Android EMM Default Policy and Compliance Scope
What
PriorThe Android Default Policy defines global baseline settings for managed Android EMM applications and devices. Use scoped Android Policy Filesets for settings that depend on enrollment type, device role, or a specific application.
The practical split is:
When/Why
Use the Default Policy for settings that should apply consistently across the Android fleet. Keep enrollment-specific compliance and operational behavior in separately scoped Policy Filesets so an incompatible setting is not pushed to the wrong device mode.
Do not use the Default Policy as a dumping ground. A global baseline should be safe for every Android EMM device in scope. Use a targeted Policy Fileset when BYOD, Dedicated Device, or app-specific behavior differs.
Open the Android Default Policy in FileWave 14.9,16.4

Global application baselines

Scope Password and Keyguard policies were included automatically in an Android Default Custom Policy. An Android Default Custom Policy sets certain device parameters for ALL managed Android EMM devices. In FileWave 14.9, this behavior changed because inclusion of Keyguard/Password elements in the default policy can cause issues with BYOD enrollment, so those elements are now removed from all default policies.
When/Why
Default Policies are used to set global settings for enrolled Android devices. If you don’t use them, or are just starting now to use them, this article has no impact on your environment. If you used them before 14.9, and Keyguard and Password Policies are important to your environment, you MUST make the changes outlined below.
How
Because those two settings are removed from the default policy, you’ll likely want to make the following change BEFORE upgrade to ensure a seamless policy shift (afterward is also possible, but devices will not have those policies during the transition). Basically, it is a simple change…instead of including those policy configs in the global policy, we’ll just put them in a normal (fileset) policy and apply that by smart group instead. The best option would be to apply that policy via a smart group to all non-BYOD Android devices. Then, as soon as your server is upgraded, all devices that need the “new” policies will have them. Example fileset policy and smart group definition shown below:
FileWave 16.4 compliance-policy updatecompliance
FileWave 16.4 makes the Password and Keyguard sections optional withinin aan Android Compliance Policy. TheBuild originalthe 14.9Policy guidancefor stillthe applies:enrollment domode notrather placethan anincluding incompatibleevery Keyguardavailable configuration into a BYOD policy.section.
| Device scope | Recommended Compliance Policy design |
|---|
Recommended policy pattern
See

