Android EMM Policies and Permissions

Android EMM (Enterprise Mobile Management) allows you to create permissions and send policies.

Permissions Types

Permission settings may be configured on multiple levels. They are applied in this priority (low number wins).

  1. Application specific permission grant (list below dropdown in Permissions tab in applications fileset properties)
  2. Specific permission for all applications (configured in Policy Fileset)
  3. Application default (Play Store App Fileset → Permissions tab)
  4. Global default (Android Default Policy Editor)

1.  Within Each App

After you have created a Google Play Apps Fileset:

  1. Double click the Play Store App fileset
  2. Permissions tab (Figure 1.1)
    1. App Default Permission - The default action devices will take when an app requests a permissions
    2. Application specific permission grant - The setting for a specific permission within this app
  3. Choices
    1. Use Default - Defer to another setting
    2. Prompt - App prompts the user to approve 
    3. Grant - Allowed, user can not change
    4. Deny - Not Allowed, user can no change

2.  Policy Fileset - Permissions

You can create a policy fileset and associate that to a device to specify permission grants/denies.

See below for steps.

3.  Global Policy

Specify the default application permission choice. (Figure 1.2)

Found under FileWave Admin → Preferences → Google → Configure Default Policy

After you chance the default policy, you must update the model to apply the change.

Policies

You can create a Policy for (Figure 2.1)

Network

Settings to join a WiFi network

As of 15.4, additional options have been added for DomainSuffixMatch and UseSystemCA for EAP network configuration.

apolicy-network.png

Compliance Policy

Set compliance level of associated devices. 

apolicy-compliance.png

Password Policy

Set password constraints

apolicy-password.png

Device Restrictions

Restrict access to device functionality
You can choose Unspecified, Allowed, Disallowed for:

As of 15.4, a new restriction for USB Data Access has been included.

apolicy-device_restrictions.png

Permission Grants

A detailed list of permission settings for settings that have been classified

And includes everything from allowing answering of calls, camera, NFC, vibrate, to battery status, and system alerts 

apolicy-permissions.png

Toggle to show all Permission options... Expand source

ACCEPT_HANDOVER
ACCESS_BACKGROUND_LOCATION
ACCESS_COARSE_LOCATION
ACCESS_FINE_LOCATION
ACTIVITY_RECOGNITION
ADD_VOICEMAIL
ANSWER_PHONE_CALLS
BODY_SENSORS
CALL_PHONE
CAMERA
GET_ACCOUNTS
PROCESS_OUTGOING_CALLS
READ_CALENDAR
READ_CALL_LOG
READ_CONTACTS
READ_EXTERNAL_STORAGE
READ_PHONE_NUMBERS
READ_PHONE_STATE
READ_SMS
RECEIVE_MMS
RECEIVE_SMS
RECEIVE_WAP_PUSH
RECORD_AUDIO
SEND_SMS
USE_SIP
WRITE_CALENDAR
WRITE_CALL_LOG
WRITE_CONTACTS
WRITE_EXTERNAL_STORAGE
ACCESS_LOCATION_EXTRA_COMMANDS
ACCESS_NETWORK_STATE
ACCESS_NOTIFICATION_POLICY
ACCESS_WIFI_STATE
BLUETOOTH
BLUETOOTH_ADMIN
BROADCAST_STICKY
CALL_COMPANION_APP
CHANGE_NETWORK_STATE
CHANGE_WIFI_MULTICAST_STATE
CHANGE_WIFI_STATE
DISABLE_KEYGUARD
EXPAND_STATUS_BAR
FOREGROUND_SERVICE
GET_AND_REQUEST_SCREEN_LOCK_COMPLEXITY
GET_PACKAGE_SIZE
INSTALL_SHORTCUT
INTERNET
KILL_BACKGROUND_PROCESSES
MANAGE_OWN_CALLS
MODIFY_AUDIO_SETTINGS
NFC
NFC_TRANSACTION_EVENT
READ_SYNC_SETTINGS
READ_SYNC_STATS
RECEIVE_BOOT_COMPLETED
REORDER_TASKS
REQUEST_COMPANION_RUN_IN_BACKGROUND
REQUEST_COMPANION_USE_DATA_IN_BACKGROUND
REQUEST_DELETE_PACKAGES
REQUEST_IGNORE_BATTERY_OPTIMIZATIONS
SET_ALARM
SET_WALLPAPER
SET_WALLPAPER_HINTS
TRANSMIT_IR
USE_BIOMETRIC
USE_FINGERPRINT
VIBRATE
WAKE_LOCK
WRITE_SYNC_SETTINGS
ACCESS_MEDIA_LOCATION
BATTERY_STATS
BIND_REMOTEVIEWS
BIND_SMS_APP_SERVICE
CHANGE_CONFIGURATION
GET_ACCOUNTS_PRIVILEGED
GET_TASKS
GLOBAL_SEARCH
INSTANT_APP_FOREGROUND_SERVICE
PACKAGE_USAGE_STATS
PERSISTENT_ACTIVITY
READ_MEDIA_AUDIO
READ_MEDIA_IMAGES
READ_MEDIA_VIDEO
SMS_FINANCIAL_TRANSACTIONS
SYSTEM_ALERT_WINDOW
USE_FULL_SCREEN_INTENT
 
apolicy-app-permissions.png
Figure 1.1 - App
 
apolicyeditor2.png
Figure 1.2 - Global
 
apolicy-fileset.png
Figure 2.1 - Policy Options


DEDICATED DEVICE

Keyguard 

This feature enables you to lock and unlock your screen.
Disabled option will bypass the lock screen.

Screen Shot 2023-12-12 at 3.59.40 PM.png

Custom Launcher 

When enabled, it will set your device to kiosk mode. All the applications available on device screen were deployed through FileWave.

Screen Shot 2023-12-12 at 3.48.06 PM.png

Locked Task

This option will lock the device to open only a single app. The App must be downloaded and installed via FileWave. 

Screen Shot 2023-12-12 at 3.51.01 PM.png





Revision #6
Created 15 June 2023 09:14:36 by Rommel Navarro
Updated 7 June 2024 15:52:27 by Josh Levitsky