Description of System Settings
The descriptions of each system setting are given in the table below:
| System Settings | Descriptions |
|---|---|
| Device Functionality | |
| Unknown Sources | Allow or deny Unknown Sources feature on the device. |
| System Update Policy | Admin can control the system updates by selecting an option from the below: Automatic- Installs system updates as soon as they become available without user interaction. Windowed – Installs system updates during a daily maintenance window without human intervention. Postpone – Postpones the installation of system updates for 30 days. After 30 days period, the system prompts the device user to install the update. Note: When set to Don't care and Automatic, the device will auto-update to the latest version when updates are available. Ensure this setting aligns with your update policies, as it may result in updates being applied without prior review or approval. |
| Windows System Update Start Time (0-1440 minutes) | System update will start at the specified time. Note: This option can be enabled only when Windowed System Update Policy is selected. |
| Windows System Update End Time (0-1440 minutes) | System update will end at the specified time. Note: This option can be enabled only when Windowed System Update Policy is selected. |
| Enable Kiosk Mode | Allows to lock the devices with only one or a few specific applications. |
| Kiosk Exit Password | Enter Password required to exit Kiosk Mode. |
| Disable Screen Capture | Restricts the user from capturing the devices’ screen. Note: Remote control will not function if screen capture is disabled. |
| Allow Screen Capture Only During Remote Session | Allows screen capture during remote sessions even when screen capture is disabled. Supported from SureMDM Agent version >= 27.26.00. |
| Disable Safe Mode | Restricts the user from rebooting the device into safe boot mode. |
| Disable Factory Reset | Restricts the user from factory resetting the device from devices’ Settings option. Admin can configure an account for Factory Reset Protection. |
| Google UserId's for FRP | Allows admin to configure a Google User ID for Factory Reset Protection (FRP). To configure Google User ID for FRP, follow these steps: a. Click Get UserID. under the option, Google UserId's for FRP. b. In the Google page that loads, click API at the right corner of the page. c. Click Execute. d. Login with generic Google account. e. Copy the ID from the profile tag and paste it in the Google User ID field. or Follow the below alternative steps: a. Access the Google Developers page where you should be directed to the get > Method: people.get article. b. Click on the Info option on the right side panel and then click on Try it. c. In the APIs Explorer page that loads, click on Execute . d. Sign in to a generic google account. e. A response will be shown beneath the Execute button. Locate the "id" field from the profile tag and copy the value f. Paste the copied value in the Google User ID field. Note: If the Google UserID's you enter here are invalid, or if you forget the credentials of the Google accounts, devices become unusable when you reset them to their factory settings with FRP turned on. |
| Disable Volume Control | Restricts the user from adjusting the volume control. |
| Ringer Mode | Allow admins to set an option for the Ringer mode: User Choice Normal Silent Vibrate |
| Disable Configuration of Credentials | Restricts the user from configuring the credentials. |
| Disable Modification of Accounts | Restricts the user from adding or removing the accounts. |
| Disable Account Management Type | Prevents users from adding accounts with management types like Samsung Account, Exchange, Google, Personal (IMAP), and Personal (POP3). Supported from SureMDM Agent Version 27.34.00 onwards. Once you enable this checkbox, Select Account Management Types to Disable from the options available |
| Disable Outgoing Call | Restricts the user from making phone calls from the device. |
| Disable SMS | Restricts the user from sending / receiving SMS. |
| Disable Microphone | Restricts the user from adjusting the microphone volume. |
| Disallow Camera Toggle | Restricts the user from camera toggle. If this restriction is set, the user will not be able to block camera access via the system toggle. Supported from Android 12 onwards. |
| Disable Adding User | Restricts the user from adding new users. |
| Disable Removing User | Restricts the user from removing the users. |
| Disable Outgoing Beam | Restricts the user from using NFC to beam out data from applications. |
| Disable Wallpaper | Restricts the user from setting wallpaper. Note: The device must run Android version 7.0 or later for this setting to work. |
| Keep Screen On while Plugged in to | Use this option to keep the device screen On when the device is plugged into any of the following options: User Choice AC Charger USB Charger Wireless Charger Any |
| Disallow Config Date and Time | Restricts the configuration of date, time, and timezone from Settings. Supported from Android 9 onwards. Supported from SureMDM Agent v27.15.03 onwards. |
| Disallow Config Locale | Restricts changing the device language from Settings. Supported from Android 9 onwards. |
| Set Auto (Network) Time Required | Restricts configuring date and time from Settings. Supported from Android 8.0 to Android 11. Supported from SureMDM Agent v27.15.03 onwards. |
| Set Auto (Network) Time | Restricts configuring date and time from Settings. Supported from Android 11 onwards. Supported from SureMDM Agent v27.15.03 |
| Set Auto (Network) Time Zone | Restricts configuring time zone from Settings. Supported from Android 11 onwards. Supported from SureMDM Agent v27.15.03 |
| Lock Screen Message | Sets the device owner information to be shown on the lock screen. Supported from Android 7 onwards. Supported from SureMDM Agent v27.15.03 onwards. |
| Set Organization Name | Sets the name of the organization under management on the lock screen. Supported on Device Owner and WPCO enrolled devices, starting from SureMDM Agent version 27.36.59. |
| Disable Status Bar | Restricts user from accessing the status bar. Supported from Android 6 onwards. Supported from SureMDM Agent v27.15.03 onwards. |
| Disallow Config Cell Broadcasts | Restricts user from configuring cell broadcasts. Supported from Android 5.0 onwards. Supported from SureMDM Agent v27.15.03 onwards. |
| Disallow Create Windows | Restricts creating windows besides app windows. Supported from Android 5.0 onwards. Supported from SureMDM Agent v27.15.03 onwards. Note : Enabling the "Disable Create Windows" option will restrict the ability to enable the "Display Over Other Apps" permission for all applications, including SureMDM Agent and SureLock. This action will impact specific functionalities of these apps, such as enabling kiosk mode, enforcing the display of messages, disabling the status bar, blocking access to unallowed apps, and the use of floating buttons. |
| Disallow Assist Content | Assist content is disallowed from being sent to a privileged app such as the Assistant app. Assist content includes screenshots and information about an app, such as package name. Supported from Android 15 onwards. |
| Disallow Scanning For Deceptive Apps | Set the state of the Use Scanning for deceptive apps option. Supported on devices running Android 15 and above. |
| Disallow System Error Dialogs | Restricts system error dialogs for crashed or unresponsive apps from being shown. Supported from Android 9 onwards. Supported from SureMDM Agent v27.15.03 onwards. |
| Disallow Fun | Restricts users from accessing the Easter Egg Game in the Android settings menu. This is supported from Android 6 (Marshmallow) onwards and requires SureMDM Agent v27.15.03 or higher |
| Disallow Mount Physical Media | Restricts the user from mounting physical external media. Supported from Android 5.0 onwards. Supported from SureMDM Agent v27.15.03 onwards. |
| Disallow Set User Icon | Restrict the user from changing their icon. Supported from Android 7 onwards. Supported from SureMDM Agent v27.15.03 onwards. |
| Disallow Ensure Verify Apps | Restricts the user from disabling application verification. Supported from Android 5.0 onwards. Supported from SureMDM Agent v27.15.03 onwards. |
| Disallow Autofill | Restricts the user to use Autofill Services. Supported from Android 8 onwards. Supported from SureMDM Agent v27.15.03 onwards. |
| Disallow User Switch | Restricts users from switching on the current user profile. Supported from Android 9 onwards. Supported from SureMDM Agent v27.15.03 onwards. |
| Disallow Airplane Mode | Restricts users from enabling airplane mode on the device. Supported from Android 9 onwards. Supported from SureMDM Agent v27.15.03 onwards. |
| Disallow Config Brightness | Restricts users from configuring brightness on the device. Supported from Android 9 onwards. Supported from SureMDM Agent v27.15.03 onwards. |
| Set Brightness Mode | Set the brightness mode. Supported on SureMDM Agent >=27.38.00 |
| Disallow Config Screen Timeout | Restricts users from changing the screen off timeout. Supported from Android 9 onwards. Supported from SureMDM Agent v27.15.03 onwards. |
| Disallow Ambient Display | Restricts users from enabling the ambient display. Supported from Android 9 onwards. Supported from SureMDM Agent v27.15.03 onwards. |
| Disallow Printing | Restricts users from printing. Supported from Android 9 onwards. Supported from SureMDM Agent v27.15.03 onwards. |
| Disallow Private DNS | Restricts users from modifying private DNS settings. Supported from Android 10 onwards. Supported from SureMDM Agent v27.15.03 onwards. |
| Enable Common Criteria (CC) Mode | Use this control to enable services to bring the device into the Common Criteria-evaluated configuration, called CC Mode. Supported on devices running Android 11 and later, with SureMDM Agent version >= 27.34.00." |
| Sync and Storage | |
| USB Debugging | Allow or restrict the USB Debugging feature from Developer Options on the device. |
| Enable USB Mass Storage | Allow admins to enable USB mass storage on the device. |
| Disable USB File Transfer | Restricts the user from transferring the files using USB. |
| Disable USB Data Signalling | Restricts users from transferring data via USB, allowing only charging functionality. Supported from SureMDM Agent v27.38.00 onwards. |
| Enable Backup and Restore | Using this option admins can enable the backup and restore in the device. |
| Application(s) | |
| Default Application Permission | Allow or deny the application permission on the devices. Select the required permission: Prompt Grant Deny |
| Disable App Control | Restricts the user from modifying the applications from devices’ Settings option. |
| Disable Apps Installation | Restricts the user from installing applications on the device. |
| Disable Apps Uninstallation | Restricts the user from uninstalling applications on the device. |
| Set Default SMS Application | Set the default SMS application. Supported from Android 10 onwards.Supported with Agent version above 27.31.01 |
| Allowed Input Methods | Set the package names of permitted input methods. System inputs will always be allowed and cannot be restricted. If left empty, no restrictions will be enforced. Supported from Android 5.0 onward with SureMDM Agent version >= 27.44.00 |
| Allowed Accessibility Services | Set the package names of permitted accessibility services. Built-in system services will always be allowed and cannot be restricted. If left empty, no restrictions will be enforced. Supported from Android 5.0 onward with SureMDM Agent version >= 27.44.00 |
| Disallow Config Default Apps | Restricts users from modifying default apps in settings. Supported from Android 14 onwards. Supported on SureMDM Agent >=27.38.00. |
| Set Default Dialer Application | Set the default dialer application for the calling user. Supported from Android 14 onwards. Supported on SureMDM Agent >=27.38.00. |
| Enable All System Apps | Allows to access all System Apps on the devices. Once all system apps are enabled, you cannot disable them all by unchecking this option. You must disable individual apps using the dynamic job "Apps" or the static job "Application Settings." |
| Enable AE specific configurations | Use this option to enable Android Enterprise configurations: App Auto-updates and Enable Apps Feedback Report. |
| App Auto-updates | Admin can allow the auto update of apps installed on the device by selecting an option from the below: User Choice - Allow device user to configure the app update policy. Always - Enables auto-update Wi-Fi Only - Enables auto-update only when the device is connected to Wi-Fi Never - Disables auto-update |
| Maintenance Window | Use this option to auto-update applications during the specified start and end time. |
| App Access in Google Play Store | Specify the app access for the users that they can install on their device. Allow All Apps - Allow all apps from Play Store Allow Approved Apps Only - Allow apps that are approved through Managed Google Play. Allow Allowlist Apps Only - Allow apps that are added to the Application Policy. |
| Disable Play Store Access for Unmanaged Accounts | Deactivates Play Store access for unmanaged accounts. Supported from SureMDM Agent Version 27.34.00 onwards |
| Enable Apps Feedback Report | Allow the device to report application states to the EMM. |
| Location Services | |
| Disable Location Sharing | Restricts the user from turning on the location sharing. |
| Disallow Config Location | Restricts users from enabling or disabling location providers. Supported from Android 9 onwards. Supported from SureMDM Agent v27.15.03 onwards. |
| Network | |
| Bluetooth | Use this option to enable or disable bluetooth on a device. |
| Disable Configuration of Bluetooth | Restricts the user from configuring Bluetooth settings on the device. |
| Disable Configuration of Mobile Networks | Restricts the user from configuring the mobile networks. |
| Disable Configuration of Tethering | Restricts the user from configuring tethering and portable Hotspot. |
| Disable Configuration of VPN | Restricts the user from configuring VPN. |
| Disable Configuration of Wi-Fi | Restricts the user from configuring the Wi-Fi. |
| Enable AllowList/Denylist Network | Select this option to allow users to connect to allowed SSIDs or prevent them from connecting to blocked SSIDs. |
| Allowed/Blocked SSIDs | Enter the allowed/blocked SSIDs in this field. Note: This option will be enabled only when users select the Enable AllowList/Denylist Network option. |
| Disallow Change Wi-Fi State | Restricts users from enabling or disabling Wi-Fi. Supported from Android 13 onwards. Supported from SureMDM Agent version 27.31.01 onwards |
| Disallow Add Wi-Fi Config | Restricts users from adding new Wi-Fi configurations. Supported from Android 13 onwards. Supported from SureMDM Agent version 27.31.01 onwards |
| Disallow Sharing Admin Configured Wi-Fi | Restricts users from sharing Wi-Fi for administrator-configured networks. Supported from Android 13 onwards. Supported from SureMDM Agent version 27.31.01 onwards |
| Disallow Wi-Fi Direct | Restricts users from using Wi-Fi Direct. Supported from Android 13 onwards. Supported from SureMDM Agent version 27.31.01 onwards |
| Disallow Wi-Fi Tethering | Restricts users from using Wi-Fi tethering. Supported from Android 13 onwards. Supported from SureMDM Agent version 27.31.01 onwards |
| Disable Network Reset | Restricts users from resetting network settings from Settings. Supports from Android 6.0 Version. |
| Disable Data Roaming | Use this option to allow or Restrict the user from using Mobile data on roaming. Note: The device must run Android version 7.0 or later for this setting to work. |
| Wi-Fi | Use this option to enable or disable Wi-Fi on a device. |
| Minimum WiFi Security Level | Set the minimum WiFi security level. Supported from SureMDM Agent version 27.38.00 onwards. |
| Transfer data via Bluetooth | Use this option to transfer data through Bluetooth Supported from SureMDM Agent version 27.08.01 onwards. |
| Disallow Ultra-Wideband (UWB) Radio | Restricts users from enabling Ultra-wideband on the device. If Ultra-wideband is disallowed it cannot be turned on via Settings. Supported from Android 14 onwards. Supported from SureMDM Agent version 27.38.00 onwards. |
| Disallow Cellular 2G | Restricts users from using 2G networks. Supported from Android 14 onwards. Supported from SureMDM Agent 27.38.00 onwards. |
| Keyguard Management | |
| Disable All Keyguard Features | Restricts the user from customizing keyguard features. |
| Disable Secure Camera | Restrict the user from using camera on the lock screen of a device. |
| Disable All Notifications | Disable all notifications on the lock screen of a device. |
| Disable Unredacted Notifications | Disable unredacted notifications on the lock screen of a device. |
| Disable Trust Agents | Disable trust agents on the lock screen of a device. |
| Disable Fingerprint Unlock | Disable fingerprint sensor on the lock screen of a device. |
| Disable Remote Input | Disable text entry into notifications on secure keyguard screen. |
| Disable Face Authentication | Disable face authentication on the lock screen of a device. |
| Disable Iris Authentication | Disable iris authentication on the lock screen of a device. |
| Disable all Biometric Authentication | Disable all biometric authentication on the lock screen of a device. |
| Disable All Shortcuts | Disable all shortcuts on secure keyguard screen on Android 15 and above. |
| Logging | |
| Enable Security Logging | Enables security logging on the device. The security logs can be requested and viewed by selecting the device from Home > Logs > Troubleshoot > Security Logs > Request Report. Supported from Android 7 and above. |
| Enable Network Logging | Enables network logging on the device. The network logs can be requested and viewed by selecting the device from Home > Logs > Troubleshoot > Network Logs > Request Report. Supported from Android 8 and above. |
| Work and Personal | |
| Disable Cross Profile Copy Paste | Restricts the user from copying from profile clipboard and pasting in the related profiles. |
| Enable Cross Profile Packages | Allows the defined applications to request consent for cross-profile communication. Supported from SureMDM Agent version 27.38.00 onwards |
| Managed Profile Maximum Time Off | Set the maximum time the profile can be turned off. The minimum value is 72 hours. Supported from SureMDM Agent version 27.38.00 onwards. |
| Suspend Personal Apps | Defines whether personal apps should be suspended on the device. Supported from SureMDM Agent version 27.38.00 onwards. |
| Disallow Share Into Managed Profile | Restricts users from sharing files, pictures, or data from the primary user to the managed profile, either by sending them from the primary side or by accessing data within an app in the managed profile. Supported from Android 9 onwards. Supported from SureMDM Agent version 27.31.01 onwards. |
| Disallow Unified Password | Restricts users from having a unified lock screen challenge between the managed profile and the primary user. Supported from Android 9 onwards. Supported from SureMDM Agent version 27.31.01 onwards |
| Set Managed Profile Caller Id Access | Set the packages that are allowed to lookup contacts in the managed profile based on caller id information. Supported from Android 14 onwards. Supported from SureMDM Agent version 27.38.00 onwards. |
| Set Managed Profile Contacts Access | Set the packages that are allowed access to the managed profile contacts from the parent user. Supported from Android 14 onwards. Supported from SureMDM Agent version 27.38.00 onwards. |
| Cross Profile Widget Providers | Enables widget providers from a given package to be available in the parent profile. As a result, the user will be able to add widgets from the allowlisted package running under the profile to a widget host which runs under the parent profile |
| Enable Cross Profile Caller ID | Enables caller-ID information from the work profile to be displayed in the private profile for incoming calls. |
| Enable Cross-profile Contact Search | Enables contact search from the work profile to be accessible in the private profile. Supported from SureMDM Agent version 27.31.01 onwards. |
| Message | |
| Short Restriction Message | Specifies a message displayed to the user in the settings screen whenever functionality has been disabled by the admin. |
| Long Administrator Message | Specifies a message displayed to the user in the device administrator settings screen. |