XenMobile

Keyguard Management device policy

Android keyguard manages the device and work challenge lock screens. This policy lets you manage features for Android Enterprise work profile keyguard and advanced device keyguard. You can control:

  • Keyguard management on work profile devices. You can specify the features available to users before they unlock the device keyguard and the work challenge keyguard. For example, by default users can use fingerprint unlock and view unredacted notifications on the lock screen.

  • 键盘守卫管理全面管理和专用devices. You can specify the features available, such as trust agents and secure camera, before they unlock the keyguard screen. Or, you can choose to disable all keyguard features.

  • 键盘守卫管理全面设备管理work profiles. You can use one Keyguard Management policy to apply separate settings to the device and the work profile.

To add or configure this policy, go toConfigure > Device Policies. For more information, seeDevice policies.

Android Enterprise settings

Device Policies configuration screen

  • Apply to fully managed devices with a work profile:Allows you to configure Keyguard Management device policy settings for fully managed devices with work profiles.

    When this setting isOn, you can apply separate settings to the device and the work profile on fully managed devices with work profiles.

    When this setting isOff, you can apply settings to work profile devices or fully managed devices. Settings you configure for work profiles only apply to work profile devices. Settings you configure for fully managed devices apply only to fully managed devices.

    Default isOff.

  • Work profile keyguard features:Controls whether the following features are available before a user unlocks the work profile keyguard (lock screen).
    • Disable trust agents:IfOff, trust agents can operate on secure keyguard screens when a challenge is set on the work profile. Set toOnto disable all trust agents on the work profile. Default isOff.
    • Disable biometric authentication:IfOff, biometric authentication is available on secure keyguard screens when a challenge is set on the work profile. Set toOnto disable biometric authentication on the work profile. This setting disables fingerprint unlock, face authentication, and iris authentication. Default isOff. For Android 9.0 and later.
    • Disable fingerprint unlock:IfOn, fingerprint unlock is not available on secure keyguard screens when a challenge is set on the work profile. Set toOffto enable fingerprint unlock on the work profile. Default isOff.
    • Disable face authentication:IfOff, face authentication is available on secure keyguard screens when a challenge is set on the work profile. Set toOnto disable face authentication on the work profile. Default isOff. For Android 9.0 and later.
    • Disable iris authentication:IfOff, iris authentication is available on secure keyguard screens when a challenge is set on the work profile. Set toOnto disable iris authentication on the work profile. Default isOff. For Android 9.0 and later.
    • Disable unredacted notifications:IfOff, both redacted and unredacted notifications appear on secure keyguard screens. Set toOn禁用,只显示为编辑通知redacted notifications. Default isOff.
  • Fully managed device keyguard features:Controls whether the following features are available before a user unlocks the device keyguard (lock screen). These features apply to fully managed or dedicated devices.

    • Disable all keyguard features:IfOff, all current and future keyguard customizations are available on the secure keyguard screens. Set toOnto disable all keyguard customizations. Default isOff.
    • Disable trust agents:IfOff, trust agents can operate on secure keyguard screens. Set toOnto disable trust agents. Default isOff.
    • Disable biometric authentication:IfOff, biometric authentication is available on secure keyguard screens when a challenge is set on the device. Set toOnto disable biometric authentication on the device. This disables fingerprint unlock, face authentication, and iris authentication. Default isOff. For Android 9.0 and later.
    • Disable fingerprint unlock:IfOff, fingerprint unlock is available on secure keyguard screens when a challenge is set on the device. Set toOnto disable fingerprint unlock on the device. Default isOff.
    • Disable face authentication:IfOff, face authentiction is available on secure keyguard screens when a challenge is set on the device. Set toOn禁用脸authentiction井斜ce. Default isOff. For Android 9.0 and later.
    • Disable iris authentiction:IfOff, iris authentiction is available on secure keyguard screens when a challenge is set on the device. Set toOnto disable iris authentiction on the device. Default isOff. For Android 9.0 and later.
    • Disable all notifications:IfOff, all notifications appear on secure keyguard screens. Set toOnto show all notifications. Default isOff.
    • Disable unredacted notifications:IfOff, both redacted and unredacted notifications appear on secure keyguard screens. Set toOn禁用,只显示为编辑通知redacted notifications. Default isOff.
    • Disable secure camera:IfOff, secure camera is available on secure keyguard screens. Set toOnto disable the secure camera. Default isOff.
Keyguard Management device policy