![Full Logo.png]](https://help.devicie.com/hs-fs/hubfs/Full%20Logo.png?height=30&name=Full%20Logo.png){kind=small}
Android-Fully Managed Basic
Overview
The Android-Fully Managed Basic provides an introductory baseline for organizations to uplift security for their corporately owned Android devices.
Intune Description:
Basic configuration for a corporately owned enterprise mobile device.
Policy Impact Areas:
When deployed, this policy will impact:
-
Enforcing minimum password length
-
Enforcing lock screen timeouts
-
Block file transfer
Deployment Notes
-
Pre-Deployment Considerations:
-
Ensure Android Enterprise configuration has been set (refer to Devicie Android Enterprise documentation for guidance)
-
-
Post-Deployment Validation:
-
Verify lock screen timeout and password enforcement
-
Configuration Settings:
|
Name |
Value |
|
General |
|
|
Fully managed, dedicated, and corporate-owned work profile devices |
|
|
Screen capture (work profile-level) |
Not configured |
|
Camera (work profile-level) |
Not configured |
|
Date and Time changes |
Not configured |
|
Roaming data services |
Not configured |
|
Wi-Fi access point configuration |
Not configured |
|
Bluetooth configuration |
Not configured |
|
Tethering and access to hotspots |
Not configured |
|
USB file transfer |
Block |
|
External media |
Block |
|
Beam data using NFC (work profile-level) |
Not configured |
|
Microphone adjustment |
Not configured |
|
Factory reset protection emails |
Not configured |
|
System update |
Automatic |
|
Fully managed and dedicated devices |
|
|
Volume changes |
Not configured |
|
Factory reset |
Block |
|
Status bar |
Not configured |
|
Wi-Fi setting changes |
Not configured |
|
USB storage |
Not configured |
|
Network escape hatch |
Not configured |
|
Notification windows |
Not configured |
|
Skip first use hints |
Not configured |
|
Corporate-owned work profile devices |
|
|
Contact sharing via Bluetooth (work profile-level) |
Not configured |
|
Copy and paste between work and personal profiles. |
Not configured |
|
System security |
|
|
Fully managed, dedicated, and corporate-owned work profile devices |
|
|
Threat scan on apps |
Require |
|
Common Criteria mode |
Not configured |
|
Device experience |
|
|
Fully managed and dedicated devices |
|
|
Enrollment profile type |
Not configured |
|
Device password |
|
|
Fully managed, dedicated, and corporate-owned work profile devices |
|
|
Required password type |
Numeric complex |
|
Minimum password length |
6 |
|
Number of days until password expires |
|
|
Number of passwords required before user can reuse a password |
|
|
Number of sign-in failures before wiping device |
10 |
|
Disabled lock screen features |
|
|
Fully managed and dedicated devices |
|
|
Disable lock screen |
Not configured |
|
Power Settings |
|
|
Fully managed, dedicated, and corporate-owned work profile devices |
|
|
Time to lock screen (work profile-level) |
5 Minutes |
|
Fully managed and dedicated devices |
|
|
Screen on while device plugged in |
|
|
Users and Accounts |
|
|
Fully managed, dedicated, and corporate-owned work profile devices |
|
|
Add new users |
Not configured |
|
User can configure credentials (work profile-level) |
Block |
|
Fully managed and dedicated devices |
|
|
User removal |
Not configured |
|
Personal Google accounts |
Not configured |
|
Dedicated devices |
|
|
Account changes |
Not configured |
|
Applications |
|
|
Fully managed, dedicated, and corporate-owned work profile devices |
|
|
Allow installation from unknown sources |
Not configured |
|
App auto-updates (work profile-level) |
Wi-Fi only |
|
Allow access to all apps in Google Play store |
Not configured |
|
Connectivity |
|
|
Fully managed, dedicated, and corporate-owned work profile devices |
|
|
Always-on VPN (work profile-level) |
Not configured |
|
Lockdown mode |
Not configured |
|
Fully managed and dedicated devices |
|
|
Recommended global proxy |
Not configured |
|
Work profile password |
|
|
Corporate-owned work profile devices |
|
|
Required password type |
Numeric complex |
|
Minimum password length |
6 |
|
Number of days until password expires |
|
|
Number of passwords required before user can reuse a password |
|
|
Number of sign-in failures before wiping device |
10 |
|
Personal profile |
|
|
Corporate-owned work profile devices |
|
|
Camera |
Not configured |
|
Screen capture |
Not configured |
|
Allow users to enable app installation from unknown sources in the personal profile |
Not configured |
|
Devicie Template Name |
Android-Fully Managed Basic |
|
Default Intune Deployed Name |
DEVICIE-PROD-Android-Fully Managed Basic |
|
Template Last Updated |
Nov 18, 2024 |
|
Document Last Updated: |
Jun 17, 2025 |