Feature Control (Android Enterprise Work Profile)

For security-conscious organizations where privacy and information security concerns require controlling mobile data and other features, SOTI MobiControl provides diverse on-device restrictions. These include blocking certain device communications, similar to firewalls and more. You can configure feature control when:

You may also selectively turn off device features with the Feature Control profile configuration. Applying the configuration at the individual or group level creates custom profiles for different users and locations in an organization. For example, turning Bluetooth and infrared ports on or off determines if device users can beam business cards, applications, or documents to one another.

Device Functionality

Features

Allow Camera When enabled, the device user can use the camera.
Note: If disabled, SOTI MobiControl prevents all apps in the Work profile from launching the camera.
Important: This feature is available and applies to Android devices OS 6.0 or later.
Allow Screen Capture When enabled, device users can save images or recordings of the display.
Allow Smart Lock When enabled, device users can use Smart Lock on Android, which enables devices to unlock without a password when they are within safe places that the device user can define.
Note: If you enable Allow All Keyguard Features, Allow Smart Lock is automatically enabled.
Important: This feature is available and applies to Android devices OS 6.0 or later.
Allow Printing When enabled, device users can use the device's printing capabilities.
Important: This feature is available and applies to Android devices OS 9.0 or later.
Restriction: Not supported for AMAPI-enrolled devices.

Settings

Allow Location Sharing for Work Profile When enabled, you can enable location sharing for all managed profile apps. Apps running in the Work profile are unable to use device location information.
Allow Skip App First Use Hints

When enabled, when a supported app launches for the first time, it skips any introductory hints or tutorials.

Note: Not available on Android 11 COPE devices.
Restriction: Not supported for AMAPI-enrolled devices.

Security

Security

Allow All Keyguard Features When enabled, device users can use keyguard features on the lock screen. Keyguard features include fingerprint authentication, notification viewing, smart lock, and camera access. Enabling Allow All Keyguard Features automatically enables other keyguard options.
Allow Fingerprint Authentication When enabled, device users can use Google's fingerprint authentication framework to secure their devices.

If you enable the Allow All Keyguard Features feature control option, Allow Fingerprint Authentication automatically enables too.

Important: This feature is available and applies to Android devices OS 6.0 or later.
Allow Account Creation Specify whether device users can add new accounts to the device. Choose an option from the list:
  • All: Enables the creation of any type of account, including Google accounts. Selected by default.
  • All Accounts except Google Account: enables the creation of non-Google accounts
  • No Accounts: prevents device users from creating any new accounts on the device

This does not remove any existing accounts from the device.

Note: For AMAPI-enrolled devices, No Accounts is the only option available.
Allow Doze Mode When enabled, the device can restrict the SOTI MobiControl Android Device Agent for battery optimization.
Note: Disabling this option negates any battery optimizations provided by doze mode and uses extra battery power to stay connected.
Note: Not supported for AMAPI-enrolled devices.
Always On VPN Direct all network traffic on the device through a specified VPN.

Enter the package name of the VPN app.

Allow Verify Apps Enforcement When enabled, the device user can change the Scan device for security threats option within the Google Play Store's Play Protect settings.
Play Integrity Attestation Frequency When enabled, the device performs the SafetyNet check at every device check in, in addition to once daily.

Data Protection

Allow Copy/Paste between Work and Personal When enabled, device users can copy text or images between the Work and Personal profiles.
Allow Sensitive Notifications When enabled, notifications from Android Enterprise Apps display all their details when they appear on secure lock screens.

If you enable Allow All Keyguard Features feature control option, Allow Sensitive Notifications automatically enables too.

Important: This feature is available and applies to Android devices OS 6.0 or later.
Allow Uninstallation of Managed Applications When enabled, device users can uninstall any managed applications.
Allow Third Party Input Methods When enabled, device users can enable third-party input methods such as keyboards on their devices.
Allow Caller ID Information for Work Profile Contacts When enabled, device users can see Caller ID information for calls from contacts saved within the Work profile.
Allow Installation from Unknown Sources When enabled, device users can install apps other than those from the Google Play store.
Allow Installation from Unknown Sources on Personal When enabled, device users can install apps that are not from the Google Play store on the personal profile of the device.
Important: This feature is available and applies to Android devices OS 10.0 or later.
Allow Sharing from Work Profile to Personal When enabled, device users can use an app's share function to share between apps on the Work profile and apps on the personal profile.
Important: This feature is available and applies to Android devices OS 5.1.1 or later.
Allow Outgoing NFC When enabled, devices users can use NFC to send data (only applies to apps in the Work Profile).
Note: For AMAPI-enrolled devices, this option does not impact the NFC option under Settings. Disabling Outgoing NFC impacts the file transfer process via the Android Beam only for the Work profile and not for the Personal profile.
Allow Bluetooth Contact Sharing When enabled, device users can use Bluetooth to share contact information.
Important: This feature is available and applies to Android devices OS 6.0 or later.
Allow Backup Service When enabled, device users can control whether the backup service (which manages both backup and restore services) is on or off.
Note: Not supported for AMAPI-enrolled devices.

Policy Messaging

Restriction Policy

Enter the message that should appear to device users when they try to perform an action blocked by feature control.

Note: If you leave this field empty, the following default message appears to device users: This action is disabled by SOTI MobiControl. Contact your organization's administrator to learn more.
Important: This feature is available and applies to Android devices OS 7.0 or later.

Device Admin Description

Enter the description that should appear if the user presses the more prompt on the restriction policy.

Important: This feature is available and applies to Android devices OS 7.0 or later.

Work Profile Wipe Message

Enter the message that should appear to device users when the device wipes all Android Work Profile data and deletes the Android Work Profile.

Important: This feature is available and applies to Android devices OS 9.0 or later.