Feature Control (Android Enterprise Work Profile)
For security-conscious organizations where privacy and information security concerns require controlling mobile data and other features, SOTI MobiControl provides diverse on-device restrictions. These include blocking certain device communications, similar to firewalls and more. You can configure feature control when:
You may also selectively turn off device features with the Feature Control profile configuration. Applying the configuration at the individual or group level creates custom profiles for different users and locations in an organization. For example, turning Bluetooth and infrared ports on or off determines if device users can beam business cards, applications, or documents to one another.
Device Functionality
Features
Allow Camera | When enabled, the device user can use the camera. Note: If
disabled, SOTI MobiControl prevents all
apps in the Work profile from launching the
camera. Important: This feature is available and applies to Android devices OS
6.0 or later. |
Allow Screen Capture | When enabled, device users can save images or recordings of the display. |
Allow Smart Lock | When enabled, device users can use Smart Lock on Android,
which enables devices to unlock without a password when they are
within safe places that the device user can define. Note: If you enable Allow All
Keyguard Features, Allow Smart
Lock is automatically enabled. Important: This feature is available and applies to
Android devices OS 6.0 or later.
|
Allow Printing | When enabled, device users can use the device's printing
capabilities. Important: This
feature is available and applies to Android devices OS 9.0
or later. Restriction: Not supported for
AMAPI-enrolled devices. |
Settings
Allow Location Sharing for Work Profile | When enabled, you can enable location sharing for all managed profile apps. Apps running in the Work profile are unable to use device location information. |
Allow Skip App First Use Hints |
When enabled, when a supported app launches for the first time, it skips any introductory hints or tutorials. Note: Not available on Android 11 COPE
devices.
Restriction: Not supported for AMAPI-enrolled
devices.
|
Security
Security
Allow All Keyguard Features | When enabled, device users can use keyguard features on the lock screen. Keyguard features include fingerprint authentication, notification viewing, smart lock, and camera access. Enabling Allow All Keyguard Features automatically enables other keyguard options. |
Allow Fingerprint Authentication | When enabled, device users can use
Google's fingerprint authentication framework to secure their
devices. If you enable the Allow All Keyguard Features feature control option, Allow Fingerprint Authentication automatically enables too. Important: This feature is available and applies
to Android devices OS 6.0 or later. |
Allow Account Creation | Specify whether device users can add new accounts
to the device. Choose an option from the list:
This does not remove any existing accounts from the device. Note: For AMAPI-enrolled devices, No
Accounts is the only option
available. |
Allow Doze Mode | When enabled, the device can restrict the SOTI MobiControl Android Device Agent for battery
optimization. Note: Disabling this option negates any battery
optimizations provided by doze mode and uses extra battery
power to stay connected. Note: Not supported for
AMAPI-enrolled devices. |
Always On VPN | Direct all network traffic on the device through a specified
VPN. Enter the package name of the VPN app. |
Allow Verify Apps Enforcement | When enabled, the device user can change the Scan device for security threats option within the Google Play Store's Play Protect settings. |
Play Integrity Attestation Frequency | When enabled, the device performs the SafetyNet check at every device check in, in addition to once daily. |
Data Protection
Allow Copy/Paste between Work and Personal | When enabled, device users can copy text or images between the Work and Personal profiles. |
Allow Sensitive Notifications | When enabled, notifications from Android
Enterprise Apps display all their details when they appear on
secure lock screens. If you enable Allow All Keyguard Features feature control option, Allow Sensitive Notifications automatically enables too. Important: This feature is available and applies
to Android devices OS 6.0 or later. |
Allow Uninstallation of Managed Applications | When enabled, device users can uninstall any managed applications. |
Allow Third Party Input Methods | When enabled, device users can enable third-party input methods such as keyboards on their devices. |
Allow Caller ID Information for Work Profile Contacts | When enabled, device users can see Caller ID information for calls from contacts saved within the Work profile. |
Allow Installation from Unknown Sources | When enabled, device users can install apps other than those from the Google Play store. |
Allow Installation from Unknown Sources on Personal | When enabled, device users
can install apps that are not from the Google Play store on the
personal profile of the device. Important: This feature is available and applies
to Android devices OS 10.0 or later. |
Allow Sharing from Work Profile to Personal | When enabled, device users can use
an app's share function to share between apps on the Work
profile and apps on the personal profile. Important: This feature is available and applies
to Android devices OS 5.1.1 or later. |
Allow Outgoing NFC | When enabled, devices users can use NFC to send data
(only applies to apps in the Work Profile). Note: For
AMAPI-enrolled devices, this option does not impact the NFC
option under Settings. Disabling Outgoing NFC impacts the
file transfer process via the Android Beam only for the Work
profile and not for the Personal profile. |
Allow Bluetooth Contact Sharing | When enabled, device users can use
Bluetooth to share contact information. Important: This feature is available and applies
to Android devices OS 6.0 or later. |
Allow Backup Service | When enabled, device users can control whether the
backup service (which manages both backup and restore services)
is on or off. Note: Not supported for AMAPI-enrolled
devices. |
Policy Messaging
Restriction Policy
Enter the message that should appear to device users when they try to perform an action blocked by feature control.
This
action is disabled by SOTI MobiControl. Contact your
organization's administrator to learn more.
Device Admin Description
Enter the description that should appear if the user presses the more prompt on the restriction policy.
Work Profile Wipe Message
Enter the message that should appear to device users when the device wipes all Android Work Profile data and deletes the Android Work Profile.