| <html><body> |
| <style> |
| |
| body, h1, h2, h3, div, span, p, pre, a { |
| margin: 0; |
| padding: 0; |
| border: 0; |
| font-weight: inherit; |
| font-style: inherit; |
| font-size: 100%; |
| font-family: inherit; |
| vertical-align: baseline; |
| } |
| |
| body { |
| font-size: 13px; |
| padding: 1em; |
| } |
| |
| h1 { |
| font-size: 26px; |
| margin-bottom: 1em; |
| } |
| |
| h2 { |
| font-size: 24px; |
| margin-bottom: 1em; |
| } |
| |
| h3 { |
| font-size: 20px; |
| margin-bottom: 1em; |
| margin-top: 1em; |
| } |
| |
| pre, code { |
| line-height: 1.5; |
| font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace; |
| } |
| |
| pre { |
| margin-top: 0.5em; |
| } |
| |
| h1, h2, h3, p { |
| font-family: Arial, sans serif; |
| } |
| |
| h1, h2, h3 { |
| border-bottom: solid #CCC 1px; |
| } |
| |
| .toc_element { |
| margin-top: 0.5em; |
| } |
| |
| .firstline { |
| margin-left: 2 em; |
| } |
| |
| .method { |
| margin-top: 1em; |
| border: solid 1px #CCC; |
| padding: 1em; |
| background: #EEE; |
| } |
| |
| .details { |
| font-weight: bold; |
| font-size: 14px; |
| } |
| |
| </style> |
| |
| <h1><a href="androidmanagement_v1.html">Android Management API</a> . <a href="androidmanagement_v1.enterprises.html">enterprises</a> . <a href="androidmanagement_v1.enterprises.policies.html">policies</a></h1> |
| <h2>Instance Methods</h2> |
| <p class="toc_element"> |
| <code><a href="#delete">delete(name, x__xgafv=None)</a></code></p> |
| <p class="firstline">Deletes a policy. This operation is only permitted if no devices are currently referencing the policy.</p> |
| <p class="toc_element"> |
| <code><a href="#get">get(name, x__xgafv=None)</a></code></p> |
| <p class="firstline">Gets a policy.</p> |
| <p class="toc_element"> |
| <code><a href="#list">list(parent, pageSize=None, pageToken=None, x__xgafv=None)</a></code></p> |
| <p class="firstline">Lists policies for a given enterprise.</p> |
| <p class="toc_element"> |
| <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p> |
| <p class="firstline">Retrieves the next page of results.</p> |
| <p class="toc_element"> |
| <code><a href="#patch">patch(name, body=None, updateMask=None, x__xgafv=None)</a></code></p> |
| <p class="firstline">Updates or creates a policy.</p> |
| <h3>Method Details</h3> |
| <div class="method"> |
| <code class="details" id="delete">delete(name, x__xgafv=None)</code> |
| <pre>Deletes a policy. This operation is only permitted if no devices are currently referencing the policy. |
| |
| Args: |
| name: string, The name of the policy in the form enterprises/{enterpriseId}/policies/{policyId}. (required) |
| x__xgafv: string, V1 error format. |
| Allowed values |
| 1 - v1 error format |
| 2 - v2 error format |
| |
| Returns: |
| An object of the form: |
| |
| { # A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: |
| # service Foo { |
| # rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); |
| # } |
| # The JSON representation for Empty is empty JSON object {}. |
| }</pre> |
| </div> |
| |
| <div class="method"> |
| <code class="details" id="get">get(name, x__xgafv=None)</code> |
| <pre>Gets a policy. |
| |
| Args: |
| name: string, The name of the policy in the form enterprises/{enterpriseId}/policies/{policyId}. (required) |
| x__xgafv: string, V1 error format. |
| Allowed values |
| 1 - v1 error format |
| 2 - v2 error format |
| |
| Returns: |
| An object of the form: |
| |
| { # A policy resource represents a group of settings that govern the behavior of a managed device and the apps installed on it. |
| "complianceRules": [ # Rules declaring which mitigating actions to take when a device is not compliant with its policy. When the conditions for multiple rules are satisfied, all of the mitigating actions for the rules are taken. There is a maximum limit of 100 rules. Use policy enforcement rules instead. |
| { # A rule declaring which mitigating actions to take when a device is not compliant with its policy. For every rule, there is always an implicit mitigating action to set policy_compliant to false for the Device resource, and display a message on the device indicating that the device is not compliant with its policy. Other mitigating actions may optionally be taken as well, depending on the field values in the rule. |
| "packageNamesToDisable": [ # If set, the rule includes a mitigating action to disable apps specified in the list, but app data is preserved. |
| "A String", |
| ], |
| "disableApps": True or False, # If set to true, the rule includes a mitigating action to disable apps so that the device is effectively disabled, but app data is preserved. If the device is running an app in locked task mode, the app will be closed and a UI showing the reason for non-compliance will be displayed. |
| "nonComplianceDetailCondition": { # A compliance rule condition which is satisfied if there exists any matching NonComplianceDetail for the device. A NonComplianceDetail matches a NonComplianceDetailCondition if all the fields which are set within the NonComplianceDetailCondition match the corresponding NonComplianceDetail fields. # A condition which is satisfied if there exists any matching NonComplianceDetail for the device. |
| "packageName": "A String", # The package name of the app that's out of compliance. If not set, then this condition matches any package name. |
| "settingName": "A String", # The name of the policy setting. This is the JSON field name of a top-level Policy field. If not set, then this condition matches any setting name. |
| "nonComplianceReason": "A String", # The reason the device is not in compliance with the setting. If not set, then this condition matches any reason. |
| }, |
| "apiLevelCondition": { # A compliance rule condition which is satisfied if the Android Framework API level on the device doesn't meet a minimum requirement. There can only be one rule with this type of condition per policy. # A condition which is satisfied if the Android Framework API level on the device doesn't meet a minimum requirement. |
| "minApiLevel": 42, # The minimum desired Android Framework API level. If the device doesn't meet the minimum requirement, this condition is satisfied. Must be greater than zero. |
| }, |
| }, |
| ], |
| "statusReportingSettings": { # Settings controlling the behavior of status reports. # Status reporting settings |
| "applicationReportsEnabled": True or False, # Whether app reports are enabled. |
| "systemPropertiesEnabled": True or False, # Whether system properties reporting is enabled. |
| "deviceSettingsEnabled": True or False, # Whether device settings reporting is enabled. |
| "memoryInfoEnabled": True or False, # Whether memory reporting is enabled. |
| "softwareInfoEnabled": True or False, # Whether software info reporting is enabled. |
| "powerManagementEventsEnabled": True or False, # Whether power management event reporting is enabled. Report data is not available for personally owned devices with work profiles. |
| "displayInfoEnabled": True or False, # Whether displays reporting is enabled. Report data is not available for personally owned devices with work profiles. |
| "hardwareStatusEnabled": True or False, # Whether hardware status reporting is enabled. Report data is not available for personally owned devices with work profiles. |
| "networkInfoEnabled": True or False, # Whether network info reporting is enabled. |
| "applicationReportingSettings": { # Settings controlling the behavior of application reports. # Application reporting settings. Only applicable if application_reports_enabled is true. |
| "includeRemovedApps": True or False, # Whether removed apps are included in application reports. |
| }, |
| }, |
| "shortSupportMessage": { # Provides a user-facing message with locale info. The maximum message length is 4096 characters. # A message displayed to the user in the settings screen wherever functionality has been disabled by the admin. If the message is longer than 200 characters it may be truncated. |
| "localizedMessages": { # A map containing <locale, message> pairs, where locale is a well-formed BCP 47 language (https://www.w3.org/International/articles/language-tags/) code, such as en-US, es-ES, or fr. |
| "a_key": "A String", |
| }, |
| "defaultMessage": "A String", # The default message displayed if no localized message is specified or the user's locale doesn't match with any of the localized messages. A default message must be provided if any localized messages are provided. |
| }, |
| "stayOnPluggedModes": [ # The battery plugged in modes for which the device stays on. When using this setting, it is recommended to clear maximum_time_to_lock so that the device doesn't lock itself while it stays on. |
| "A String", |
| ], |
| "addUserDisabled": True or False, # Whether adding new users and profiles is disabled. |
| "kioskCustomization": { # Settings controlling the behavior of a device in kiosk mode. To enable kiosk mode, set kioskCustomLauncherEnabled to true or specify an app in the policy with installType KIOSK. # Settings controlling the behavior of a device in kiosk mode. To enable kiosk mode, set kioskCustomLauncherEnabled to true or specify an app in the policy with installType KIOSK. |
| "systemNavigation": "A String", # Specifies which navigation features are enabled (e.g. Home, Overview buttons) in kiosk mode. |
| "systemErrorWarnings": "A String", # Specifies whether system error dialogs for crashed or unresponsive apps are blocked in kiosk mode. When blocked, the system will force-stop the app as if the user chooses the "close app" option on the UI. |
| "powerButtonActions": "A String", # Sets the behavior of a device in kiosk mode when a user presses and holds (long-presses) the Power button. |
| "deviceSettings": "A String", # Specifies whether the Settings app is allowed in kiosk mode. |
| "statusBar": "A String", # Specifies whether system info and notifications are disabled in kiosk mode. |
| }, |
| "networkEscapeHatchEnabled": True or False, # Whether the network escape hatch is enabled. If a network connection can't be made at boot time, the escape hatch prompts the user to temporarily connect to a network in order to refresh the device policy. After applying policy, the temporary network will be forgotten and the device will continue booting. This prevents being unable to connect to a network if there is no suitable network in the last policy and the device boots into an app in lock task mode, or the user is otherwise unable to reach device settings. |
| "personalUsagePolicies": { # Policies controlling personal usage on a Corporate Owned Personally Enabled device. # Policies managing personal usage on a company-owned device. |
| "maxDaysWithWorkOff": 42, # Controls how long the work profile can stay off. |
| "accountTypesWithManagementDisabled": [ # Account types that can't be managed by the user. |
| "A String", |
| ], |
| "cameraDisabled": True or False, # Whether camera is disabled. |
| "screenCaptureDisabled": True or False, # Whether screen capture is disabled. |
| "personalPlayStoreMode": "A String", # Controls how apps on the personal profile are allowed or blocked. |
| "personalApplications": [ # Policy applied to applications on the personal profile. |
| { # Policies for apps on the personal profile of a Corporate Owned Personally Enabled device. |
| "installType": "A String", # The type of installation to perform. |
| "packageName": "A String", # The package name of the application. |
| }, |
| ], |
| }, |
| "cellBroadcastsConfigDisabled": True or False, # Whether configuring cell broadcast is disabled. |
| "statusBarDisabled": True or False, # Whether the status bar is disabled. This disables notifications, quick settings, and other screen overlays that allow escape from full-screen mode. DEPRECATED. To disable the status bar on a kiosk device, use InstallType KIOSK or kioskCustomLauncherEnabled. |
| "maximumTimeToLock": "A String", # Maximum time in milliseconds for user activity until the device locks. A value of 0 means there is no restriction. |
| "tetheringConfigDisabled": True or False, # Whether configuring tethering and portable hotspots is disabled. |
| "privateKeySelectionEnabled": True or False, # Allows showing UI on a device for a user to choose a private key alias if there are no matching rules in ChoosePrivateKeyRules. For devices below Android P, setting this may leave enterprise keys vulnerable. |
| "permittedAccessibilityServices": { # A list of package names. # Specifies permitted accessibility services. If the field is not set, any accessibility service can be used. If the field is set, only the accessibility services in this list and the system's built-in accessibility service can be used. In particular, if the field is set to empty, only the system's built-in accessibility servicess can be used. |
| "packageNames": [ # A list of package names. |
| "A String", |
| ], |
| }, |
| "modifyAccountsDisabled": True or False, # Whether adding or removing accounts is disabled. |
| "mountPhysicalMediaDisabled": True or False, # Whether the user mounting physical external media is disabled. |
| "screenCaptureDisabled": True or False, # Whether screen capture is disabled. |
| "usbFileTransferDisabled": True or False, # Whether transferring files over USB is disabled. |
| "factoryResetDisabled": True or False, # Whether factory resetting from settings is disabled. |
| "playStoreMode": "A String", # This mode controls which apps are available to the user in the Play Store and the behavior on the device when apps are removed from the policy. |
| "deviceOwnerLockScreenInfo": { # Provides a user-facing message with locale info. The maximum message length is 4096 characters. # The device owner information to be shown on the lock screen. |
| "localizedMessages": { # A map containing <locale, message> pairs, where locale is a well-formed BCP 47 language (https://www.w3.org/International/articles/language-tags/) code, such as en-US, es-ES, or fr. |
| "a_key": "A String", |
| }, |
| "defaultMessage": "A String", # The default message displayed if no localized message is specified or the user's locale doesn't match with any of the localized messages. A default message must be provided if any localized messages are provided. |
| }, |
| "choosePrivateKeyRules": [ # Rules for automatically choosing a private key and certificate to authenticate the device to a server. The rules are ordered by increasing precedence, so if an outgoing request matches more than one rule, the last rule defines which private key to use. |
| { # A rule for automatically choosing a private key and certificate to authenticate the device to a server. |
| "urlPattern": "A String", # The URL pattern to match against the URL of the outgoing request. The pattern may contain asterisk (*) wildcards. Any URL is matched if unspecified. |
| "packageNames": [ # The package names for which outgoing requests are subject to this rule. If no package names are specified, then the rule applies to all packages. For each package name listed, the rule applies to that package and all other packages that shared the same Android UID. The SHA256 hash of the signing key signatures of each package_name will be verified against those provided by Play |
| "A String", |
| ], |
| "privateKeyAlias": "A String", # The alias of the private key to be used. |
| }, |
| ], |
| "cameraDisabled": True or False, # Whether all cameras on the device are disabled. |
| "installAppsDisabled": True or False, # Whether user installation of apps is disabled. |
| "openNetworkConfiguration": { # Network configuration for the device. See configure networks for more information. |
| "a_key": "", # Properties of the object. |
| }, |
| "usbMassStorageEnabled": True or False, # Whether USB storage is enabled. Deprecated. |
| "permissionGrants": [ # Explicit permission or group grants or denials for all apps. These values override the default_permission_policy. |
| { # Configuration for an Android permission and its grant state. |
| "policy": "A String", # The policy for granting the permission. |
| "permission": "A String", # The Android permission or group, e.g. android.permission.READ_CALENDAR or android.permission_group.CALENDAR. |
| }, |
| ], |
| "setUserIconDisabled": True or False, # Whether changing the user icon is disabled. |
| "appAutoUpdatePolicy": "A String", # The app auto update policy, which controls when automatic app updates can be applied. |
| "kioskCustomLauncherEnabled": True or False, # Whether the kiosk custom launcher is enabled. This replaces the home screen with a launcher that locks down the device to the apps installed via the applications setting. Apps appear on a single page in alphabetical order. Use kioskCustomization to further configure the kiosk device behavior. |
| "encryptionPolicy": "A String", # Whether encryption is enabled |
| "vpnConfigDisabled": True or False, # Whether configuring VPN is disabled. |
| "funDisabled": True or False, # Whether the user is allowed to have fun. Controls whether the Easter egg game in Settings is disabled. |
| "outgoingBeamDisabled": True or False, # Whether using NFC to beam data from apps is disabled. |
| "wifiConfigsLockdownEnabled": True or False, # DEPRECATED - Use wifi_config_disabled. |
| "setupActions": [ # Actions to take during the setup process. |
| { # An action executed during setup. |
| "description": { # Provides a user-facing message with locale info. The maximum message length is 4096 characters. # Description of this action. |
| "localizedMessages": { # A map containing <locale, message> pairs, where locale is a well-formed BCP 47 language (https://www.w3.org/International/articles/language-tags/) code, such as en-US, es-ES, or fr. |
| "a_key": "A String", |
| }, |
| "defaultMessage": "A String", # The default message displayed if no localized message is specified or the user's locale doesn't match with any of the localized messages. A default message must be provided if any localized messages are provided. |
| }, |
| "title": { # Provides a user-facing message with locale info. The maximum message length is 4096 characters. # Title of this action. |
| "localizedMessages": { # A map containing <locale, message> pairs, where locale is a well-formed BCP 47 language (https://www.w3.org/International/articles/language-tags/) code, such as en-US, es-ES, or fr. |
| "a_key": "A String", |
| }, |
| "defaultMessage": "A String", # The default message displayed if no localized message is specified or the user's locale doesn't match with any of the localized messages. A default message must be provided if any localized messages are provided. |
| }, |
| "launchApp": { # An action to launch an app. # An action to launch an app. |
| "packageName": "A String", # Package name of app to be launched |
| }, |
| }, |
| ], |
| "setWallpaperDisabled": True or False, # Whether changing the wallpaper is disabled. |
| "safeBootDisabled": True or False, # Whether rebooting the device into safe boot is disabled. |
| "keyguardDisabled": True or False, # Whether the keyguard is disabled. |
| "outgoingCallsDisabled": True or False, # Whether outgoing calls are disabled. |
| "bluetoothDisabled": True or False, # Whether bluetooth is disabled. Prefer this setting over bluetooth_config_disabled because bluetooth_config_disabled can be bypassed by the user. |
| "locationMode": "A String", # The degree of location detection enabled. The user may change the value unless the user is otherwise blocked from accessing device settings. |
| "dataRoamingDisabled": True or False, # Whether roaming data services are disabled. |
| "androidDevicePolicyTracks": [ # The app tracks for Android Device Policy the device can access. The device receives the latest version among all accessible tracks. If no tracks are specified, then the device only uses the production track. |
| "A String", |
| ], |
| "defaultPermissionPolicy": "A String", # The default permission policy for runtime permission requests. |
| "systemUpdate": { # Configuration for managing system updates # The system update policy, which controls how OS updates are applied. If the update type is WINDOWED, the update window will automatically apply to Play app updates as well. |
| "freezePeriods": [ # An annually repeating time period in which over-the-air (OTA) system updates are postponed to freeze the OS version running on a device. To prevent freezing the device indefinitely, each freeze period must be separated by at least 60 days. |
| { # A system freeze period. When a device’s clock is within the freeze period, all incoming system updates (including security patches) are blocked and won’t be installed. When a device is outside the freeze period, normal update behavior applies. Leap years are ignored in freeze period calculations, in particular: * If Feb. 29th is set as the start or end date of a freeze period, the freeze period will start or end on Feb. 28th instead. * When a device’s system clock reads Feb. 29th, it’s treated as Feb. 28th. * When calculating the number of days in a freeze period or the time between two freeze periods, Feb. 29th is ignored and not counted as a day. |
| "endDate": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day and time zone are either specified elsewhere or are not significant. The date is relative to the Proleptic Gregorian Calendar. This can represent: # The end date (inclusive) of the freeze period. Must be no later than 90 days from the start date. If the end date is earlier than the start date, the freeze period is considered wrapping year-end. Note: year must not be set. For example, {"month": 1,"date": 30}. |
| # A full date, with non-zero year, month and day values |
| # A month and day value, with a zero year, e.g. an anniversary |
| # A year on its own, with zero month and day values |
| # A year and month value, with a zero day, e.g. a credit card expiration dateRelated types are google.type.TimeOfDay and google.protobuf.Timestamp. |
| "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without a year. |
| "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a month and day. |
| "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 if specifying a year by itself or a year and month where the day is not significant. |
| }, |
| "startDate": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day and time zone are either specified elsewhere or are not significant. The date is relative to the Proleptic Gregorian Calendar. This can represent: # The start date (inclusive) of the freeze period. Note: year must not be set. For example, {"month": 1,"date": 30}. |
| # A full date, with non-zero year, month and day values |
| # A month and day value, with a zero year, e.g. an anniversary |
| # A year on its own, with zero month and day values |
| # A year and month value, with a zero day, e.g. a credit card expiration dateRelated types are google.type.TimeOfDay and google.protobuf.Timestamp. |
| "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without a year. |
| "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a month and day. |
| "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 if specifying a year by itself or a year and month where the day is not significant. |
| }, |
| }, |
| ], |
| "endMinutes": 42, # If the type is WINDOWED, the end of the maintenance window, measured as the number of minutes after midnight in device's local time. This value must be between 0 and 1439, inclusive. If this value is less than start_minutes, then the maintenance window spans midnight. If the maintenance window specified is smaller than 30 minutes, the actual window is extended to 30 minutes beyond the start time. |
| "type": "A String", # The type of system update to configure. |
| "startMinutes": 42, # If the type is WINDOWED, the start of the maintenance window, measured as the number of minutes after midnight in the device's local time. This value must be between 0 and 1439, inclusive. |
| }, |
| "persistentPreferredActivities": [ # Default intent handler activities. |
| { # A default activity for handling intents that match a particular intent filter. Note: To set up a kiosk, use InstallType to KIOSK rather than use persistent preferred activities. |
| "categories": [ # The intent categories to match in the filter. An intent includes the categories that it requires, all of which must be included in the filter in order to match. In other words, adding a category to the filter has no impact on matching unless that category is specified in the intent. |
| "A String", |
| ], |
| "receiverActivity": "A String", # The activity that should be the default intent handler. This should be an Android component name, e.g. com.android.enterprise.app/.MainActivity. Alternatively, the value may be the package name of an app, which causes Android Device Policy to choose an appropriate activity from the app to handle the intent. |
| "actions": [ # The intent actions to match in the filter. If any actions are included in the filter, then an intent's action must be one of those values for it to match. If no actions are included, the intent action is ignored. |
| "A String", |
| ], |
| }, |
| ], |
| "shareLocationDisabled": True or False, # Whether location sharing is disabled. |
| "passwordPolicies": [ # Password requirement policies. Different policies can be set for work profile or fully managed devices by setting the password_scope field in the policy. |
| { # Requirements for the password used to unlock a device. |
| "maximumFailedPasswordsForWipe": 42, # Number of incorrect device-unlock passwords that can be entered before a device is wiped. A value of 0 means there is no restriction. |
| "passwordMinimumLength": 42, # The minimum allowed password length. A value of 0 means there is no restriction. Only enforced when password_quality is NUMERIC, NUMERIC_COMPLEX, ALPHABETIC, ALPHANUMERIC, or COMPLEX. |
| "passwordScope": "A String", # The scope that the password requirement applies to. |
| "passwordMinimumLowerCase": 42, # Minimum number of lower case letters required in the password. Only enforced when password_quality is COMPLEX. |
| "passwordMinimumSymbols": 42, # Minimum number of symbols required in the password. Only enforced when password_quality is COMPLEX. |
| "requirePasswordUnlock": "A String", # The length of time after a device or work profile is unlocked using a strong form of authentication (password, PIN, pattern) that it can be unlocked using any other authentication method (e.g. fingerprint, trust agents, face). After the specified time period elapses, only strong forms of authentication can be used to unlock the device or work profile. |
| "passwordHistoryLength": 42, # The length of the password history. After setting this field, the user won't be able to enter a new password that is the same as any password in the history. A value of 0 means there is no restriction. |
| "passwordExpirationTimeout": "A String", # Password expiration timeout. |
| "passwordMinimumLetters": 42, # Minimum number of letters required in the password. Only enforced when password_quality is COMPLEX. |
| "passwordQuality": "A String", # The required password quality. |
| "passwordMinimumUpperCase": 42, # Minimum number of upper case letters required in the password. Only enforced when password_quality is COMPLEX. |
| "passwordMinimumNumeric": 42, # Minimum number of numerical digits required in the password. Only enforced when password_quality is COMPLEX. |
| "passwordMinimumNonLetter": 42, # Minimum number of non-letter characters (numerical digits or symbols) required in the password. Only enforced when password_quality is COMPLEX. |
| }, |
| ], |
| "minimumApiLevel": 42, # The minimum allowed Android API level. |
| "alwaysOnVpnPackage": { # Configuration for an always-on VPN connection. # Configuration for an always-on VPN connection. Use with vpn_config_disabled to prevent modification of this setting. |
| "lockdownEnabled": True or False, # Disallows networking when the VPN is not connected. |
| "packageName": "A String", # The package name of the VPN app. |
| }, |
| "debuggingFeaturesAllowed": True or False, # Whether the user is allowed to enable debugging features. |
| "smsDisabled": True or False, # Whether sending and receiving SMS messages is disabled. |
| "createWindowsDisabled": True or False, # Whether creating windows besides app windows is disabled. |
| "uninstallAppsDisabled": True or False, # Whether user uninstallation of applications is disabled. |
| "policyEnforcementRules": [ # Rules that define the behavior when a particular policy can not be applied on device |
| { # A rule that defines the actions to take if a device or work profile is not compliant with the policy specified in settingName. |
| "settingName": "A String", # The top-level policy to enforce. For example, applications or passwordPolicies. |
| "wipeAction": { # An action to reset a fully managed device or delete a work profile. Note: blockAction must also be specified. # An action to reset a fully managed device or delete a work profile. Note: blockAction must also be specified. |
| "preserveFrp": True or False, # Whether the factory-reset protection data is preserved on the device. This setting doesn’t apply to work profiles. |
| "wipeAfterDays": 42, # Number of days the policy is non-compliant before the device or work profile is wiped. wipeAfterDays must be greater than blockAfterDays. |
| }, |
| "blockAction": { # An action to block access to apps and data on a fully managed device or in a work profile. This action also triggers a device or work profile to displays a user-facing notification with information (where possible) on how to correct the compliance issue. Note: wipeAction must also be specified. # An action to block access to apps and data on a fully managed device or in a work profile. This action also triggers a user-facing notification with information (where possible) on how to correct the compliance issue. Note: wipeAction must also be specified. |
| "blockAfterDays": 42, # Number of days the policy is non-compliant before the device or work profile is blocked. To block access immediately, set to 0. blockAfterDays must be less than wipeAfterDays. |
| "blockScope": "A String", # Specifies the scope of this BlockAction. Only applicable to devices that are company-owned. |
| }, |
| }, |
| ], |
| "recommendedGlobalProxy": { # Configuration info for an HTTP proxy. For a direct proxy, set the host, port, and excluded_hosts fields. For a PAC script proxy, set the pac_uri field. # The network-independent global HTTP proxy. Typically proxies should be configured per-network in open_network_configuration. However for unusual configurations like general internal filtering a global HTTP proxy may be useful. If the proxy is not accessible, network access may break. The global proxy is only a recommendation and some apps may ignore it. |
| "host": "A String", # The host of the direct proxy. |
| "excludedHosts": [ # For a direct proxy, the hosts for which the proxy is bypassed. The host names may contain wildcards such as *.example.com. |
| "A String", |
| ], |
| "port": 42, # The port of the direct proxy. |
| "pacUri": "A String", # The URI of the PAC script used to configure the proxy. |
| }, |
| "blockApplicationsEnabled": True or False, # Whether applications other than the ones configured in applications are blocked from being installed. When set, applications that were installed under a previous policy but no longer appear in the policy are automatically uninstalled. |
| "bluetoothContactSharingDisabled": True or False, # Whether bluetooth contact sharing is disabled. |
| "accountTypesWithManagementDisabled": [ # Account types that can't be managed by the user. |
| "A String", |
| ], |
| "applications": [ # Policy applied to apps. |
| { # Policy for an individual app. |
| "accessibleTrackIds": [ # List of the app’s track IDs that a device belonging to the enterprise can access. If the list contains multiple track IDs, devices receive the latest version among all accessible tracks. If the list contains no track IDs, devices only have access to the app’s production track. More details about each track are available in AppTrackInfo. |
| "A String", |
| ], |
| "installType": "A String", # The type of installation to perform. |
| "lockTaskAllowed": True or False, # Whether the app is allowed to lock itself in full-screen mode. DEPRECATED. Use InstallType KIOSK or kioskCustomLauncherEnabled to to configure a dedicated device. |
| "disabled": True or False, # Whether the app is disabled. When disabled, the app data is still preserved. |
| "delegatedScopes": [ # The scopes delegated to the app from Android Device Policy. |
| "A String", |
| ], |
| "packageName": "A String", # The package name of the app. For example, com.google.android.youtube for the YouTube app. |
| "defaultPermissionPolicy": "A String", # The default policy for all permissions requested by the app. If specified, this overrides the policy-level default_permission_policy which applies to all apps. It does not override the permission_grants which applies to all apps. |
| "minimumVersionCode": 42, # The minimum version of the app that runs on the device. If set, the device attempts to update the app to at least this version code. If the app is not up-to-date, the device will contain a NonComplianceDetail with non_compliance_reason set to APP_NOT_UPDATED. The app must already be published to Google Play with a version code greater than or equal to this value. At most 20 apps may specify a minimum version code per policy. |
| "permissionGrants": [ # Explicit permission grants or denials for the app. These values override the default_permission_policy and permission_grants which apply to all apps. |
| { # Configuration for an Android permission and its grant state. |
| "policy": "A String", # The policy for granting the permission. |
| "permission": "A String", # The Android permission or group, e.g. android.permission.READ_CALENDAR or android.permission_group.CALENDAR. |
| }, |
| ], |
| "managedConfigurationTemplate": { # The managed configurations template for the app, saved from the managed configurations iframe. # The managed configurations template for the app, saved from the managed configurations iframe. This field is ignored if managed_configuration is set. |
| "templateId": "A String", # The ID of the managed configurations template. |
| "configurationVariables": { # Optional, a map containing <key, value> configuration variables defined for the configuration. |
| "a_key": "A String", |
| }, |
| }, |
| "managedConfiguration": { # Managed configuration applied to the app. The format for the configuration is dictated by the ManagedProperty values supported by the app. Each field name in the managed configuration must match the key field of the ManagedProperty. The field value must be compatible with the type of the ManagedProperty: <table> <tr><td><i>type</i></td><td><i>JSON value</i></td></tr> <tr><td>BOOL</td><td>true or false</td></tr> <tr><td>STRING</td><td>string</td></tr> <tr><td>INTEGER</td><td>number</td></tr> <tr><td>CHOICE</td><td>string</td></tr> <tr><td>MULTISELECT</td><td>array of strings</td></tr> <tr><td>HIDDEN</td><td>string</td></tr> <tr><td>BUNDLE_ARRAY</td><td>array of objects</td></tr> </table> |
| "a_key": "", # Properties of the object. |
| }, |
| }, |
| ], |
| "adjustVolumeDisabled": True or False, # Whether adjusting the master volume is disabled. |
| "ensureVerifyAppsEnabled": True or False, # Whether app verification is force-enabled. |
| "wifiConfigDisabled": True or False, # Whether configuring Wi-Fi access points is disabled. |
| "frpAdminEmails": [ # Email addresses of device administrators for factory reset protection. When the device is factory reset, it will require one of these admins to log in with the Google account email and password to unlock the device. If no admins are specified, the device won't provide factory reset protection. |
| "A String", |
| ], |
| "passwordRequirements": { # Requirements for the password used to unlock a device. # Password requirements. The field password_requirements.require_password_unlock must not be set. DEPRECATED - Use password_policies. |
| "maximumFailedPasswordsForWipe": 42, # Number of incorrect device-unlock passwords that can be entered before a device is wiped. A value of 0 means there is no restriction. |
| "passwordMinimumLength": 42, # The minimum allowed password length. A value of 0 means there is no restriction. Only enforced when password_quality is NUMERIC, NUMERIC_COMPLEX, ALPHABETIC, ALPHANUMERIC, or COMPLEX. |
| "passwordScope": "A String", # The scope that the password requirement applies to. |
| "passwordMinimumLowerCase": 42, # Minimum number of lower case letters required in the password. Only enforced when password_quality is COMPLEX. |
| "passwordMinimumSymbols": 42, # Minimum number of symbols required in the password. Only enforced when password_quality is COMPLEX. |
| "requirePasswordUnlock": "A String", # The length of time after a device or work profile is unlocked using a strong form of authentication (password, PIN, pattern) that it can be unlocked using any other authentication method (e.g. fingerprint, trust agents, face). After the specified time period elapses, only strong forms of authentication can be used to unlock the device or work profile. |
| "passwordHistoryLength": 42, # The length of the password history. After setting this field, the user won't be able to enter a new password that is the same as any password in the history. A value of 0 means there is no restriction. |
| "passwordExpirationTimeout": "A String", # Password expiration timeout. |
| "passwordMinimumLetters": 42, # Minimum number of letters required in the password. Only enforced when password_quality is COMPLEX. |
| "passwordQuality": "A String", # The required password quality. |
| "passwordMinimumUpperCase": 42, # Minimum number of upper case letters required in the password. Only enforced when password_quality is COMPLEX. |
| "passwordMinimumNumeric": 42, # Minimum number of numerical digits required in the password. Only enforced when password_quality is COMPLEX. |
| "passwordMinimumNonLetter": 42, # Minimum number of non-letter characters (numerical digits or symbols) required in the password. Only enforced when password_quality is COMPLEX. |
| }, |
| "skipFirstUseHintsEnabled": True or False, # Flag to skip hints on the first use. Enterprise admin can enable the system recommendation for apps to skip their user tutorial and other introductory hints on first start-up. |
| "keyguardDisabledFeatures": [ # Disabled keyguard customizations, such as widgets. |
| "A String", |
| ], |
| "networkResetDisabled": True or False, # Whether resetting network settings is disabled. |
| "bluetoothConfigDisabled": True or False, # Whether configuring bluetooth is disabled. |
| "longSupportMessage": { # Provides a user-facing message with locale info. The maximum message length is 4096 characters. # A message displayed to the user in the device administators settings screen. |
| "localizedMessages": { # A map containing <locale, message> pairs, where locale is a well-formed BCP 47 language (https://www.w3.org/International/articles/language-tags/) code, such as en-US, es-ES, or fr. |
| "a_key": "A String", |
| }, |
| "defaultMessage": "A String", # The default message displayed if no localized message is specified or the user's locale doesn't match with any of the localized messages. A default message must be provided if any localized messages are provided. |
| }, |
| "unmuteMicrophoneDisabled": True or False, # Whether the microphone is muted and adjusting microphone volume is disabled. |
| "permittedInputMethods": { # A list of package names. # If present, only the input methods provided by packages in this list are permitted. If this field is present, but the list is empty, then only system input methods are permitted. |
| "packageNames": [ # A list of package names. |
| "A String", |
| ], |
| }, |
| "name": "A String", # The name of the policy in the form enterprises/{enterpriseId}/policies/{policyId}. |
| "removeUserDisabled": True or False, # Whether removing other users is disabled. |
| "autoTimeRequired": True or False, # Whether auto time is required, which prevents the user from manually setting the date and time. |
| "mobileNetworksConfigDisabled": True or False, # Whether configuring mobile networks is disabled. |
| "installUnknownSourcesAllowed": True or False, # Whether the user is allowed to enable the "Unknown Sources" setting, which allows installation of apps from unknown sources. |
| "credentialsConfigDisabled": True or False, # Whether configuring user credentials is disabled. |
| "version": "A String", # The version of the policy. This is a read-only field. The version is incremented each time the policy is updated. |
| "advancedSecurityOverrides": { # Security policies set to the most secure values by default. To maintain the security posture of a device, we don't recommend overriding any of the default values. # Security policies set to the most secure values by default. To maintain the security posture of a device, we don't recommend overriding any of the default values. |
| "untrustedAppsPolicy": "A String", # The policy for untrusted apps (apps from unknown sources) enforced on the device. Replaces install_unknown_sources_allowed (deprecated). |
| }, |
| }</pre> |
| </div> |
| |
| <div class="method"> |
| <code class="details" id="list">list(parent, pageSize=None, pageToken=None, x__xgafv=None)</code> |
| <pre>Lists policies for a given enterprise. |
| |
| Args: |
| parent: string, The name of the enterprise in the form enterprises/{enterpriseId}. (required) |
| pageSize: integer, The requested page size. The actual page size may be fixed to a min or max value. |
| pageToken: string, A token identifying a page of results returned by the server. |
| x__xgafv: string, V1 error format. |
| Allowed values |
| 1 - v1 error format |
| 2 - v2 error format |
| |
| Returns: |
| An object of the form: |
| |
| { # Response to a request to list policies for a given enterprise. |
| "policies": [ # The list of policies. |
| { # A policy resource represents a group of settings that govern the behavior of a managed device and the apps installed on it. |
| "complianceRules": [ # Rules declaring which mitigating actions to take when a device is not compliant with its policy. When the conditions for multiple rules are satisfied, all of the mitigating actions for the rules are taken. There is a maximum limit of 100 rules. Use policy enforcement rules instead. |
| { # A rule declaring which mitigating actions to take when a device is not compliant with its policy. For every rule, there is always an implicit mitigating action to set policy_compliant to false for the Device resource, and display a message on the device indicating that the device is not compliant with its policy. Other mitigating actions may optionally be taken as well, depending on the field values in the rule. |
| "packageNamesToDisable": [ # If set, the rule includes a mitigating action to disable apps specified in the list, but app data is preserved. |
| "A String", |
| ], |
| "disableApps": True or False, # If set to true, the rule includes a mitigating action to disable apps so that the device is effectively disabled, but app data is preserved. If the device is running an app in locked task mode, the app will be closed and a UI showing the reason for non-compliance will be displayed. |
| "nonComplianceDetailCondition": { # A compliance rule condition which is satisfied if there exists any matching NonComplianceDetail for the device. A NonComplianceDetail matches a NonComplianceDetailCondition if all the fields which are set within the NonComplianceDetailCondition match the corresponding NonComplianceDetail fields. # A condition which is satisfied if there exists any matching NonComplianceDetail for the device. |
| "packageName": "A String", # The package name of the app that's out of compliance. If not set, then this condition matches any package name. |
| "settingName": "A String", # The name of the policy setting. This is the JSON field name of a top-level Policy field. If not set, then this condition matches any setting name. |
| "nonComplianceReason": "A String", # The reason the device is not in compliance with the setting. If not set, then this condition matches any reason. |
| }, |
| "apiLevelCondition": { # A compliance rule condition which is satisfied if the Android Framework API level on the device doesn't meet a minimum requirement. There can only be one rule with this type of condition per policy. # A condition which is satisfied if the Android Framework API level on the device doesn't meet a minimum requirement. |
| "minApiLevel": 42, # The minimum desired Android Framework API level. If the device doesn't meet the minimum requirement, this condition is satisfied. Must be greater than zero. |
| }, |
| }, |
| ], |
| "statusReportingSettings": { # Settings controlling the behavior of status reports. # Status reporting settings |
| "applicationReportsEnabled": True or False, # Whether app reports are enabled. |
| "systemPropertiesEnabled": True or False, # Whether system properties reporting is enabled. |
| "deviceSettingsEnabled": True or False, # Whether device settings reporting is enabled. |
| "memoryInfoEnabled": True or False, # Whether memory reporting is enabled. |
| "softwareInfoEnabled": True or False, # Whether software info reporting is enabled. |
| "powerManagementEventsEnabled": True or False, # Whether power management event reporting is enabled. Report data is not available for personally owned devices with work profiles. |
| "displayInfoEnabled": True or False, # Whether displays reporting is enabled. Report data is not available for personally owned devices with work profiles. |
| "hardwareStatusEnabled": True or False, # Whether hardware status reporting is enabled. Report data is not available for personally owned devices with work profiles. |
| "networkInfoEnabled": True or False, # Whether network info reporting is enabled. |
| "applicationReportingSettings": { # Settings controlling the behavior of application reports. # Application reporting settings. Only applicable if application_reports_enabled is true. |
| "includeRemovedApps": True or False, # Whether removed apps are included in application reports. |
| }, |
| }, |
| "shortSupportMessage": { # Provides a user-facing message with locale info. The maximum message length is 4096 characters. # A message displayed to the user in the settings screen wherever functionality has been disabled by the admin. If the message is longer than 200 characters it may be truncated. |
| "localizedMessages": { # A map containing <locale, message> pairs, where locale is a well-formed BCP 47 language (https://www.w3.org/International/articles/language-tags/) code, such as en-US, es-ES, or fr. |
| "a_key": "A String", |
| }, |
| "defaultMessage": "A String", # The default message displayed if no localized message is specified or the user's locale doesn't match with any of the localized messages. A default message must be provided if any localized messages are provided. |
| }, |
| "stayOnPluggedModes": [ # The battery plugged in modes for which the device stays on. When using this setting, it is recommended to clear maximum_time_to_lock so that the device doesn't lock itself while it stays on. |
| "A String", |
| ], |
| "addUserDisabled": True or False, # Whether adding new users and profiles is disabled. |
| "kioskCustomization": { # Settings controlling the behavior of a device in kiosk mode. To enable kiosk mode, set kioskCustomLauncherEnabled to true or specify an app in the policy with installType KIOSK. # Settings controlling the behavior of a device in kiosk mode. To enable kiosk mode, set kioskCustomLauncherEnabled to true or specify an app in the policy with installType KIOSK. |
| "systemNavigation": "A String", # Specifies which navigation features are enabled (e.g. Home, Overview buttons) in kiosk mode. |
| "systemErrorWarnings": "A String", # Specifies whether system error dialogs for crashed or unresponsive apps are blocked in kiosk mode. When blocked, the system will force-stop the app as if the user chooses the "close app" option on the UI. |
| "powerButtonActions": "A String", # Sets the behavior of a device in kiosk mode when a user presses and holds (long-presses) the Power button. |
| "deviceSettings": "A String", # Specifies whether the Settings app is allowed in kiosk mode. |
| "statusBar": "A String", # Specifies whether system info and notifications are disabled in kiosk mode. |
| }, |
| "networkEscapeHatchEnabled": True or False, # Whether the network escape hatch is enabled. If a network connection can't be made at boot time, the escape hatch prompts the user to temporarily connect to a network in order to refresh the device policy. After applying policy, the temporary network will be forgotten and the device will continue booting. This prevents being unable to connect to a network if there is no suitable network in the last policy and the device boots into an app in lock task mode, or the user is otherwise unable to reach device settings. |
| "personalUsagePolicies": { # Policies controlling personal usage on a Corporate Owned Personally Enabled device. # Policies managing personal usage on a company-owned device. |
| "maxDaysWithWorkOff": 42, # Controls how long the work profile can stay off. |
| "accountTypesWithManagementDisabled": [ # Account types that can't be managed by the user. |
| "A String", |
| ], |
| "cameraDisabled": True or False, # Whether camera is disabled. |
| "screenCaptureDisabled": True or False, # Whether screen capture is disabled. |
| "personalPlayStoreMode": "A String", # Controls how apps on the personal profile are allowed or blocked. |
| "personalApplications": [ # Policy applied to applications on the personal profile. |
| { # Policies for apps on the personal profile of a Corporate Owned Personally Enabled device. |
| "installType": "A String", # The type of installation to perform. |
| "packageName": "A String", # The package name of the application. |
| }, |
| ], |
| }, |
| "cellBroadcastsConfigDisabled": True or False, # Whether configuring cell broadcast is disabled. |
| "statusBarDisabled": True or False, # Whether the status bar is disabled. This disables notifications, quick settings, and other screen overlays that allow escape from full-screen mode. DEPRECATED. To disable the status bar on a kiosk device, use InstallType KIOSK or kioskCustomLauncherEnabled. |
| "maximumTimeToLock": "A String", # Maximum time in milliseconds for user activity until the device locks. A value of 0 means there is no restriction. |
| "tetheringConfigDisabled": True or False, # Whether configuring tethering and portable hotspots is disabled. |
| "privateKeySelectionEnabled": True or False, # Allows showing UI on a device for a user to choose a private key alias if there are no matching rules in ChoosePrivateKeyRules. For devices below Android P, setting this may leave enterprise keys vulnerable. |
| "permittedAccessibilityServices": { # A list of package names. # Specifies permitted accessibility services. If the field is not set, any accessibility service can be used. If the field is set, only the accessibility services in this list and the system's built-in accessibility service can be used. In particular, if the field is set to empty, only the system's built-in accessibility servicess can be used. |
| "packageNames": [ # A list of package names. |
| "A String", |
| ], |
| }, |
| "modifyAccountsDisabled": True or False, # Whether adding or removing accounts is disabled. |
| "mountPhysicalMediaDisabled": True or False, # Whether the user mounting physical external media is disabled. |
| "screenCaptureDisabled": True or False, # Whether screen capture is disabled. |
| "usbFileTransferDisabled": True or False, # Whether transferring files over USB is disabled. |
| "factoryResetDisabled": True or False, # Whether factory resetting from settings is disabled. |
| "playStoreMode": "A String", # This mode controls which apps are available to the user in the Play Store and the behavior on the device when apps are removed from the policy. |
| "deviceOwnerLockScreenInfo": { # Provides a user-facing message with locale info. The maximum message length is 4096 characters. # The device owner information to be shown on the lock screen. |
| "localizedMessages": { # A map containing <locale, message> pairs, where locale is a well-formed BCP 47 language (https://www.w3.org/International/articles/language-tags/) code, such as en-US, es-ES, or fr. |
| "a_key": "A String", |
| }, |
| "defaultMessage": "A String", # The default message displayed if no localized message is specified or the user's locale doesn't match with any of the localized messages. A default message must be provided if any localized messages are provided. |
| }, |
| "choosePrivateKeyRules": [ # Rules for automatically choosing a private key and certificate to authenticate the device to a server. The rules are ordered by increasing precedence, so if an outgoing request matches more than one rule, the last rule defines which private key to use. |
| { # A rule for automatically choosing a private key and certificate to authenticate the device to a server. |
| "urlPattern": "A String", # The URL pattern to match against the URL of the outgoing request. The pattern may contain asterisk (*) wildcards. Any URL is matched if unspecified. |
| "packageNames": [ # The package names for which outgoing requests are subject to this rule. If no package names are specified, then the rule applies to all packages. For each package name listed, the rule applies to that package and all other packages that shared the same Android UID. The SHA256 hash of the signing key signatures of each package_name will be verified against those provided by Play |
| "A String", |
| ], |
| "privateKeyAlias": "A String", # The alias of the private key to be used. |
| }, |
| ], |
| "cameraDisabled": True or False, # Whether all cameras on the device are disabled. |
| "installAppsDisabled": True or False, # Whether user installation of apps is disabled. |
| "openNetworkConfiguration": { # Network configuration for the device. See configure networks for more information. |
| "a_key": "", # Properties of the object. |
| }, |
| "usbMassStorageEnabled": True or False, # Whether USB storage is enabled. Deprecated. |
| "permissionGrants": [ # Explicit permission or group grants or denials for all apps. These values override the default_permission_policy. |
| { # Configuration for an Android permission and its grant state. |
| "policy": "A String", # The policy for granting the permission. |
| "permission": "A String", # The Android permission or group, e.g. android.permission.READ_CALENDAR or android.permission_group.CALENDAR. |
| }, |
| ], |
| "setUserIconDisabled": True or False, # Whether changing the user icon is disabled. |
| "appAutoUpdatePolicy": "A String", # The app auto update policy, which controls when automatic app updates can be applied. |
| "kioskCustomLauncherEnabled": True or False, # Whether the kiosk custom launcher is enabled. This replaces the home screen with a launcher that locks down the device to the apps installed via the applications setting. Apps appear on a single page in alphabetical order. Use kioskCustomization to further configure the kiosk device behavior. |
| "encryptionPolicy": "A String", # Whether encryption is enabled |
| "vpnConfigDisabled": True or False, # Whether configuring VPN is disabled. |
| "funDisabled": True or False, # Whether the user is allowed to have fun. Controls whether the Easter egg game in Settings is disabled. |
| "outgoingBeamDisabled": True or False, # Whether using NFC to beam data from apps is disabled. |
| "wifiConfigsLockdownEnabled": True or False, # DEPRECATED - Use wifi_config_disabled. |
| "setupActions": [ # Actions to take during the setup process. |
| { # An action executed during setup. |
| "description": { # Provides a user-facing message with locale info. The maximum message length is 4096 characters. # Description of this action. |
| "localizedMessages": { # A map containing <locale, message> pairs, where locale is a well-formed BCP 47 language (https://www.w3.org/International/articles/language-tags/) code, such as en-US, es-ES, or fr. |
| "a_key": "A String", |
| }, |
| "defaultMessage": "A String", # The default message displayed if no localized message is specified or the user's locale doesn't match with any of the localized messages. A default message must be provided if any localized messages are provided. |
| }, |
| "title": { # Provides a user-facing message with locale info. The maximum message length is 4096 characters. # Title of this action. |
| "localizedMessages": { # A map containing <locale, message> pairs, where locale is a well-formed BCP 47 language (https://www.w3.org/International/articles/language-tags/) code, such as en-US, es-ES, or fr. |
| "a_key": "A String", |
| }, |
| "defaultMessage": "A String", # The default message displayed if no localized message is specified or the user's locale doesn't match with any of the localized messages. A default message must be provided if any localized messages are provided. |
| }, |
| "launchApp": { # An action to launch an app. # An action to launch an app. |
| "packageName": "A String", # Package name of app to be launched |
| }, |
| }, |
| ], |
| "setWallpaperDisabled": True or False, # Whether changing the wallpaper is disabled. |
| "safeBootDisabled": True or False, # Whether rebooting the device into safe boot is disabled. |
| "keyguardDisabled": True or False, # Whether the keyguard is disabled. |
| "outgoingCallsDisabled": True or False, # Whether outgoing calls are disabled. |
| "bluetoothDisabled": True or False, # Whether bluetooth is disabled. Prefer this setting over bluetooth_config_disabled because bluetooth_config_disabled can be bypassed by the user. |
| "locationMode": "A String", # The degree of location detection enabled. The user may change the value unless the user is otherwise blocked from accessing device settings. |
| "dataRoamingDisabled": True or False, # Whether roaming data services are disabled. |
| "androidDevicePolicyTracks": [ # The app tracks for Android Device Policy the device can access. The device receives the latest version among all accessible tracks. If no tracks are specified, then the device only uses the production track. |
| "A String", |
| ], |
| "defaultPermissionPolicy": "A String", # The default permission policy for runtime permission requests. |
| "systemUpdate": { # Configuration for managing system updates # The system update policy, which controls how OS updates are applied. If the update type is WINDOWED, the update window will automatically apply to Play app updates as well. |
| "freezePeriods": [ # An annually repeating time period in which over-the-air (OTA) system updates are postponed to freeze the OS version running on a device. To prevent freezing the device indefinitely, each freeze period must be separated by at least 60 days. |
| { # A system freeze period. When a device’s clock is within the freeze period, all incoming system updates (including security patches) are blocked and won’t be installed. When a device is outside the freeze period, normal update behavior applies. Leap years are ignored in freeze period calculations, in particular: * If Feb. 29th is set as the start or end date of a freeze period, the freeze period will start or end on Feb. 28th instead. * When a device’s system clock reads Feb. 29th, it’s treated as Feb. 28th. * When calculating the number of days in a freeze period or the time between two freeze periods, Feb. 29th is ignored and not counted as a day. |
| "endDate": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day and time zone are either specified elsewhere or are not significant. The date is relative to the Proleptic Gregorian Calendar. This can represent: # The end date (inclusive) of the freeze period. Must be no later than 90 days from the start date. If the end date is earlier than the start date, the freeze period is considered wrapping year-end. Note: year must not be set. For example, {"month": 1,"date": 30}. |
| # A full date, with non-zero year, month and day values |
| # A month and day value, with a zero year, e.g. an anniversary |
| # A year on its own, with zero month and day values |
| # A year and month value, with a zero day, e.g. a credit card expiration dateRelated types are google.type.TimeOfDay and google.protobuf.Timestamp. |
| "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without a year. |
| "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a month and day. |
| "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 if specifying a year by itself or a year and month where the day is not significant. |
| }, |
| "startDate": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day and time zone are either specified elsewhere or are not significant. The date is relative to the Proleptic Gregorian Calendar. This can represent: # The start date (inclusive) of the freeze period. Note: year must not be set. For example, {"month": 1,"date": 30}. |
| # A full date, with non-zero year, month and day values |
| # A month and day value, with a zero year, e.g. an anniversary |
| # A year on its own, with zero month and day values |
| # A year and month value, with a zero day, e.g. a credit card expiration dateRelated types are google.type.TimeOfDay and google.protobuf.Timestamp. |
| "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without a year. |
| "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a month and day. |
| "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 if specifying a year by itself or a year and month where the day is not significant. |
| }, |
| }, |
| ], |
| "endMinutes": 42, # If the type is WINDOWED, the end of the maintenance window, measured as the number of minutes after midnight in device's local time. This value must be between 0 and 1439, inclusive. If this value is less than start_minutes, then the maintenance window spans midnight. If the maintenance window specified is smaller than 30 minutes, the actual window is extended to 30 minutes beyond the start time. |
| "type": "A String", # The type of system update to configure. |
| "startMinutes": 42, # If the type is WINDOWED, the start of the maintenance window, measured as the number of minutes after midnight in the device's local time. This value must be between 0 and 1439, inclusive. |
| }, |
| "persistentPreferredActivities": [ # Default intent handler activities. |
| { # A default activity for handling intents that match a particular intent filter. Note: To set up a kiosk, use InstallType to KIOSK rather than use persistent preferred activities. |
| "categories": [ # The intent categories to match in the filter. An intent includes the categories that it requires, all of which must be included in the filter in order to match. In other words, adding a category to the filter has no impact on matching unless that category is specified in the intent. |
| "A String", |
| ], |
| "receiverActivity": "A String", # The activity that should be the default intent handler. This should be an Android component name, e.g. com.android.enterprise.app/.MainActivity. Alternatively, the value may be the package name of an app, which causes Android Device Policy to choose an appropriate activity from the app to handle the intent. |
| "actions": [ # The intent actions to match in the filter. If any actions are included in the filter, then an intent's action must be one of those values for it to match. If no actions are included, the intent action is ignored. |
| "A String", |
| ], |
| }, |
| ], |
| "shareLocationDisabled": True or False, # Whether location sharing is disabled. |
| "passwordPolicies": [ # Password requirement policies. Different policies can be set for work profile or fully managed devices by setting the password_scope field in the policy. |
| { # Requirements for the password used to unlock a device. |
| "maximumFailedPasswordsForWipe": 42, # Number of incorrect device-unlock passwords that can be entered before a device is wiped. A value of 0 means there is no restriction. |
| "passwordMinimumLength": 42, # The minimum allowed password length. A value of 0 means there is no restriction. Only enforced when password_quality is NUMERIC, NUMERIC_COMPLEX, ALPHABETIC, ALPHANUMERIC, or COMPLEX. |
| "passwordScope": "A String", # The scope that the password requirement applies to. |
| "passwordMinimumLowerCase": 42, # Minimum number of lower case letters required in the password. Only enforced when password_quality is COMPLEX. |
| "passwordMinimumSymbols": 42, # Minimum number of symbols required in the password. Only enforced when password_quality is COMPLEX. |
| "requirePasswordUnlock": "A String", # The length of time after a device or work profile is unlocked using a strong form of authentication (password, PIN, pattern) that it can be unlocked using any other authentication method (e.g. fingerprint, trust agents, face). After the specified time period elapses, only strong forms of authentication can be used to unlock the device or work profile. |
| "passwordHistoryLength": 42, # The length of the password history. After setting this field, the user won't be able to enter a new password that is the same as any password in the history. A value of 0 means there is no restriction. |
| "passwordExpirationTimeout": "A String", # Password expiration timeout. |
| "passwordMinimumLetters": 42, # Minimum number of letters required in the password. Only enforced when password_quality is COMPLEX. |
| "passwordQuality": "A String", # The required password quality. |
| "passwordMinimumUpperCase": 42, # Minimum number of upper case letters required in the password. Only enforced when password_quality is COMPLEX. |
| "passwordMinimumNumeric": 42, # Minimum number of numerical digits required in the password. Only enforced when password_quality is COMPLEX. |
| "passwordMinimumNonLetter": 42, # Minimum number of non-letter characters (numerical digits or symbols) required in the password. Only enforced when password_quality is COMPLEX. |
| }, |
| ], |
| "minimumApiLevel": 42, # The minimum allowed Android API level. |
| "alwaysOnVpnPackage": { # Configuration for an always-on VPN connection. # Configuration for an always-on VPN connection. Use with vpn_config_disabled to prevent modification of this setting. |
| "lockdownEnabled": True or False, # Disallows networking when the VPN is not connected. |
| "packageName": "A String", # The package name of the VPN app. |
| }, |
| "debuggingFeaturesAllowed": True or False, # Whether the user is allowed to enable debugging features. |
| "smsDisabled": True or False, # Whether sending and receiving SMS messages is disabled. |
| "createWindowsDisabled": True or False, # Whether creating windows besides app windows is disabled. |
| "uninstallAppsDisabled": True or False, # Whether user uninstallation of applications is disabled. |
| "policyEnforcementRules": [ # Rules that define the behavior when a particular policy can not be applied on device |
| { # A rule that defines the actions to take if a device or work profile is not compliant with the policy specified in settingName. |
| "settingName": "A String", # The top-level policy to enforce. For example, applications or passwordPolicies. |
| "wipeAction": { # An action to reset a fully managed device or delete a work profile. Note: blockAction must also be specified. # An action to reset a fully managed device or delete a work profile. Note: blockAction must also be specified. |
| "preserveFrp": True or False, # Whether the factory-reset protection data is preserved on the device. This setting doesn’t apply to work profiles. |
| "wipeAfterDays": 42, # Number of days the policy is non-compliant before the device or work profile is wiped. wipeAfterDays must be greater than blockAfterDays. |
| }, |
| "blockAction": { # An action to block access to apps and data on a fully managed device or in a work profile. This action also triggers a device or work profile to displays a user-facing notification with information (where possible) on how to correct the compliance issue. Note: wipeAction must also be specified. # An action to block access to apps and data on a fully managed device or in a work profile. This action also triggers a user-facing notification with information (where possible) on how to correct the compliance issue. Note: wipeAction must also be specified. |
| "blockAfterDays": 42, # Number of days the policy is non-compliant before the device or work profile is blocked. To block access immediately, set to 0. blockAfterDays must be less than wipeAfterDays. |
| "blockScope": "A String", # Specifies the scope of this BlockAction. Only applicable to devices that are company-owned. |
| }, |
| }, |
| ], |
| "recommendedGlobalProxy": { # Configuration info for an HTTP proxy. For a direct proxy, set the host, port, and excluded_hosts fields. For a PAC script proxy, set the pac_uri field. # The network-independent global HTTP proxy. Typically proxies should be configured per-network in open_network_configuration. However for unusual configurations like general internal filtering a global HTTP proxy may be useful. If the proxy is not accessible, network access may break. The global proxy is only a recommendation and some apps may ignore it. |
| "host": "A String", # The host of the direct proxy. |
| "excludedHosts": [ # For a direct proxy, the hosts for which the proxy is bypassed. The host names may contain wildcards such as *.example.com. |
| "A String", |
| ], |
| "port": 42, # The port of the direct proxy. |
| "pacUri": "A String", # The URI of the PAC script used to configure the proxy. |
| }, |
| "blockApplicationsEnabled": True or False, # Whether applications other than the ones configured in applications are blocked from being installed. When set, applications that were installed under a previous policy but no longer appear in the policy are automatically uninstalled. |
| "bluetoothContactSharingDisabled": True or False, # Whether bluetooth contact sharing is disabled. |
| "accountTypesWithManagementDisabled": [ # Account types that can't be managed by the user. |
| "A String", |
| ], |
| "applications": [ # Policy applied to apps. |
| { # Policy for an individual app. |
| "accessibleTrackIds": [ # List of the app’s track IDs that a device belonging to the enterprise can access. If the list contains multiple track IDs, devices receive the latest version among all accessible tracks. If the list contains no track IDs, devices only have access to the app’s production track. More details about each track are available in AppTrackInfo. |
| "A String", |
| ], |
| "installType": "A String", # The type of installation to perform. |
| "lockTaskAllowed": True or False, # Whether the app is allowed to lock itself in full-screen mode. DEPRECATED. Use InstallType KIOSK or kioskCustomLauncherEnabled to to configure a dedicated device. |
| "disabled": True or False, # Whether the app is disabled. When disabled, the app data is still preserved. |
| "delegatedScopes": [ # The scopes delegated to the app from Android Device Policy. |
| "A String", |
| ], |
| "packageName": "A String", # The package name of the app. For example, com.google.android.youtube for the YouTube app. |
| "defaultPermissionPolicy": "A String", # The default policy for all permissions requested by the app. If specified, this overrides the policy-level default_permission_policy which applies to all apps. It does not override the permission_grants which applies to all apps. |
| "minimumVersionCode": 42, # The minimum version of the app that runs on the device. If set, the device attempts to update the app to at least this version code. If the app is not up-to-date, the device will contain a NonComplianceDetail with non_compliance_reason set to APP_NOT_UPDATED. The app must already be published to Google Play with a version code greater than or equal to this value. At most 20 apps may specify a minimum version code per policy. |
| "permissionGrants": [ # Explicit permission grants or denials for the app. These values override the default_permission_policy and permission_grants which apply to all apps. |
| { # Configuration for an Android permission and its grant state. |
| "policy": "A String", # The policy for granting the permission. |
| "permission": "A String", # The Android permission or group, e.g. android.permission.READ_CALENDAR or android.permission_group.CALENDAR. |
| }, |
| ], |
| "managedConfigurationTemplate": { # The managed configurations template for the app, saved from the managed configurations iframe. # The managed configurations template for the app, saved from the managed configurations iframe. This field is ignored if managed_configuration is set. |
| "templateId": "A String", # The ID of the managed configurations template. |
| "configurationVariables": { # Optional, a map containing <key, value> configuration variables defined for the configuration. |
| "a_key": "A String", |
| }, |
| }, |
| "managedConfiguration": { # Managed configuration applied to the app. The format for the configuration is dictated by the ManagedProperty values supported by the app. Each field name in the managed configuration must match the key field of the ManagedProperty. The field value must be compatible with the type of the ManagedProperty: <table> <tr><td><i>type</i></td><td><i>JSON value</i></td></tr> <tr><td>BOOL</td><td>true or false</td></tr> <tr><td>STRING</td><td>string</td></tr> <tr><td>INTEGER</td><td>number</td></tr> <tr><td>CHOICE</td><td>string</td></tr> <tr><td>MULTISELECT</td><td>array of strings</td></tr> <tr><td>HIDDEN</td><td>string</td></tr> <tr><td>BUNDLE_ARRAY</td><td>array of objects</td></tr> </table> |
| "a_key": "", # Properties of the object. |
| }, |
| }, |
| ], |
| "adjustVolumeDisabled": True or False, # Whether adjusting the master volume is disabled. |
| "ensureVerifyAppsEnabled": True or False, # Whether app verification is force-enabled. |
| "wifiConfigDisabled": True or False, # Whether configuring Wi-Fi access points is disabled. |
| "frpAdminEmails": [ # Email addresses of device administrators for factory reset protection. When the device is factory reset, it will require one of these admins to log in with the Google account email and password to unlock the device. If no admins are specified, the device won't provide factory reset protection. |
| "A String", |
| ], |
| "passwordRequirements": { # Requirements for the password used to unlock a device. # Password requirements. The field password_requirements.require_password_unlock must not be set. DEPRECATED - Use password_policies. |
| "maximumFailedPasswordsForWipe": 42, # Number of incorrect device-unlock passwords that can be entered before a device is wiped. A value of 0 means there is no restriction. |
| "passwordMinimumLength": 42, # The minimum allowed password length. A value of 0 means there is no restriction. Only enforced when password_quality is NUMERIC, NUMERIC_COMPLEX, ALPHABETIC, ALPHANUMERIC, or COMPLEX. |
| "passwordScope": "A String", # The scope that the password requirement applies to. |
| "passwordMinimumLowerCase": 42, # Minimum number of lower case letters required in the password. Only enforced when password_quality is COMPLEX. |
| "passwordMinimumSymbols": 42, # Minimum number of symbols required in the password. Only enforced when password_quality is COMPLEX. |
| "requirePasswordUnlock": "A String", # The length of time after a device or work profile is unlocked using a strong form of authentication (password, PIN, pattern) that it can be unlocked using any other authentication method (e.g. fingerprint, trust agents, face). After the specified time period elapses, only strong forms of authentication can be used to unlock the device or work profile. |
| "passwordHistoryLength": 42, # The length of the password history. After setting this field, the user won't be able to enter a new password that is the same as any password in the history. A value of 0 means there is no restriction. |
| "passwordExpirationTimeout": "A String", # Password expiration timeout. |
| "passwordMinimumLetters": 42, # Minimum number of letters required in the password. Only enforced when password_quality is COMPLEX. |
| "passwordQuality": "A String", # The required password quality. |
| "passwordMinimumUpperCase": 42, # Minimum number of upper case letters required in the password. Only enforced when password_quality is COMPLEX. |
| "passwordMinimumNumeric": 42, # Minimum number of numerical digits required in the password. Only enforced when password_quality is COMPLEX. |
| "passwordMinimumNonLetter": 42, # Minimum number of non-letter characters (numerical digits or symbols) required in the password. Only enforced when password_quality is COMPLEX. |
| }, |
| "skipFirstUseHintsEnabled": True or False, # Flag to skip hints on the first use. Enterprise admin can enable the system recommendation for apps to skip their user tutorial and other introductory hints on first start-up. |
| "keyguardDisabledFeatures": [ # Disabled keyguard customizations, such as widgets. |
| "A String", |
| ], |
| "networkResetDisabled": True or False, # Whether resetting network settings is disabled. |
| "bluetoothConfigDisabled": True or False, # Whether configuring bluetooth is disabled. |
| "longSupportMessage": { # Provides a user-facing message with locale info. The maximum message length is 4096 characters. # A message displayed to the user in the device administators settings screen. |
| "localizedMessages": { # A map containing <locale, message> pairs, where locale is a well-formed BCP 47 language (https://www.w3.org/International/articles/language-tags/) code, such as en-US, es-ES, or fr. |
| "a_key": "A String", |
| }, |
| "defaultMessage": "A String", # The default message displayed if no localized message is specified or the user's locale doesn't match with any of the localized messages. A default message must be provided if any localized messages are provided. |
| }, |
| "unmuteMicrophoneDisabled": True or False, # Whether the microphone is muted and adjusting microphone volume is disabled. |
| "permittedInputMethods": { # A list of package names. # If present, only the input methods provided by packages in this list are permitted. If this field is present, but the list is empty, then only system input methods are permitted. |
| "packageNames": [ # A list of package names. |
| "A String", |
| ], |
| }, |
| "name": "A String", # The name of the policy in the form enterprises/{enterpriseId}/policies/{policyId}. |
| "removeUserDisabled": True or False, # Whether removing other users is disabled. |
| "autoTimeRequired": True or False, # Whether auto time is required, which prevents the user from manually setting the date and time. |
| "mobileNetworksConfigDisabled": True or False, # Whether configuring mobile networks is disabled. |
| "installUnknownSourcesAllowed": True or False, # Whether the user is allowed to enable the "Unknown Sources" setting, which allows installation of apps from unknown sources. |
| "credentialsConfigDisabled": True or False, # Whether configuring user credentials is disabled. |
| "version": "A String", # The version of the policy. This is a read-only field. The version is incremented each time the policy is updated. |
| "advancedSecurityOverrides": { # Security policies set to the most secure values by default. To maintain the security posture of a device, we don't recommend overriding any of the default values. # Security policies set to the most secure values by default. To maintain the security posture of a device, we don't recommend overriding any of the default values. |
| "untrustedAppsPolicy": "A String", # The policy for untrusted apps (apps from unknown sources) enforced on the device. Replaces install_unknown_sources_allowed (deprecated). |
| }, |
| }, |
| ], |
| "nextPageToken": "A String", # If there are more results, a token to retrieve next page of results. |
| }</pre> |
| </div> |
| |
| <div class="method"> |
| <code class="details" id="list_next">list_next(previous_request, previous_response)</code> |
| <pre>Retrieves the next page of results. |
| |
| Args: |
| previous_request: The request for the previous page. (required) |
| previous_response: The response from the request for the previous page. (required) |
| |
| Returns: |
| A request object that you can call 'execute()' on to request the next |
| page. Returns None if there are no more items in the collection. |
| </pre> |
| </div> |
| |
| <div class="method"> |
| <code class="details" id="patch">patch(name, body=None, updateMask=None, x__xgafv=None)</code> |
| <pre>Updates or creates a policy. |
| |
| Args: |
| name: string, The name of the policy in the form enterprises/{enterpriseId}/policies/{policyId}. (required) |
| body: object, The request body. |
| The object takes the form of: |
| |
| { # A policy resource represents a group of settings that govern the behavior of a managed device and the apps installed on it. |
| "complianceRules": [ # Rules declaring which mitigating actions to take when a device is not compliant with its policy. When the conditions for multiple rules are satisfied, all of the mitigating actions for the rules are taken. There is a maximum limit of 100 rules. Use policy enforcement rules instead. |
| { # A rule declaring which mitigating actions to take when a device is not compliant with its policy. For every rule, there is always an implicit mitigating action to set policy_compliant to false for the Device resource, and display a message on the device indicating that the device is not compliant with its policy. Other mitigating actions may optionally be taken as well, depending on the field values in the rule. |
| "packageNamesToDisable": [ # If set, the rule includes a mitigating action to disable apps specified in the list, but app data is preserved. |
| "A String", |
| ], |
| "disableApps": True or False, # If set to true, the rule includes a mitigating action to disable apps so that the device is effectively disabled, but app data is preserved. If the device is running an app in locked task mode, the app will be closed and a UI showing the reason for non-compliance will be displayed. |
| "nonComplianceDetailCondition": { # A compliance rule condition which is satisfied if there exists any matching NonComplianceDetail for the device. A NonComplianceDetail matches a NonComplianceDetailCondition if all the fields which are set within the NonComplianceDetailCondition match the corresponding NonComplianceDetail fields. # A condition which is satisfied if there exists any matching NonComplianceDetail for the device. |
| "packageName": "A String", # The package name of the app that's out of compliance. If not set, then this condition matches any package name. |
| "settingName": "A String", # The name of the policy setting. This is the JSON field name of a top-level Policy field. If not set, then this condition matches any setting name. |
| "nonComplianceReason": "A String", # The reason the device is not in compliance with the setting. If not set, then this condition matches any reason. |
| }, |
| "apiLevelCondition": { # A compliance rule condition which is satisfied if the Android Framework API level on the device doesn't meet a minimum requirement. There can only be one rule with this type of condition per policy. # A condition which is satisfied if the Android Framework API level on the device doesn't meet a minimum requirement. |
| "minApiLevel": 42, # The minimum desired Android Framework API level. If the device doesn't meet the minimum requirement, this condition is satisfied. Must be greater than zero. |
| }, |
| }, |
| ], |
| "statusReportingSettings": { # Settings controlling the behavior of status reports. # Status reporting settings |
| "applicationReportsEnabled": True or False, # Whether app reports are enabled. |
| "systemPropertiesEnabled": True or False, # Whether system properties reporting is enabled. |
| "deviceSettingsEnabled": True or False, # Whether device settings reporting is enabled. |
| "memoryInfoEnabled": True or False, # Whether memory reporting is enabled. |
| "softwareInfoEnabled": True or False, # Whether software info reporting is enabled. |
| "powerManagementEventsEnabled": True or False, # Whether power management event reporting is enabled. Report data is not available for personally owned devices with work profiles. |
| "displayInfoEnabled": True or False, # Whether displays reporting is enabled. Report data is not available for personally owned devices with work profiles. |
| "hardwareStatusEnabled": True or False, # Whether hardware status reporting is enabled. Report data is not available for personally owned devices with work profiles. |
| "networkInfoEnabled": True or False, # Whether network info reporting is enabled. |
| "applicationReportingSettings": { # Settings controlling the behavior of application reports. # Application reporting settings. Only applicable if application_reports_enabled is true. |
| "includeRemovedApps": True or False, # Whether removed apps are included in application reports. |
| }, |
| }, |
| "shortSupportMessage": { # Provides a user-facing message with locale info. The maximum message length is 4096 characters. # A message displayed to the user in the settings screen wherever functionality has been disabled by the admin. If the message is longer than 200 characters it may be truncated. |
| "localizedMessages": { # A map containing <locale, message> pairs, where locale is a well-formed BCP 47 language (https://www.w3.org/International/articles/language-tags/) code, such as en-US, es-ES, or fr. |
| "a_key": "A String", |
| }, |
| "defaultMessage": "A String", # The default message displayed if no localized message is specified or the user's locale doesn't match with any of the localized messages. A default message must be provided if any localized messages are provided. |
| }, |
| "stayOnPluggedModes": [ # The battery plugged in modes for which the device stays on. When using this setting, it is recommended to clear maximum_time_to_lock so that the device doesn't lock itself while it stays on. |
| "A String", |
| ], |
| "addUserDisabled": True or False, # Whether adding new users and profiles is disabled. |
| "kioskCustomization": { # Settings controlling the behavior of a device in kiosk mode. To enable kiosk mode, set kioskCustomLauncherEnabled to true or specify an app in the policy with installType KIOSK. # Settings controlling the behavior of a device in kiosk mode. To enable kiosk mode, set kioskCustomLauncherEnabled to true or specify an app in the policy with installType KIOSK. |
| "systemNavigation": "A String", # Specifies which navigation features are enabled (e.g. Home, Overview buttons) in kiosk mode. |
| "systemErrorWarnings": "A String", # Specifies whether system error dialogs for crashed or unresponsive apps are blocked in kiosk mode. When blocked, the system will force-stop the app as if the user chooses the "close app" option on the UI. |
| "powerButtonActions": "A String", # Sets the behavior of a device in kiosk mode when a user presses and holds (long-presses) the Power button. |
| "deviceSettings": "A String", # Specifies whether the Settings app is allowed in kiosk mode. |
| "statusBar": "A String", # Specifies whether system info and notifications are disabled in kiosk mode. |
| }, |
| "networkEscapeHatchEnabled": True or False, # Whether the network escape hatch is enabled. If a network connection can't be made at boot time, the escape hatch prompts the user to temporarily connect to a network in order to refresh the device policy. After applying policy, the temporary network will be forgotten and the device will continue booting. This prevents being unable to connect to a network if there is no suitable network in the last policy and the device boots into an app in lock task mode, or the user is otherwise unable to reach device settings. |
| "personalUsagePolicies": { # Policies controlling personal usage on a Corporate Owned Personally Enabled device. # Policies managing personal usage on a company-owned device. |
| "maxDaysWithWorkOff": 42, # Controls how long the work profile can stay off. |
| "accountTypesWithManagementDisabled": [ # Account types that can't be managed by the user. |
| "A String", |
| ], |
| "cameraDisabled": True or False, # Whether camera is disabled. |
| "screenCaptureDisabled": True or False, # Whether screen capture is disabled. |
| "personalPlayStoreMode": "A String", # Controls how apps on the personal profile are allowed or blocked. |
| "personalApplications": [ # Policy applied to applications on the personal profile. |
| { # Policies for apps on the personal profile of a Corporate Owned Personally Enabled device. |
| "installType": "A String", # The type of installation to perform. |
| "packageName": "A String", # The package name of the application. |
| }, |
| ], |
| }, |
| "cellBroadcastsConfigDisabled": True or False, # Whether configuring cell broadcast is disabled. |
| "statusBarDisabled": True or False, # Whether the status bar is disabled. This disables notifications, quick settings, and other screen overlays that allow escape from full-screen mode. DEPRECATED. To disable the status bar on a kiosk device, use InstallType KIOSK or kioskCustomLauncherEnabled. |
| "maximumTimeToLock": "A String", # Maximum time in milliseconds for user activity until the device locks. A value of 0 means there is no restriction. |
| "tetheringConfigDisabled": True or False, # Whether configuring tethering and portable hotspots is disabled. |
| "privateKeySelectionEnabled": True or False, # Allows showing UI on a device for a user to choose a private key alias if there are no matching rules in ChoosePrivateKeyRules. For devices below Android P, setting this may leave enterprise keys vulnerable. |
| "permittedAccessibilityServices": { # A list of package names. # Specifies permitted accessibility services. If the field is not set, any accessibility service can be used. If the field is set, only the accessibility services in this list and the system's built-in accessibility service can be used. In particular, if the field is set to empty, only the system's built-in accessibility servicess can be used. |
| "packageNames": [ # A list of package names. |
| "A String", |
| ], |
| }, |
| "modifyAccountsDisabled": True or False, # Whether adding or removing accounts is disabled. |
| "mountPhysicalMediaDisabled": True or False, # Whether the user mounting physical external media is disabled. |
| "screenCaptureDisabled": True or False, # Whether screen capture is disabled. |
| "usbFileTransferDisabled": True or False, # Whether transferring files over USB is disabled. |
| "factoryResetDisabled": True or False, # Whether factory resetting from settings is disabled. |
| "playStoreMode": "A String", # This mode controls which apps are available to the user in the Play Store and the behavior on the device when apps are removed from the policy. |
| "deviceOwnerLockScreenInfo": { # Provides a user-facing message with locale info. The maximum message length is 4096 characters. # The device owner information to be shown on the lock screen. |
| "localizedMessages": { # A map containing <locale, message> pairs, where locale is a well-formed BCP 47 language (https://www.w3.org/International/articles/language-tags/) code, such as en-US, es-ES, or fr. |
| "a_key": "A String", |
| }, |
| "defaultMessage": "A String", # The default message displayed if no localized message is specified or the user's locale doesn't match with any of the localized messages. A default message must be provided if any localized messages are provided. |
| }, |
| "choosePrivateKeyRules": [ # Rules for automatically choosing a private key and certificate to authenticate the device to a server. The rules are ordered by increasing precedence, so if an outgoing request matches more than one rule, the last rule defines which private key to use. |
| { # A rule for automatically choosing a private key and certificate to authenticate the device to a server. |
| "urlPattern": "A String", # The URL pattern to match against the URL of the outgoing request. The pattern may contain asterisk (*) wildcards. Any URL is matched if unspecified. |
| "packageNames": [ # The package names for which outgoing requests are subject to this rule. If no package names are specified, then the rule applies to all packages. For each package name listed, the rule applies to that package and all other packages that shared the same Android UID. The SHA256 hash of the signing key signatures of each package_name will be verified against those provided by Play |
| "A String", |
| ], |
| "privateKeyAlias": "A String", # The alias of the private key to be used. |
| }, |
| ], |
| "cameraDisabled": True or False, # Whether all cameras on the device are disabled. |
| "installAppsDisabled": True or False, # Whether user installation of apps is disabled. |
| "openNetworkConfiguration": { # Network configuration for the device. See configure networks for more information. |
| "a_key": "", # Properties of the object. |
| }, |
| "usbMassStorageEnabled": True or False, # Whether USB storage is enabled. Deprecated. |
| "permissionGrants": [ # Explicit permission or group grants or denials for all apps. These values override the default_permission_policy. |
| { # Configuration for an Android permission and its grant state. |
| "policy": "A String", # The policy for granting the permission. |
| "permission": "A String", # The Android permission or group, e.g. android.permission.READ_CALENDAR or android.permission_group.CALENDAR. |
| }, |
| ], |
| "setUserIconDisabled": True or False, # Whether changing the user icon is disabled. |
| "appAutoUpdatePolicy": "A String", # The app auto update policy, which controls when automatic app updates can be applied. |
| "kioskCustomLauncherEnabled": True or False, # Whether the kiosk custom launcher is enabled. This replaces the home screen with a launcher that locks down the device to the apps installed via the applications setting. Apps appear on a single page in alphabetical order. Use kioskCustomization to further configure the kiosk device behavior. |
| "encryptionPolicy": "A String", # Whether encryption is enabled |
| "vpnConfigDisabled": True or False, # Whether configuring VPN is disabled. |
| "funDisabled": True or False, # Whether the user is allowed to have fun. Controls whether the Easter egg game in Settings is disabled. |
| "outgoingBeamDisabled": True or False, # Whether using NFC to beam data from apps is disabled. |
| "wifiConfigsLockdownEnabled": True or False, # DEPRECATED - Use wifi_config_disabled. |
| "setupActions": [ # Actions to take during the setup process. |
| { # An action executed during setup. |
| "description": { # Provides a user-facing message with locale info. The maximum message length is 4096 characters. # Description of this action. |
| "localizedMessages": { # A map containing <locale, message> pairs, where locale is a well-formed BCP 47 language (https://www.w3.org/International/articles/language-tags/) code, such as en-US, es-ES, or fr. |
| "a_key": "A String", |
| }, |
| "defaultMessage": "A String", # The default message displayed if no localized message is specified or the user's locale doesn't match with any of the localized messages. A default message must be provided if any localized messages are provided. |
| }, |
| "title": { # Provides a user-facing message with locale info. The maximum message length is 4096 characters. # Title of this action. |
| "localizedMessages": { # A map containing <locale, message> pairs, where locale is a well-formed BCP 47 language (https://www.w3.org/International/articles/language-tags/) code, such as en-US, es-ES, or fr. |
| "a_key": "A String", |
| }, |
| "defaultMessage": "A String", # The default message displayed if no localized message is specified or the user's locale doesn't match with any of the localized messages. A default message must be provided if any localized messages are provided. |
| }, |
| "launchApp": { # An action to launch an app. # An action to launch an app. |
| "packageName": "A String", # Package name of app to be launched |
| }, |
| }, |
| ], |
| "setWallpaperDisabled": True or False, # Whether changing the wallpaper is disabled. |
| "safeBootDisabled": True or False, # Whether rebooting the device into safe boot is disabled. |
| "keyguardDisabled": True or False, # Whether the keyguard is disabled. |
| "outgoingCallsDisabled": True or False, # Whether outgoing calls are disabled. |
| "bluetoothDisabled": True or False, # Whether bluetooth is disabled. Prefer this setting over bluetooth_config_disabled because bluetooth_config_disabled can be bypassed by the user. |
| "locationMode": "A String", # The degree of location detection enabled. The user may change the value unless the user is otherwise blocked from accessing device settings. |
| "dataRoamingDisabled": True or False, # Whether roaming data services are disabled. |
| "androidDevicePolicyTracks": [ # The app tracks for Android Device Policy the device can access. The device receives the latest version among all accessible tracks. If no tracks are specified, then the device only uses the production track. |
| "A String", |
| ], |
| "defaultPermissionPolicy": "A String", # The default permission policy for runtime permission requests. |
| "systemUpdate": { # Configuration for managing system updates # The system update policy, which controls how OS updates are applied. If the update type is WINDOWED, the update window will automatically apply to Play app updates as well. |
| "freezePeriods": [ # An annually repeating time period in which over-the-air (OTA) system updates are postponed to freeze the OS version running on a device. To prevent freezing the device indefinitely, each freeze period must be separated by at least 60 days. |
| { # A system freeze period. When a device’s clock is within the freeze period, all incoming system updates (including security patches) are blocked and won’t be installed. When a device is outside the freeze period, normal update behavior applies. Leap years are ignored in freeze period calculations, in particular: * If Feb. 29th is set as the start or end date of a freeze period, the freeze period will start or end on Feb. 28th instead. * When a device’s system clock reads Feb. 29th, it’s treated as Feb. 28th. * When calculating the number of days in a freeze period or the time between two freeze periods, Feb. 29th is ignored and not counted as a day. |
| "endDate": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day and time zone are either specified elsewhere or are not significant. The date is relative to the Proleptic Gregorian Calendar. This can represent: # The end date (inclusive) of the freeze period. Must be no later than 90 days from the start date. If the end date is earlier than the start date, the freeze period is considered wrapping year-end. Note: year must not be set. For example, {"month": 1,"date": 30}. |
| # A full date, with non-zero year, month and day values |
| # A month and day value, with a zero year, e.g. an anniversary |
| # A year on its own, with zero month and day values |
| # A year and month value, with a zero day, e.g. a credit card expiration dateRelated types are google.type.TimeOfDay and google.protobuf.Timestamp. |
| "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without a year. |
| "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a month and day. |
| "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 if specifying a year by itself or a year and month where the day is not significant. |
| }, |
| "startDate": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day and time zone are either specified elsewhere or are not significant. The date is relative to the Proleptic Gregorian Calendar. This can represent: # The start date (inclusive) of the freeze period. Note: year must not be set. For example, {"month": 1,"date": 30}. |
| # A full date, with non-zero year, month and day values |
| # A month and day value, with a zero year, e.g. an anniversary |
| # A year on its own, with zero month and day values |
| # A year and month value, with a zero day, e.g. a credit card expiration dateRelated types are google.type.TimeOfDay and google.protobuf.Timestamp. |
| "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without a year. |
| "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a month and day. |
| "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 if specifying a year by itself or a year and month where the day is not significant. |
| }, |
| }, |
| ], |
| "endMinutes": 42, # If the type is WINDOWED, the end of the maintenance window, measured as the number of minutes after midnight in device's local time. This value must be between 0 and 1439, inclusive. If this value is less than start_minutes, then the maintenance window spans midnight. If the maintenance window specified is smaller than 30 minutes, the actual window is extended to 30 minutes beyond the start time. |
| "type": "A String", # The type of system update to configure. |
| "startMinutes": 42, # If the type is WINDOWED, the start of the maintenance window, measured as the number of minutes after midnight in the device's local time. This value must be between 0 and 1439, inclusive. |
| }, |
| "persistentPreferredActivities": [ # Default intent handler activities. |
| { # A default activity for handling intents that match a particular intent filter. Note: To set up a kiosk, use InstallType to KIOSK rather than use persistent preferred activities. |
| "categories": [ # The intent categories to match in the filter. An intent includes the categories that it requires, all of which must be included in the filter in order to match. In other words, adding a category to the filter has no impact on matching unless that category is specified in the intent. |
| "A String", |
| ], |
| "receiverActivity": "A String", # The activity that should be the default intent handler. This should be an Android component name, e.g. com.android.enterprise.app/.MainActivity. Alternatively, the value may be the package name of an app, which causes Android Device Policy to choose an appropriate activity from the app to handle the intent. |
| "actions": [ # The intent actions to match in the filter. If any actions are included in the filter, then an intent's action must be one of those values for it to match. If no actions are included, the intent action is ignored. |
| "A String", |
| ], |
| }, |
| ], |
| "shareLocationDisabled": True or False, # Whether location sharing is disabled. |
| "passwordPolicies": [ # Password requirement policies. Different policies can be set for work profile or fully managed devices by setting the password_scope field in the policy. |
| { # Requirements for the password used to unlock a device. |
| "maximumFailedPasswordsForWipe": 42, # Number of incorrect device-unlock passwords that can be entered before a device is wiped. A value of 0 means there is no restriction. |
| "passwordMinimumLength": 42, # The minimum allowed password length. A value of 0 means there is no restriction. Only enforced when password_quality is NUMERIC, NUMERIC_COMPLEX, ALPHABETIC, ALPHANUMERIC, or COMPLEX. |
| "passwordScope": "A String", # The scope that the password requirement applies to. |
| "passwordMinimumLowerCase": 42, # Minimum number of lower case letters required in the password. Only enforced when password_quality is COMPLEX. |
| "passwordMinimumSymbols": 42, # Minimum number of symbols required in the password. Only enforced when password_quality is COMPLEX. |
| "requirePasswordUnlock": "A String", # The length of time after a device or work profile is unlocked using a strong form of authentication (password, PIN, pattern) that it can be unlocked using any other authentication method (e.g. fingerprint, trust agents, face). After the specified time period elapses, only strong forms of authentication can be used to unlock the device or work profile. |
| "passwordHistoryLength": 42, # The length of the password history. After setting this field, the user won't be able to enter a new password that is the same as any password in the history. A value of 0 means there is no restriction. |
| "passwordExpirationTimeout": "A String", # Password expiration timeout. |
| "passwordMinimumLetters": 42, # Minimum number of letters required in the password. Only enforced when password_quality is COMPLEX. |
| "passwordQuality": "A String", # The required password quality. |
| "passwordMinimumUpperCase": 42, # Minimum number of upper case letters required in the password. Only enforced when password_quality is COMPLEX. |
| "passwordMinimumNumeric": 42, # Minimum number of numerical digits required in the password. Only enforced when password_quality is COMPLEX. |
| "passwordMinimumNonLetter": 42, # Minimum number of non-letter characters (numerical digits or symbols) required in the password. Only enforced when password_quality is COMPLEX. |
| }, |
| ], |
| "minimumApiLevel": 42, # The minimum allowed Android API level. |
| "alwaysOnVpnPackage": { # Configuration for an always-on VPN connection. # Configuration for an always-on VPN connection. Use with vpn_config_disabled to prevent modification of this setting. |
| "lockdownEnabled": True or False, # Disallows networking when the VPN is not connected. |
| "packageName": "A String", # The package name of the VPN app. |
| }, |
| "debuggingFeaturesAllowed": True or False, # Whether the user is allowed to enable debugging features. |
| "smsDisabled": True or False, # Whether sending and receiving SMS messages is disabled. |
| "createWindowsDisabled": True or False, # Whether creating windows besides app windows is disabled. |
| "uninstallAppsDisabled": True or False, # Whether user uninstallation of applications is disabled. |
| "policyEnforcementRules": [ # Rules that define the behavior when a particular policy can not be applied on device |
| { # A rule that defines the actions to take if a device or work profile is not compliant with the policy specified in settingName. |
| "settingName": "A String", # The top-level policy to enforce. For example, applications or passwordPolicies. |
| "wipeAction": { # An action to reset a fully managed device or delete a work profile. Note: blockAction must also be specified. # An action to reset a fully managed device or delete a work profile. Note: blockAction must also be specified. |
| "preserveFrp": True or False, # Whether the factory-reset protection data is preserved on the device. This setting doesn’t apply to work profiles. |
| "wipeAfterDays": 42, # Number of days the policy is non-compliant before the device or work profile is wiped. wipeAfterDays must be greater than blockAfterDays. |
| }, |
| "blockAction": { # An action to block access to apps and data on a fully managed device or in a work profile. This action also triggers a device or work profile to displays a user-facing notification with information (where possible) on how to correct the compliance issue. Note: wipeAction must also be specified. # An action to block access to apps and data on a fully managed device or in a work profile. This action also triggers a user-facing notification with information (where possible) on how to correct the compliance issue. Note: wipeAction must also be specified. |
| "blockAfterDays": 42, # Number of days the policy is non-compliant before the device or work profile is blocked. To block access immediately, set to 0. blockAfterDays must be less than wipeAfterDays. |
| "blockScope": "A String", # Specifies the scope of this BlockAction. Only applicable to devices that are company-owned. |
| }, |
| }, |
| ], |
| "recommendedGlobalProxy": { # Configuration info for an HTTP proxy. For a direct proxy, set the host, port, and excluded_hosts fields. For a PAC script proxy, set the pac_uri field. # The network-independent global HTTP proxy. Typically proxies should be configured per-network in open_network_configuration. However for unusual configurations like general internal filtering a global HTTP proxy may be useful. If the proxy is not accessible, network access may break. The global proxy is only a recommendation and some apps may ignore it. |
| "host": "A String", # The host of the direct proxy. |
| "excludedHosts": [ # For a direct proxy, the hosts for which the proxy is bypassed. The host names may contain wildcards such as *.example.com. |
| "A String", |
| ], |
| "port": 42, # The port of the direct proxy. |
| "pacUri": "A String", # The URI of the PAC script used to configure the proxy. |
| }, |
| "blockApplicationsEnabled": True or False, # Whether applications other than the ones configured in applications are blocked from being installed. When set, applications that were installed under a previous policy but no longer appear in the policy are automatically uninstalled. |
| "bluetoothContactSharingDisabled": True or False, # Whether bluetooth contact sharing is disabled. |
| "accountTypesWithManagementDisabled": [ # Account types that can't be managed by the user. |
| "A String", |
| ], |
| "applications": [ # Policy applied to apps. |
| { # Policy for an individual app. |
| "accessibleTrackIds": [ # List of the app’s track IDs that a device belonging to the enterprise can access. If the list contains multiple track IDs, devices receive the latest version among all accessible tracks. If the list contains no track IDs, devices only have access to the app’s production track. More details about each track are available in AppTrackInfo. |
| "A String", |
| ], |
| "installType": "A String", # The type of installation to perform. |
| "lockTaskAllowed": True or False, # Whether the app is allowed to lock itself in full-screen mode. DEPRECATED. Use InstallType KIOSK or kioskCustomLauncherEnabled to to configure a dedicated device. |
| "disabled": True or False, # Whether the app is disabled. When disabled, the app data is still preserved. |
| "delegatedScopes": [ # The scopes delegated to the app from Android Device Policy. |
| "A String", |
| ], |
| "packageName": "A String", # The package name of the app. For example, com.google.android.youtube for the YouTube app. |
| "defaultPermissionPolicy": "A String", # The default policy for all permissions requested by the app. If specified, this overrides the policy-level default_permission_policy which applies to all apps. It does not override the permission_grants which applies to all apps. |
| "minimumVersionCode": 42, # The minimum version of the app that runs on the device. If set, the device attempts to update the app to at least this version code. If the app is not up-to-date, the device will contain a NonComplianceDetail with non_compliance_reason set to APP_NOT_UPDATED. The app must already be published to Google Play with a version code greater than or equal to this value. At most 20 apps may specify a minimum version code per policy. |
| "permissionGrants": [ # Explicit permission grants or denials for the app. These values override the default_permission_policy and permission_grants which apply to all apps. |
| { # Configuration for an Android permission and its grant state. |
| "policy": "A String", # The policy for granting the permission. |
| "permission": "A String", # The Android permission or group, e.g. android.permission.READ_CALENDAR or android.permission_group.CALENDAR. |
| }, |
| ], |
| "managedConfigurationTemplate": { # The managed configurations template for the app, saved from the managed configurations iframe. # The managed configurations template for the app, saved from the managed configurations iframe. This field is ignored if managed_configuration is set. |
| "templateId": "A String", # The ID of the managed configurations template. |
| "configurationVariables": { # Optional, a map containing <key, value> configuration variables defined for the configuration. |
| "a_key": "A String", |
| }, |
| }, |
| "managedConfiguration": { # Managed configuration applied to the app. The format for the configuration is dictated by the ManagedProperty values supported by the app. Each field name in the managed configuration must match the key field of the ManagedProperty. The field value must be compatible with the type of the ManagedProperty: <table> <tr><td><i>type</i></td><td><i>JSON value</i></td></tr> <tr><td>BOOL</td><td>true or false</td></tr> <tr><td>STRING</td><td>string</td></tr> <tr><td>INTEGER</td><td>number</td></tr> <tr><td>CHOICE</td><td>string</td></tr> <tr><td>MULTISELECT</td><td>array of strings</td></tr> <tr><td>HIDDEN</td><td>string</td></tr> <tr><td>BUNDLE_ARRAY</td><td>array of objects</td></tr> </table> |
| "a_key": "", # Properties of the object. |
| }, |
| }, |
| ], |
| "adjustVolumeDisabled": True or False, # Whether adjusting the master volume is disabled. |
| "ensureVerifyAppsEnabled": True or False, # Whether app verification is force-enabled. |
| "wifiConfigDisabled": True or False, # Whether configuring Wi-Fi access points is disabled. |
| "frpAdminEmails": [ # Email addresses of device administrators for factory reset protection. When the device is factory reset, it will require one of these admins to log in with the Google account email and password to unlock the device. If no admins are specified, the device won't provide factory reset protection. |
| "A String", |
| ], |
| "passwordRequirements": { # Requirements for the password used to unlock a device. # Password requirements. The field password_requirements.require_password_unlock must not be set. DEPRECATED - Use password_policies. |
| "maximumFailedPasswordsForWipe": 42, # Number of incorrect device-unlock passwords that can be entered before a device is wiped. A value of 0 means there is no restriction. |
| "passwordMinimumLength": 42, # The minimum allowed password length. A value of 0 means there is no restriction. Only enforced when password_quality is NUMERIC, NUMERIC_COMPLEX, ALPHABETIC, ALPHANUMERIC, or COMPLEX. |
| "passwordScope": "A String", # The scope that the password requirement applies to. |
| "passwordMinimumLowerCase": 42, # Minimum number of lower case letters required in the password. Only enforced when password_quality is COMPLEX. |
| "passwordMinimumSymbols": 42, # Minimum number of symbols required in the password. Only enforced when password_quality is COMPLEX. |
| "requirePasswordUnlock": "A String", # The length of time after a device or work profile is unlocked using a strong form of authentication (password, PIN, pattern) that it can be unlocked using any other authentication method (e.g. fingerprint, trust agents, face). After the specified time period elapses, only strong forms of authentication can be used to unlock the device or work profile. |
| "passwordHistoryLength": 42, # The length of the password history. After setting this field, the user won't be able to enter a new password that is the same as any password in the history. A value of 0 means there is no restriction. |
| "passwordExpirationTimeout": "A String", # Password expiration timeout. |
| "passwordMinimumLetters": 42, # Minimum number of letters required in the password. Only enforced when password_quality is COMPLEX. |
| "passwordQuality": "A String", # The required password quality. |
| "passwordMinimumUpperCase": 42, # Minimum number of upper case letters required in the password. Only enforced when password_quality is COMPLEX. |
| "passwordMinimumNumeric": 42, # Minimum number of numerical digits required in the password. Only enforced when password_quality is COMPLEX. |
| "passwordMinimumNonLetter": 42, # Minimum number of non-letter characters (numerical digits or symbols) required in the password. Only enforced when password_quality is COMPLEX. |
| }, |
| "skipFirstUseHintsEnabled": True or False, # Flag to skip hints on the first use. Enterprise admin can enable the system recommendation for apps to skip their user tutorial and other introductory hints on first start-up. |
| "keyguardDisabledFeatures": [ # Disabled keyguard customizations, such as widgets. |
| "A String", |
| ], |
| "networkResetDisabled": True or False, # Whether resetting network settings is disabled. |
| "bluetoothConfigDisabled": True or False, # Whether configuring bluetooth is disabled. |
| "longSupportMessage": { # Provides a user-facing message with locale info. The maximum message length is 4096 characters. # A message displayed to the user in the device administators settings screen. |
| "localizedMessages": { # A map containing <locale, message> pairs, where locale is a well-formed BCP 47 language (https://www.w3.org/International/articles/language-tags/) code, such as en-US, es-ES, or fr. |
| "a_key": "A String", |
| }, |
| "defaultMessage": "A String", # The default message displayed if no localized message is specified or the user's locale doesn't match with any of the localized messages. A default message must be provided if any localized messages are provided. |
| }, |
| "unmuteMicrophoneDisabled": True or False, # Whether the microphone is muted and adjusting microphone volume is disabled. |
| "permittedInputMethods": { # A list of package names. # If present, only the input methods provided by packages in this list are permitted. If this field is present, but the list is empty, then only system input methods are permitted. |
| "packageNames": [ # A list of package names. |
| "A String", |
| ], |
| }, |
| "name": "A String", # The name of the policy in the form enterprises/{enterpriseId}/policies/{policyId}. |
| "removeUserDisabled": True or False, # Whether removing other users is disabled. |
| "autoTimeRequired": True or False, # Whether auto time is required, which prevents the user from manually setting the date and time. |
| "mobileNetworksConfigDisabled": True or False, # Whether configuring mobile networks is disabled. |
| "installUnknownSourcesAllowed": True or False, # Whether the user is allowed to enable the "Unknown Sources" setting, which allows installation of apps from unknown sources. |
| "credentialsConfigDisabled": True or False, # Whether configuring user credentials is disabled. |
| "version": "A String", # The version of the policy. This is a read-only field. The version is incremented each time the policy is updated. |
| "advancedSecurityOverrides": { # Security policies set to the most secure values by default. To maintain the security posture of a device, we don't recommend overriding any of the default values. # Security policies set to the most secure values by default. To maintain the security posture of a device, we don't recommend overriding any of the default values. |
| "untrustedAppsPolicy": "A String", # The policy for untrusted apps (apps from unknown sources) enforced on the device. Replaces install_unknown_sources_allowed (deprecated). |
| }, |
| } |
| |
| updateMask: string, The field mask indicating the fields to update. If not set, all modifiable fields will be modified. |
| x__xgafv: string, V1 error format. |
| Allowed values |
| 1 - v1 error format |
| 2 - v2 error format |
| |
| Returns: |
| An object of the form: |
| |
| { # A policy resource represents a group of settings that govern the behavior of a managed device and the apps installed on it. |
| "complianceRules": [ # Rules declaring which mitigating actions to take when a device is not compliant with its policy. When the conditions for multiple rules are satisfied, all of the mitigating actions for the rules are taken. There is a maximum limit of 100 rules. Use policy enforcement rules instead. |
| { # A rule declaring which mitigating actions to take when a device is not compliant with its policy. For every rule, there is always an implicit mitigating action to set policy_compliant to false for the Device resource, and display a message on the device indicating that the device is not compliant with its policy. Other mitigating actions may optionally be taken as well, depending on the field values in the rule. |
| "packageNamesToDisable": [ # If set, the rule includes a mitigating action to disable apps specified in the list, but app data is preserved. |
| "A String", |
| ], |
| "disableApps": True or False, # If set to true, the rule includes a mitigating action to disable apps so that the device is effectively disabled, but app data is preserved. If the device is running an app in locked task mode, the app will be closed and a UI showing the reason for non-compliance will be displayed. |
| "nonComplianceDetailCondition": { # A compliance rule condition which is satisfied if there exists any matching NonComplianceDetail for the device. A NonComplianceDetail matches a NonComplianceDetailCondition if all the fields which are set within the NonComplianceDetailCondition match the corresponding NonComplianceDetail fields. # A condition which is satisfied if there exists any matching NonComplianceDetail for the device. |
| "packageName": "A String", # The package name of the app that's out of compliance. If not set, then this condition matches any package name. |
| "settingName": "A String", # The name of the policy setting. This is the JSON field name of a top-level Policy field. If not set, then this condition matches any setting name. |
| "nonComplianceReason": "A String", # The reason the device is not in compliance with the setting. If not set, then this condition matches any reason. |
| }, |
| "apiLevelCondition": { # A compliance rule condition which is satisfied if the Android Framework API level on the device doesn't meet a minimum requirement. There can only be one rule with this type of condition per policy. # A condition which is satisfied if the Android Framework API level on the device doesn't meet a minimum requirement. |
| "minApiLevel": 42, # The minimum desired Android Framework API level. If the device doesn't meet the minimum requirement, this condition is satisfied. Must be greater than zero. |
| }, |
| }, |
| ], |
| "statusReportingSettings": { # Settings controlling the behavior of status reports. # Status reporting settings |
| "applicationReportsEnabled": True or False, # Whether app reports are enabled. |
| "systemPropertiesEnabled": True or False, # Whether system properties reporting is enabled. |
| "deviceSettingsEnabled": True or False, # Whether device settings reporting is enabled. |
| "memoryInfoEnabled": True or False, # Whether memory reporting is enabled. |
| "softwareInfoEnabled": True or False, # Whether software info reporting is enabled. |
| "powerManagementEventsEnabled": True or False, # Whether power management event reporting is enabled. Report data is not available for personally owned devices with work profiles. |
| "displayInfoEnabled": True or False, # Whether displays reporting is enabled. Report data is not available for personally owned devices with work profiles. |
| "hardwareStatusEnabled": True or False, # Whether hardware status reporting is enabled. Report data is not available for personally owned devices with work profiles. |
| "networkInfoEnabled": True or False, # Whether network info reporting is enabled. |
| "applicationReportingSettings": { # Settings controlling the behavior of application reports. # Application reporting settings. Only applicable if application_reports_enabled is true. |
| "includeRemovedApps": True or False, # Whether removed apps are included in application reports. |
| }, |
| }, |
| "shortSupportMessage": { # Provides a user-facing message with locale info. The maximum message length is 4096 characters. # A message displayed to the user in the settings screen wherever functionality has been disabled by the admin. If the message is longer than 200 characters it may be truncated. |
| "localizedMessages": { # A map containing <locale, message> pairs, where locale is a well-formed BCP 47 language (https://www.w3.org/International/articles/language-tags/) code, such as en-US, es-ES, or fr. |
| "a_key": "A String", |
| }, |
| "defaultMessage": "A String", # The default message displayed if no localized message is specified or the user's locale doesn't match with any of the localized messages. A default message must be provided if any localized messages are provided. |
| }, |
| "stayOnPluggedModes": [ # The battery plugged in modes for which the device stays on. When using this setting, it is recommended to clear maximum_time_to_lock so that the device doesn't lock itself while it stays on. |
| "A String", |
| ], |
| "addUserDisabled": True or False, # Whether adding new users and profiles is disabled. |
| "kioskCustomization": { # Settings controlling the behavior of a device in kiosk mode. To enable kiosk mode, set kioskCustomLauncherEnabled to true or specify an app in the policy with installType KIOSK. # Settings controlling the behavior of a device in kiosk mode. To enable kiosk mode, set kioskCustomLauncherEnabled to true or specify an app in the policy with installType KIOSK. |
| "systemNavigation": "A String", # Specifies which navigation features are enabled (e.g. Home, Overview buttons) in kiosk mode. |
| "systemErrorWarnings": "A String", # Specifies whether system error dialogs for crashed or unresponsive apps are blocked in kiosk mode. When blocked, the system will force-stop the app as if the user chooses the "close app" option on the UI. |
| "powerButtonActions": "A String", # Sets the behavior of a device in kiosk mode when a user presses and holds (long-presses) the Power button. |
| "deviceSettings": "A String", # Specifies whether the Settings app is allowed in kiosk mode. |
| "statusBar": "A String", # Specifies whether system info and notifications are disabled in kiosk mode. |
| }, |
| "networkEscapeHatchEnabled": True or False, # Whether the network escape hatch is enabled. If a network connection can't be made at boot time, the escape hatch prompts the user to temporarily connect to a network in order to refresh the device policy. After applying policy, the temporary network will be forgotten and the device will continue booting. This prevents being unable to connect to a network if there is no suitable network in the last policy and the device boots into an app in lock task mode, or the user is otherwise unable to reach device settings. |
| "personalUsagePolicies": { # Policies controlling personal usage on a Corporate Owned Personally Enabled device. # Policies managing personal usage on a company-owned device. |
| "maxDaysWithWorkOff": 42, # Controls how long the work profile can stay off. |
| "accountTypesWithManagementDisabled": [ # Account types that can't be managed by the user. |
| "A String", |
| ], |
| "cameraDisabled": True or False, # Whether camera is disabled. |
| "screenCaptureDisabled": True or False, # Whether screen capture is disabled. |
| "personalPlayStoreMode": "A String", # Controls how apps on the personal profile are allowed or blocked. |
| "personalApplications": [ # Policy applied to applications on the personal profile. |
| { # Policies for apps on the personal profile of a Corporate Owned Personally Enabled device. |
| "installType": "A String", # The type of installation to perform. |
| "packageName": "A String", # The package name of the application. |
| }, |
| ], |
| }, |
| "cellBroadcastsConfigDisabled": True or False, # Whether configuring cell broadcast is disabled. |
| "statusBarDisabled": True or False, # Whether the status bar is disabled. This disables notifications, quick settings, and other screen overlays that allow escape from full-screen mode. DEPRECATED. To disable the status bar on a kiosk device, use InstallType KIOSK or kioskCustomLauncherEnabled. |
| "maximumTimeToLock": "A String", # Maximum time in milliseconds for user activity until the device locks. A value of 0 means there is no restriction. |
| "tetheringConfigDisabled": True or False, # Whether configuring tethering and portable hotspots is disabled. |
| "privateKeySelectionEnabled": True or False, # Allows showing UI on a device for a user to choose a private key alias if there are no matching rules in ChoosePrivateKeyRules. For devices below Android P, setting this may leave enterprise keys vulnerable. |
| "permittedAccessibilityServices": { # A list of package names. # Specifies permitted accessibility services. If the field is not set, any accessibility service can be used. If the field is set, only the accessibility services in this list and the system's built-in accessibility service can be used. In particular, if the field is set to empty, only the system's built-in accessibility servicess can be used. |
| "packageNames": [ # A list of package names. |
| "A String", |
| ], |
| }, |
| "modifyAccountsDisabled": True or False, # Whether adding or removing accounts is disabled. |
| "mountPhysicalMediaDisabled": True or False, # Whether the user mounting physical external media is disabled. |
| "screenCaptureDisabled": True or False, # Whether screen capture is disabled. |
| "usbFileTransferDisabled": True or False, # Whether transferring files over USB is disabled. |
| "factoryResetDisabled": True or False, # Whether factory resetting from settings is disabled. |
| "playStoreMode": "A String", # This mode controls which apps are available to the user in the Play Store and the behavior on the device when apps are removed from the policy. |
| "deviceOwnerLockScreenInfo": { # Provides a user-facing message with locale info. The maximum message length is 4096 characters. # The device owner information to be shown on the lock screen. |
| "localizedMessages": { # A map containing <locale, message> pairs, where locale is a well-formed BCP 47 language (https://www.w3.org/International/articles/language-tags/) code, such as en-US, es-ES, or fr. |
| "a_key": "A String", |
| }, |
| "defaultMessage": "A String", # The default message displayed if no localized message is specified or the user's locale doesn't match with any of the localized messages. A default message must be provided if any localized messages are provided. |
| }, |
| "choosePrivateKeyRules": [ # Rules for automatically choosing a private key and certificate to authenticate the device to a server. The rules are ordered by increasing precedence, so if an outgoing request matches more than one rule, the last rule defines which private key to use. |
| { # A rule for automatically choosing a private key and certificate to authenticate the device to a server. |
| "urlPattern": "A String", # The URL pattern to match against the URL of the outgoing request. The pattern may contain asterisk (*) wildcards. Any URL is matched if unspecified. |
| "packageNames": [ # The package names for which outgoing requests are subject to this rule. If no package names are specified, then the rule applies to all packages. For each package name listed, the rule applies to that package and all other packages that shared the same Android UID. The SHA256 hash of the signing key signatures of each package_name will be verified against those provided by Play |
| "A String", |
| ], |
| "privateKeyAlias": "A String", # The alias of the private key to be used. |
| }, |
| ], |
| "cameraDisabled": True or False, # Whether all cameras on the device are disabled. |
| "installAppsDisabled": True or False, # Whether user installation of apps is disabled. |
| "openNetworkConfiguration": { # Network configuration for the device. See configure networks for more information. |
| "a_key": "", # Properties of the object. |
| }, |
| "usbMassStorageEnabled": True or False, # Whether USB storage is enabled. Deprecated. |
| "permissionGrants": [ # Explicit permission or group grants or denials for all apps. These values override the default_permission_policy. |
| { # Configuration for an Android permission and its grant state. |
| "policy": "A String", # The policy for granting the permission. |
| "permission": "A String", # The Android permission or group, e.g. android.permission.READ_CALENDAR or android.permission_group.CALENDAR. |
| }, |
| ], |
| "setUserIconDisabled": True or False, # Whether changing the user icon is disabled. |
| "appAutoUpdatePolicy": "A String", # The app auto update policy, which controls when automatic app updates can be applied. |
| "kioskCustomLauncherEnabled": True or False, # Whether the kiosk custom launcher is enabled. This replaces the home screen with a launcher that locks down the device to the apps installed via the applications setting. Apps appear on a single page in alphabetical order. Use kioskCustomization to further configure the kiosk device behavior. |
| "encryptionPolicy": "A String", # Whether encryption is enabled |
| "vpnConfigDisabled": True or False, # Whether configuring VPN is disabled. |
| "funDisabled": True or False, # Whether the user is allowed to have fun. Controls whether the Easter egg game in Settings is disabled. |
| "outgoingBeamDisabled": True or False, # Whether using NFC to beam data from apps is disabled. |
| "wifiConfigsLockdownEnabled": True or False, # DEPRECATED - Use wifi_config_disabled. |
| "setupActions": [ # Actions to take during the setup process. |
| { # An action executed during setup. |
| "description": { # Provides a user-facing message with locale info. The maximum message length is 4096 characters. # Description of this action. |
| "localizedMessages": { # A map containing <locale, message> pairs, where locale is a well-formed BCP 47 language (https://www.w3.org/International/articles/language-tags/) code, such as en-US, es-ES, or fr. |
| "a_key": "A String", |
| }, |
| "defaultMessage": "A String", # The default message displayed if no localized message is specified or the user's locale doesn't match with any of the localized messages. A default message must be provided if any localized messages are provided. |
| }, |
| "title": { # Provides a user-facing message with locale info. The maximum message length is 4096 characters. # Title of this action. |
| "localizedMessages": { # A map containing <locale, message> pairs, where locale is a well-formed BCP 47 language (https://www.w3.org/International/articles/language-tags/) code, such as en-US, es-ES, or fr. |
| "a_key": "A String", |
| }, |
| "defaultMessage": "A String", # The default message displayed if no localized message is specified or the user's locale doesn't match with any of the localized messages. A default message must be provided if any localized messages are provided. |
| }, |
| "launchApp": { # An action to launch an app. # An action to launch an app. |
| "packageName": "A String", # Package name of app to be launched |
| }, |
| }, |
| ], |
| "setWallpaperDisabled": True or False, # Whether changing the wallpaper is disabled. |
| "safeBootDisabled": True or False, # Whether rebooting the device into safe boot is disabled. |
| "keyguardDisabled": True or False, # Whether the keyguard is disabled. |
| "outgoingCallsDisabled": True or False, # Whether outgoing calls are disabled. |
| "bluetoothDisabled": True or False, # Whether bluetooth is disabled. Prefer this setting over bluetooth_config_disabled because bluetooth_config_disabled can be bypassed by the user. |
| "locationMode": "A String", # The degree of location detection enabled. The user may change the value unless the user is otherwise blocked from accessing device settings. |
| "dataRoamingDisabled": True or False, # Whether roaming data services are disabled. |
| "androidDevicePolicyTracks": [ # The app tracks for Android Device Policy the device can access. The device receives the latest version among all accessible tracks. If no tracks are specified, then the device only uses the production track. |
| "A String", |
| ], |
| "defaultPermissionPolicy": "A String", # The default permission policy for runtime permission requests. |
| "systemUpdate": { # Configuration for managing system updates # The system update policy, which controls how OS updates are applied. If the update type is WINDOWED, the update window will automatically apply to Play app updates as well. |
| "freezePeriods": [ # An annually repeating time period in which over-the-air (OTA) system updates are postponed to freeze the OS version running on a device. To prevent freezing the device indefinitely, each freeze period must be separated by at least 60 days. |
| { # A system freeze period. When a device’s clock is within the freeze period, all incoming system updates (including security patches) are blocked and won’t be installed. When a device is outside the freeze period, normal update behavior applies. Leap years are ignored in freeze period calculations, in particular: * If Feb. 29th is set as the start or end date of a freeze period, the freeze period will start or end on Feb. 28th instead. * When a device’s system clock reads Feb. 29th, it’s treated as Feb. 28th. * When calculating the number of days in a freeze period or the time between two freeze periods, Feb. 29th is ignored and not counted as a day. |
| "endDate": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day and time zone are either specified elsewhere or are not significant. The date is relative to the Proleptic Gregorian Calendar. This can represent: # The end date (inclusive) of the freeze period. Must be no later than 90 days from the start date. If the end date is earlier than the start date, the freeze period is considered wrapping year-end. Note: year must not be set. For example, {"month": 1,"date": 30}. |
| # A full date, with non-zero year, month and day values |
| # A month and day value, with a zero year, e.g. an anniversary |
| # A year on its own, with zero month and day values |
| # A year and month value, with a zero day, e.g. a credit card expiration dateRelated types are google.type.TimeOfDay and google.protobuf.Timestamp. |
| "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without a year. |
| "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a month and day. |
| "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 if specifying a year by itself or a year and month where the day is not significant. |
| }, |
| "startDate": { # Represents a whole or partial calendar date, e.g. a birthday. The time of day and time zone are either specified elsewhere or are not significant. The date is relative to the Proleptic Gregorian Calendar. This can represent: # The start date (inclusive) of the freeze period. Note: year must not be set. For example, {"month": 1,"date": 30}. |
| # A full date, with non-zero year, month and day values |
| # A month and day value, with a zero year, e.g. an anniversary |
| # A year on its own, with zero month and day values |
| # A year and month value, with a zero day, e.g. a credit card expiration dateRelated types are google.type.TimeOfDay and google.protobuf.Timestamp. |
| "year": 42, # Year of date. Must be from 1 to 9999, or 0 if specifying a date without a year. |
| "month": 42, # Month of year. Must be from 1 to 12, or 0 if specifying a year without a month and day. |
| "day": 42, # Day of month. Must be from 1 to 31 and valid for the year and month, or 0 if specifying a year by itself or a year and month where the day is not significant. |
| }, |
| }, |
| ], |
| "endMinutes": 42, # If the type is WINDOWED, the end of the maintenance window, measured as the number of minutes after midnight in device's local time. This value must be between 0 and 1439, inclusive. If this value is less than start_minutes, then the maintenance window spans midnight. If the maintenance window specified is smaller than 30 minutes, the actual window is extended to 30 minutes beyond the start time. |
| "type": "A String", # The type of system update to configure. |
| "startMinutes": 42, # If the type is WINDOWED, the start of the maintenance window, measured as the number of minutes after midnight in the device's local time. This value must be between 0 and 1439, inclusive. |
| }, |
| "persistentPreferredActivities": [ # Default intent handler activities. |
| { # A default activity for handling intents that match a particular intent filter. Note: To set up a kiosk, use InstallType to KIOSK rather than use persistent preferred activities. |
| "categories": [ # The intent categories to match in the filter. An intent includes the categories that it requires, all of which must be included in the filter in order to match. In other words, adding a category to the filter has no impact on matching unless that category is specified in the intent. |
| "A String", |
| ], |
| "receiverActivity": "A String", # The activity that should be the default intent handler. This should be an Android component name, e.g. com.android.enterprise.app/.MainActivity. Alternatively, the value may be the package name of an app, which causes Android Device Policy to choose an appropriate activity from the app to handle the intent. |
| "actions": [ # The intent actions to match in the filter. If any actions are included in the filter, then an intent's action must be one of those values for it to match. If no actions are included, the intent action is ignored. |
| "A String", |
| ], |
| }, |
| ], |
| "shareLocationDisabled": True or False, # Whether location sharing is disabled. |
| "passwordPolicies": [ # Password requirement policies. Different policies can be set for work profile or fully managed devices by setting the password_scope field in the policy. |
| { # Requirements for the password used to unlock a device. |
| "maximumFailedPasswordsForWipe": 42, # Number of incorrect device-unlock passwords that can be entered before a device is wiped. A value of 0 means there is no restriction. |
| "passwordMinimumLength": 42, # The minimum allowed password length. A value of 0 means there is no restriction. Only enforced when password_quality is NUMERIC, NUMERIC_COMPLEX, ALPHABETIC, ALPHANUMERIC, or COMPLEX. |
| "passwordScope": "A String", # The scope that the password requirement applies to. |
| "passwordMinimumLowerCase": 42, # Minimum number of lower case letters required in the password. Only enforced when password_quality is COMPLEX. |
| "passwordMinimumSymbols": 42, # Minimum number of symbols required in the password. Only enforced when password_quality is COMPLEX. |
| "requirePasswordUnlock": "A String", # The length of time after a device or work profile is unlocked using a strong form of authentication (password, PIN, pattern) that it can be unlocked using any other authentication method (e.g. fingerprint, trust agents, face). After the specified time period elapses, only strong forms of authentication can be used to unlock the device or work profile. |
| "passwordHistoryLength": 42, # The length of the password history. After setting this field, the user won't be able to enter a new password that is the same as any password in the history. A value of 0 means there is no restriction. |
| "passwordExpirationTimeout": "A String", # Password expiration timeout. |
| "passwordMinimumLetters": 42, # Minimum number of letters required in the password. Only enforced when password_quality is COMPLEX. |
| "passwordQuality": "A String", # The required password quality. |
| "passwordMinimumUpperCase": 42, # Minimum number of upper case letters required in the password. Only enforced when password_quality is COMPLEX. |
| "passwordMinimumNumeric": 42, # Minimum number of numerical digits required in the password. Only enforced when password_quality is COMPLEX. |
| "passwordMinimumNonLetter": 42, # Minimum number of non-letter characters (numerical digits or symbols) required in the password. Only enforced when password_quality is COMPLEX. |
| }, |
| ], |
| "minimumApiLevel": 42, # The minimum allowed Android API level. |
| "alwaysOnVpnPackage": { # Configuration for an always-on VPN connection. # Configuration for an always-on VPN connection. Use with vpn_config_disabled to prevent modification of this setting. |
| "lockdownEnabled": True or False, # Disallows networking when the VPN is not connected. |
| "packageName": "A String", # The package name of the VPN app. |
| }, |
| "debuggingFeaturesAllowed": True or False, # Whether the user is allowed to enable debugging features. |
| "smsDisabled": True or False, # Whether sending and receiving SMS messages is disabled. |
| "createWindowsDisabled": True or False, # Whether creating windows besides app windows is disabled. |
| "uninstallAppsDisabled": True or False, # Whether user uninstallation of applications is disabled. |
| "policyEnforcementRules": [ # Rules that define the behavior when a particular policy can not be applied on device |
| { # A rule that defines the actions to take if a device or work profile is not compliant with the policy specified in settingName. |
| "settingName": "A String", # The top-level policy to enforce. For example, applications or passwordPolicies. |
| "wipeAction": { # An action to reset a fully managed device or delete a work profile. Note: blockAction must also be specified. # An action to reset a fully managed device or delete a work profile. Note: blockAction must also be specified. |
| "preserveFrp": True or False, # Whether the factory-reset protection data is preserved on the device. This setting doesn’t apply to work profiles. |
| "wipeAfterDays": 42, # Number of days the policy is non-compliant before the device or work profile is wiped. wipeAfterDays must be greater than blockAfterDays. |
| }, |
| "blockAction": { # An action to block access to apps and data on a fully managed device or in a work profile. This action also triggers a device or work profile to displays a user-facing notification with information (where possible) on how to correct the compliance issue. Note: wipeAction must also be specified. # An action to block access to apps and data on a fully managed device or in a work profile. This action also triggers a user-facing notification with information (where possible) on how to correct the compliance issue. Note: wipeAction must also be specified. |
| "blockAfterDays": 42, # Number of days the policy is non-compliant before the device or work profile is blocked. To block access immediately, set to 0. blockAfterDays must be less than wipeAfterDays. |
| "blockScope": "A String", # Specifies the scope of this BlockAction. Only applicable to devices that are company-owned. |
| }, |
| }, |
| ], |
| "recommendedGlobalProxy": { # Configuration info for an HTTP proxy. For a direct proxy, set the host, port, and excluded_hosts fields. For a PAC script proxy, set the pac_uri field. # The network-independent global HTTP proxy. Typically proxies should be configured per-network in open_network_configuration. However for unusual configurations like general internal filtering a global HTTP proxy may be useful. If the proxy is not accessible, network access may break. The global proxy is only a recommendation and some apps may ignore it. |
| "host": "A String", # The host of the direct proxy. |
| "excludedHosts": [ # For a direct proxy, the hosts for which the proxy is bypassed. The host names may contain wildcards such as *.example.com. |
| "A String", |
| ], |
| "port": 42, # The port of the direct proxy. |
| "pacUri": "A String", # The URI of the PAC script used to configure the proxy. |
| }, |
| "blockApplicationsEnabled": True or False, # Whether applications other than the ones configured in applications are blocked from being installed. When set, applications that were installed under a previous policy but no longer appear in the policy are automatically uninstalled. |
| "bluetoothContactSharingDisabled": True or False, # Whether bluetooth contact sharing is disabled. |
| "accountTypesWithManagementDisabled": [ # Account types that can't be managed by the user. |
| "A String", |
| ], |
| "applications": [ # Policy applied to apps. |
| { # Policy for an individual app. |
| "accessibleTrackIds": [ # List of the app’s track IDs that a device belonging to the enterprise can access. If the list contains multiple track IDs, devices receive the latest version among all accessible tracks. If the list contains no track IDs, devices only have access to the app’s production track. More details about each track are available in AppTrackInfo. |
| "A String", |
| ], |
| "installType": "A String", # The type of installation to perform. |
| "lockTaskAllowed": True or False, # Whether the app is allowed to lock itself in full-screen mode. DEPRECATED. Use InstallType KIOSK or kioskCustomLauncherEnabled to to configure a dedicated device. |
| "disabled": True or False, # Whether the app is disabled. When disabled, the app data is still preserved. |
| "delegatedScopes": [ # The scopes delegated to the app from Android Device Policy. |
| "A String", |
| ], |
| "packageName": "A String", # The package name of the app. For example, com.google.android.youtube for the YouTube app. |
| "defaultPermissionPolicy": "A String", # The default policy for all permissions requested by the app. If specified, this overrides the policy-level default_permission_policy which applies to all apps. It does not override the permission_grants which applies to all apps. |
| "minimumVersionCode": 42, # The minimum version of the app that runs on the device. If set, the device attempts to update the app to at least this version code. If the app is not up-to-date, the device will contain a NonComplianceDetail with non_compliance_reason set to APP_NOT_UPDATED. The app must already be published to Google Play with a version code greater than or equal to this value. At most 20 apps may specify a minimum version code per policy. |
| "permissionGrants": [ # Explicit permission grants or denials for the app. These values override the default_permission_policy and permission_grants which apply to all apps. |
| { # Configuration for an Android permission and its grant state. |
| "policy": "A String", # The policy for granting the permission. |
| "permission": "A String", # The Android permission or group, e.g. android.permission.READ_CALENDAR or android.permission_group.CALENDAR. |
| }, |
| ], |
| "managedConfigurationTemplate": { # The managed configurations template for the app, saved from the managed configurations iframe. # The managed configurations template for the app, saved from the managed configurations iframe. This field is ignored if managed_configuration is set. |
| "templateId": "A String", # The ID of the managed configurations template. |
| "configurationVariables": { # Optional, a map containing <key, value> configuration variables defined for the configuration. |
| "a_key": "A String", |
| }, |
| }, |
| "managedConfiguration": { # Managed configuration applied to the app. The format for the configuration is dictated by the ManagedProperty values supported by the app. Each field name in the managed configuration must match the key field of the ManagedProperty. The field value must be compatible with the type of the ManagedProperty: <table> <tr><td><i>type</i></td><td><i>JSON value</i></td></tr> <tr><td>BOOL</td><td>true or false</td></tr> <tr><td>STRING</td><td>string</td></tr> <tr><td>INTEGER</td><td>number</td></tr> <tr><td>CHOICE</td><td>string</td></tr> <tr><td>MULTISELECT</td><td>array of strings</td></tr> <tr><td>HIDDEN</td><td>string</td></tr> <tr><td>BUNDLE_ARRAY</td><td>array of objects</td></tr> </table> |
| "a_key": "", # Properties of the object. |
| }, |
| }, |
| ], |
| "adjustVolumeDisabled": True or False, # Whether adjusting the master volume is disabled. |
| "ensureVerifyAppsEnabled": True or False, # Whether app verification is force-enabled. |
| "wifiConfigDisabled": True or False, # Whether configuring Wi-Fi access points is disabled. |
| "frpAdminEmails": [ # Email addresses of device administrators for factory reset protection. When the device is factory reset, it will require one of these admins to log in with the Google account email and password to unlock the device. If no admins are specified, the device won't provide factory reset protection. |
| "A String", |
| ], |
| "passwordRequirements": { # Requirements for the password used to unlock a device. # Password requirements. The field password_requirements.require_password_unlock must not be set. DEPRECATED - Use password_policies. |
| "maximumFailedPasswordsForWipe": 42, # Number of incorrect device-unlock passwords that can be entered before a device is wiped. A value of 0 means there is no restriction. |
| "passwordMinimumLength": 42, # The minimum allowed password length. A value of 0 means there is no restriction. Only enforced when password_quality is NUMERIC, NUMERIC_COMPLEX, ALPHABETIC, ALPHANUMERIC, or COMPLEX. |
| "passwordScope": "A String", # The scope that the password requirement applies to. |
| "passwordMinimumLowerCase": 42, # Minimum number of lower case letters required in the password. Only enforced when password_quality is COMPLEX. |
| "passwordMinimumSymbols": 42, # Minimum number of symbols required in the password. Only enforced when password_quality is COMPLEX. |
| "requirePasswordUnlock": "A String", # The length of time after a device or work profile is unlocked using a strong form of authentication (password, PIN, pattern) that it can be unlocked using any other authentication method (e.g. fingerprint, trust agents, face). After the specified time period elapses, only strong forms of authentication can be used to unlock the device or work profile. |
| "passwordHistoryLength": 42, # The length of the password history. After setting this field, the user won't be able to enter a new password that is the same as any password in the history. A value of 0 means there is no restriction. |
| "passwordExpirationTimeout": "A String", # Password expiration timeout. |
| "passwordMinimumLetters": 42, # Minimum number of letters required in the password. Only enforced when password_quality is COMPLEX. |
| "passwordQuality": "A String", # The required password quality. |
| "passwordMinimumUpperCase": 42, # Minimum number of upper case letters required in the password. Only enforced when password_quality is COMPLEX. |
| "passwordMinimumNumeric": 42, # Minimum number of numerical digits required in the password. Only enforced when password_quality is COMPLEX. |
| "passwordMinimumNonLetter": 42, # Minimum number of non-letter characters (numerical digits or symbols) required in the password. Only enforced when password_quality is COMPLEX. |
| }, |
| "skipFirstUseHintsEnabled": True or False, # Flag to skip hints on the first use. Enterprise admin can enable the system recommendation for apps to skip their user tutorial and other introductory hints on first start-up. |
| "keyguardDisabledFeatures": [ # Disabled keyguard customizations, such as widgets. |
| "A String", |
| ], |
| "networkResetDisabled": True or False, # Whether resetting network settings is disabled. |
| "bluetoothConfigDisabled": True or False, # Whether configuring bluetooth is disabled. |
| "longSupportMessage": { # Provides a user-facing message with locale info. The maximum message length is 4096 characters. # A message displayed to the user in the device administators settings screen. |
| "localizedMessages": { # A map containing <locale, message> pairs, where locale is a well-formed BCP 47 language (https://www.w3.org/International/articles/language-tags/) code, such as en-US, es-ES, or fr. |
| "a_key": "A String", |
| }, |
| "defaultMessage": "A String", # The default message displayed if no localized message is specified or the user's locale doesn't match with any of the localized messages. A default message must be provided if any localized messages are provided. |
| }, |
| "unmuteMicrophoneDisabled": True or False, # Whether the microphone is muted and adjusting microphone volume is disabled. |
| "permittedInputMethods": { # A list of package names. # If present, only the input methods provided by packages in this list are permitted. If this field is present, but the list is empty, then only system input methods are permitted. |
| "packageNames": [ # A list of package names. |
| "A String", |
| ], |
| }, |
| "name": "A String", # The name of the policy in the form enterprises/{enterpriseId}/policies/{policyId}. |
| "removeUserDisabled": True or False, # Whether removing other users is disabled. |
| "autoTimeRequired": True or False, # Whether auto time is required, which prevents the user from manually setting the date and time. |
| "mobileNetworksConfigDisabled": True or False, # Whether configuring mobile networks is disabled. |
| "installUnknownSourcesAllowed": True or False, # Whether the user is allowed to enable the "Unknown Sources" setting, which allows installation of apps from unknown sources. |
| "credentialsConfigDisabled": True or False, # Whether configuring user credentials is disabled. |
| "version": "A String", # The version of the policy. This is a read-only field. The version is incremented each time the policy is updated. |
| "advancedSecurityOverrides": { # Security policies set to the most secure values by default. To maintain the security posture of a device, we don't recommend overriding any of the default values. # Security policies set to the most secure values by default. To maintain the security posture of a device, we don't recommend overriding any of the default values. |
| "untrustedAppsPolicy": "A String", # The policy for untrusted apps (apps from unknown sources) enforced on the device. Replaces install_unknown_sources_allowed (deprecated). |
| }, |
| }</pre> |
| </div> |
| |
| </body></html> |
