Create an Android Lock Screen Policy

The Android Lock Screen Restrictions Policy manages which features users can see before they unlock their device’s lock screen. The lock screen is also called a keyguard. This policy works for devices running Android 7.0 and later.

Prerequisites

• JumpCloud’s Android EMM is configured for your organization. See Set Up Android EMM.
• Your Android devices are enrolled in EMM. See Add and Manage Android Devices and Users: Enroll Your Personal Android Device.

To create an Android Lock Screen Restrictions policy:

1. Log in to the JumpCloud Admin Portal: https://console.jumpcloud.com/login.
2. Go to DEVICE MANAGEMENT > Policy Management.
3. In the All tab, click (+).
4. On the New Policy panel, select the Android tab.
5. Select the Lock Screen Restrictions policy from the list, then click configure.
6. On the New Policy panel, optionally enter a new name for the policy, or keep the default. Policy names must be unique.
7. For Policy Notes, enter details like when you created the policy, where you tested it, and where you deployed it.
8. Under Settings, complete these fields:
   1. Select Disable All Lock Screen Features to prevent users from enabling lock screen customizations, such as widgets. This field applies to fully managed and dedicated devices.
   2. Select Disable Camera on Lock Screen to prevent users from accessing the camera on secure lock screens (such as a PIN screen). This field applies to fully managed and dedicated devices.
   3. Select Disable Lock Screen Notifications to prevent notifications from displaying on secure lock screens. This field applies to fully managed and dedicated devices.
   4. Select Disable Unredacted Lock Screen Notifications to prevent unredacted notifications on secure lock screens. This action blocks sensitive information from displaying when the device is locked.
   5. Select Disable Lock Screen Trust Agents to block lock screen customizations, such as Smart Lock, on a locked screen. This trust agent prevents users from adjusting lock screen settings if they’re not in a trusted location. A trust agent lets a user unlock a mobile device without entering a passcode when specific criteria is met.
   6. Select Disable Remote Input to block text entry into notifications on secure lock screens. This field applies to fully managed devices and dedicated devices running Android 6 and earlier.
   7. Select Disable Biometric Options to prevent biometric authentication on secure lock screens. This field applies to fully managed devices and dedicated devices.
   8. Select Disable Fingerprint Sensor to prevent users from using the device’s fingerprint sensor to unlock a device.
   9. Select Disable Face Scanning to prevent face authentication on secure lock screens. This field applies to fully managed devices and dedicated devices.
   10. Select Disable Iris Scanning to prevent iris authentication on secure lock screens. This field applies to fully managed and dedicated devices.
       

9. (Optional) Select the Device Groups tab. Select one or more device groups where you will apply this policy. For device groups with multiple OS member types, the policy is applied only to the supported OS.
10. (Optional) Select the Devices tab. Select one or more devices where you will apply this policy.

11. Click save.