Android Policy Planning

What

Android EMM Policies can contain several configuration types, and multiple Policies can be assigned to one device. Good policy design keeps each Policy’s intent, enrollment scope, and removal impact clear.

The core rule is simple: separate settings by purpose and avoid conflicting Policies that manage the same value differently.

Example Android EMM Policy with developer settings

Why separate Policies

Overlapping Policies

An overlap occurs when two or more Policies manage the same setting with different values. The device may appear correct until one Policy is changed or removed, at which point the effective behavior can change unexpectedly.

Do not design around accidental precedence. Avoid assigning conflicting values and document which Policy owns each setting.

Multiple Policies are fine when they manage different things. For example, separate Policies can deliver different certificates without conflict.

FileWave 16.4 policy planning

FileWave 16.4 adds controls that should be separated by purpose so enrollment type, operational role, and app trust remain explicit.

ControlPlanning decision
System UpdateChoose Automatic, Windowed, or Postpone based on device availability requirements. Use Freeze Periods only for defined business-critical dates and document when normal patching resumes.
Compliance: PasswordMay be used independently, including for supported BYOD/work-profile deployments.
Compliance: KeyguardUse only where a Dedicated Device or single-app design requires it; do not include it in BYOD policy scope.
App Auto Update ModeSet the intended behavior on each Android app Fileset: Unspecified, Default, Postponed, or High Priority.
Credential ProviderKeep the default deny posture and explicitly allow only trusted credential-management apps on Android 14 and later.

Planning checklist


Revision #4
Created 2024-07-30 10:31:38 UTC by Sean Holden
Updated 2026-07-11 21:09:47 UTC by Josh Levitsky