Skip to main content

Configure OEMConfig Policy Profile (Android Enterprise)

SureMDM empowers IT administrators to remotely manage OEM devices (Samsung, Datalogic, Zebra, and Kyocera) using the OEMConfig Policy Profile for Android. This feature enables fine-grained control, enhances security, and offers customization options. With advanced control over these devices, administrators can enforce restrictions, optimize configurations, and ensure a secure and tailored experience for end-users, ensuring consistency across the device fleet.

  1. Configure Android Enterprise (Profile Owner/Device Owner) in SureMDM. 
  2. On the SureMDM Web Console, navigate to Profiles > Android > Add > Primary Profile > OEMConfig Policy > Configure.
  3. Enter a Profile Name and select an app from the following options:
  • Lenovo OEMConfig (Lenovo OEM)
  • Knox Service Plugin (Samsung)
  • Legacy Zebra OEMConfig (Zebra)
  • Zebra OEMConfig powered by MX (Zebra)
  • DataLogic OEMConfig (DataLogic)
  • Device Config Plugin (Kyocera)
  • Honeywell UEMConnect (Honeywell)
  • TOUGHBOOK OEMConfig (Panasonic)
  • Bluebird OEMConfig (Bluebird)
  • Moto OEMConfig (Motorola)
  • ASCOM OEMConfig (ASCOM)
note

Legacy Zebra OEMConfig (Zebra) is supported only in Device Owner mode.

4.  Configure the desired restriction settings. The settings for the respective applications are given in the following table:

App NameSettings
Lenovo OEMConfig (Lenovo OEM)
Device Management Policy: Allows to Enable/Disable Device Management Policies 
App Management Policy: Allows to Enable/Disable App Management Policies
Connectivity Group: Allows to Enable/Disable Connectivity Group settings
Kiosk Mode Group: Allows to Enable/Disable Kiosk Mode Group settings
Custom UI Group: Allows to Enable/Disable Custom UI Group Policies
Security Group: Allows to Enable/Disable Security Group Policies
Knox Service Plugin(Samsung)
Separated Apps Policy: A group of policies and restrictions that are applicable to Separated apps.
Device-wide policies (Selectively applicable to Fully Manage Device (DO) or Work Profile-on company-owned devices (WP-C) mode as noted): A global group of policies and restrictions that are applicable to all users of the device. This list includes items that impact all users on the device, whether they fall under personal or work profiles. Availability: Knox 3.0 and above.
Work profile policy: A group of policies and restrictions that are applicable to the Work profile user of the device. Starting with Knox 3.0, a KPE Premium license activation is required for using any policy in the work profile.
Advanced Wi-Fi Configurations: A group of controls for Advanced Wi-Fi configurations.
Allowed Apps for reading private keys configurations: A group of controls that drive “Allowed Apps for reading private keys configurations”.
Allowed USB devices for application configuration: A group of controls that drive “Access for USB Devices for Applications”.
APN configuration: A group of policies to specify one or more Access Point Name configurations. For example, APN name, APN type, authentication type, and more.
Certificates (premium): A group of policies to specify one or more Certificate configurations.
Device account policy configuration: A group of controls to Enable Device account policies.
Device and settings customization profile: A group of controls to configure and customize the device user's experience. These features are available only with a KPE Premium license with customization permissions.
Device Key Mapping to launch application configuration: A group of controls for device key mapping configurations
DeX customization profile: A group of settings that help customize the Samsung DeX experience for the user. These features are available only with a KPE Premium license.
Firewall Configuration Profile:  A group of controls that drive the firewall configuration on the device.
Manual Proxy Configuration: A group of policies to specify the global proxy setting using a specified server host and port. Contact your network administrator for this information.
NPA Data Point Profile: A group of controls that drive the Network Platform Analytics (NPA) data points configuration at a device-wide or Work profile level.
Availability: Knox v3.3 or higher.
Peripheral Configuration: A group of controls for peripheral configuration profiles
Proxy auto-config: A group of policies to specify the Proxy auto-config (PAC) based proxy setting, for example, the server, port details, and more
RCP Data Sync Profile Configuration: A group of controls that drive RCP Policy data sync configurations at the Work profile level.
UCM Plugin Configuration: A group of controls to specify the configuration of one or more UCM plugins that access credential storage.
VPN Profile: A group of configuration settings for the VPN profiles used to drive the device's primary and secondary VPN clients. You can define up to two VPN profiles used for VPN Chaining.
Wi-Fi Configuration: A group of controls for Wi-Fi configurations.
Legacy Zebra OEMConfig (Zebra)Transaction Steps: Specifies a series of Steps to be performed by OemConfig as part of a single transaction(s).
Zebra OEMConfig powered by MX(Zebra)
Application Configuration : Open to configure Device Central Configuration.
Files Configuration : Add element(s) to configure one or more File(s).
Keyboard Mappings : Add element(s) to configure one or more Keyboard Mapping(s).
License Configuration : Open to configure Enterprise Reset Persistence, Licenses, and Features.
Package Configuration : Add element(s) to configure one or more Package(s).
Security and Privacy Configuration : Open to configure Encryption, Screen Lock, and SD Card Setup Notification.
System Configuration : Open to configure Analytics, Clock, Data Wipe, GMS, Lifeguard, Power, Remote Scanner Configurations, Wake-Up, Pass-Through Command, and Logs.
UI Configuration : Open to configure Audio, DataWedge, Display, Event-Triggered Intents, General UI, Keyboard, Settings UI, Touch Panel, and Volume UI Profiles.
Wireless and Network Configuration : Open to configure Bluetooth, DHCP, Enterprise NFC, Ethernet, Host Name, Network Connection, RFID, Wireless General, Wireless LAN, and Wireless WAN.
Datalogic OEMConfig(Datalogic)
Scanner settings: The Scanner settings allow users to configure Notification, Formatting, Symbol settings, and more for the scanning functionality.
Power and charging settings: enable users to set power and charging options.
Keyboard and Scan Buttons: allow users to configure Keyboard and scan-related settings.
Dock settings: Dock settings offer options to set Firmware update policies, Cradle unlock policies, Cradle unlock notification policies, and Cradle failure policies.
Network settings: provide the ability to enable or disable airplane mode.
System settings: allow users to set date, time, display language, and other system-related configurations.
Firmware Update: Allow users to specify the type of reset to perform after firmware update completion and the path to the OTA update file.
Launch Activities: Launch Activities settings involve providing the package name of the app and the Component Name of the activity to launch. This is useful for specifying the default activity to be launched for the app.
Device Config Plugin(Kyocera)
Disable NFC: Use this control to disable NFC
Disable OTA Update: Use this control to disable OTA update
Disable SIM card Lock: Use this control to disable SIM card lock
Disable Emergency Alert: Use this control to disable Emergency Alert
Disable Vibrate: Use this control to disable all Vibrate
Disable Battery Shortcut: Use this control to disable Battery Shortcut on notification
Disable Edit Quick Settings: Use this control to disable to edit Quick Settings.
Disable Quick Settings: Use this control to disable to use Quick Settings
Disable Manage Contacts: Use this control to disable to manage contacts
Applications Allowed to Manage Contacts: Allows to enable/disable
Disable Power off by User: Use this control to disable to power off by user
Disable Mock Location: Use this control to disable Mock Location
Disable App Shortcut on Lock Screen: Use this control to disable App Shortcut on Lock Screen
Disable Voice Roaming: Use this control to disable Voice Roaming
Disable Mobile Data: Use this control to disable Mobile Data
Disable USB Tethering: Use this control to disable USB tethering.
Disable USB Debug: Use this control to disable USB debug
Disable USB Host: Use this control to disable USB host
Disable Bluetooth Tethering: Use this control to disable Bluetooth Tethering
Disable Wi-Fi: Use this control to disable all Wi-Fi functions.
Disable Open Network: Use this control to disable access to non-secure Wi-Fi
Disable Wi-Fi Tethering: Use this control to disable Wi-Fi tethering
Disable Default Launcher: Use this control to disable all pre-installed launcher applications. This is enabled when other launcher applications are installed.
Restrict Incoming Call: Set incoming call restriction
Allowlist Phone Number for Incoming Calls: Set the phone numbers to accept incoming callsl. This is enabled when Restrict Incoming Call is set to "Without Allowlist" or "Without Contacts and Allowlist
Allowlist Phone Number for Outgoing Calls: Set the phone numbers to accept outgoing calls. This is enabled when Restrict Outgoing Call is set to "Without Allowlist" or "Without Contacts and Allowlist"
Disable Clipboard: Use this control to disable clipboard
Disable Recovery Mode: Use this control to disable Recovery mode
Disable Doze Mode: Use this control to disable Doze mode
Force SD card Encryption: Use this control to force encrypt the SD card.
Alert Notification Control - AMBER: Allows to enable/disable Alert Notification Control
Alert Notification Control - SEVERE: Allows to enable/disable Alert Notification Control
Alert Notification Control - EXTREME: Allows to enable/disable Alert Notification Control
Key Restrictions: Allows to enable/disable
Exchange Key Event: Allows to enable/disable
Active Bluetooth Profile: Set active Bluetooth profile. If no item is selected, all profiles are active. If HFP is selected, only HFP, HSP, MAP, and PBAP are allowed. If Audio is selected, only A2DP, AVRCP, HFP, and HSP are allowed. If Data is selected, only GATT, HID, MAP OPP PAN, and PBAP are allowed.
Create VPN Profile: Allows to enable/disable
Bluetooth Class of Device: Set Bluetooth class of device
Launcher Application: Set default launcher application. Please enter a package name.
Doze mode allowlist: Set Doze mode allowlist.
Data saver allowlist: Set Data saver allowlist.
Restrict Carkit Power Settings / Auto power on: Set carkit power settings / Auto power on restriction.
Restrict Glove Touch Settings: Set glove touch setting restrictions.
Configuration programmable key settings: Configuration programmable key settings on device.
Configuration programmable key 2: Configuration programmable key 2 settings on the device.
Configuration Camera Key Settings: Configuration SOS key/Body camera key settings on the device.
Configuration SOS key/Body camera key settings: Configuration SOS key/Body camera key settings on the device.
Disable Call Recording: Use this control to disable call recording.
Disable Config Boot Schedule: Use this control to disable config boot schedule
Honeywell UEMConnect (Honeywell)
Configuration Snippet Settings: Setting to use the XML snippets of the configuration you want to modify or add.
Download File from Source to Destination: Allows to download file from source to destination
Application:  Allows to configure application settings
Device Management: Allows configuration of device management settings.
Display Settings: Allows to configure display settings.
Input and Output Settings: Allows to configure input and output settings
Network Settings: Allows to configure network settings.
Scanner Settings: Allows to configure the scanner (DCS) settings.
System Settings: Allows to configure system settings
System Update Settings: Allows to configure system update settings
TOUGHBOOK OEMConfig (Panasonic)Configuration: Specifies an OemConfig Step by specifying an unordered set of operations.
Bluebird OEMConfig (Bluebird)Step : Specifies an OEMConfig step
Moto OEMConfig (Motorola)
Debug tools policies : Allows to configure debug tools policies.
System policies : Allows to configure system policies
Connectivity policies : Allows to configure connectivity policies
Smart Connect policies : Allows to configure smart connect policies
Software Control policies : Allows to configure software control policies
Remote Control policies : Allows to configure remote control policies
Customization policies : Allows to configure customization policies
ASCOM OEMConfig (ASCOM)
WiFi : Contains restrictions which affect settings associated with the wifiextensions app
Ascom VoIP : Contains restrictions which affect settings associated with the phonesip app
DECT : Contains restrictions which affect settings associated with the dect app
Button configuration : Contains restrictions which affect settings associated with the extensions app
Barcode scanning : Contains restrictions which affect settings associated with the barcodescanner app
Location services : Contains restrictions which affect settings associated with the locationmanager app
Supervisor : Contains restrictions which affect settings associated with the supervisor app
Display setup : Contains restrictions which affect settings associated with the launcher2 app
Dock behavior, Profiles & Advanced settings : Contains restrictions which affect settings associated with the settings app
Troubleshooting : Contains restrictions which affect settings associated with the devicelogger app
System update : Contains restrictions which affect settings associated with the softwareupdate app

5.  Save the profile.

note

Once the profile is saved, the plugin application will get automatically added to the Application Policy profile.

      The newly created profile gets listed under the Profiles section.

6.  Go back to the Home tab and select the OEM (Lenovo/Samsung/DataLogic/Zebra/Kyocera/Honeywell/Panasonic/Bluebird/Notorola/ASCOM) device.

7.  Click Apply to launch the Apply Job/Profile To Device prompt.

8.  In the Apply Job/Profile To Device prompt, select the created profile and click Apply.

The profile gets applied to the OEM (Lenovo/Samsung/DataLogic/Zebra/Kyocera/Honeywell/Panasonic/Bluebird/Notorola/ASCOM) devices.