply to the following critical apps:

  • com.google.android.apps.work.clouddpc
  • com.google.android.gms

ApplicationPolicy.preferentialNetworkId can still be used to configure the preferential network for them.

PreferentialNetworkServiceConfig

Individual preferential network service configuration.

JSON representation 
{
  "preferentialNetworkId": enum (PreferentialNetworkId),
  "fallbackToDefaultConnection": enum (FallbackToDefaultConnection),
  "nonMatchingNetworks": enum (NonMatchingNetworks)
}
فیلدها
preferentialNetworkId

enum ( PreferentialNetworkId )

Required. Preferential network identifier. This must not be set to NO_PREFERENTIAL_NETWORK or PREFERENTIAL_NETWORK_ID_UNSPECIFIED , the policy will be rejected otherwise.

fallbackToDefaultConnection

enum ( FallbackToDefaultConnection )

Optional. Whether fallback to the device-wide default network is allowed. If this is set to FALLBACK_TO_DEFAULT_CONNECTION_ALLOWED , then nonMatchingNetworks must not be set to NON_MATCHING_NETWORKS_DISALLOWED , the policy will be rejected otherwise. Note: If this is set to FALLBACK_TO_DEFAULT_CONNECTION_DISALLOWED , applications are not able to access the internet if the 5G slice is not available.

nonMatchingNetworks

enum ( NonMatchingNetworks )

Optional. Whether apps this configuration applies to are blocked from using networks other than the preferential service. If this is set to NON_MATCHING_NETWORKS_DISALLOWED , then fallbackToDefaultConnection must be set to FALLBACK_TO_DEFAULT_CONNECTION_DISALLOWED .

FallbackToDefaultConnection

Whether fallback to the device-wide default network is allowed. Note that while this setting determines whether the apps subject to this configuration have a default network in the absence of a preferential service, apps can still explicitly decide to use another network than their default network by requesting them from the system. This setting does not determine whether the apps are blocked from using such other networks. See nonMatchingNetworks for this setting.

انوم‌ها
FALLBACK_TO_DEFAULT_CONNECTION_UNSPECIFIED Unspecified. Defaults to FALLBACK_TO_DEFAULT_CONNECTION_ALLOWED .
FALLBACK_TO_DEFAULT_CONNECTION_ALLOWED Fallback to default connection is allowed. If this is set, nonMatchingNetworks must not be set to NON_MATCHING_NETWORKS_DISALLOWED , the policy will be rejected otherwise.
FALLBACK_TO_DEFAULT_CONNECTION_DISALLOWED Fallback to default connection is not allowed.

NonMatchingNetworks

Whether apps this configuration applies to are allowed to use networks other than the preferential service. Apps can inspect the list of available networks on the device and choose to use multiple networks concurrently for performance, privacy or other reasons.

انوم‌ها
NON_MATCHING_NETWORKS_UNSPECIFIED Unspecified. Defaults to NON_MATCHING_NETWORKS_ALLOWED .
NON_MATCHING_NETWORKS_ALLOWED Apps this configuration applies to are allowed to use networks other than the preferential service.
NON_MATCHING_NETWORKS_DISALLOWED Apps this configuration applies to are disallowed from using other networks than the preferential service. This can be set on Android 14 and above. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 14. If this is set, fallbackToDefaultConnection must be set to FALLBACK_TO_DEFAULT_CONNECTION_DISALLOWED , the policy will be rejected otherwise.

ApnPolicy

Access Point Name (APN) policy. Configuration for Access Point Names (APNs) which may override any other APNs on the device. See OVERRIDE_APNS_ENABLED and overrideApns for details.

JSON representation 
{
  "overrideApns": enum (OverrideApns),
  "apnSettings": [
    {
      object (ApnSetting)
    }
  ]
}
فیلدها
overrideApns

enum ( OverrideApns )

Optional. Whether override APNs are disabled or enabled. See DevicePolicyManager.setOverrideApnsEnabled for more details.

apnSettings[]

object ( ApnSetting )

Optional. APN settings for override APNs. There must not be any conflict between any of APN settings provided, otherwise the policy will be rejected. Two ApnSetting s are considered to conflict when all of the following fields match on both: numericOperatorId , apn , proxyAddress , proxyPort , mmsProxyAddress , mmsProxyPort , mmsc , mvnoType , protocol , roamingProtocol . If some of the APN settings result in non-compliance of INVALID_VALUE , they will be ignored. This can be set on fully managed devices on Android 10 and above. This can also be set on work profiles on Android 13 and above and only with ApnSetting 's with ENTERPRISE APN type. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 10. A NonComplianceDetail with MANAGEMENT_MODE is reported for work profiles on Android versions less than 13.

OverrideApns

Whether override APNs are disabled or enabled. See DevicePolicyManager.setOverrideApnsEnabled for more details.

انوم‌ها
OVERRIDE_APNS_UNSPECIFIED Unspecified. Defaults to OVERRIDE_APNS_DISABLED .
OVERRIDE_APNS_DISABLED Override APNs disabled. Any configured apnSettings are saved on the device, but are disabled and have no effect. Any other APNs on the device remain in use.
OVERRIDE_APNS_ENABLED Override APNs enabled. Only override APNs are in use, any other APNs are ignored. This can only be set on fully managed devices on Android 10 and above. For work profiles override APNs are enabled via preferentialNetworkServiceSettings and this value cannot be set. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 10. A NonComplianceDetail with MANAGEMENT_MODE is reported for work profiles.

ApnSetting

An Access Point Name (APN) configuration for a carrier data connection. The APN provides configuration to connect a cellular network device to an IP data network. A carrier uses this setting to decide which IP address to assign, any security methods to apply, and how the device might be connected to private networks.

JSON representation 
{
  "apnTypes": [
    enum (ApnType)
  ],
  "apn": string,
  "displayName": string,
  "alwaysOnSetting": enum (AlwaysOnSetting),
  "authType": enum (AuthType),
  "carrierId": integer,
  "mmsProxyAddress": string,
  "mmsProxyPort": integer,
  "mmsc": string,
  "mtuV4": integer,
  "mtuV6": integer,
  "mvnoType": enum (MvnoType),
  "networkTypes": [
    enum (NetworkType)
  ],
  "username": string,
  "password": string,
  "numericOperatorId": string,
  "protocol": enum (Protocol),
  "roamingProtocol": enum (Protocol),
  "proxyAddress": string,
  "proxyPort": integer
}
فیلدها
apnTypes[]

enum ( ApnType )

Required. Usage categories for the APN. Policy will be rejected if this field is empty or contains APN_TYPE_UNSPECIFIED or duplicates. Multiple APN types can be set on fully managed devices. ENTERPRISE is the only allowed APN type on work profiles. A NonComplianceDetail with MANAGEMENT_MODE is reported for any other value on work profiles. APN types that are not supported on the device or management mode will be ignored. If this results in the empty list, the APN setting will be ignored, because apnTypes is a required field. A NonComplianceDetail with INVALID_VALUE is reported if none of the APN types are supported on the device or management mode.

apn

string

Required. Name of the APN. Policy will be rejected if this field is empty.

displayName

string

Required. Human-readable name that describes the APN. Policy will be rejected if this field is empty.

alwaysOnSetting

enum ( AlwaysOnSetting )

Optional. Whether User Plane resources have to be activated during every transition from CM-IDLE mode to CM-CONNECTED state for this APN. See 3GPP TS 23.501 section 5.6.13.

authType

enum ( AuthType )

Optional. Authentication type of the APN.

carrierId

integer

Optional. Carrier ID for the APN. A value of 0 (default) means not set and negative values are rejected.

mmsProxyAddress

string

Optional. MMS (Multimedia Messaging Service) proxy address of the APN which can be an IP address or hostname (not a URL).

mmsProxyPort

integer

Optional. MMS (Multimedia Messaging Service) proxy port of the APN. A value of 0 (default) means not set and negative values are rejected.

mmsc

string

Optional. MMSC (Multimedia Messaging Service Center) URI of the APN.

mtuV4

integer

Optional. The default MTU (Maximum Transmission Unit) size in bytes of the IPv4 routes brought up by this APN setting. A value of 0 (default) means not set and negative values are rejected. Supported on Android 13 and above. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 13.

mtuV6

integer

Optional. The MTU (Maximum Transmission Unit) size of the IPv6 mobile interface to which the APN connected. A value of 0 (default) means not set and negative values are rejected. Supported on Android 13 and above. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 13.

mvnoType

enum ( MvnoType )

Optional. MVNO match type for the APN.

networkTypes[]

enum ( NetworkType )

Optional. Radio technologies (network types) the APN may use. Policy will be rejected if this field contains NETWORK_TYPE_UNSPECIFIED or duplicates.

username

string

Optional. APN username of the APN.

password

string

Optional. APN password of the APN.

numericOperatorId

string

Optional. The numeric operator ID of the APN. Numeric operator ID is defined as MCC (Mobile Country Code) + MNC (Mobile Network Code).

protocol

enum ( Protocol )

Optional. The protocol to use to connect to this APN.

roamingProtocol

enum ( Protocol )

Optional. The protocol to use to connect to this APN while the device is roaming.

proxyAddress

string

Optional. The proxy address of the APN.

proxyPort

integer

Optional. The proxy port of the APN. A value of 0 (default) means not set and negative values are rejected.

ApnType

Usage category for the APN.

انوم‌ها
APN_TYPE_UNSPECIFIED Unspecified. This value is not used.
ENTERPRISE APN type for enterprise traffic. Supported on Android 13 and above. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 13.
BIP APN type for BIP (Bearer Independent Protocol). This can only be set on fully managed devices on Android 12 and above. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 12. A NonComplianceDetail with MANAGEMENT_MODE is reported for work profiles.
CBS APN type for CBS (Carrier Branded Services). This can only be set on fully managed devices. A NonComplianceDetail with MANAGEMENT_MODE is reported for work profiles.
DEFAULT APN type for default data traffic. This can only be set on fully managed devices. A NonComplianceDetail with MANAGEMENT_MODE is reported for work profiles.
DUN APN type for DUN (Dial-up networking) traffic. This can only be set on fully managed devices. A NonComplianceDetail with MANAGEMENT_MODE is reported for work profiles.
EMERGENCY APN type for Emergency PDN. This is not an IA apn, but is used for access to carrier services in an emergency call situation. This can only be set on fully managed devices. A NonComplianceDetail with MANAGEMENT_MODE is reported for work profiles.
FOTA APN type for accessing the carrier's FOTA (Firmware Over-the-Air) portal, used for over the air updates. This can only be set on fully managed devices. A NonComplianceDetail with MANAGEMENT_MODE is reported for work profiles.
HIPRI APN type for HiPri (high-priority) traffic. This can only be set on fully managed devices. A NonComplianceDetail with MANAGEMENT_MODE is reported for work profiles.
IA APN type for IA (Initial Attach) APN. This can only be set on fully managed devices. A NonComplianceDetail with MANAGEMENT_MODE is reported for work profiles.
IMS APN type for IMS (IP Multimedia Subsystem) traffic. This can only be set on fully managed devices. A NonComplianceDetail with MANAGEMENT_MODE is reported for work profiles.
MCX APN type for MCX (Mission Critical Service) where X can be PTT/Video/Data. This can only be set on fully managed devices. A NonComplianceDetail with MANAGEMENT_MODE is reported for work profiles.
MMS APN type for MMS (Multimedia Messaging Service) traffic. This can only be set on fully managed devices. A NonComplianceDetail with MANAGEMENT_MODE is reported for work profiles.
RCS APN type for RCS (Rich Communication Services). This can only be set on fully managed devices on Android 15 and above. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 15. A NonComplianceDetail with MANAGEMENT_MODE is reported for work profiles.
SUPL APN type for SUPL (Secure User Plane Location) assisted GPS. This can only be set on fully managed devices. A NonComplianceDetail with MANAGEMENT_MODE is reported for work profiles.
VSIM APN type for VSIM (Virtual SIM) service. This can only be set on fully managed devices on Android 12 and above. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 12. A NonComplianceDetail with MANAGEMENT_MODE is reported for work profiles.
XCAP APN type for XCAP (XML Configuration Access Protocol) traffic. This can only be set on fully managed devices on Android 11 and above. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 11. A NonComplianceDetail with MANAGEMENT_MODE is reported for work profiles.

AlwaysOnSetting

Whether User Plane resources have to be activated during every transition from CM-IDLE mode to CM-CONNECTED state for this APN. See 3GPP TS 23.501 section 5.6.13.

انوم‌ها
ALWAYS_ON_SETTING_UNSPECIFIED Unspecified. Defaults to NOT_ALWAYS_ON .
NOT_ALWAYS_ON The PDU session brought up by this APN should not be always on.
ALWAYS_ON The PDU session brought up by this APN should always be on. Supported on Android 15 and above. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 15.

نوع احراز هویت

Authentication type of the APN.

انوم‌ها
AUTH_TYPE_UNSPECIFIED Unspecified. If username is empty, defaults to NONE . Otherwise, defaults to PAP_OR_CHAP .
NONE احراز هویت لازم نیست.
PAP Authentication type for PAP.
CHAP Authentication type for CHAP.
PAP_OR_CHAP Authentication type for PAP or CHAP.

MvnoType

MVNO match type for the APN.

انوم‌ها
MVNO_TYPE_UNSPECIFIED The MVNO type is not specified.
GID MVNO type for group identifier level 1.
ICCID MVNO type for ICCID.
IMSI MVNO type for IMSI.
SPN MVNO type for SPN (service provider name).

NetworkType

Radio technology (network type) the APN may use.

انوم‌ها
NETWORK_TYPE_UNSPECIFIED Unspecified. This value must not be used.
EDGE Radio technology EDGE.
GPRS Radio technology GPRS.
GSM Radio technology GSM.
HSDPA Radio technology HSDPA.
HSPA Radio technology HSPA.
HSPAP Radio technology HSPAP.
HSUPA Radio technology HSUPA.
IWLAN Radio technology IWLAN.
LTE Radio technology LTE.
NR Radio technology NR (New Radio) 5G.
TD_SCDMA Radio technology TD_SCDMA.
UMTS Radio technology UMTS.

پروتکل

The protocol to use to connect to the APN.

انوم‌ها
PROTOCOL_UNSPECIFIED The protocol is not specified.
IP Internet protocol.
IPV4V6 Virtual PDP type introduced to handle dual IP stack UE capability.
IPV6 Internet protocol, version 6.
NON_IP Transfer of Non-IP data to external packet data network.
PPP Point to point protocol.
UNSTRUCTURED Transfer of Unstructured data to the Data Network via N6.

DeviceRadioState

Controls for device radio settings.

JSON representation 
{
  "wifiState": enum (WifiState),
  "airplaneModeState": enum (AirplaneModeState),
  "ultraWidebandState": enum (UltraWidebandState),
  "cellularTwoGState": enum (CellularTwoGState),
  "minimumWifiSecurityLevel": enum (MinimumWifiSecurityLevel)
}
فیلدها
wifiState

enum ( WifiState )

Controls current state of Wi-Fi and if user can change its state.

airplaneModeState

enum ( AirplaneModeState )

Controls whether airplane mode can be toggled by the user or not.

ultraWidebandState

enum ( UltraWidebandState )

Controls the state of the ultra wideband setting and whether the user can toggle it on or off.

cellularTwoGState

enum ( CellularTwoGState )

Controls whether cellular 2G setting can be toggled by the user or not.

minimumWifiSecurityLevel

enum ( MinimumWifiSecurityLevel )

The minimum required security level of Wi-Fi networks that the device can connect to.

WifiState

Controls whether the Wi-Fi is on or off as a state and if the user can change said state. Supported on company-owned devices running Android 13 and above.

انوم‌ها
WIFI_STATE_UNSPECIFIED Unspecified. Defaults to WIFI_STATE_USER_CHOICE
WIFI_STATE_USER_CHOICE User is allowed to enable/disable Wi-Fi.
WIFI_ENABLED Wi-Fi is on and the user is not allowed to turn it off. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 13.
WIFI_DISABLED Wi-Fi is off and the user is not allowed to turn it on. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 13.

AirplaneModeState

Controls the state of airplane mode and whether the user can toggle it on or off. Supported on Android 9 and above. Supported on fully managed devices and work profiles on company-owned devices.

انوم‌ها
AIRPLANE_MODE_STATE_UNSPECIFIED Unspecified. Defaults to AIRPLANE_MODE_USER_CHOICE .
AIRPLANE_MODE_USER_CHOICE The user is allowed to toggle airplane mode on or off.
AIRPLANE_MODE_DISABLED Airplane mode is disabled. The user is not allowed to toggle airplane mode on. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 9.

UltraWidebandState

Controls the state of the ultra wideband setting and whether the user can toggle it on or off. Supported on Android 14 and above. Supported on fully managed devices and work profiles on company-owned devices.

انوم‌ها
ULTRA_WIDEBAND_STATE_UNSPECIFIED Unspecified. Defaults to ULTRA_WIDEBAND_USER_CHOICE .
ULTRA_WIDEBAND_USER_CHOICE The user is allowed to toggle ultra wideband on or off.
ULTRA_WIDEBAND_DISABLED Ultra wideband is disabled. The user is not allowed to toggle ultra wideband on via settings. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 14.

CellularTwoGState

Controls the state of cellular 2G setting and whether the user can toggle it on or off. Supported on Android 14 and above. Supported on fully managed devices and work profiles on company-owned devices.

انوم‌ها
CELLULAR_TWO_G_STATE_UNSPECIFIED Unspecified. Defaults to CELLULAR_TWO_G_USER_CHOICE .
CELLULAR_TWO_G_USER_CHOICE The user is allowed to toggle cellular 2G on or off.
CELLULAR_TWO_G_DISABLED Cellular 2G is disabled. The user is not allowed to toggle cellular 2G on via settings. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 14.

MinimumWifiSecurityLevel

Defines the different minimum Wi-Fi security levels required to connect to Wi-Fi networks. Supported on Android 13 and above. Supported on fully managed devices and work profiles on company-owned devices.

انوم‌ها
MINIMUM_WIFI_SECURITY_LEVEL_UNSPECIFIED Defaults to OPEN_NETWORK_SECURITY , which means the device will be able to connect to all types of Wi-Fi networks.
OPEN_NETWORK_SECURITY The device will be able to connect to all types of Wi-Fi networks.
PERSONAL_NETWORK_SECURITY A personal network such as WEP, WPA2-PSK is the minimum required security. The device will not be able to connect to open wifi networks. This is stricter than OPEN_NETWORK_SECURITY . A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 13.
ENTERPRISE_NETWORK_SECURITY An enterprise EAP network is the minimum required security level. The device will not be able to connect to Wi-Fi network below this security level. This is stricter than PERSONAL_NETWORK_SECURITY . A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 13.
ENTERPRISE_BIT192_NETWORK_SECURITY A 192-bit enterprise network is the minimum required security level. The device will not be able to connect to Wi-Fi network below this security level. This is stricter than ENTERPRISE_NETWORK_SECURITY . A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 13.

CredentialProviderPolicyDefault

Controls which apps are allowed to act as credential providers on Android 14 and above. These apps store credentials, see this and this for details. See also credentialProviderPolicy .

انوم‌ها
CREDENTIAL_PROVIDER_POLICY_DEFAULT_UNSPECIFIED Unspecified. Defaults to CREDENTIAL_PROVIDER_DEFAULT_DISALLOWED.
CREDENTIAL_PROVIDER_DEFAULT_DISALLOWED Apps with credentialProviderPolicy unspecified are not allowed to act as a credential provider.
CREDENTIAL_PROVIDER_DEFAULT_DISALLOWED_EXCEPT_SYSTEM Apps with credentialProviderPolicy unspecified are not allowed to act as a credential provider except for the OEM default credential providers. OEM default credential providers are always allowed to act as credential providers.

PrintingPolicy

Controls whether printing is allowed. This is supported on devices running Android 9 and above.

انوم‌ها
PRINTING_POLICY_UNSPECIFIED Unspecified. Defaults to PRINTING_ALLOWED .
PRINTING_DISALLOWED Printing is disallowed. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 9.
PRINTING_ALLOWED Printing is allowed.

تنظیمات نمایش

Controls for the display settings.

JSON representation 
{
  "screenBrightnessSettings": {
    object (ScreenBrightnessSettings)
  },
  "screenTimeoutSettings": {
    object (ScreenTimeoutSettings)
  }
}
فیلدها
screenBrightnessSettings

object ( ScreenBrightnessSettings )

Optional. Controls the screen brightness settings.

screenTimeoutSettings

object ( ScreenTimeoutSettings )

Optional. Controls the screen timeout settings.

ScreenBrightnessSettings

Controls for the screen brightness settings.

JSON representation 
{
  "screenBrightnessMode": enum (ScreenBrightnessMode),
  "screenBrightness": integer
}
فیلدها
screenBrightnessMode

enum ( ScreenBrightnessMode )

Optional. Controls the screen brightness mode.

screenBrightness

integer

Optional. The screen brightness between 1 and 255 where 1 is the lowest and 255 is the highest brightness. A value of 0 (default) means no screen brightness set. Any other value is rejected. screenBrightnessMode must be either BRIGHTNESS_AUTOMATIC or BRIGHTNESS_FIXED to set this. Supported on Android 9 and above on fully managed devices. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 9. Supported on work profiles on company-owned devices on Android 15 and above.

ScreenBrightnessMode

Controls the screen brightness mode.

انوم‌ها
SCREEN_BRIGHTNESS_MODE_UNSPECIFIED Unspecified. Defaults to BRIGHTNESS_USER_CHOICE .
BRIGHTNESS_USER_CHOICE The user is allowed to configure the screen brightness. screenBrightness must not be set.
BRIGHTNESS_AUTOMATIC The screen brightness mode is automatic in which the brightness is automatically adjusted and the user is not allowed to configure the screen brightness. screenBrightness can still be set and it is taken into account while the brightness is automatically adjusted. Supported on Android 9 and above on fully managed devices. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 9. Supported on work profiles on company-owned devices on Android 15 and above.
BRIGHTNESS_FIXED The screen brightness mode is fixed in which the brightness is set to screenBrightness and the user is not allowed to configure the screen brightness. screenBrightness must be set. Supported on Android 9 and above on fully managed devices. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 9. Supported on work profiles on company-owned devices on Android 15 and above.

ScreenTimeoutSettings

Controls the screen timeout settings.

JSON representation 
{
  "screenTimeoutMode": enum (ScreenTimeoutMode),
  "screenTimeout": string
}
فیلدها
screenTimeoutMode

enum ( ScreenTimeoutMode )

Optional. Controls whether the user is allowed to configure the screen timeout.

screenTimeout

string ( Duration format)

Optional. Controls the screen timeout duration. The screen timeout duration must be greater than 0, otherwise it is rejected. Additionally, it should not be greater than maximumTimeToLock , otherwise the screen timeout is set to maximumTimeToLock and a NonComplianceDetail with INVALID_VALUE reason and SCREEN_TIMEOUT_GREATER_THAN_MAXIMUM_TIME_TO_LOCK specific reason is reported. If the screen timeout is less than a certain lower bound, it is set to the lower bound. The lower bound may vary across devices. If this is set, screenTimeoutMode must be SCREEN_TIMEOUT_ENFORCED . Supported on Android 9 and above on fully managed devices. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 9. Supported on work profiles on company-owned devices on Android 15 and above.

A duration in seconds with up to nine fractional digits, ending with ' s '. Example: "3.5s" .

ScreenTimeoutMode

Controls whether the user is allowed to configure the screen timeout.

انوم‌ها
SCREEN_TIMEOUT_MODE_UNSPECIFIED Unspecified. Defaults to SCREEN_TIMEOUT_USER_CHOICE .
SCREEN_TIMEOUT_USER_CHOICE The user is allowed to configure the screen timeout. screenTimeout must not be set.
SCREEN_TIMEOUT_ENFORCED The screen timeout is set to screenTimeout and the user is not allowed to configure the timeout. screenTimeout must be set. Supported on Android 9 and above on fully managed devices. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 9. Supported on work profiles on company-owned devices on Android 15 and above.

AssistContentPolicy

Controls whether AssistContent is allowed to be sent to a privileged app such as an assistant app. AssistContent includes screenshots and information about an app, such as package name. This is supported on Android 15 and above.

انوم‌ها
ASSIST_CONTENT_POLICY_UNSPECIFIED Unspecified. Defaults to ASSIST_CONTENT_ALLOWED .
ASSIST_CONTENT_DISALLOWED

Assist content is blocked from being sent to a privileged app.

Supported on Android 15 and above. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 15.

ASSIST_CONTENT_ALLOWED

Assist content is allowed to be sent to a privileged app.

Supported on Android 15 and above.

WorkAccountSetupConfig

Controls the work account setup configuration, such as details of whether a Google authenticated account is required.

JSON representation 
{
  "authenticationType": enum (AuthenticationType),
  "requiredAccountEmail": string
}
فیلدها
authenticationType

enum ( AuthenticationType )

Optional. The authentication type of the user on the device.

requiredAccountEmail

string

Optional. The specific google work account email address to be added. This field is only relevant if authenticationType is GOOGLE_AUTHENTICATED . This must be an enterprise account and not a consumer account. Once set and a Google authenticated account is added to the device, changing this field will have no effect, and thus recommended to be set only once.

AuthenticationType

The authentication type of the user on the device.

انوم‌ها
AUTHENTICATION_TYPE_UNSPECIFIED Unspecified. Defaults to AUTHENTICATION_TYPE_NOT_ENFORCED .
AUTHENTICATION_TYPE_NOT_ENFORCED Authentication status of user on device is not enforced.
GOOGLE_AUTHENTICATED Requires device to be managed with a Google authenticated account.

WipeDataFlag

Wipe flags to indicate what data is wiped when a device or profile wipe is triggered due to any reason. (For example, when the device is non-compliant). This does not apply to the enterprises.devices.delete method.

انوم‌ها
WIPE_DATA_FLAG_UNSPECIFIED This value must not be used.
WIPE_ESIMS For company-owned devices, setting this in wipeDataFlags will remove all eSIMs on the device when wipe is triggered due to any reason. On personally-owned devices, this will remove only managed eSIMs on the device. (eSIMs which are added via the ADD_ESIM command). This is supported on devices running Android 15 and above. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 15.

EnterpriseDisplayNameVisibility

Controls whether the enterpriseDisplayName is visible on the device (eg lock screen message on company-owned devices).

انوم‌ها
ENTERPRISE_DISPLAY_NAME_VISIBILITY_UNSPECIFIED Unspecified. Defaults to displaying the enterprise name that's set at the time of device setup. In future, this will default to ENTERPRISE_DISPLAY_NAME_VISIBLE .
ENTERPRISE_DISPLAY_NAME_VISIBLE The enterprise display name is visible on the device. Supported on work profiles on Android 7 and above. Supported on fully managed devices on Android 8 and above. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 7. A NonComplianceDetail with MANAGEMENT_MODE is reported on fully managed devices on Android 7.
ENTERPRISE_DISPLAY_NAME_HIDDEN The enterprise display name is hidden on the device.

AppFunctions

Controls whether apps on the device for fully managed devices or in the work profile for devices with work profiles are allowed to expose app functions.

انوم‌ها
APP_FUNCTIONS_UNSPECIFIED Unspecified. Defaults to APP_FUNCTIONS_ALLOWED .
APP_FUNCTIONS_DISALLOWED Apps on the device for fully managed devices or in the work profile for devices with work profiles are not allowed to expose app functions. If this is set, crossProfileAppFunctions must not be set to CROSS_PROFILE_APP_FUNCTIONS_ALLOWED , otherwise the policy will be rejected.
APP_FUNCTIONS_ALLOWED Apps on the device for fully managed devices or in the work profile for devices with work profiles are allowed to expose app functions.

DefaultApplicationSetting

The default application setting for a DefaultApplicationType .

JSON representation 
{
  "defaultApplicationType": enum (DefaultApplicationType),
  "defaultApplications": [
    {
      object (DefaultApplication)
    }
  ],
  "defaultApplicationScopes": [
    enum (DefaultApplicationScope)
  ]
}
فیلدها
defaultApplicationType

enum ( DefaultApplicationType )

Required. The app type to set the default application.

defaultApplications[]

object ( DefaultApplication )

Required. The list of applications that can be set as the default app for a given type. This list must not be empty or contain duplicates. The first app in the list that is installed and qualified for the defaultApplicationType (eg SMS app for DEFAULT_SMS ) is set as the default app. The signing key certificate fingerprint of the app on the device must also match one of the signing key certificate fingerprints obtained from Play Store or one of the entries in ApplicationPolicy.signingKeyCerts in order to be set as the default.

If the defaultApplicationScopes contains SCOPE_FULLY_MANAGED or SCOPE_WORK_PROFILE , the app must have an entry in applications with installType set to a value other than BLOCKED .

A NonComplianceDetail with APP_NOT_INSTALLED reason and DEFAULT_APPLICATION_SETTING_FAILED_FOR_SCOPE specific reason is reported if none of the apps in the list are installed. A NonComplianceDetail with INVALID_VALUE reason and DEFAULT_APPLICATION_SETTING_FAILED_FOR_SCOPE specific reason is reported if at least one app is installed but the policy fails to apply due to other reasons (eg the app is not of the right type).

When applying to SCOPE_PERSONAL_PROFILE on a company-owned device with a work profile, only pre-installed system apps can be set as the default. A NonComplianceDetail with INVALID_VALUE reason and DEFAULT_APPLICATION_SETTING_FAILED_FOR_SCOPE specific reason is reported if the policy fails to apply to the personal profile.

defaultApplicationScopes[]

enum ( DefaultApplicationScope )

Required. The scopes to which the policy should be applied. This list must not be empty or contain duplicates.

A NonComplianceDetail with MANAGEMENT_MODE reason and DEFAULT_APPLICATION_SETTING_UNSUPPORTED_SCOPES specific reason is reported if none of the specified scopes can be applied to the management mode (eg a fully managed device receives a policy with only SCOPE_PERSONAL_PROFILE in the list).

DefaultApplication

Information about the application to be set as the default.

JSON representation 
{
  "packageName": string
}
فیلدها
packageName

string

Required. The package name that should be set as the default application. The policy is rejected if the package name is invalid.

روش‌ها

delete

 Deletes a policy.

get

 Gets a policy.

list

 Lists policies for a given enterprise.

modifyPolicyApplications

 Updates or creates applications in a policy.

patch

 Updates or creates a policy.

removePolicyApplications

 Removes applications in a policy.