REST Resource: enterprises.policies

Resource: Policy

A policy resources represents a group settings that govern the behavior of a managed device and the apps installed on it.

JSON representation
{
  "name": string,
  "version": string,
  "applications": [
    {
      object(ApplicationPolicy)
    }
  ],
  "maximumTimeToLock": string,
  "screenCaptureDisabled": boolean,
  "cameraDisabled": boolean,
  "keyguardDisabledFeatures": [
    enum(KeyguardDisabledFeature)
  ],
  "defaultPermissionPolicy": enum(PermissionPolicy),
  "persistentPreferredActivities": [
    {
      object(PersistentPreferredActivity)
    }
  ],
  "openNetworkConfiguration": {
    object
  },
  "systemUpdate": {
    object(SystemUpdate)
  },
  "accountTypesWithManagementDisabled": [
    string
  ],
  "addUserDisabled": boolean,
  "adjustVolumeDisabled": boolean,
  "factoryResetDisabled": boolean,
  "installAppsDisabled": boolean,
  "mountPhysicalMediaDisabled": boolean,
  "modifyAccountsDisabled": boolean,
  "safeBootDisabled": boolean,
  "uninstallAppsDisabled": boolean,
  "statusBarDisabled": boolean,
  "keyguardDisabled": boolean,
  "statusReportingSettings": {
    object(StatusReportingSettings)
  },
  "bluetoothContactSharingDisabled": boolean,
  "shortSupportMessage": {
    object(UserFacingMessage)
  },
  "longSupportMessage": {
    object(UserFacingMessage)
  },
  "passwordRequirements": {
    object(PasswordRequirements)
  },
  "wifiConfigsLockdownEnabled": boolean,
  "bluetoothConfigDisabled": boolean,
  "cellBroadcastsConfigDisabled": boolean,
  "credentialsConfigDisabled": boolean,
  "mobileNetworksConfigDisabled": boolean,
  "tetheringConfigDisabled": boolean,
  "vpnConfigDisabled": boolean,
  "wifiConfigDisabled": boolean,
  "createWindowsDisabled": boolean,
  "networkResetDisabled": boolean,
  "outgoingBeamDisabled": boolean,
  "outgoingCallsDisabled": boolean,
  "removeUserDisabled": boolean,
  "shareLocationDisabled": boolean,
  "smsDisabled": boolean,
  "unmuteMicrophoneDisabled": boolean,
  "usbFileTransferDisabled": boolean,
  "ensureVerifyAppsEnabled": boolean,
  "permittedInputMethods": {
    object(PackageNameList)
  },
  "stayOnPluggedModes": [
    enum(BatteryPluggedMode)
  ],
  "recommendedGlobalProxy": {
    object(ProxyInfo)
  },
  "setUserIconDisabled": boolean,
  "setWallpaperDisabled": boolean,
  "choosePrivateKeyRules": [
    {
      object(ChoosePrivateKeyRule)
    }
  ],
  "alwaysOnVpnPackage": {
    object(AlwaysOnVpnPackage)
  },
  "frpAdminEmails": [
    string
  ],
  "deviceOwnerLockScreenInfo": {
    object(UserFacingMessage)
  },
  "dataRoamingDisabled": boolean,
  "locationMode": enum(LocationMode),
  "networkEscapeHatchEnabled": boolean,
  "bluetoothDisabled": boolean,
  "complianceRules": [
    {
      object(ComplianceRule)
    }
  ],
  "blockApplicationsEnabled": boolean,
  "installUnknownSourcesAllowed": boolean,
  "debuggingFeaturesAllowed": boolean,
  "funDisabled": boolean,
  "autoTimeRequired": boolean,
  "appAutoUpdatePolicy": enum(AppAutoUpdatePolicy),
  "kioskCustomLauncherEnabled": boolean,
  "skipFirstUseHintsEnabled": boolean,
  "privateKeySelectionEnabled": boolean,
  "encryptionPolicy": enum(EncryptionPolicy),
  "usbMassStorageEnabled": boolean,
  "permissionGrants": [
    {
      object(PermissionGrant)
    }
  ],
  "playStoreMode": enum(PlayStoreMode)
}
Fields
name

string

The name of the policy in the form enterprises/{enterpriseId}/policies/{policyId}.

version

string (int64 format)

The version of the policy. This is a read-only field. The version is incremented each time the policy is updated.

applications[]

object(ApplicationPolicy)

Policy applied to apps.

maximumTimeToLock

string (int64 format)

Maximum time in milliseconds for user activity until the device locks. A value of 0 means there is no restriction.

screenCaptureDisabled

boolean

Whether screen capture is disabled.

cameraDisabled

boolean

Whether all cameras on the device are disabled.

keyguardDisabledFeatures[]

enum(KeyguardDisabledFeature)

Disabled keyguard customizations, such as widgets.

defaultPermissionPolicy

enum(PermissionPolicy)

The default permission policy for runtime permission requests.

persistentPreferredActivities[]

object(PersistentPreferredActivity)

Default intent handler activities.

openNetworkConfiguration

object (Struct format)

Network configuration for the device. See configure networks for more information.

systemUpdate

object(SystemUpdate)

The system update policy, which controls how OS updates are applied. If the update type is WINDOWED, the update window will automatically apply to Play app updates as well.

accountTypesWithManagementDisabled[]

string

Account types that can't be managed by the user.

addUserDisabled

boolean

Whether adding new users and profiles is disabled.

adjustVolumeDisabled

boolean

Whether adjusting the master volume is disabled.

factoryResetDisabled

boolean

Whether factory resetting from settings is disabled.

installAppsDisabled

boolean

Whether user installation of apps is disabled.

mountPhysicalMediaDisabled

boolean

Whether the user mounting physical external media is disabled.

modifyAccountsDisabled

boolean

Whether adding or removing accounts is disabled.

safeBootDisabled

boolean

Whether rebooting the device into safe boot is disabled.

uninstallAppsDisabled

boolean

Whether user uninstallation of applications is disabled.

statusBarDisabled

boolean

Whether the status bar is disabled. This disables notifications, quick settings, and other screen overlays that allow escape from full-screen mode.

keyguardDisabled

boolean

Whether the keyguard is disabled.

statusReportingSettings

object(StatusReportingSettings)

Status reporting settings

bluetoothContactSharingDisabled

boolean

Whether bluetooth contact sharing is disabled.

shortSupportMessage

object(UserFacingMessage)

A message displayed to the user in the settings screen wherever functionality has been disabled by the admin.

longSupportMessage

object(UserFacingMessage)

A message displayed to the user in the device administators settings screen.

passwordRequirements

object(PasswordRequirements)

Password requirements.

wifiConfigsLockdownEnabled

boolean

Whether Wi-Fi networks defined in Open Network Configuration are locked so they can't be edited by the user.

bluetoothConfigDisabled

boolean

Whether configuring bluetooth is disabled.

cellBroadcastsConfigDisabled

boolean

Whether configuring cell broadcast is disabled.

credentialsConfigDisabled

boolean

Whether configuring user credentials is disabled.

mobileNetworksConfigDisabled

boolean

Whether configuring mobile networks is disabled.

tetheringConfigDisabled

boolean

Whether configuring tethering and portable hotspots is disabled.

vpnConfigDisabled

boolean

Whether configuring VPN is disabled.

wifiConfigDisabled

boolean

Whether configuring Wi-Fi access points is disabled.

createWindowsDisabled

boolean

Whether creating windows besides app windows is disabled.

networkResetDisabled

boolean

Whether resetting network settings is disabled.

outgoingBeamDisabled

boolean

Whether using NFC to beam data from apps is disabled.

outgoingCallsDisabled

boolean

Whether outgoing calls are disabled.

removeUserDisabled

boolean

Whether removing other users is disabled.

shareLocationDisabled

boolean

Whether location sharing is disabled.

smsDisabled

boolean

Whether sending and receiving SMS messages is disabled.

unmuteMicrophoneDisabled

boolean

Whether the microphone is muted and adjusting microphone volume is disabled.

usbFileTransferDisabled

boolean

Whether transferring files over USB is disabled.

ensureVerifyAppsEnabled

boolean

Whether app verification is force-enabled.

permittedInputMethods

object(PackageNameList)

If present, only the input methods provided by packages in this list are permitted. If this field is present, but the list is empty, then only system input methods are permitted.

stayOnPluggedModes[]

enum(BatteryPluggedMode)

The battery plugged in modes for which the device stays on. When using this setting, it is recommended to clear maximumTimeToLock so that the device doesn't lock itself while it stays on.

recommendedGlobalProxy

object(ProxyInfo)

The network-independent global HTTP proxy. Typically proxies should be configured per-network in openNetworkConfiguration. However for unusual configurations like general internal filtering a global HTTP proxy may be useful. If the proxy is not accessible, network access may break. The global proxy is only a recommendation and some apps may ignore it.

setUserIconDisabled

boolean

Whether changing the user icon is disabled.

setWallpaperDisabled

boolean

Whether changing the wallpaper is disabled.

choosePrivateKeyRules[]

object(ChoosePrivateKeyRule)

Rules for automatically choosing a private key and certificate to authenticate the device to a server. The rules are ordered by increasing precedence, so if an outgoing request matches more than one rule, the last rule defines which private key to use.

alwaysOnVpnPackage

object(AlwaysOnVpnPackage)

Configuration for an always-on VPN connection. Use with vpnConfigDisabled to prevent modification of this setting.

frpAdminEmails[]

string

Email addresses of device administrators for factory reset protection. When the device is factory reset, it will require one of these admins to log in with the Google account email and password to unlock the device. If no admins are specified, the device won't provide factory reset protection.

deviceOwnerLockScreenInfo

object(UserFacingMessage)

The device owner information to be shown on the lock screen.

dataRoamingDisabled

boolean

Whether roaming data services are disabled.

locationMode

enum(LocationMode)

The degree of location detection enabled. The user may change the value unless the user is otherwise blocked from accessing device settings.

networkEscapeHatchEnabled

boolean

Whether the network escape hatch is enabled. If a network connection can't be made at boot time, the escape hatch prompts the user to temporarily connect to a network in order to refresh the device policy. After applying policy, the temporary network will be forgotten and the device will continue booting. This prevents being unable to connect to a network if there is no suitable network in the last policy and the device boots into an app in lock task mode, or the user is otherwise unable to reach device settings.

bluetoothDisabled

boolean

Whether bluetooth is disabled. Prefer this setting over bluetoothConfigDisabled because bluetoothConfigDisabled can be bypassed by the user.

complianceRules[]

object(ComplianceRule)

Rules declaring which mitigating actions to take when a device is not compliant with its policy. When the conditions for multiple rules are satisfied, all of the mitigating actions for the rules are taken. There is a maximum limit of 100 rules.

blockApplicationsEnabled
(deprecated)

boolean

Whether applications other than the ones configured in applications are blocked from being installed. When set, applications that were installed under a previous policy but no longer appear in the policy are automatically uninstalled.

installUnknownSourcesAllowed

boolean

Whether the user is allowed to enable the "Unknown Sources" setting, which allows installation of apps from unknown sources.

debuggingFeaturesAllowed

boolean

Whether the user is allowed to enable debugging features.

funDisabled

boolean

Whether the user is allowed to have fun. Controls whether the Easter egg game in Settings is disabled.

autoTimeRequired

boolean

Whether auto time is required, which prevents the user from manually setting the date and time.

appAutoUpdatePolicy

enum(AppAutoUpdatePolicy)

The app auto update policy, which controls when automatic app updates can be applied.

kioskCustomLauncherEnabled

boolean

Whether the kiosk custom launcher is enabled. This replaces the home screen with a launcher that locks down the device to the apps installed via the applications setting. The apps appear on a single page in alphabetical order. It is recommended to also use statusBarDisabled to block access to device settings.

skipFirstUseHintsEnabled

boolean

Flag to skip hints on the first use. Enterprise admin can enable the system recommendation for apps to skip their user tutorial and other introductory hints on first start-up.

privateKeySelectionEnabled

boolean

Allows showing UI on a device for a user to choose a private key alias if there are no matching rules in ChoosePrivateKeyRules. For devices below Android P, setting this may leave enterprise keys vulnerable.

encryptionPolicy

enum(EncryptionPolicy)

Whether encryption is enabled

usbMassStorageEnabled

boolean

Whether USB storage is enabled.

permissionGrants[]

object(PermissionGrant)

Explicit permission or group grants or denials for all apps. These values override the defaultPermissionPolicy.

playStoreMode

enum(PlayStoreMode)

This mode controls which apps are available to the user in the Play Store and the behavior on the device when apps are removed from the policy.

ApplicationPolicy

Policy for an individual app.

JSON representation
{
  "packageName": string,
  "installType": enum(InstallType),
  "lockTaskAllowed": boolean,
  "defaultPermissionPolicy": enum(PermissionPolicy),
  "permissionGrants": [
    {
      object(PermissionGrant)
    }
  ],
  "managedConfiguration": {
    object
  },
  "disabled": boolean,
  "minimumVersionCode": number,
  "delegatedScopes": [
    enum(DelegatedScope)
  ]
}
Fields
packageName

string

The package name of the app. For example, com.google.android.youtube for the YouTube app.

installType

enum(InstallType)

The type of installation to perform.

lockTaskAllowed

boolean

Whether the app is allowed to lock itself in full-screen mode.

defaultPermissionPolicy

enum(PermissionPolicy)

The default policy for all permissions requested by the app. If specified, this overrides the policy-level defaultPermissionPolicy which applies to all apps. It does not override the permissionGrants which applies to all apps.

permissionGrants[]

object(PermissionGrant)

Explicit permission grants or denials for the app. These values override the defaultPermissionPolicy and permissionGrants which apply to all apps.

managedConfiguration

object (Struct format)

Managed configuration applied to the app. The format for the configuration is dictated by the ManagedProperty values supported by the app. Each field name in the managed configuration must match the key field of the ManagedProperty. The field value must be compatible with the type of the ManagedProperty:

typeJSON value
BOOLtrue or false
STRINGstring
INTEGERnumber
CHOICEstring
MULTISELECTarray of strings
HIDDENstring
BUNDLE_ARRAYarray of objects

disabled

boolean

Whether the app is disabled. When disabled, the app data is still preserved.

minimumVersionCode

number

The minimum version of the app that runs on the device. If set, the device attempts to update the app to at least this version code. If the app is not up-to-date, the device will contain a NonComplianceDetail with nonComplianceReason set to APP_NOT_UPDATED. The app must already be published to Google Play with a version code greater than or equal to this value. At most 20 apps may specify a minimum version code per policy.

delegatedScopes[]

enum(DelegatedScope)

The scopes delegated to the app from Android Device Policy.

InstallType

The type of installation to perform for an app.

Enums
INSTALL_TYPE_UNSPECIFIED Unspecified. Defaults to AVAILABLE.
PREINSTALLED The app is automatically installed and can be removed by the user.
FORCE_INSTALLED The app is automatically installed and can't be removed by the user.
BLOCKED The app is blocked and can't be installed. If the app was installed under a previous policy, it will be uninstalled.
AVAILABLE The app is available to install.

PermissionPolicy

The policy for granting permission requests to apps.

Enums
PERMISSION_POLICY_UNSPECIFIED Policy not specified. If no policy is specified for a permission at any level, then the PROMPT behavior is used by default.
PROMPT Prompt the user to grant a permission.
GRANT Automatically grant a permission.
DENY Automatically deny a permission.

PermissionGrant

Configuration for an Android permission and its grant state.

JSON representation
{
  "permission": string,
  "policy": enum(PermissionPolicy)
}
Fields
permission

string

The Android permission or group, e.g. android.permission.READ_CALENDAR or android.permission_group.CALENDAR.

policy

enum(PermissionPolicy)

The policy for granting the permission.

DelegatedScope

Delegation Scopes that another package can acquire from Android Device Policy.

Enums
DELEGATED_SCOPE_UNSPECIFIED No delegation scope specified.
CERT_INSTALL Grants access to certificate installation and management.
MANAGED_CONFIGURATIONS Grants access to managed configurations management.
BLOCK_UNINSTALL Grants access to blocking uninstallation.
PERMISSION_GRANT Grants access to permission policy and permission grant state.
PACKAGE_ACCESS Grants access to package access state.
ENABLE_SYSTEM_APP Grants access for enabling system apps.

KeyguardDisabledFeature

Keyguard features which may be disabled.

Enums
KEYGUARD_DISABLED_FEATURE_UNSPECIFIED This value is ignored.
CAMERA Disable the camera on secure keyguard screens (e.g. PIN).
NOTIFICATIONS Disable showing all notifications on secure keyguard screens.
UNREDACTED_NOTIFICATIONS Disable unredacted notifications on secure keyguard screens.
TRUST_AGENTS Ignore trust agent state on secure keyguard screens.
DISABLE_FINGERPRINT Disable fingerprint sensor on keyguard secure screens.
DISABLE_REMOTE_INPUT Disable text entry into notifications on secure keyguard screens.
ALL_FEATURES Disable all current and future keyguard customizations.

PersistentPreferredActivity

A default activity for handling intents that match a particular intent filter.

JSON representation
{
  "receiverActivity": string,
  "actions": [
    string
  ],
  "categories": [
    string
  ]
}
Fields
receiverActivity

string

The activity that should be the default intent handler. This should be an Android component name, e.g. com.android.enterprise.app/.MainActivity. Alternatively, the value may be the package name of an app, which causes Android Device Policy to choose an appropriate activity from the app to handle the intent.

actions[]

string

The intent actions to match in the filter. If any actions are included in the filter, then an intent's action must be one of those values for it to match. If no actions are included, the intent action is ignored.

categories[]

string

The intent categories to match in the filter. An intent includes the categories that it requires, all of which must be included in the filter in order to match. In other words, adding a category to the filter has no impact on matching unless that category is specified in the intent.

SystemUpdate

Configuration for managing system updates

JSON representation
{
  "type": enum(SystemUpdateType),
  "startMinutes": number,
  "endMinutes": number
}
Fields
type

enum(SystemUpdateType)

The type of system update to configure.

startMinutes

number

If the type is WINDOWED, the start of the maintenance window, measured as the number of minutes after midnight in the device's local time. This value must be between 0 and 1439, inclusive.

endMinutes

number

If the type is WINDOWED, the end of the maintenance window, measured as the number of minutes after midnight in device's local time. This value must be between 0 and 1439, inclusive. If this value is less than startMinutes, then the maintenance window spans midnight. If the maintenance window specified is smaller than 30 minutes, the actual window is extended to 30 minutes beyond the start time.

SystemUpdateType

The type of system update configuration.

Enums
SYSTEM_UPDATE_TYPE_UNSPECIFIED Follow the default update behavior for the device, which typically requires the user to accept system updates.
AUTOMATIC Install automatically as soon as an update is available.
WINDOWED Install automatically within a daily maintenance window. This also configures Play apps to be updated within the window. This is strongly recommended for kiosk devices because this is the only way apps persistently pinned to the foreground can be updated by Play.
POSTPONE Postpone automatic install up to a maximum of 30 days.

StatusReportingSettings

Settings controlling the behavior of status reports.

JSON representation
{
  "applicationReportsEnabled": boolean,
  "deviceSettingsEnabled": boolean,
  "softwareInfoEnabled": boolean,
  "memoryInfoEnabled": boolean,
  "networkInfoEnabled": boolean,
  "displayInfoEnabled": boolean,
  "powerManagementEventsEnabled": boolean,
  "hardwareStatusEnabled": boolean
}
Fields
applicationReportsEnabled

boolean

Whether app reports are enabled.

deviceSettingsEnabled

boolean

Whether device settings reporting is enabled.

softwareInfoEnabled

boolean

Whether software info reporting is enabled.

memoryInfoEnabled

boolean

Whether memory reporting is enabled.

networkInfoEnabled

boolean

Whether network info reporting is enabled.

displayInfoEnabled

boolean

Whether displays reporting is enabled.

powerManagementEventsEnabled

boolean

Whether power management event reporting is enabled.

hardwareStatusEnabled

boolean

Whether hardware status reporting is enabled.

PasswordRequirements

Requirements for the password used to unlock a device.

JSON representation
{
  "passwordMinimumLength": number,
  "passwordMinimumLetters": number,
  "passwordMinimumLowerCase": number,
  "passwordMinimumNonLetter": number,
  "passwordMinimumNumeric": number,
  "passwordMinimumSymbols": number,
  "passwordMinimumUpperCase": number,
  "passwordQuality": enum(PasswordQuality),
  "passwordHistoryLength": number,
  "maximumFailedPasswordsForWipe": number,
  "passwordExpirationTimeout": string
}
Fields
passwordMinimumLength

number

The minimum allowed password length. A value of 0 means there is no restriction. Only enforced when passwordQuality is NUMERIC, NUMERIC_COMPLEX, ALPHABETIC, ALPHANUMERIC, or COMPLEX.

passwordMinimumLetters

number

Minimum number of letters required in the password. Only enforced when passwordQuality is COMPLEX.

passwordMinimumLowerCase

number

Minimum number of lower case letters required in the password. Only enforced when passwordQuality is COMPLEX.

passwordMinimumNonLetter

number

Minimum number of non-letter characters (numerical digits or symbols) required in the password. Only enforced when passwordQuality is COMPLEX.

passwordMinimumNumeric

number

Minimum number of numerical digits required in the password. Only enforced when passwordQuality is COMPLEX.

passwordMinimumSymbols

number

Minimum number of symbols required in the password. Only enforced when passwordQuality is COMPLEX.

passwordMinimumUpperCase

number

Minimum number of upper case letters required in the password. Only enforced when passwordQuality is COMPLEX.

passwordQuality

enum(PasswordQuality)

The required password quality.

passwordHistoryLength

number

The length of the password history. After setting this field, the user won't be able to enter a new password that is the same as any password in the history. A value of 0 means there is no restriction.

maximumFailedPasswordsForWipe

number

Number of incorrect device-unlock passwords that can be entered before a device is wiped. A value of 0 means there is no restriction.

passwordExpirationTimeout

string (Duration format)

Password expiration timeout.

A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s".

PasswordQuality

Password quality requirements.

Enums
PASSWORD_QUALITY_UNSPECIFIED There are no password requirements.
BIOMETRIC_WEAK The device must be secured with a low-security biometric recognition technology, at minimum. This includes technologies that can recognize the identity of an individual that are roughly equivalent to a 3-digit PIN (false detection is less than 1 in 1,000).
SOMETHING A password is required, but there are no restrictions on what the password must contain.
NUMERIC The password must contain numeric characters.
NUMERIC_COMPLEX The password must contain numeric characters with no repeating (4444) or ordered (1234, 4321, 2468) sequences.
ALPHABETIC The password must contain alphabetic (or symbol) characters.
ALPHANUMERIC The password must contain both numeric and alphabetic (or symbol) characters.
COMPLEX The password must contain at least a letter, a numerical digit and a special symbol. Other password constraints, for example, passwordMinimumLetters are enforced.

PackageNameList

A list of package names.

JSON representation
{
  "packageNames": [
    string
  ]
}
Fields
packageNames[]

string

A list of package names.

BatteryPluggedMode

Modes for plugging in the battery.

Enums
BATTERY_PLUGGED_MODE_UNSPECIFIED This value is ignored.
AC Power source is an AC charger.
USB Power source is a USB port.
WIRELESS Power source is wireless.

ProxyInfo

Configuration info for an HTTP proxy. For a direct proxy, set the host, port, and excludedHosts fields. For a PAC script proxy, set the pacUri field.

JSON representation
{
  "host": string,
  "port": number,
  "excludedHosts": [
    string
  ],
  "pacUri": string
}
Fields
host

string

The host of the direct proxy.

port

number

The port of the direct proxy.

excludedHosts[]

string

For a direct proxy, the hosts for which the proxy is bypassed. The host names may contain wildcards such as *.example.com.

pacUri

string

The URI of the PAC script used to configure the proxy.

ChoosePrivateKeyRule

A rule for automatically choosing a private key and certificate to authenticate the device to a server.

JSON representation
{
  "urlPattern": string,
  "packageNames": [
    string
  ],
  "privateKeyAlias": string
}
Fields
urlPattern

string

The URL pattern to match against the URL of the outgoing request. The pattern may contain asterisk (*) wildcards. Any URL is matched if unspecified.

packageNames[]

string

The package names for which outgoing requests are subject to this rule. If no package names are specified, then the rule applies to all packages. For each package name listed, the rule applies to that package and all other packages that shared the same Android UID. The SHA256 hash of the signing key signatures of each packageName will be verified against those provided by Play

privateKeyAlias

string

The alias of the private key to be used.

AlwaysOnVpnPackage

Configuration for an always-on VPN connection.

JSON representation
{
  "packageName": string,
  "lockdownEnabled": boolean
}
Fields
packageName

string

The package name of the VPN app.

lockdownEnabled

boolean

Disallows networking when the VPN is not connected.

LocationMode

The degree of location detection enabled.

Enums
LOCATION_MODE_UNSPECIFIED The current device value is not modified.
HIGH_ACCURACY All location detection methods are enabled, including GPS, networks, and other sensors.
SENSORS_ONLY Only GPS and other sensors are enabled.
BATTERY_SAVING Only the network location provider is enabled.
OFF Location detection is disabled.

ComplianceRule

A rule declaring which mitigating actions to take when a device is not compliant with its policy. For every rule, there is always an implicit mitigating action to set policyCompliant to false for the Device resource, and display a message on the device indicating that the device is not compliant with its policy. Other mitigating actions may optionally be taken as well, depending on the field values in the rule.

JSON representation
{
  "disableApps": boolean,
  "packageNamesToDisable": [
    string
  ],

  // Union field condition can be only one of the following:
  "nonComplianceDetailCondition": {
    object(NonComplianceDetailCondition)
  },
  "apiLevelCondition": {
    object(ApiLevelCondition)
  }
  // End of list of possible types for union field condition.
}
Fields
disableApps

boolean

If set to true, the rule includes a mitigating action to disable apps so that the device is effectively disabled, but app data is preserved. If the device is running an app in locked task mode, the app will be closed and a UI showing the reason for non-compliance will be displayed.

packageNamesToDisable[]

string

If set, the rule includes a mitigating action to disable apps specified in the list, but app data is preserved.

Union field condition. The condition, which when satisfied, triggers the mitigating actions defined in the rule. Exactly one of the conditions must be set. condition can be only one of the following:
nonComplianceDetailCondition

object(NonComplianceDetailCondition)

A condition which is satisfied if there exists any matching NonComplianceDetail for the device.

apiLevelCondition

object(ApiLevelCondition)

A condition which is satisfied if the Android Framework API level on the device doesn't meet a minimum requirement.

NonComplianceDetailCondition

A compliance rule condition which is satisfied if there exists any matching NonComplianceDetail for the device. A NonComplianceDetail matches a NonComplianceDetailCondition if all the fields which are set within the NonComplianceDetailCondition match the corresponding NonComplianceDetail fields.

JSON representation
{
  "settingName": string,
  "nonComplianceReason": enum(NonComplianceReason),
  "packageName": string
}
Fields
settingName

string

The name of the policy setting. This is the JSON field name of a top-level Policy field. If not set, then this condition matches any setting name.

nonComplianceReason

enum(NonComplianceReason)

The reason the device is not in compliance with the setting. If not set, then this condition matches any reason.

packageName

string

The package name of the app that's out of compliance. If not set, then this condition matches any package name.

ApiLevelCondition

A compliance rule condition which is satisfied if the Android Framework API level on the device doesn't meet a minimum requirement. There can only be one rule with this type of condition per policy.

JSON representation
{
  "minApiLevel": number
}
Fields
minApiLevel

number

The minimum desired Android Framework API level. If the device doesn't meet the minimum requirement, this condition is satisfied. Must be greater than zero.

AppAutoUpdatePolicy

The app auto-update policy enforced on a device.

Enums
APP_AUTO_UPDATE_POLICY_UNSPECIFIED The auto-update policy is not set. Equivalent to CHOICE_TO_THE_USER.
CHOICE_TO_THE_USER The user can control auto-updates.
NEVER Apps are never auto-updated.
WIFI_ONLY Apps are auto-updated over Wi-Fi only.
ALWAYS Apps are auto-updated at any time. Data charges may apply.

EncryptionPolicy

Type of encryption

Enums
ENCRYPTION_POLICY_UNSPECIFIED This value is ignored, i.e. no encryption required
ENABLED_WITHOUT_PASSWORD Encryption required but no password required to boot
ENABLED_WITH_PASSWORD Encryption required with password required to boot

PlayStoreMode

Possible values for Play Store mode policy.

Enums
PLAY_STORE_MODE_UNSPECIFIED Unspecified. Defaults to WHITELIST.
WHITELIST Only apps that are in the policy are available and any app not in the policy will be automatically uninstalled from the device.
BLACKLIST All apps are available and any app that should not be on the device should be explicitly markeds as 'BLOCKED' in the applications policy.

Methods

delete

Deletes a policy.

get

Gets a policy.

list

Lists policies for a given enterprise.

patch

Updates or creates a policy.

Enviar comentarios sobre…

Android Management API
Android Management API