Android Management API - How to enact a WiFi disabling policy ?

ashjaymohsin
Level 1.6: Donut

I want a json implementation of a policy that will disable wifi for the device

3 ACCEPTED SOLUTIONS

Moombas
Level 4.0: Ice Cream Sandwich

What do you mean with "i want"?

I mean you can do it via vendors OEM config app (if available) or if you use an MDM look at it'S settings or look at this documentation: https://developers.google.com/android/management/reference/rest/v1/enterprises.policies?hl=en#device...

 

DeviceConnectivityManagement

Covers controls for device connectivity such as Wi-Fi, USB data access, keyboard/mouse connections, and more.

JSON representation
 
{
  "usbDataAccess": enum (UsbDataAccess), 
"configureWifi": enum (ConfigureWifi),
"wifiDirectSettings": enum (WifiDirectSettings),
"tetheringSettings": enum (TetheringSettings)
}
Fields
usbDataAccess

enum (UsbDataAccess)

Controls what files and/or data can be transferred via USB. Supported only on company-owned devices.

configureWifi

enum (ConfigureWifi)

Controls Wi-Fi configuring privileges. Based on the option set, user will have either full or limited or no control in configuring Wi-Fi networks.

wifiDirectSettings

enum (WifiDirectSettings)

Controls configuring and using Wi-Fi direct settings. Supported on company-owned devices running Android 13 and above.

tetheringSettings

enum (TetheringSettings)

Controls tethering settings. Based on the value set, the user is partially or fully disallowed from using different forms of tethering.

View solution in original post

jasonbayton
Level 3.0: Honeycomb

wificonfigdisabled prevents configuring wifi, state turns WiFi off. Both have their uses but config disabled is useful if you wish to push down WiFi networks for employees to use without allowing them to connect to their own networks 

View solution in original post

8 REPLIES 8

Moombas
Level 4.0: Ice Cream Sandwich

What do you mean with "i want"?

I mean you can do it via vendors OEM config app (if available) or if you use an MDM look at it'S settings or look at this documentation: https://developers.google.com/android/management/reference/rest/v1/enterprises.policies?hl=en#device...

 

DeviceConnectivityManagement

Covers controls for device connectivity such as Wi-Fi, USB data access, keyboard/mouse connections, and more.

JSON representation
 
{
  "usbDataAccess": enum (UsbDataAccess), 
"configureWifi": enum (ConfigureWifi),
"wifiDirectSettings": enum (WifiDirectSettings),
"tetheringSettings": enum (TetheringSettings)
}
Fields
usbDataAccess

enum (UsbDataAccess)

Controls what files and/or data can be transferred via USB. Supported only on company-owned devices.

configureWifi

enum (ConfigureWifi)

Controls Wi-Fi configuring privileges. Based on the option set, user will have either full or limited or no control in configuring Wi-Fi networks.

wifiDirectSettings

enum (WifiDirectSettings)

Controls configuring and using Wi-Fi direct settings. Supported on company-owned devices running Android 13 and above.

tetheringSettings

enum (TetheringSettings)

Controls tethering settings. Based on the value set, the user is partially or fully disallowed from using different forms of tethering.

jasonbayton
Level 3.0: Honeycomb

If you're completely unfamiliar with building policies in AMAPI, the quickstart is a good place to begin

 

https://colab.research.google.com/github/google/android-management-api-samples/blob/master/notebooks...

 

You're looking to set wifiState: 

 

https://developers.google.com/android/management/reference/rest/v1/enterprises.policies#wifistate

Moombas
Level 4.0: Ice Cream Sandwich

Hm with disable i thought maybe more like he really want to disable it and not turning it off but now he has both possibilitys linked 😉

Thankyou for linking me to the REST Resource. I wanted to create a policy for disabling WIFI permanently for my organizations devices and I achieved it by setting wifiConfigDisabled to true

wificonfigdisabled prevents configuring wifi, state turns WiFi off. Both have their uses but config disabled is useful if you wish to push down WiFi networks for employees to use without allowing them to connect to their own networks 

Indeed ! I'm implementing this policy for security reasons so that sensitive data on the devices is not deliberately or inadvertantly leaked through an internet connection. 

However,  a loophole is that data can also be transferred via USB connection. Is there a way to enable USB data transfer only for a set of allowed MAC address (i.e company servers) rather than it being universal ?

I'm afraid it's only universal. Mac address spoofing isn't difficult, so I'd not lean on that. 

 

You could look at geofencing policies to allow USB when in an office location? Though that has its pitfalls also.

 

Don't forget physical media is a thing, so be sure SDcards are blocked also 🙂

Lizzie
Google Community Manager
Google Community Manager

Hey @ashjaymohsin, just @ mentioning you here in case you missed the replies from @Moombas and @jasonbayton😀 Thanks



Welcome to the Community everyone!

Have a question or want to start a conversation, click here.