Restriction profiles lock down native functionality of Android devices and vary significantly based on OEM. Removing the restrictions profile is the recommended method for removing the restrictions from the device.
To see available restrictions by setting and OEM, see Android OEM Specific Restrictions.
For further special considerations for enabling certain restrictions, see Best Practices for Configuring Restrictions with Android Devices
Device-level restrictions can disable core device functionality such as the camera, screen capture and factory reset to help improve productivity and security. For example, disabling the camera protects sensitive materials from being photographed and transmitted outside of your organization. Prohibiting device screen captures helps protect the confidentiality of corporate content on the device.
|Sync and Storage||
Control how information is stored on devices, allowing you to maintain the highest balance of productivity, security, and firmware updates. For example disabling Google or USB Backup keeps corporate mobile data on each managed device and out of the wrong hands.
Application-level restrictions can disable certain applications such as YouTube, Google Play Store and native browser, which enables you to enforce adherence to corporate policies for device usage.+
Limit file sharing through bluetooth by disallowing bluetooth behaviors such as outgoing calls and data transfer.
Prevent devices from accessing Wi-Fi and data connections to ensure that end users are not viewing sensitive information using an insecure connection.
Allow/disallow device functionality while roaming to configure telecom settings for your devices.
Prevent end users tethering with other devices to keep unmanaged devices from viewing sensitive information about your device fleet.
Limit the behavior of your browser to maximize security. If implementing VMware Browser, ensure you disable Allow Native Android Browser to restrict browsing activity to the VMware Browser.
|Location Services||Determine the hard keys end users can utilize to limit the level of device functionality to a level that is appropriate for your organization.|
|Phone and Data||
Configure phone and data limits and restrictions to keep device usage within the parameters of your organizations plan. You can also allow or prevent incoming and outgoing calls and SMS messages by selecting Add underneath Call And SMS Restriction and selecting the direction, type, and restriction.
Set Maximum Data Usage to determine the amount of data network usage per day, week, or month. The Frequency, Size and Maximum fields will report one month usage from the time the profile was pushed to the device.
Set MMS restrictions to allow incoming and outgoing MMS messages.
|Miscellaneous||Configure the font and font size for your device to give it a customized look and feel.|
|Hardware Restrictions||Determine the hard keys end users can utilize to limit the level of device functionality to a level that is appropriate for your organization.|
Allow/disallow security functionality such as forcing fast encryption and firmware recovery.
If the administrator wants to disable upgrading OS using firmware over the air, they cannot do so if they disable Firmware Recovery. Firmware Recovery must be enabled in order for the restriction on OS upgrades to work.