The Android Application-based Restriction Policy lets you configure restrictions for third-party software apps that are installed on managed Android devices. These restrictions can also control how other apps interact with your app’s components. This policy works for devices running Android 5.1 and later.
Prerequisites
- JumpCloud’s Android EMM is configured for your organization. See Set up Android EMM.
- Your Android devices are enrolled in EMM. See Add and Manage Android Devices and Users: Enroll Your Personal Android Device.
To create an Android Application-based Restrictions policy:
- Log in to the JumpCloud Admin Portal.
- Go to DEVICE MANAGEMENT > Policy Management.
- In the All tab, click (+).
- On the New Policy panel, select the Android tab.
- Select the Application-based Restrictions policy from the list, then click configure.
- On the New Policy panel, optionally enter a new name for the policy, or keep the default. Policy names must be unique.
- For Policy Notes, enter details like when you created the policy, where you tested it, and where you deployed it.
- Under Settings, set the app restrictions:
- Select Disable User Installation of Apps to prevent users from installing software apps on their devices. If you decide to allow users to install apps and you deselect this field, be cautious when allowing unknown apps.
- Select Disable User Uninstallation of Apps to prevent users from uninstalling software apps. This also prevents apps from being uninstalled through the app itself.
- Select Skip System App Tutorials to allows the system recommendation for apps to skip their user tutorial and other introductory hints on first startup. This setting applies to Dedicated Devices on Android 6.0 or later only.
- Under Play Store Mode, determine which apps are available to the user in the Google Play Store and the behavior on the device when apps are removed from the policy:
- Allowlist – Permit only apps that are available to appear here. If apps do not appear, they are automatically uninstalled from the device. This is the default.
- Blocklist – Allow all available apps, and block any app that should not be on the device.
- Under Google Play Protect Verification, set whether to check app content for any harmful behavior before you install it:
- Enforce – Enable app verification. This is the default.
- User Choice – Let the user choose to enable app verification.
- Under Unknown Source App Installation, set the control over installation of untrusted apps (apps from unknown sources) on user devices:
- Disallow – Prevent untrusted apps from being installed anywhere on the device. This is the default.
- Allow in Personal Profile Only – For devices with work profiles, allow untrusted apps to be installed only in the device’s personal profile.
- Allow Device Wide – Allow untrusted app installations anywhere on the device.
- Under Developer Options, set access to developer settings like developer options and safe boot:
- Disable – Prevent users from accessing all developer settings. This is the default.
- Allow – Allow users to access and configure the developer settings.
- Under Runtime Permissions, choose how to grant permission requests to apps:
- Allow – Automatically grant a permission request.
- Prompt – Prompt the user to grant a permission request. This is the default.
- Deny – Automatically deny a permission request.
- Under Minimum Android API Level, enter the minimum allowable API level for apps. Learn more about Android API Levels.
- Under Override Individual Permission Requests, set specific actions to take for application permissions or permission groups:
- Permission – Enter the Android permission or permission group, e.g. android.permission.READ_CALENDAR or android.permission_group.CALENDAR.
- Policy – Select the policy for granting permission:
- Prompt – always prompt the user for permission
- Allow – grant automatically
- Deny – deny automatically.
- Click Add Apps to add additional fields.
- (Optional) Select the Device Groups tab. Select one or more device groups where you will apply this policy. For device groups with multiple OS member types, the policy is applied only to the supported OS.
- (Optional) Select the Devices tab. Select one or more devices where you will apply this policy.
Tip:
For this policy to take effect, you must specify a device or a device group.
- Click save.
Back to Top