The Android Account Restrictions Policy lets you control how authorized corporate accounts interact with corporate data, email, and apps. As an IT Admin, you must apply this policy before you finish provisioning the device to ensure that users cannot circumvent this policy by adding accounts before the policy is enabled. This policy works for devices running Android 5.1 and later.
Prerequisites
- JumpCloud’s Android EMM is configured for your organization. See Set Up Android EMM.
- Your Android devices are enrolled in EMM. See Add and Manage Android Devices and Users: Enroll Your Personal Android Device.
To create an Android Account Restrictions policy:
- Log in to the JumpCloud Admin Portal: https://console.jumpcloud.com/login.
- Go to DEVICE MANAGEMENT > Policy Management.
- In the All tab, click (+).
- On the New Policy panel, select the Android tab.
- Select the Account Restrictions policy from the list, then click configure.
- On the New Policy panel, optionally enter a new name for the policy, or keep the default. Policy names must be unique.
- For Policy Notes, enter details like when you created the policy, where you tested it, and where you deployed it.
- Under Settings, complete these fields:
- Select Disable Adding New Users & Profiles to prevent users from adding new users and work profiles. Selecting this field means that only admins can add new users and work profiles. This setting applies to fully managed and dedicated devices.
- Select Disable Account Modification to prevent users from adding and removing user accounts.
- Select Disable User Removal to block users from removing other users. Selecting this field means that only admins can remove users. This setting applies to fully managed and dedicated devices.
- Select Disable User Credentials Configuration to block users from configuring user certificates that are assigned to devices. This also applies to devices that aren't associated with a user account.
- Select Disable User Icon Modification to block users from changing the user icon on the Android device. Selecting this field means that only admins can change the icon. This setting applies to fully managed and dedicated devices.
If you leave this field unselected, users might be able to configure or change their credentials when they access them in the keystore. This field applies only to Android devices running 7.0 and later.
- (Optional) Select the Device Groups tab. Select one or more device groups where you will apply this policy. For device groups with multiple OS member types, the policy is applied only to the supported OS.
- (Optional) Select the Devices tab. Select one or more devices where you will apply this policy.
For this policy to take effect, you must specify a device or a device group in Step 9 or Step 10.
- Click save.