SuperOps Android Policies let you manage both the configurations and restrictions applied to enrolled devices.
This article focuses on the Restrictions section — a set of controls that define what users can and cannot do on their devices, helping you enforce security, compliance, and productivity across your Android fleet.
With SuperOps MDM, you can define granular, device-level restrictions and behaviors for Android devices through configurable Policy Sets.
These policies are tailored based on the device ownership model:
Fully Managed – for corporate-owned devices under full administrative control.
BYOD (Bring Your Own Device) – for personal devices with a dedicated Work Profile to separate corporate and personal data
Configuring Policies for Fully Managed Devices
Fully managed devices are owned and controlled by the organization, giving you complete authority over the entire device. Follow these steps to set up these policies.
Navigate to Settings and select Policy Management. From the list, click on Android Device Policies to begin.
On the Android Device Policies screen, you can set rules based on ownership type.
Under the Restrictions menu on the left, you’ll find several categories.
General Settings
Defines core system permissions and hardware controls on Android devices.
These settings allow admins to manage access to key features, system functions, and user accounts to maintain security and compliance.
Key ControlsCamera & Microphone: Manage app access to the camera and microphone.
System Settings: Manage external media connections, factory resets (with FRP Admin Email), volume control, and location sharing.
Communication: Control outgoing calls and SMS functionality.
Display & Interface: Enable or restrict screen capture and wallpaper modifications.
Date & Time: Define if users can modify device date, time, or time zone.
User Accounts: Manage user creation, removal, and account modifications.
Note : Factory Reset Protection (FRP) prevents unauthorized factory resets. The FRP Admin Email serves as the authorized account that can unlock the device after a reset.
Security Policy Settings Overview
Manages how users interact with the lock screen and authentication mechanisms to protect device and data security.
Key Controls
Lock Screen Features: Control what users can do without unlocking the device.
Camera & Notifications: Restrict access and visibility on the lock screen.
Unredacted Notifications: Hide or show message content on the lock screen.
Trust Agents: Manage Smart Unlock options like trusted devices or locations.
Biometric Authentication: Configure fingerprint, face, or iris unlock settings.
Network Policy Settings Overview
Controls how devices connect and communicate across various network types, enforcing secure connectivity.
Key Controls
Cell Broadcast: Manage public emergency alerts.
Mobile Network Settings & Reset: Restrict user modification of mobile configurations.
Network Escape Hatch: Allow temporary network connection for policy refresh if the device fails to connect to an authorized network.
Nearby Share & Bluetooth: Manage short-range sharing and connections.
Wi-Fi & Tethering: Control Wi-Fi usage and hotspot capabilities.
Connectivity Management: Manage advanced features like 2G, UWB, and Airplane Mode.
USB File Transfer: Restrict USB-based data transfer.
Wi-Fi RestrictionsAllow Wi-Fi: Users can connect to any network, including those not pre-configured under Android Device Policies → Network.
Disallow Add Wi-Fi: Users can only connect to Wi-Fi networks pre-configured by the admin. No new networks can be added.
Disallow Wi-Fi: Users cannot add or connect to any network.
→ Admins must:Set Wi-Fi State to Enable Wi-Fi under Restrictions.
Under Network Configurations (Android Policies → Network), enable Wi-Fi and select Auto Join.
⚠️Ensure Wi-Fi details are correct — incorrect configurations can make devices non-communicable.
💡 Recommendation:
Enable Network Escape Hatch to allow users to temporarily connect to a Wi-Fi network if connectivity issues occur.
If this option is disabled and the Wi-Fi policy is misconfigured, the device may lose connectivity — requiring the policy to be corrected and the device to be factory reset and re-enrolled to restore management access.
App Restrictions Overview
App Restrictions allow administrators to define which apps users can access or install on their Android devices. By setting these rules, organizations can ensure only approved, secure, and work-relevant applications are available, helping maintain compliance and productivity.
Detailed instructions for this are available here as a part of the App Management experience
Configuring Policies for BYOD Devices
BYOD policies focus on creating a secure work profile on a user's personal device, ensuring a clear separation between personal and work data. App restrictions and other controls apply only to the work profile, leaving the personal space unaffected.
To configure BYOD policies, click the display filter (currently showing Display: Fully managed) and select BYOD from the dropdown menu.
Navigate to the General tab and click Add General Configuration.
General Settings
The BYOD restrictions focus on maintaining a secure separation between personal and work data while still allowing users to use their personal space freely.
These settings define how apps, data, and system actions behave across profiles.
Key Controls
Camera:
Controls whether apps in the work profile can access the device camera.Microphone:
Controls whether apps in the work profile can access the device microphone.Cross-Profile Copy-Paste:
Restricts pasting clipboard content from the work profile into personal apps, preventing data leakage.Cross-Profile Data Sharing:
Blocks sharing data from work apps to personal apps but allows data flow into the work profile when needed.Work Contacts in Personal Profile:
Allows personal apps (e.g., dialer, messaging) to access and display contacts from the work profile.Add User:
Controls whether new user profiles can be added to the device.
Here, you can control interactions between the work and personal profiles. Key settings include restricting cross-profile copy-paste to prevent data leakage and managing whether work contacts are visible in the personal profile.
Next, select the Apps tab and click Add Apps Configuration.
App Restrictions (BYOD)
App restrictions function the same way as in Fully Managed devices, but are applied only to the Work Profile.
This ensures that app controls affect only managed apps — leaving personal apps unaffected. Detailed instructions for this is available here as a part of the App Management experience
Summary
By configuring Android Device Policies, you can enforce security standards, manage app installations, and control device features for both corporate-owned and personal devices. This ensures that your organisation's data remains secure while providing a flexible and productive mobile environment.
Next : To can manage Apps and other configurations, refer to the following help articles