{ "ownerDomain": "google.com", "version": "v1", "schemas": { "ListOperationsResponse": { "id": "ListOperationsResponse", "description": "The response message for Operations.ListOperations.", "type": "object", "properties": { "operations": { "description": "A list of operations that matches the specified filter in the request.", "type": "array", "items": { "$ref": "Operation" } }, "nextPageToken": { "description": "The standard List next-page token.", "type": "string" } } }, "Operation": { "id": "Operation", "description": "This resource represents a long-running operation that is the result of a network API call.", "type": "object", "properties": { "name": { "description": "The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the name should be a resource name ending with operations/{unique_id}.", "type": "string" }, "metadata": { "description": "Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.", "type": "object", "additionalProperties": { "type": "any", "description": "Properties of the object. Contains field @type with type URL." } }, "done": { "description": "If the value is false, it means the operation is still in progress. If true, the operation is completed, and either error or response is available.", "type": "boolean" }, "error": { "description": "The error result of the operation in case of failure or cancellation.", "$ref": "Status" }, "response": { "description": "The normal, successful response of the operation. If the original method returns no data on success, such as Delete, the response is google.protobuf.Empty. If the original method is standard Get/Create/Update, the response should be the resource. For other methods, the response should have the type XxxResponse, where Xxx is the original method name. For example, if the original method name is TakeSnapshot(), the inferred response type is TakeSnapshotResponse.", "type": "object", "additionalProperties": { "type": "any", "description": "Properties of the object. Contains field @type with type URL." } } } }, "Status": { "id": "Status", "description": "The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC (https://github.com/grpc). Each Status message contains three pieces of data: error code, error message, and error details.You can find out more about this error model and how to work with it in the API Design Guide (https://cloud.google.com/apis/design/errors).", "type": "object", "properties": { "code": { "description": "The status code, which should be an enum value of google.rpc.Code.", "type": "integer", "format": "int32" }, "message": { "description": "A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.", "type": "string" }, "details": { "description": "A list of messages that carry the error details. There is a common set of message types for APIs to use.", "type": "array", "items": { "type": "object", "additionalProperties": { "type": "any", "description": "Properties of the object. Contains field @type with type URL." } } } } }, "Empty": { "id": "Empty", "description": "A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } ", "type": "object", "properties": {} }, "SignupUrl": { "id": "SignupUrl", "description": "An enterprise signup URL.", "type": "object", "properties": { "name": { "description": "The name of the resource. Use this value in the signupUrl field when calling enterprises.create to complete the enterprise signup flow.", "type": "string" }, "url": { "description": "A URL where an enterprise admin can register their enterprise. The page can't be rendered in an iframe.", "type": "string" } } }, "Enterprise": { "id": "Enterprise", "description": "The configuration applied to an enterprise.", "type": "object", "properties": { "name": { "description": "The name of the enterprise which is generated by the server during creation, in the form enterprises/{enterpriseId}.", "type": "string" }, "enabledNotificationTypes": { "description": "The types of Google Pub/Sub notifications enabled for the enterprise.", "type": "array", "items": { "type": "string", "enumDescriptions": [ "This value is ignored.", "A notification sent when a device enrolls.", "Deprecated.", "A notification sent when a device issues a status report.", "A notification sent when a device command has completed.", "A notification sent when device sends BatchUsageLogEvents." ], "enumDeprecated": [ false, false, true, false, false, false ], "enum": [ "NOTIFICATION_TYPE_UNSPECIFIED", "ENROLLMENT", "COMPLIANCE_REPORT", "STATUS_REPORT", "COMMAND", "USAGE_LOGS" ] } }, "pubsubTopic": { "description": "The topic which Pub/Sub notifications are published to, in the form projects/{project}/topics/{topic}. This field is only required if Pub/Sub notifications are enabled.", "type": "string" }, "primaryColor": { "description": "A color in RGB format that indicates the predominant color to display in the device management app UI. The color components are stored as follows: (red \u003c\u003c 16) | (green \u003c\u003c 8) | blue, where the value of each component is between 0 and 255, inclusive.", "type": "integer", "format": "int32" }, "logo": { "description": "An image displayed as a logo during device provisioning. Supported types are: image/bmp, image/gif, image/x-ico, image/jpeg, image/png, image/webp, image/vnd.wap.wbmp, image/x-adobe-dng.", "$ref": "ExternalData" }, "enterpriseDisplayName": { "description": "The name of the enterprise displayed to users. This field has a maximum length of 100 characters.", "type": "string" }, "termsAndConditions": { "description": "Terms and conditions that must be accepted when provisioning a device for this enterprise. A page of terms is generated for each value in this list.", "type": "array", "items": { "$ref": "TermsAndConditions" } }, "appAutoApprovalEnabled": { "description": "Deprecated and unused.", "deprecated": true, "type": "boolean" }, "signinDetails": { "description": "Sign-in details of the enterprise.", "type": "array", "items": { "$ref": "SigninDetail" } }, "contactInfo": { "description": "The enterprise contact info of an EMM-managed enterprise.", "$ref": "ContactInfo" } } }, "ExternalData": { "id": "ExternalData", "description": "Data hosted at an external location. The data is to be downloaded by Android Device Policy and verified against the hash.", "type": "object", "properties": { "url": { "description": "The absolute URL to the data, which must use either the http or https scheme. Android Device Policy doesn't provide any credentials in the GET request, so the URL must be publicly accessible. Including a long, random component in the URL may be used to prevent attackers from discovering the URL.", "type": "string" }, "sha256Hash": { "description": "The base-64 encoded SHA-256 hash of the content hosted at url. If the content doesn't match this hash, Android Device Policy won't use the data.", "type": "string" } } }, "TermsAndConditions": { "id": "TermsAndConditions", "description": "A terms and conditions page to be accepted during provisioning.", "type": "object", "properties": { "header": { "description": "A short header which appears above the HTML content.", "$ref": "UserFacingMessage" }, "content": { "description": "A well-formatted HTML string. It will be parsed on the client with android.text.Html#fromHtml.", "$ref": "UserFacingMessage" } } }, "UserFacingMessage": { "id": "UserFacingMessage", "description": "Provides a user-facing message with locale info. The maximum message length is 4096 characters.", "type": "object", "properties": { "localizedMessages": { "description": "A map containing pairs, where locale is a well-formed BCP 47 language (https://www.w3.org/International/articles/language-tags/) code, such as en-US, es-ES, or fr.", "type": "object", "additionalProperties": { "type": "string" } }, "defaultMessage": { "description": "The default message displayed if no localized message is specified or the user's locale doesn't match with any of the localized messages. A default message must be provided if any localized messages are provided.", "type": "string" } } }, "SigninDetail": { "id": "SigninDetail", "description": "A resource containing sign in details for an enterprise. Use enterprises to manage SigninDetails for a given enterprise.For an enterprise, we can have any number of SigninDetails that is uniquely identified by combination of the following three fields (signin_url, allow_personal_usage, token_tag). One cannot create two SigninDetails with the same (signin_url, allow_personal_usage, token_tag). (token_tag is an optional field).Patch: The operation updates the current list of SigninDetails with the new list of SigninDetails. If the stored SigninDetail configuration is passed, it returns the same signin_enrollment_token and qr_code. If we pass multiple identical SigninDetail configurations that are not stored, it will store the first one amongst those SigninDetail configurations. if the configuration already exists we cannot request it more than once in a particular patch API call, otherwise it will give a duplicate key error and the whole operation will fail. If we remove certain SigninDetail configuration from the request then it will get removed from the storage. We can then request another signin_enrollment_token and qr_code for the same SigninDetail configuration.", "type": "object", "properties": { "signinUrl": { "description": "Sign-in URL for authentication when device is provisioned with a sign-in enrollment token. The sign-in endpoint should finish authentication flow with a URL in the form of https://enterprise.google.com/android/enroll?et= for a successful login, or https://enterprise.google.com/android/enroll/invalid for a failed login.", "type": "string" }, "signinEnrollmentToken": { "description": "An enterprise wide enrollment token used to trigger custom sign-in flow. This is a read-only field generated by the server.", "type": "string" }, "qrCode": { "description": "A JSON string whose UTF-8 representation can be used to generate a QR code to enroll a device with this enrollment token. To enroll a device using NFC, the NFC record must contain a serialized java.util.Properties representation of the properties in the JSON. This is a read-only field generated by the server.", "type": "string" }, "allowPersonalUsage": { "description": "Controls whether personal usage is allowed on a device provisioned with this enrollment token.For company-owned devices: Enabling personal usage allows the user to set up a work profile on the device. Disabling personal usage requires the user provision the device as a fully managed device.For personally-owned devices: Enabling personal usage allows the user to set up a work profile on the device. Disabling personal usage will prevent the device from provisioning. Personal usage cannot be disabled on personally-owned device.", "type": "string", "enumDescriptions": [ "Personal usage restriction is not specified", "Personal usage is allowed", "Personal usage is disallowed" ], "enum": [ "ALLOW_PERSONAL_USAGE_UNSPECIFIED", "PERSONAL_USAGE_ALLOWED", "PERSONAL_USAGE_DISALLOWED" ] }, "tokenTag": { "description": "An EMM-specified metadata to distinguish between instances of SigninDetail.", "type": "string" } } }, "ContactInfo": { "id": "ContactInfo", "description": "Contact details for managed Google Play enterprises.", "type": "object", "properties": { "contactEmail": { "description": "Email address for a point of contact, which will be used to send important announcements related to managed Google Play.", "type": "string" }, "dataProtectionOfficerName": { "description": "The name of the data protection officer.", "type": "string" }, "dataProtectionOfficerEmail": { "description": "The email of the data protection officer. The email is validated but not verified.", "type": "string" }, "dataProtectionOfficerPhone": { "description": "The phone number of the data protection officer The phone number is validated but not verified.", "type": "string" }, "euRepresentativeName": { "description": "The name of the EU representative.", "type": "string" }, "euRepresentativeEmail": { "description": "The email of the EU representative. The email is validated but not verified.", "type": "string" }, "euRepresentativePhone": { "description": "The phone number of the EU representative. The phone number is validated but not verified.", "type": "string" } } }, "ListEnterprisesResponse": { "id": "ListEnterprisesResponse", "description": "Response to a request to list enterprises.", "type": "object", "properties": { "enterprises": { "description": "The list of enterprises.", "type": "array", "items": { "$ref": "Enterprise" } }, "nextPageToken": { "description": "If there are more results, a token to retrieve next page of results.", "type": "string" } } }, "EnrollmentToken": { "id": "EnrollmentToken", "description": "An enrollment token.", "type": "object", "properties": { "name": { "description": "The name of the enrollment token, which is generated by the server during creation, in the form enterprises/{enterpriseId}/enrollmentTokens/{enrollmentTokenId}.", "type": "string" }, "value": { "description": "The token value that's passed to the device and authorizes the device to enroll. This is a read-only field generated by the server.", "type": "string" }, "duration": { "description": "The length of time the enrollment token is valid, ranging from 1 minute to Durations.MAX_VALUE (https://developers.google.com/protocol-buffers/docs/reference/java/com/google/protobuf/util/Durations.html#MAX_VALUE), approximately 10,000 years. If not specified, the default duration is 1 hour. Please note that if requested duration causes the resulting expiration_timestamp to exceed Timestamps.MAX_VALUE (https://developers.google.com/protocol-buffers/docs/reference/java/com/google/protobuf/util/Timestamps.html#MAX_VALUE), then expiration_timestamp is coerced to Timestamps.MAX_VALUE.", "type": "string", "format": "google-duration" }, "expirationTimestamp": { "description": "The expiration time of the token. This is a read-only field generated by the server.", "type": "string", "format": "google-datetime" }, "policyName": { "description": "The name of the policy initially applied to the enrolled device, in the form enterprises/{enterpriseId}/policies/{policyId}. If not specified, the policy_name for the device’s user is applied. If user_name is also not specified, enterprises/{enterpriseId}/policies/default is applied by default. When updating this field, you can specify only the policyId as long as the policyId doesn’t contain any slashes. The rest of the policy name will be inferred.", "type": "string" }, "additionalData": { "description": "Optional, arbitrary data associated with the enrollment token. This could contain, for example, the ID of an org unit the device is assigned to after enrollment. After a device enrolls with the token, this data will be exposed in the enrollment_token_data field of the Device resource. The data must be 1024 characters or less; otherwise, the creation request will fail.", "type": "string" }, "qrCode": { "description": "A JSON string whose UTF-8 representation can be used to generate a QR code to enroll a device with this enrollment token. To enroll a device using NFC, the NFC record must contain a serialized java.util.Properties representation of the properties in the JSON.", "type": "string" }, "oneTimeOnly": { "description": "Whether the enrollment token is for one time use only. If the flag is set to true, only one device can use it for registration.", "type": "boolean" }, "user": { "description": "This field is deprecated and the value is ignored.", "deprecated": true, "$ref": "User" }, "allowPersonalUsage": { "description": "Controls whether personal usage is allowed on a device provisioned with this enrollment token.For company-owned devices: Enabling personal usage allows the user to set up a work profile on the device. Disabling personal usage requires the user provision the device as a fully managed device.For personally-owned devices: Enabling personal usage allows the user to set up a work profile on the device. Disabling personal usage will prevent the device from provisioning. Personal usage cannot be disabled on personally-owned device.", "type": "string", "enumDescriptions": [ "Personal usage restriction is not specified", "Personal usage is allowed", "Personal usage is disallowed" ], "enum": [ "ALLOW_PERSONAL_USAGE_UNSPECIFIED", "PERSONAL_USAGE_ALLOWED", "PERSONAL_USAGE_DISALLOWED" ] } } }, "User": { "id": "User", "description": "A user belonging to an enterprise.", "type": "object", "properties": { "accountIdentifier": { "description": "A unique identifier you create for this user, such as user342 or asset#44418. This field must be set when the user is created and can't be updated. This field must not contain personally identifiable information (PII). This identifier must be 1024 characters or less; otherwise, the update policy request will fail.", "type": "string" } } }, "ListEnrollmentTokensResponse": { "id": "ListEnrollmentTokensResponse", "description": "Response to a request to list enrollment tokens for a given enterprise.", "type": "object", "properties": { "enrollmentTokens": { "description": "The list of enrollment tokens.", "type": "array", "items": { "$ref": "EnrollmentToken" } }, "nextPageToken": { "description": "If there are more results, a token to retrieve next page of results.", "type": "string" } } }, "WebToken": { "id": "WebToken", "description": "A web token used to access the managed Google Play iframe.", "type": "object", "properties": { "name": { "description": "The name of the web token, which is generated by the server during creation in the form enterprises/{enterpriseId}/webTokens/{webTokenId}.", "type": "string" }, "value": { "description": "The token value which is used in the hosting page to generate the iframe with the embedded UI. This is a read-only field generated by the server.", "type": "string" }, "permissions": { "description": "Permissions available to an admin in the embedded UI. An admin must have all of these permissions in order to view the UI. This field is deprecated.", "deprecated": true, "type": "array", "items": { "type": "string", "enumDescriptions": [ "This value is ignored.", "The permission to approve apps for the enterprise." ], "enum": [ "WEB_TOKEN_PERMISSION_UNSPECIFIED", "APPROVE_APPS" ] } }, "parentFrameUrl": { "description": "The URL of the parent frame hosting the iframe with the embedded UI. To prevent XSS, the iframe may not be hosted at other URLs. The URL must use the https scheme.", "type": "string" }, "enabledFeatures": { "description": "The features to enable. Use this if you want to control exactly which feature(s) will be activated; leave empty to allow all features.Restrictions / things to note: - If no features are listed here, all features are enabled — this is the default behavior where you give access to all features to your admins. - This must not contain any FEATURE_UNSPECIFIED values. - Repeated values are ignored ", "type": "array", "items": { "type": "string", "enumDescriptions": [ "Unspecified feature.", "The Managed Play search apps page (https://developers.google.com/android/management/apps#search-apps).", "The private apps page (https://developers.google.com/android/management/apps#private-apps).", "The Web Apps page (https://developers.google.com/android/management/apps#web-apps).", "The organize apps page (https://developers.google.com/android/management/apps#organize-apps).", "The managed configurations page (https://developers.google.com/android/management/managed-configurations-iframe).", "The zero-touch iframe (https://developers.google.com/android/management/zero-touch-iframe)." ], "enum": [ "FEATURE_UNSPECIFIED", "PLAY_SEARCH", "PRIVATE_APPS", "WEB_APPS", "STORE_BUILDER", "MANAGED_CONFIGURATIONS", "ZERO_TOUCH_CUSTOMER_MANAGEMENT" ] } } } }, "Device": { "id": "Device", "description": "A device owned by an enterprise. Unless otherwise noted, all fields are read-only and can't be modified by enterprises.devices.patch.", "type": "object", "properties": { "name": { "description": "The name of the device in the form enterprises/{enterpriseId}/devices/{deviceId}.", "type": "string" }, "userName": { "description": "The resource name of the user that owns this device in the form enterprises/{enterpriseId}/users/{userId}.", "type": "string" }, "managementMode": { "description": "The type of management mode Android Device Policy takes on the device. This influences which policy settings are supported.", "type": "string", "enumDescriptions": [ "This value is disallowed.", "Device owner. Android Device Policy has full control over the device.", "Profile owner. Android Device Policy has control over a managed profile on the device." ], "enum": [ "MANAGEMENT_MODE_UNSPECIFIED", "DEVICE_OWNER", "PROFILE_OWNER" ] }, "state": { "description": "The state to be applied to the device. This field can be modified by a patch request. Note that when calling enterprises.devices.patch, ACTIVE and DISABLED are the only allowable values. To enter the device into a DELETED state, call enterprises.devices.delete.", "type": "string", "enumDescriptions": [ "This value is disallowed.", "The device is active.", "The device is disabled.", "The device was deleted. This state is never returned by an API call, but is used in the final status report when the device acknowledges the deletion. If the device is deleted via the API call, this state is published to Pub/Sub. If the user deletes the work profile or resets the device, the device state will remain unknown to the server.", "The device is being provisioned. Newly enrolled devices are in this state until they have a policy applied.", "The device is lost. This state is only possible on organization-owned devices.", "The device is preparing for migrating to Android Management API. No further action is needed for the migration to continue." ], "enum": [ "DEVICE_STATE_UNSPECIFIED", "ACTIVE", "DISABLED", "DELETED", "PROVISIONING", "LOST", "PREPARING_FOR_MIGRATION" ] }, "appliedState": { "description": "The state currently applied to the device.", "type": "string", "enumDescriptions": [ "This value is disallowed.", "The device is active.", "The device is disabled.", "The device was deleted. This state is never returned by an API call, but is used in the final status report when the device acknowledges the deletion. If the device is deleted via the API call, this state is published to Pub/Sub. If the user deletes the work profile or resets the device, the device state will remain unknown to the server.", "The device is being provisioned. Newly enrolled devices are in this state until they have a policy applied.", "The device is lost. This state is only possible on organization-owned devices.", "The device is preparing for migrating to Android Management API. No further action is needed for the migration to continue." ], "enum": [ "DEVICE_STATE_UNSPECIFIED", "ACTIVE", "DISABLED", "DELETED", "PROVISIONING", "LOST", "PREPARING_FOR_MIGRATION" ] }, "policyCompliant": { "description": "Whether the device is compliant with its policy.", "type": "boolean" }, "nonComplianceDetails": { "description": "Details about policy settings that the device is not compliant with.", "type": "array", "items": { "$ref": "NonComplianceDetail" } }, "enrollmentTime": { "description": "The time of device enrollment.", "type": "string", "format": "google-datetime" }, "lastStatusReportTime": { "description": "The last time the device sent a status report.", "type": "string", "format": "google-datetime" }, "lastPolicyComplianceReportTime": { "description": "Deprecated.", "deprecated": true, "type": "string", "format": "google-datetime" }, "lastPolicySyncTime": { "description": "The last time the device fetched its policy.", "type": "string", "format": "google-datetime" }, "policyName": { "description": "The name of the policy applied to the device, in the form enterprises/{enterpriseId}/policies/{policyId}. If not specified, the policy_name for the device's user is applied. This field can be modified by a patch request. You can specify only the policyId when calling enterprises.devices.patch, as long as the policyId doesn’t contain any slashes. The rest of the policy name is inferred.", "type": "string" }, "appliedPolicyName": { "description": "The name of the policy currently applied to the device.", "type": "string" }, "appliedPolicyVersion": { "description": "The version of the policy currently applied to the device.", "type": "string", "format": "int64" }, "apiLevel": { "description": "The API level of the Android platform version running on the device.", "type": "integer", "format": "int32" }, "enrollmentTokenData": { "description": "If the device was enrolled with an enrollment token with additional data provided, this field contains that data.", "type": "string" }, "enrollmentTokenName": { "description": "If the device was enrolled with an enrollment token, this field contains the name of the token.", "type": "string" }, "disabledReason": { "description": "If the device state is DISABLED, an optional message that is displayed on the device indicating the reason the device is disabled. This field can be modified by a patch request.", "$ref": "UserFacingMessage" }, "softwareInfo": { "description": "Detailed information about the device software. This information is only available if softwareInfoEnabled is true in the device's policy.", "$ref": "SoftwareInfo" }, "hardwareInfo": { "description": "Detailed information about the device hardware.", "$ref": "HardwareInfo" }, "displays": { "description": "Detailed information about displays on the device. This information is only available if displayInfoEnabled is true in the device's policy.", "type": "array", "items": { "$ref": "Display" } }, "applicationReports": { "description": "Reports for apps installed on the device. This information is only available when application_reports_enabled is true in the device's policy.", "type": "array", "items": { "$ref": "ApplicationReport" } }, "previousDeviceNames": { "description": "If the same physical device has been enrolled multiple times, this field contains its previous device names. The serial number is used as the unique identifier to determine if the same physical device has enrolled previously. The names are in chronological order.", "type": "array", "items": { "type": "string" } }, "networkInfo": { "description": "Device network information. This information is only available if networkInfoEnabled is true in the device's policy.", "$ref": "NetworkInfo" }, "memoryInfo": { "description": "Memory information: contains information about device memory and storage.", "$ref": "MemoryInfo" }, "memoryEvents": { "description": "Events related to memory and storage measurements in chronological order. This information is only available if memoryInfoEnabled is true in the device's policy.Events are retained for a certain period of time and old events are deleted.", "type": "array", "items": { "$ref": "MemoryEvent" } }, "powerManagementEvents": { "description": "Power management events on the device in chronological order. This information is only available if powerManagementEventsEnabled is true in the device's policy.", "type": "array", "items": { "$ref": "PowerManagementEvent" } }, "hardwareStatusSamples": { "description": "Hardware status samples in chronological order. This information is only available if hardwareStatusEnabled is true in the device's policy.", "type": "array", "items": { "$ref": "HardwareStatus" } }, "deviceSettings": { "description": "Device settings information. This information is only available if deviceSettingsEnabled is true in the device's policy.", "$ref": "DeviceSettings" }, "user": { "description": "The user who owns the device.", "$ref": "User" }, "systemProperties": { "description": "Map of selected system properties name and value related to the device. This information is only available if systemPropertiesEnabled is true in the device's policy.", "type": "object", "additionalProperties": { "type": "string" } }, "securityPosture": { "description": "Device's security posture value that reflects how secure the device is.", "$ref": "SecurityPosture" }, "ownership": { "description": "Ownership of the managed device.", "type": "string", "enumDescriptions": [ "Ownership is unspecified.", "Device is company-owned.", "Device is personally-owned." ], "enum": [ "OWNERSHIP_UNSPECIFIED", "COMPANY_OWNED", "PERSONALLY_OWNED" ] }, "commonCriteriaModeInfo": { "description": "Information about Common Criteria Mode—security standards defined in the Common Criteria for Information Technology Security Evaluation (https://www.commoncriteriaportal.org/) (CC).This information is only available if statusReportingSettings.commonCriteriaModeEnabled is true in the device's policy.", "$ref": "CommonCriteriaModeInfo" }, "appliedPasswordPolicies": { "description": "The password requirements currently applied to the device. The applied requirements may be slightly different from those specified in passwordPolicies in some cases. fieldPath is set based on passwordPolicies.", "type": "array", "items": { "$ref": "PasswordRequirements" } }, "dpcMigrationInfo": { "description": "Output only. Information related to whether this device was migrated from being managed by another Device Policy Controller (DPC).", "readOnly": true, "$ref": "DpcMigrationInfo" } } }, "NonComplianceDetail": { "id": "NonComplianceDetail", "description": "Provides detail about non-compliance with a policy setting.", "type": "object", "properties": { "settingName": { "description": "The name of the policy setting. This is the JSON field name of a top-level Policy field.", "type": "string" }, "nonComplianceReason": { "description": "The reason the device is not in compliance with the setting.", "type": "string", "enumDescriptions": [ "This value is disallowed.", "The setting is not supported in the API level of the Android version running on the device.", "The management mode (profile owner, device owner, etc.) doesn't support the setting.", "The user has not taken required action to comply with the setting.", "The setting has an invalid value.", "The app required to implement the policy is not installed.", "The policy is not supported by the version of Android Device Policy on the device.", "A blocked app is installed.", "The setting hasn't been applied at the time of the report, but is expected to be applied shortly.", "The setting can't be applied to the app because the app doesn't support it, for example because its target SDK version is not high enough.", "The app is installed, but it hasn't been updated to the minimum version code specified by policy.", "The device is incompatible with the policy requirements." ], "enum": [ "NON_COMPLIANCE_REASON_UNSPECIFIED", "API_LEVEL", "MANAGEMENT_MODE", "USER_ACTION", "INVALID_VALUE", "APP_NOT_INSTALLED", "UNSUPPORTED", "APP_INSTALLED", "PENDING", "APP_INCOMPATIBLE", "APP_NOT_UPDATED", "DEVICE_INCOMPATIBLE" ] }, "packageName": { "description": "The package name indicating which app is out of compliance, if applicable.", "type": "string" }, "fieldPath": { "description": "For settings with nested fields, if a particular nested field is out of compliance, this specifies the full path to the offending field. The path is formatted in the same way the policy JSON field would be referenced in JavaScript, that is: 1) For object-typed fields, the field name is followed by a dot then by a subfield name. 2) For array-typed fields, the field name is followed by the array index enclosed in brackets. For example, to indicate a problem with the url field in the externalData field in the 3rd application, the path would be applications[2].externalData.url", "type": "string" }, "currentValue": { "description": "If the policy setting could not be applied, the current value of the setting on the device.", "type": "any" }, "installationFailureReason": { "description": "If package_name is set and the non-compliance reason is APP_NOT_INSTALLED or APP_NOT_UPDATED, the detailed reason the app can't be installed or updated.", "type": "string", "enumDescriptions": [ "This value is disallowed.", "An unknown condition is preventing the app from being installed. Some potential reasons are that the device doesn't have enough storage, the device network connection is unreliable, or the installation is taking longer than expected. The installation will be retried automatically.", "The installation is still in progress.", "The app was not found in Play.", "The app is incompatible with the device.", "The app has not been approved by the admin.", "The app has new permissions that have not been accepted by the admin.", "The app is not available in the user's country.", "There are no licenses available to assign to the user.", "The enterprise is no longer enrolled with Managed Google Play or the admin has not accepted the latest Managed Google Play Terms of Service.", "The user is no longer valid. The user may have been deleted or disabled.", "A network error on the user's device has prevented the install from succeeding. This usually happens when the device's internet connectivity is degraded, unavailable or there's a network configuration issue. Please ensure the device has access to full internet connectivity on a network that meets Android Enterprise Network Requirements (https://support.google.com/work/android/answer/10513641). App install or update will automatically resume once this is the case.", "The user's device does not have sufficient storage space to install the app. This can be resolved by clearing up storage space on the device. App install or update will automatically resume once the device has sufficient storage." ], "enum": [ "INSTALLATION_FAILURE_REASON_UNSPECIFIED", "INSTALLATION_FAILURE_REASON_UNKNOWN", "IN_PROGRESS", "NOT_FOUND", "NOT_COMPATIBLE_WITH_DEVICE", "NOT_APPROVED", "PERMISSIONS_NOT_ACCEPTED", "NOT_AVAILABLE_IN_COUNTRY", "NO_LICENSES_REMAINING", "NOT_ENROLLED", "USER_INVALID", "NETWORK_ERROR_UNRELIABLE_CONNECTION", "INSUFFICIENT_STORAGE" ] }, "specificNonComplianceReason": { "description": "The policy-specific reason the device is not in compliance with the setting.", "type": "string", "enumDescriptions": [ "Specific non-compliance reason is not specified. Fields in specific_non_compliance_context are not set.", "User needs to confirm credentials by entering the screen lock. Fields in specific_non_compliance_context are not set. nonComplianceReason is set to USER_ACTION.", "The device or profile password has expired. passwordPoliciesContext is set. nonComplianceReason is set to USER_ACTION.", "The device password does not satisfy password requirements. passwordPoliciesContext is set. nonComplianceReason is set to USER_ACTION.", "There is an incorrect value in ONC Wi-Fi configuration. fieldPath specifies which field value is incorrect. oncWifiContext is set. nonComplianceReason is set to INVALID_VALUE.", "The ONC Wi-Fi setting is not supported in the API level of the Android version running on the device. fieldPath specifies which field value is not supported. oncWifiContext is set. nonComplianceReason is set to API_LEVEL.", "The enterprise Wi-Fi network is missing either the root CA or domain name. nonComplianceReason is set to INVALID_VALUE.", "User needs to remove the configured Wi-Fi network manually. This is applicable only on work profiles on personally-owned devices. nonComplianceReason is set to USER_ACTION.", "Key pair alias specified via ClientCertKeyPairAlias (https://chromium.googlesource.com/chromium/src/+/main/components/onc/docs/onc_spec.md#eap-type) field in openNetworkConfiguration does not correspond to an existing key installed on the device. nonComplianceReason is set to INVALID_VALUE." ], "enum": [ "SPECIFIC_NON_COMPLIANCE_REASON_UNSPECIFIED", "PASSWORD_POLICIES_USER_CREDENTIALS_CONFIRMATION_REQUIRED", "PASSWORD_POLICIES_PASSWORD_EXPIRED", "PASSWORD_POLICIES_PASSWORD_NOT_SUFFICIENT", "ONC_WIFI_INVALID_VALUE", "ONC_WIFI_API_LEVEL", "ONC_WIFI_INVALID_ENTERPRISE_CONFIG", "ONC_WIFI_USER_SHOULD_REMOVE_NETWORK", "ONC_WIFI_KEY_PAIR_ALIAS_NOT_CORRESPONDING_TO_EXISTING_KEY" ] }, "specificNonComplianceContext": { "description": "Additional context for specific_non_compliance_reason.", "$ref": "SpecificNonComplianceContext" } } }, "SpecificNonComplianceContext": { "id": "SpecificNonComplianceContext", "description": "Additional context for SpecificNonComplianceReason.", "type": "object", "properties": { "oncWifiContext": { "description": "Additional context for non-compliance related to Wi-Fi configuration. See ONC_WIFI_INVALID_VALUE and ONC_WIFI_API_LEVEL", "$ref": "OncWifiContext" }, "passwordPoliciesContext": { "description": "Additional context for non-compliance related to password policies. See PASSWORD_POLICIES_PASSWORD_EXPIRED and PASSWORD_POLICIES_PASSWORD_NOT_SUFFICIENT.", "$ref": "PasswordPoliciesContext" } } }, "OncWifiContext": { "id": "OncWifiContext", "description": "Additional context for non-compliance related to Wi-Fi configuration.", "type": "object", "properties": { "wifiGuid": { "description": "The GUID of non-compliant Wi-Fi configuration.", "type": "string" } } }, "PasswordPoliciesContext": { "id": "PasswordPoliciesContext", "description": "Additional context for non-compliance related to password policies.", "type": "object", "properties": { "passwordPolicyScope": { "description": "The scope of non-compliant password.", "type": "string", "enumDescriptions": [ "The scope is unspecified. The password requirements are applied to the work profile for work profile devices and the whole device for fully managed or dedicated devices.", "The password requirements are only applied to the device.", "The password requirements are only applied to the work profile." ], "enum": [ "SCOPE_UNSPECIFIED", "SCOPE_DEVICE", "SCOPE_PROFILE" ] } } }, "SoftwareInfo": { "id": "SoftwareInfo", "description": "Information about device software.", "type": "object", "properties": { "androidVersion": { "description": "The user-visible Android version string. For example, 6.0.1.", "type": "string" }, "androidDevicePolicyVersionCode": { "description": "The Android Device Policy app version code.", "type": "integer", "format": "int32" }, "androidDevicePolicyVersionName": { "description": "The Android Device Policy app version as displayed to the user.", "type": "string" }, "androidBuildNumber": { "description": "Android build ID string meant for displaying to the user. For example, shamu-userdebug 6.0.1 MOB30I 2756745 dev-keys.", "type": "string" }, "deviceKernelVersion": { "description": "Kernel version, for example, 2.6.32.9-g103d848.", "type": "string" }, "bootloaderVersion": { "description": "The system bootloader version number, e.g. 0.6.7.", "type": "string" }, "androidBuildTime": { "description": "Build time.", "type": "string", "format": "google-datetime" }, "securityPatchLevel": { "description": "Security patch level, e.g. 2016-05-01.", "type": "string" }, "primaryLanguageCode": { "description": "An IETF BCP 47 language code for the primary locale on the device.", "type": "string" }, "deviceBuildSignature": { "description": "SHA-256 hash of android.content.pm.Signature (https://developer.android.com/reference/android/content/pm/Signature.html) associated with the system package, which can be used to verify that the system build hasn't been modified.", "type": "string" }, "systemUpdateInfo": { "description": "Information about a potential pending system update.", "$ref": "SystemUpdateInfo" } } }, "SystemUpdateInfo": { "id": "SystemUpdateInfo", "description": "Information about a potential pending system update.", "type": "object", "properties": { "updateStatus": { "description": "The status of an update: whether an update exists and what type it is.", "type": "string", "enumDescriptions": [ "It is unknown whether there is a pending system update. This happens when, for example, the device API level is less than 26, or if the version of Android Device Policy is outdated.", "There is no pending system update available on the device.", "There is a pending system update available, but its type is not known.", "There is a pending security update available.", "There is a pending OS update available." ], "enum": [ "UPDATE_STATUS_UNKNOWN", "UP_TO_DATE", "UNKNOWN_UPDATE_AVAILABLE", "SECURITY_UPDATE_AVAILABLE", "OS_UPDATE_AVAILABLE" ] }, "updateReceivedTime": { "description": "The time when the update was first available. A zero value indicates that this field is not set. This field is set only if an update is available (that is, updateStatus is neither UPDATE_STATUS_UNKNOWN nor UP_TO_DATE).", "type": "string", "format": "google-datetime" } } }, "HardwareInfo": { "id": "HardwareInfo", "description": "Information about device hardware. The fields related to temperature thresholds are only available if hardwareStatusEnabled is true in the device's policy.", "type": "object", "properties": { "brand": { "description": "Brand of the device. For example, Google.", "type": "string" }, "hardware": { "description": "Name of the hardware. For example, Angler.", "type": "string" }, "deviceBasebandVersion": { "description": "Baseband version. For example, MDM9625_104662.22.05.34p.", "type": "string" }, "manufacturer": { "description": "Manufacturer. For example, Motorola.", "type": "string" }, "serialNumber": { "description": "The device serial number.", "type": "string" }, "model": { "description": "The model of the device. For example, Asus Nexus 7.", "type": "string" }, "batteryShutdownTemperatures": { "description": "Battery shutdown temperature thresholds in Celsius for each battery on the device.", "type": "array", "items": { "type": "number", "format": "float" } }, "batteryThrottlingTemperatures": { "description": "Battery throttling temperature thresholds in Celsius for each battery on the device.", "type": "array", "items": { "type": "number", "format": "float" } }, "cpuShutdownTemperatures": { "description": "CPU shutdown temperature thresholds in Celsius for each CPU on the device.", "type": "array", "items": { "type": "number", "format": "float" } }, "cpuThrottlingTemperatures": { "description": "CPU throttling temperature thresholds in Celsius for each CPU on the device.", "type": "array", "items": { "type": "number", "format": "float" } }, "gpuShutdownTemperatures": { "description": "GPU shutdown temperature thresholds in Celsius for each GPU on the device.", "type": "array", "items": { "type": "number", "format": "float" } }, "gpuThrottlingTemperatures": { "description": "GPU throttling temperature thresholds in Celsius for each GPU on the device.", "type": "array", "items": { "type": "number", "format": "float" } }, "skinShutdownTemperatures": { "description": "Device skin shutdown temperature thresholds in Celsius.", "type": "array", "items": { "type": "number", "format": "float" } }, "skinThrottlingTemperatures": { "description": "Device skin throttling temperature thresholds in Celsius.", "type": "array", "items": { "type": "number", "format": "float" } }, "enterpriseSpecificId": { "description": "Output only. ID that uniquely identifies a personally-owned device in a particular organization. On the same physical device when enrolled with the same organization, this ID persists across setups and even factory resets. This ID is available on personally-owned devices with a work profile on devices running Android 12 and above.", "readOnly": true, "type": "string" } } }, "Display": { "id": "Display", "description": "Device display information.", "type": "object", "properties": { "name": { "description": "Name of the display.", "type": "string" }, "displayId": { "description": "Unique display id.", "type": "integer", "format": "int32" }, "refreshRate": { "description": "Refresh rate of the display in frames per second.", "type": "integer", "format": "int32" }, "state": { "description": "State of the display.", "type": "string", "enumDescriptions": [ "This value is disallowed.", "Display is off.", "Display is on.", "Display is dozing in a low power state", "Display is dozing in a suspended low power state." ], "enum": [ "DISPLAY_STATE_UNSPECIFIED", "OFF", "ON", "DOZE", "SUSPENDED" ] }, "width": { "description": "Display width in pixels.", "type": "integer", "format": "int32" }, "height": { "description": "Display height in pixels.", "type": "integer", "format": "int32" }, "density": { "description": "Display density expressed as dots-per-inch.", "type": "integer", "format": "int32" } } }, "ApplicationReport": { "id": "ApplicationReport", "description": "Information reported about an installed app.", "type": "object", "properties": { "packageName": { "description": "Package name of the app.", "type": "string" }, "versionName": { "description": "The app version as displayed to the user.", "type": "string" }, "versionCode": { "description": "The app version code, which can be used to determine whether one version is more recent than another.", "type": "integer", "format": "int32" }, "events": { "description": "The list of app events which have occurred in the last 30 hours.", "type": "array", "items": { "$ref": "ApplicationEvent" } }, "displayName": { "description": "The display name of the app.", "type": "string" }, "packageSha256Hash": { "description": "The SHA-256 hash of the app's APK file, which can be used to verify the app hasn't been modified. Each byte of the hash value is represented as a two-digit hexadecimal number.", "type": "string" }, "signingKeyCertFingerprints": { "description": "The SHA-1 hash of each android.content.pm.Signature (https://developer.android.com/reference/android/content/pm/Signature.html) associated with the app package. Each byte of each hash value is represented as a two-digit hexadecimal number.", "type": "array", "items": { "type": "string" } }, "installerPackageName": { "description": "The package name of the app that installed this app.", "type": "string" }, "applicationSource": { "description": "The source of the package.", "type": "string", "enumDescriptions": [ "The app was sideloaded from an unspecified source.", "This is a system app from the device's factory image.", "This is an updated system app.", "The app was installed from the Google Play Store." ], "enum": [ "APPLICATION_SOURCE_UNSPECIFIED", "SYSTEM_APP_FACTORY_VERSION", "SYSTEM_APP_UPDATED_VERSION", "INSTALLED_FROM_PLAY_STORE" ] }, "state": { "description": "Application state.", "type": "string", "enumDescriptions": [ "App state is unspecified", "App was removed from the device", "App is installed on the device" ], "enum": [ "APPLICATION_STATE_UNSPECIFIED", "REMOVED", "INSTALLED" ] }, "keyedAppStates": { "description": "List of keyed app states reported by the app.", "type": "array", "items": { "$ref": "KeyedAppState" } }, "userFacingType": { "description": "Whether the app is user facing.", "type": "string", "enumDescriptions": [ "App user facing type is unspecified.", "App is not user facing.", "App is user facing." ], "enum": [ "USER_FACING_TYPE_UNSPECIFIED", "NOT_USER_FACING", "USER_FACING" ] } } }, "ApplicationEvent": { "id": "ApplicationEvent", "description": "An app-related event.", "type": "object", "properties": { "eventType": { "description": "App event type.", "type": "string", "enumDescriptions": [ "This value is disallowed.", "The app was installed.", "The app was changed, for example, a component was enabled or disabled.", "The app data was cleared.", "The app was removed.", "A new version of the app has been installed, replacing the old version.", "The app was restarted.", "The app was pinned to the foreground.", "The app was unpinned." ], "enum": [ "APPLICATION_EVENT_TYPE_UNSPECIFIED", "INSTALLED", "CHANGED", "DATA_CLEARED", "REMOVED", "REPLACED", "RESTARTED", "PINNED", "UNPINNED" ] }, "createTime": { "description": "The creation time of the event.", "type": "string", "format": "google-datetime" } } }, "KeyedAppState": { "id": "KeyedAppState", "description": "Keyed app state reported by the app.", "type": "object", "properties": { "key": { "description": "The key for the app state. Acts as a point of reference for what the app is providing state for. For example, when providing managed configuration feedback, this key could be the managed configuration key.", "type": "string" }, "severity": { "description": "The severity of the app state.", "type": "string", "enumDescriptions": [ "Unspecified severity level.", "Information severity level.", "Error severity level. This should only be set for genuine error conditions that a management organization needs to take action to fix." ], "enum": [ "SEVERITY_UNSPECIFIED", "INFO", "ERROR" ] }, "message": { "description": "Optionally, a free-form message string to explain the app state. If the state was triggered by a particular value (e.g. a managed configuration value), it should be included in the message.", "type": "string" }, "data": { "description": "Optionally, a machine-readable value to be read by the EMM. For example, setting values that the admin can choose to query against in the EMM console (e.g. “notify me if the battery_warning data \u003c 10”).", "type": "string" }, "createTime": { "description": "The creation time of the app state on the device.", "type": "string", "format": "google-datetime" }, "lastUpdateTime": { "description": "The time the app state was most recently updated.", "type": "string", "format": "google-datetime" } } }, "NetworkInfo": { "id": "NetworkInfo", "description": "Device network info.", "type": "object", "properties": { "imei": { "description": "IMEI number of the GSM device. For example, A1000031212.", "type": "string" }, "meid": { "description": "MEID number of the CDMA device. For example, A00000292788E1.", "type": "string" }, "wifiMacAddress": { "description": "Wi-Fi MAC address of the device. For example, 7c:11:11:11:11:11.", "type": "string" }, "networkOperatorName": { "description": "Alphabetic name of current registered operator. For example, Vodafone.", "deprecated": true, "type": "string" }, "telephonyInfos": { "description": "Provides telephony information associated with each SIM card on the device. Only supported on fully managed devices starting from Android API level 23.", "type": "array", "items": { "$ref": "TelephonyInfo" } } } }, "TelephonyInfo": { "id": "TelephonyInfo", "description": "Telephony information associated with a given SIM card on the device. Only supported on fully managed devices starting from Android API level 23.", "type": "object", "properties": { "phoneNumber": { "description": "The phone number associated with this SIM card.", "type": "string" }, "carrierName": { "description": "The carrier name associated with this SIM card.", "type": "string" } } }, "MemoryInfo": { "id": "MemoryInfo", "description": "Information about device memory and storage.", "type": "object", "properties": { "totalRam": { "description": "Total RAM on device in bytes.", "type": "string", "format": "int64" }, "totalInternalStorage": { "description": "Total internal storage on device in bytes.", "type": "string", "format": "int64" } } }, "MemoryEvent": { "id": "MemoryEvent", "description": "An event related to memory and storage measurements.To distinguish between new and old events, we recommend using the createTime field.", "type": "object", "properties": { "eventType": { "description": "Event type.", "type": "string", "enumDescriptions": [ "Unspecified. No events have this type.", "Free space in RAM was measured.", "Free space in internal storage was measured.", "A new external storage medium was detected. The reported byte count is the total capacity of the storage medium.", "An external storage medium was removed. The reported byte count is zero.", "Free space in an external storage medium was measured." ], "enum": [ "MEMORY_EVENT_TYPE_UNSPECIFIED", "RAM_MEASURED", "INTERNAL_STORAGE_MEASURED", "EXTERNAL_STORAGE_DETECTED", "EXTERNAL_STORAGE_REMOVED", "EXTERNAL_STORAGE_MEASURED" ] }, "createTime": { "description": "The creation time of the event.", "type": "string", "format": "google-datetime" }, "byteCount": { "description": "The number of free bytes in the medium, or for EXTERNAL_STORAGE_DETECTED, the total capacity in bytes of the storage medium.", "type": "string", "format": "int64" } } }, "PowerManagementEvent": { "id": "PowerManagementEvent", "description": "A power management event.", "type": "object", "properties": { "eventType": { "description": "Event type.", "type": "string", "enumDescriptions": [ "Unspecified. No events have this type.", "Battery level was measured.", "The device started charging.", "The device stopped charging.", "The device entered low-power mode.", "The device exited low-power mode.", "The device booted.", "The device shut down." ], "enum": [ "POWER_MANAGEMENT_EVENT_TYPE_UNSPECIFIED", "BATTERY_LEVEL_COLLECTED", "POWER_CONNECTED", "POWER_DISCONNECTED", "BATTERY_LOW", "BATTERY_OKAY", "BOOT_COMPLETED", "SHUTDOWN" ] }, "createTime": { "description": "The creation time of the event.", "type": "string", "format": "google-datetime" }, "batteryLevel": { "description": "For BATTERY_LEVEL_COLLECTED events, the battery level as a percentage.", "type": "number", "format": "float" } } }, "HardwareStatus": { "id": "HardwareStatus", "description": "Hardware status. Temperatures may be compared to the temperature thresholds available in hardwareInfo to determine hardware health.", "type": "object", "properties": { "createTime": { "description": "The time the measurements were taken.", "type": "string", "format": "google-datetime" }, "batteryTemperatures": { "description": "Current battery temperatures in Celsius for each battery on the device.", "type": "array", "items": { "type": "number", "format": "float" } }, "cpuTemperatures": { "description": "Current CPU temperatures in Celsius for each CPU on the device.", "type": "array", "items": { "type": "number", "format": "float" } }, "gpuTemperatures": { "description": "Current GPU temperatures in Celsius for each GPU on the device.", "type": "array", "items": { "type": "number", "format": "float" } }, "skinTemperatures": { "description": "Current device skin temperatures in Celsius.", "type": "array", "items": { "type": "number", "format": "float" } }, "fanSpeeds": { "description": "Fan speeds in RPM for each fan on the device. Empty array means that there are no fans or fan speed is not supported on the system.", "type": "array", "items": { "type": "number", "format": "float" } }, "cpuUsages": { "description": "CPU usages in percentage for each core available on the device. Usage is 0 for each unplugged core. Empty array implies that CPU usage is not supported in the system.", "type": "array", "items": { "type": "number", "format": "float" } } } }, "DeviceSettings": { "id": "DeviceSettings", "description": "Information about security related device settings on device.", "type": "object", "properties": { "isDeviceSecure": { "description": "Whether the device is secured with PIN/password.", "type": "boolean" }, "unknownSourcesEnabled": { "description": "Whether installing apps from unknown sources is enabled.", "type": "boolean" }, "developmentSettingsEnabled": { "description": "Whether developer mode is enabled on the device.", "type": "boolean" }, "adbEnabled": { "description": "Whether ADB (https://developer.android.com/studio/command-line/adb.html) is enabled on the device.", "type": "boolean" }, "isEncrypted": { "description": "Whether the storage encryption is enabled.", "type": "boolean" }, "encryptionStatus": { "description": "Encryption status from DevicePolicyManager.", "type": "string", "enumDescriptions": [ "Unspecified. No device should have this type.", "Encryption is not supported by the device.", "Encryption is supported by the device, but is not currently active.", "Encryption is not currently active, but is currently being activated.", "Encryption is active.", "Encryption is active, but an encryption key is not set by the user.", "Encryption is active, and the encryption key is tied to the user profile." ], "enum": [ "ENCRYPTION_STATUS_UNSPECIFIED", "UNSUPPORTED", "INACTIVE", "ACTIVATING", "ACTIVE", "ACTIVE_DEFAULT_KEY", "ACTIVE_PER_USER" ] }, "verifyAppsEnabled": { "description": "Whether Google Play Protect verification (https://support.google.com/accounts/answer/2812853) is enforced on the device.", "type": "boolean" } } }, "SecurityPosture": { "id": "SecurityPosture", "description": "The security posture of the device, as determined by the current device state and the policies applied.", "type": "object", "properties": { "devicePosture": { "description": "Device's security posture value.", "type": "string", "enumDescriptions": [ "Unspecified. There is no posture detail for this posture value.", "This device is secure.", "This device may be more vulnerable to malicious actors than is recommended for use with corporate data.", "This device may be compromised and corporate data may be accessible to unauthorized actors." ], "enum": [ "POSTURE_UNSPECIFIED", "SECURE", "AT_RISK", "POTENTIALLY_COMPROMISED" ] }, "postureDetails": { "description": "Additional details regarding the security posture of the device.", "type": "array", "items": { "$ref": "PostureDetail" } } } }, "PostureDetail": { "id": "PostureDetail", "description": "Additional details regarding the security posture of the device.", "type": "object", "properties": { "securityRisk": { "description": "A specific security risk that negatively affects the security posture of the device.", "type": "string", "enumDescriptions": [ "Unspecified.", "Play Integrity API detects that the device is running an unknown OS (basicIntegrity check succeeds but ctsProfileMatch fails).", "Play Integrity API detects that the device is running a compromised OS (basicIntegrity check fails).", "Play Integrity API detects that the device does not have a strong guarantee of system integrity, if the MEETS_STRONG_INTEGRITY label doesn't show in the device integrity field (https://developer.android.com/google/play/integrity/verdicts#device-integrity-field)." ], "enum": [ "SECURITY_RISK_UNSPECIFIED", "UNKNOWN_OS", "COMPROMISED_OS", "HARDWARE_BACKED_EVALUATION_FAILED" ] }, "advice": { "description": "Corresponding admin-facing advice to mitigate this security risk and improve the security posture of the device.", "type": "array", "items": { "$ref": "UserFacingMessage" } } } }, "CommonCriteriaModeInfo": { "id": "CommonCriteriaModeInfo", "description": "Information about Common Criteria Mode—security standards defined in the Common Criteria for Information Technology Security Evaluation (https://www.commoncriteriaportal.org/) (CC).This information is only available if statusReportingSettings.commonCriteriaModeEnabled is true in the device's policy.", "type": "object", "properties": { "commonCriteriaModeStatus": { "description": "Whether Common Criteria Mode is enabled.", "type": "string", "enumDescriptions": [ "Unknown status.", "Common Criteria Mode is currently disabled.", "Common Criteria Mode is currently enabled." ], "enum": [ "COMMON_CRITERIA_MODE_STATUS_UNKNOWN", "COMMON_CRITERIA_MODE_DISABLED", "COMMON_CRITERIA_MODE_ENABLED" ] } } }, "PasswordRequirements": { "id": "PasswordRequirements", "description": "Requirements for the password used to unlock a device.", "type": "object", "properties": { "passwordMinimumLength": { "description": "The minimum allowed password length. A value of 0 means there is no restriction. Only enforced when password_quality is NUMERIC, NUMERIC_COMPLEX, ALPHABETIC, ALPHANUMERIC, or COMPLEX.", "type": "integer", "format": "int32" }, "passwordMinimumLetters": { "description": "Minimum number of letters required in the password. Only enforced when password_quality is COMPLEX.", "type": "integer", "format": "int32" }, "passwordMinimumLowerCase": { "description": "Minimum number of lower case letters required in the password. Only enforced when password_quality is COMPLEX.", "type": "integer", "format": "int32" }, "passwordMinimumNonLetter": { "description": "Minimum number of non-letter characters (numerical digits or symbols) required in the password. Only enforced when password_quality is COMPLEX.", "type": "integer", "format": "int32" }, "passwordMinimumNumeric": { "description": "Minimum number of numerical digits required in the password. Only enforced when password_quality is COMPLEX.", "type": "integer", "format": "int32" }, "passwordMinimumSymbols": { "description": "Minimum number of symbols required in the password. Only enforced when password_quality is COMPLEX.", "type": "integer", "format": "int32" }, "passwordMinimumUpperCase": { "description": "Minimum number of upper case letters required in the password. Only enforced when password_quality is COMPLEX.", "type": "integer", "format": "int32" }, "passwordQuality": { "description": "The required password quality.", "type": "string", "enumDescriptions": [ "There are no password requirements.", "The device must be secured with a low-security biometric recognition technology, at minimum. This includes technologies that can recognize the identity of an individual that are roughly equivalent to a 3-digit PIN (false detection is less than 1 in 1,000).This, when applied on personally owned work profile devices on Android 12 device-scoped, will be treated as COMPLEXITY_LOW for application. See PasswordQuality for details.", "A password is required, but there are no restrictions on what the password must contain.This, when applied on personally owned work profile devices on Android 12 device-scoped, will be treated as COMPLEXITY_LOW for application. See PasswordQuality for details.", "The password must contain numeric characters.This, when applied on personally owned work profile devices on Android 12 device-scoped, will be treated as COMPLEXITY_MEDIUM for application. See PasswordQuality for details.", "The password must contain numeric characters with no repeating (4444) or ordered (1234, 4321, 2468) sequences.This, when applied on personally owned work profile devices on Android 12 device-scoped, will be treated as COMPLEXITY_MEDIUM for application. See PasswordQuality for details.", "The password must contain alphabetic (or symbol) characters.This, when applied on personally owned work profile devices on Android 12 device-scoped, will be treated as COMPLEXITY_HIGH for application. See PasswordQuality for details.", "The password must contain both numeric and alphabetic (or symbol) characters.This, when applied on personally owned work profile devices on Android 12 device-scoped, will be treated as COMPLEXITY_HIGH for application. See PasswordQuality for details.", "The password must meet the minimum requirements specified in passwordMinimumLength, passwordMinimumLetters, passwordMinimumSymbols, etc. For example, if passwordMinimumSymbols is 2, the password must contain at least two symbols.This, when applied on personally owned work profile devices on Android 12 device-scoped, will be treated as COMPLEXITY_HIGH for application. In this case, the requirements in passwordMinimumLength, passwordMinimumLetters, passwordMinimumSymbols, etc are not applied. See PasswordQuality for details.", "Define the low password complexity band as: pattern PIN with repeating (4444) or ordered (1234, 4321, 2468) sequencesThis sets the minimum complexity band which the password must meet.Enforcement varies among different Android versions, management modes and password scopes. See PasswordQuality for details.", "Define the medium password complexity band as: PIN with no repeating (4444) or ordered (1234, 4321, 2468) sequences, length at least 4 alphabetic, length at least 4 alphanumeric, length at least 4This sets the minimum complexity band which the password must meet.Enforcement varies among different Android versions, management modes and password scopes. See PasswordQuality for details.", "Define the high password complexity band as:On Android 12 and above: PIN with no repeating (4444) or ordered (1234, 4321, 2468) sequences, length at least 8 alphabetic, length at least 6 alphanumeric, length at least 6This sets the minimum complexity band which the password must meet.Enforcement varies among different Android versions, management modes and password scopes. See PasswordQuality for details." ], "enum": [ "PASSWORD_QUALITY_UNSPECIFIED", "BIOMETRIC_WEAK", "SOMETHING", "NUMERIC", "NUMERIC_COMPLEX", "ALPHABETIC", "ALPHANUMERIC", "COMPLEX", "COMPLEXITY_LOW", "COMPLEXITY_MEDIUM", "COMPLEXITY_HIGH" ] }, "passwordHistoryLength": { "description": "The length of the password history. After setting this field, the user won't be able to enter a new password that is the same as any password in the history. A value of 0 means there is no restriction.", "type": "integer", "format": "int32" }, "maximumFailedPasswordsForWipe": { "description": "Number of incorrect device-unlock passwords that can be entered before a device is wiped. A value of 0 means there is no restriction.", "type": "integer", "format": "int32" }, "passwordExpirationTimeout": { "description": "Password expiration timeout.", "type": "string", "format": "google-duration" }, "passwordScope": { "description": "The scope that the password requirement applies to.", "type": "string", "enumDescriptions": [ "The scope is unspecified. The password requirements are applied to the work profile for work profile devices and the whole device for fully managed or dedicated devices.", "The password requirements are only applied to the device.", "The password requirements are only applied to the work profile." ], "enum": [ "SCOPE_UNSPECIFIED", "SCOPE_DEVICE", "SCOPE_PROFILE" ] }, "requirePasswordUnlock": { "description": "The length of time after a device or work profile is unlocked using a strong form of authentication (password, PIN, pattern) that it can be unlocked using any other authentication method (e.g. fingerprint, trust agents, face). After the specified time period elapses, only strong forms of authentication can be used to unlock the device or work profile.", "type": "string", "enumDescriptions": [ "Unspecified. Defaults to USE_DEFAULT_DEVICE_TIMEOUT.", "The timeout period is set to the device’s default.", "The timeout period is set to 24 hours." ], "enum": [ "REQUIRE_PASSWORD_UNLOCK_UNSPECIFIED", "USE_DEFAULT_DEVICE_TIMEOUT", "REQUIRE_EVERY_DAY" ] }, "unifiedLockSettings": { "description": "Controls whether a unified lock is allowed for the device and the work profile, on devices running Android 9 and above with a work profile. This can be set only if password_scope is set to SCOPE_PROFILE, the policy will be rejected otherwise. If user has not set a separate work lock and this field is set to REQUIRE_SEPARATE_WORK_LOCK, a NonComplianceDetail is reported with nonComplianceReason set to USER_ACTION.", "type": "string", "enumDescriptions": [ "Unspecified. Defaults to ALLOW_UNIFIED_WORK_AND_PERSONAL_LOCK.", "A common lock for the device and the work profile is allowed.", "A separate lock for the work profile is required." ], "enum": [ "UNIFIED_LOCK_SETTINGS_UNSPECIFIED", "ALLOW_UNIFIED_WORK_AND_PERSONAL_LOCK", "REQUIRE_SEPARATE_WORK_LOCK" ] } } }, "DpcMigrationInfo": { "id": "DpcMigrationInfo", "description": "Information related to whether this device was migrated from being managed by another Device Policy Controller (DPC).", "type": "object", "properties": { "previousDpc": { "description": "Output only. If this device was migrated from another DPC, this is its package name. Not populated otherwise.", "readOnly": true, "type": "string" }, "additionalData": { "description": "Output only. If this device was migrated from another DPC, the additionalData field of the migration token is populated here.", "readOnly": true, "type": "string" } } }, "ListDevicesResponse": { "id": "ListDevicesResponse", "description": "Response to a request to list devices for a given enterprise.", "type": "object", "properties": { "devices": { "description": "The list of devices.", "type": "array", "items": { "$ref": "Device" } }, "nextPageToken": { "description": "If there are more results, a token to retrieve next page of results.", "type": "string" } } }, "Policy": { "id": "Policy", "description": "A policy resource represents a group of settings that govern the behavior of a managed device and the apps installed on it.", "type": "object", "properties": { "name": { "description": "The name of the policy in the form enterprises/{enterpriseId}/policies/{policyId}.", "type": "string" }, "version": { "description": "The version of the policy. This is a read-only field. The version is incremented each time the policy is updated.", "type": "string", "format": "int64" }, "applications": { "description": "Policy applied to apps. This can have at most 3,000 elements.", "type": "array", "items": { "$ref": "ApplicationPolicy" } }, "maximumTimeToLock": { "description": "Maximum time in milliseconds for user activity until the device locks. A value of 0 means there is no restriction.", "type": "string", "format": "int64" }, "screenCaptureDisabled": { "description": "Whether screen capture is disabled.", "type": "boolean" }, "cameraDisabled": { "description": "If camera_access is set to any value other than CAMERA_ACCESS_UNSPECIFIED, this has no effect. Otherwise this field controls whether cameras are disabled: If true, all cameras are disabled, otherwise they are available. For fully managed devices this field applies for all apps on the device. For work profiles, this field applies only to apps in the work profile, and the camera access of apps outside the work profile is unaffected.", "deprecated": true, "type": "boolean" }, "keyguardDisabledFeatures": { "description": "Disabled keyguard customizations, such as widgets.", "type": "array", "items": { "type": "string", "enumDescriptions": [ "This value is ignored.", "Disable the camera on secure keyguard screens (e.g. PIN).", "Disable showing all notifications on secure keyguard screens.", "Disable unredacted notifications on secure keyguard screens.", "Ignore trust agent state on secure keyguard screens.", "Disable fingerprint sensor on secure keyguard screens.", "On devices running Android 6 and below, disables text entry into notifications on secure keyguard screens. Has no effect on Android 7 and above.", "Disable face authentication on secure keyguard screens.", "Disable iris authentication on secure keyguard screens.", "Disable all biometric authentication on secure keyguard screens.", "Disable all shortcuts on secure keyguard screen on Android 14 and above.", "Disable all current and future keyguard customizations." ], "enum": [ "KEYGUARD_DISABLED_FEATURE_UNSPECIFIED", "CAMERA", "NOTIFICATIONS", "UNREDACTED_NOTIFICATIONS", "TRUST_AGENTS", "DISABLE_FINGERPRINT", "DISABLE_REMOTE_INPUT", "FACE", "IRIS", "BIOMETRICS", "SHORTCUTS", "ALL_FEATURES" ] } }, "defaultPermissionPolicy": { "description": "The default permission policy for runtime permission requests.", "type": "string", "enumDescriptions": [ "Policy not specified. If no policy is specified for a permission at any level, then the PROMPT behavior is used by default.", "Prompt the user to grant a permission.", "Automatically grant a permission.On Android 12 and above, Manifest.permission.READ_SMS (https://developer.android.com/reference/android/Manifest.permission#READ_SMS) and following sensor-related permissions can only be granted on fully managed devices: Manifest.permission.ACCESS_FINE_LOCATION (https://developer.android.com/reference/android/Manifest.permission#ACCESS_FINE_LOCATION) Manifest.permission.ACCESS_BACKGROUND_LOCATION (https://developer.android.com/reference/android/Manifest.permission#ACCESS_BACKGROUND_LOCATION) Manifest.permission.ACCESS_COARSE_LOCATION (https://developer.android.com/reference/android/Manifest.permission#ACCESS_COARSE_LOCATION) Manifest.permission.CAMERA (https://developer.android.com/reference/android/Manifest.permission#CAMERA) Manifest.permission.RECORD_AUDIO (https://developer.android.com/reference/android/Manifest.permission#RECORD_AUDIO) Manifest.permission.ACTIVITY_RECOGNITION (https://developer.android.com/reference/android/Manifest.permission#ACTIVITY_RECOGNITION) Manifest.permission.BODY_SENSORS (https://developer.android.com/reference/android/Manifest.permission#BODY_SENSORS)", "Automatically deny a permission." ], "enum": [ "PERMISSION_POLICY_UNSPECIFIED", "PROMPT", "GRANT", "DENY" ] }, "persistentPreferredActivities": { "description": "Default intent handler activities.", "type": "array", "items": { "$ref": "PersistentPreferredActivity" } }, "openNetworkConfiguration": { "description": "Network configuration for the device. See configure networks for more information.", "type": "object", "additionalProperties": { "type": "any", "description": "Properties of the object." } }, "systemUpdate": { "description": "The system update policy, which controls how OS updates are applied. If the update type is WINDOWED, the update window will automatically apply to Play app updates as well.Note: Google Play system updates (https://source.android.com/docs/core/ota/modular-system) (also called Mainline updates) are automatically downloaded and require a device reboot to be installed. Refer to the mainline section in Manage system updates (https://developer.android.com/work/dpc/system-updates#mainline) for further details.", "$ref": "SystemUpdate" }, "accountTypesWithManagementDisabled": { "description": "Account types that can't be managed by the user.", "type": "array", "items": { "type": "string" } }, "addUserDisabled": { "description": "Whether adding new users and profiles is disabled.", "type": "boolean" }, "adjustVolumeDisabled": { "description": "Whether adjusting the master volume is disabled. Also mutes the device.", "type": "boolean" }, "factoryResetDisabled": { "description": "Whether factory resetting from settings is disabled.", "type": "boolean" }, "installAppsDisabled": { "description": "Whether user installation of apps is disabled.", "type": "boolean" }, "mountPhysicalMediaDisabled": { "description": "Whether the user mounting physical external media is disabled.", "type": "boolean" }, "modifyAccountsDisabled": { "description": "Whether adding or removing accounts is disabled.", "type": "boolean" }, "safeBootDisabled": { "description": "Whether rebooting the device into safe boot is disabled.", "deprecated": true, "type": "boolean" }, "uninstallAppsDisabled": { "description": "Whether user uninstallation of applications is disabled. This prevents apps from being uninstalled, even those removed using applications", "type": "boolean" }, "statusBarDisabled": { "description": "Whether the status bar is disabled. This disables notifications, quick settings, and other screen overlays that allow escape from full-screen mode. DEPRECATED. To disable the status bar on a kiosk device, use InstallType KIOSK or kioskCustomLauncherEnabled.", "deprecated": true, "type": "boolean" }, "keyguardDisabled": { "description": "If true, this disables the Lock Screen (https://source.android.com/docs/core/display/multi_display/lock-screen) for primary and/or secondary displays.", "type": "boolean" }, "minimumApiLevel": { "description": "The minimum allowed Android API level.", "type": "integer", "format": "int32" }, "statusReportingSettings": { "description": "Status reporting settings", "$ref": "StatusReportingSettings" }, "bluetoothContactSharingDisabled": { "description": "Whether bluetooth contact sharing is disabled.", "type": "boolean" }, "shortSupportMessage": { "description": "A message displayed to the user in the settings screen wherever functionality has been disabled by the admin. If the message is longer than 200 characters it may be truncated.", "$ref": "UserFacingMessage" }, "longSupportMessage": { "description": "A message displayed to the user in the device administators settings screen.", "$ref": "UserFacingMessage" }, "passwordRequirements": { "description": "Password requirements. The field password_requirements.require_password_unlock must not be set. DEPRECATED - Use passwordPolicies.Note:Complexity-based values of PasswordQuality, that is, COMPLEXITY_LOW, COMPLEXITY_MEDIUM, and COMPLEXITY_HIGH, cannot be used here. unified_lock_settings cannot be used here.", "deprecated": true, "$ref": "PasswordRequirements" }, "wifiConfigsLockdownEnabled": { "description": "DEPRECATED - Use wifi_config_disabled.", "deprecated": true, "type": "boolean" }, "bluetoothConfigDisabled": { "description": "Whether configuring bluetooth is disabled.", "type": "boolean" }, "cellBroadcastsConfigDisabled": { "description": "Whether configuring cell broadcast is disabled.", "type": "boolean" }, "credentialsConfigDisabled": { "description": "Whether configuring user credentials is disabled.", "type": "boolean" }, "mobileNetworksConfigDisabled": { "description": "Whether configuring mobile networks is disabled.", "type": "boolean" }, "tetheringConfigDisabled": { "description": "Whether configuring tethering and portable hotspots is disabled. If tetheringSettings is set to anything other than TETHERING_SETTINGS_UNSPECIFIED, this setting is ignored.", "deprecated": true, "type": "boolean" }, "vpnConfigDisabled": { "description": "Whether configuring VPN is disabled.", "type": "boolean" }, "wifiConfigDisabled": { "description": "Whether configuring Wi-Fi networks is disabled. Supported on fully managed devices and work profiles on company-owned devices. For fully managed devices, setting this to true removes all configured networks and retains only the networks configured using openNetworkConfiguration. For work profiles on company-owned devices, existing configured networks are not affected and the user is not allowed to add, remove, or modify Wi-Fi networks. If configureWifi is set to anything other than CONFIGURE_WIFI_UNSPECIFIED, this setting is ignored. Note: If a network connection can't be made at boot time and configuring Wi-Fi is disabled then network escape hatch will be shown in order to refresh the device policy (see networkEscapeHatchEnabled).", "deprecated": true, "type": "boolean" }, "createWindowsDisabled": { "description": "Whether creating windows besides app windows is disabled.", "type": "boolean" }, "networkResetDisabled": { "description": "Whether resetting network settings is disabled.", "type": "boolean" }, "outgoingBeamDisabled": { "description": "Whether using NFC to beam data from apps is disabled.", "type": "boolean" }, "outgoingCallsDisabled": { "description": "Whether outgoing calls are disabled.", "type": "boolean" }, "removeUserDisabled": { "description": "Whether removing other users is disabled.", "type": "boolean" }, "shareLocationDisabled": { "description": "Whether location sharing is disabled. share_location_disabled is supported for both fully managed devices and personally owned work profiles.", "type": "boolean" }, "smsDisabled": { "description": "Whether sending and receiving SMS messages is disabled.", "type": "boolean" }, "unmuteMicrophoneDisabled": { "description": "If microphone_access is set to any value other than MICROPHONE_ACCESS_UNSPECIFIED, this has no effect. Otherwise this field controls whether microphones are disabled: If true, all microphones are disabled, otherwise they are available. This is available only on fully managed devices.", "deprecated": true, "type": "boolean" }, "usbFileTransferDisabled": { "description": "Whether transferring files over USB is disabled. This is supported only on company-owned devices.", "deprecated": true, "type": "boolean" }, "ensureVerifyAppsEnabled": { "description": "Whether app verification is force-enabled.", "deprecated": true, "type": "boolean" }, "permittedInputMethods": { "description": "If present, only the input methods provided by packages in this list are permitted. If this field is present, but the list is empty, then only system input methods are permitted.", "$ref": "PackageNameList" }, "stayOnPluggedModes": { "description": "The battery plugged in modes for which the device stays on. When using this setting, it is recommended to clear maximum_time_to_lock so that the device doesn't lock itself while it stays on.", "type": "array", "items": { "type": "string", "enumDescriptions": [ "This value is ignored.", "Power source is an AC charger.", "Power source is a USB port.", "Power source is wireless." ], "enum": [ "BATTERY_PLUGGED_MODE_UNSPECIFIED", "AC", "USB", "WIRELESS" ] } }, "recommendedGlobalProxy": { "description": "The network-independent global HTTP proxy. Typically proxies should be configured per-network in open_network_configuration. However for unusual configurations like general internal filtering a global HTTP proxy may be useful. If the proxy is not accessible, network access may break. The global proxy is only a recommendation and some apps may ignore it.", "$ref": "ProxyInfo" }, "setUserIconDisabled": { "description": "Whether changing the user icon is disabled.", "type": "boolean" }, "setWallpaperDisabled": { "description": "Whether changing the wallpaper is disabled.", "type": "boolean" }, "choosePrivateKeyRules": { "description": "Rules for determining apps' access to private keys. See ChoosePrivateKeyRule for details. This must be empty if any application has CERT_SELECTION delegation scope.", "type": "array", "items": { "$ref": "ChoosePrivateKeyRule" } }, "alwaysOnVpnPackage": { "description": "Configuration for an always-on VPN connection. Use with vpn_config_disabled to prevent modification of this setting.", "$ref": "AlwaysOnVpnPackage" }, "frpAdminEmails": { "description": "Email addresses of device administrators for factory reset protection. When the device is factory reset, it will require one of these admins to log in with the Google account email and password to unlock the device. If no admins are specified, the device won't provide factory reset protection.", "type": "array", "items": { "type": "string" } }, "deviceOwnerLockScreenInfo": { "description": "The device owner information to be shown on the lock screen.", "$ref": "UserFacingMessage" }, "dataRoamingDisabled": { "description": "Whether roaming data services are disabled.", "type": "boolean" }, "locationMode": { "description": "The degree of location detection enabled.", "type": "string", "enumDescriptions": [ "Defaults to LOCATION_USER_CHOICE.", "On Android 8 and below, all location detection methods are enabled, including GPS, networks, and other sensors. On Android 9 and above, this is equivalent to LOCATION_ENFORCED.", "On Android 8 and below, only GPS and other sensors are enabled. On Android 9 and above, this is equivalent to LOCATION_ENFORCED.", "On Android 8 and below, only the network location provider is enabled. On Android 9 and above, this is equivalent to LOCATION_ENFORCED.", "On Android 8 and below, location setting and accuracy are disabled. On Android 9 and above, this is equivalent to LOCATION_DISABLED.", "Location setting is not restricted on the device. No specific behavior is set or enforced.", "Enable location setting on the device.", "Disable location setting on the device." ], "enumDeprecated": [ false, true, true, true, true, false, false, false ], "enum": [ "LOCATION_MODE_UNSPECIFIED", "HIGH_ACCURACY", "SENSORS_ONLY", "BATTERY_SAVING", "OFF", "LOCATION_USER_CHOICE", "LOCATION_ENFORCED", "LOCATION_DISABLED" ] }, "networkEscapeHatchEnabled": { "description": "Whether the network escape hatch is enabled. If a network connection can't be made at boot time, the escape hatch prompts the user to temporarily connect to a network in order to refresh the device policy. After applying policy, the temporary network will be forgotten and the device will continue booting. This prevents being unable to connect to a network if there is no suitable network in the last policy and the device boots into an app in lock task mode, or the user is otherwise unable to reach device settings.Note: Setting wifiConfigDisabled to true will override this setting under specific circumstances. Please see wifiConfigDisabled for further details. Setting configureWifi to DISALLOW_CONFIGURING_WIFI will override this setting under specific circumstances. Please see DISALLOW_CONFIGURING_WIFI for further details.", "type": "boolean" }, "bluetoothDisabled": { "description": "Whether bluetooth is disabled. Prefer this setting over bluetooth_config_disabled because bluetooth_config_disabled can be bypassed by the user.", "type": "boolean" }, "complianceRules": { "description": "Rules declaring which mitigating actions to take when a device is not compliant with its policy. When the conditions for multiple rules are satisfied, all of the mitigating actions for the rules are taken. There is a maximum limit of 100 rules. Use policy enforcement rules instead.", "deprecated": true, "type": "array", "items": { "$ref": "ComplianceRule" } }, "blockApplicationsEnabled": { "description": "Whether applications other than the ones configured in applications are blocked from being installed. When set, applications that were installed under a previous policy but no longer appear in the policy are automatically uninstalled.", "deprecated": true, "type": "boolean" }, "installUnknownSourcesAllowed": { "description": "This field has no effect.", "deprecated": true, "type": "boolean" }, "debuggingFeaturesAllowed": { "description": "Whether the user is allowed to enable debugging features.", "deprecated": true, "type": "boolean" }, "funDisabled": { "description": "Whether the user is allowed to have fun. Controls whether the Easter egg game in Settings is disabled.", "type": "boolean" }, "autoTimeRequired": { "description": "Whether auto time is required, which prevents the user from manually setting the date and time. If autoDateAndTimeZone is set, this field is ignored.", "deprecated": true, "type": "boolean" }, "permittedAccessibilityServices": { "description": "Specifies permitted accessibility services. If the field is not set, any accessibility service can be used. If the field is set, only the accessibility services in this list and the system's built-in accessibility service can be used. In particular, if the field is set to empty, only the system's built-in accessibility servicess can be used. This can be set on fully managed devices and on work profiles. When applied to a work profile, this affects both the personal profile and the work profile.", "$ref": "PackageNameList" }, "appAutoUpdatePolicy": { "description": "Recommended alternative: autoUpdateMode which is set per app, provides greater flexibility around update frequency.When autoUpdateMode is set to AUTO_UPDATE_POSTPONED or AUTO_UPDATE_HIGH_PRIORITY, this field has no effect.The app auto update policy, which controls when automatic app updates can be applied.", "type": "string", "enumDescriptions": [ "The auto-update policy is not set. Equivalent to CHOICE_TO_THE_USER.", "The user can control auto-updates.", "Apps are never auto-updated.", "Apps are auto-updated over Wi-Fi only.", "Apps are auto-updated at any time. Data charges may apply." ], "enum": [ "APP_AUTO_UPDATE_POLICY_UNSPECIFIED", "CHOICE_TO_THE_USER", "NEVER", "WIFI_ONLY", "ALWAYS" ] }, "kioskCustomLauncherEnabled": { "description": "Whether the kiosk custom launcher is enabled. This replaces the home screen with a launcher that locks down the device to the apps installed via the applications setting. Apps appear on a single page in alphabetical order. Use kioskCustomization to further configure the kiosk device behavior.", "type": "boolean" }, "androidDevicePolicyTracks": { "description": "This setting is not supported. Any value is ignored.", "deprecated": true, "type": "array", "items": { "type": "string", "enumDescriptions": [ "This value is ignored.", "The production track, which provides the latest stable release.", "The beta track, which provides the latest beta release." ], "enum": [ "APP_TRACK_UNSPECIFIED", "PRODUCTION", "BETA" ] } }, "skipFirstUseHintsEnabled": { "description": "Flag to skip hints on the first use. Enterprise admin can enable the system recommendation for apps to skip their user tutorial and other introductory hints on first start-up.", "type": "boolean" }, "privateKeySelectionEnabled": { "description": "Allows showing UI on a device for a user to choose a private key alias if there are no matching rules in ChoosePrivateKeyRules. For devices below Android P, setting this may leave enterprise keys vulnerable. This value will have no effect if any application has CERT_SELECTION delegation scope.", "type": "boolean" }, "encryptionPolicy": { "description": "Whether encryption is enabled", "type": "string", "enumDescriptions": [ "This value is ignored, i.e. no encryption required", "Encryption required but no password required to boot", "Encryption required with password required to boot" ], "enum": [ "ENCRYPTION_POLICY_UNSPECIFIED", "ENABLED_WITHOUT_PASSWORD", "ENABLED_WITH_PASSWORD" ] }, "usbMassStorageEnabled": { "description": "Whether USB storage is enabled. Deprecated.", "deprecated": true, "type": "boolean" }, "permissionGrants": { "description": "Explicit permission or group grants or denials for all apps. These values override the default_permission_policy.", "type": "array", "items": { "$ref": "PermissionGrant" } }, "playStoreMode": { "description": "This mode controls which apps are available to the user in the Play Store and the behavior on the device when apps are removed from the policy.", "type": "string", "enumDescriptions": [ "Unspecified. Defaults to WHITELIST.", "Only apps that are in the policy are available and any app not in the policy will be automatically uninstalled from the device.", "All apps are available and any app that should not be on the device should be explicitly marked as 'BLOCKED' in the applications policy." ], "enum": [ "PLAY_STORE_MODE_UNSPECIFIED", "WHITELIST", "BLACKLIST" ] }, "setupActions": { "description": "Action to take during the setup process. At most one action may be specified.", "type": "array", "items": { "$ref": "SetupAction" } }, "passwordPolicies": { "description": "Password requirement policies. Different policies can be set for work profile or fully managed devices by setting the password_scope field in the policy.", "type": "array", "items": { "$ref": "PasswordRequirements" } }, "policyEnforcementRules": { "description": "Rules that define the behavior when a particular policy can not be applied on device", "type": "array", "items": { "$ref": "PolicyEnforcementRule" } }, "kioskCustomization": { "description": "Settings controlling the behavior of a device in kiosk mode. To enable kiosk mode, set kioskCustomLauncherEnabled to true or specify an app in the policy with installType KIOSK.", "$ref": "KioskCustomization" }, "advancedSecurityOverrides": { "description": "Advanced security settings. In most cases, setting these is not needed.", "$ref": "AdvancedSecurityOverrides" }, "personalUsagePolicies": { "description": "Policies managing personal usage on a company-owned device.", "$ref": "PersonalUsagePolicies" }, "autoDateAndTimeZone": { "description": "Whether auto date, time, and time zone are enabled on a company-owned device. If this is set, then autoTimeRequired is ignored.", "type": "string", "enumDescriptions": [ "Unspecified. Defaults to AUTO_DATE_AND_TIME_ZONE_USER_CHOICE.", "Auto date, time, and time zone are left to user's choice.", "Enforce auto date, time, and time zone on the device." ], "enum": [ "AUTO_DATE_AND_TIME_ZONE_UNSPECIFIED", "AUTO_DATE_AND_TIME_ZONE_USER_CHOICE", "AUTO_DATE_AND_TIME_ZONE_ENFORCED" ] }, "oncCertificateProviders": { "description": "This feature is not generally available.", "type": "array", "items": { "$ref": "OncCertificateProvider" } }, "crossProfilePolicies": { "description": "Cross-profile policies applied on the device.", "$ref": "CrossProfilePolicies" }, "preferentialNetworkService": { "description": "Controls whether preferential network service is enabled on the work profile. For example, an organization may have an agreement with a carrier that all of the work data from its employees' devices will be sent via a network service dedicated for enterprise use. An example of a supported preferential network service is the enterprise slice on 5G networks. This has no effect on fully managed devices.", "type": "string", "enumDescriptions": [ "Unspecified. Defaults to PREFERENTIAL_NETWORK_SERVICES_DISABLED.", "Preferential network service is disabled on the work profile.", "Preferential network service is enabled on the work profile." ], "enum": [ "PREFERENTIAL_NETWORK_SERVICE_UNSPECIFIED", "PREFERENTIAL_NETWORK_SERVICE_DISABLED", "PREFERENTIAL_NETWORK_SERVICE_ENABLED" ] }, "usageLog": { "description": "Configuration of device activity logging.", "$ref": "UsageLog" }, "cameraAccess": { "description": "Controls the use of the camera and whether the user has access to the camera access toggle.", "type": "string", "enumDescriptions": [ "If camera_disabled is true, this is equivalent to CAMERA_ACCESS_DISABLED. Otherwise, this is equivalent to CAMERA_ACCESS_USER_CHOICE.", "The field camera_disabled is ignored. This is the default device behaviour: all cameras on the device are available. On Android 12 and above, the user can use the camera access toggle.", "The field camera_disabled is ignored. All cameras on the device are disabled (for fully managed devices, this applies device-wide and for work profiles this applies only to the work profile).There are no explicit restrictions placed on the camera access toggle on Android 12 and above: on fully managed devices, the camera access toggle has no effect as all cameras are disabled. On devices with a work profile, this toggle has no effect on apps in the work profile, but it affects apps outside the work profile.", "The field camera_disabled is ignored. All cameras on the device are available. On fully managed devices running Android 12 and above, the user is unable to use the camera access toggle. On devices which are not fully managed or which run Android 11 or below, this is equivalent to CAMERA_ACCESS_USER_CHOICE." ], "enum": [ "CAMERA_ACCESS_UNSPECIFIED", "CAMERA_ACCESS_USER_CHOICE", "CAMERA_ACCESS_DISABLED", "CAMERA_ACCESS_ENFORCED" ] }, "microphoneAccess": { "description": "Controls the use of the microphone and whether the user has access to the microphone access toggle. This applies only on fully managed devices.", "type": "string", "enumDescriptions": [ "If unmute_microphone_disabled is true, this is equivalent to MICROPHONE_ACCESS_DISABLED. Otherwise, this is equivalent to MICROPHONE_ACCESS_USER_CHOICE.", "The field unmute_microphone_disabled is ignored. This is the default device behaviour: the microphone on the device is available. On Android 12 and above, the user can use the microphone access toggle.", "The field unmute_microphone_disabled is ignored. The microphone on the device is disabled (for fully managed devices, this applies device-wide).The microphone access toggle has no effect as the microphone is disabled.", "The field unmute_microphone_disabled is ignored. The microphone on the device is available. On devices running Android 12 and above, the user is unable to use the microphone access toggle. On devices which run Android 11 or below, this is equivalent to MICROPHONE_ACCESS_USER_CHOICE." ], "enum": [ "MICROPHONE_ACCESS_UNSPECIFIED", "MICROPHONE_ACCESS_USER_CHOICE", "MICROPHONE_ACCESS_DISABLED", "MICROPHONE_ACCESS_ENFORCED" ] }, "deviceConnectivityManagement": { "description": "Covers controls for device connectivity such as Wi-Fi, USB data access, keyboard/mouse connections, and more.", "$ref": "DeviceConnectivityManagement" }, "deviceRadioState": { "description": "Covers controls for radio state such as Wi-Fi, bluetooth, and more.", "$ref": "DeviceRadioState" }, "credentialProviderPolicyDefault": { "description": "Controls which apps are allowed to act as credential providers on Android 14 and above. These apps store credentials, see this (https://developer.android.com/training/sign-in/passkeys) and this (https://developer.android.com/reference/androidx/credentials/CredentialManager) for details. See also credentialProviderPolicy.", "type": "string", "enumDescriptions": [ "Unspecified. Defaults to CREDENTIAL_PROVIDER_DEFAULT_DISALLOWED.", "Apps with credentialProviderPolicy unspecified are not allowed to act as a credential provider.", "Apps with credentialProviderPolicy unspecified are not allowed to act as a credential provider except for the OEM default credential providers. OEM default credential providers are always allowed to act as credential providers." ], "enum": [ "CREDENTIAL_PROVIDER_POLICY_DEFAULT_UNSPECIFIED", "CREDENTIAL_PROVIDER_DEFAULT_DISALLOWED", "CREDENTIAL_PROVIDER_DEFAULT_DISALLOWED_EXCEPT_SYSTEM" ] }, "printingPolicy": { "description": "Optional. Controls whether printing is allowed. This is supported on devices running Android 9 and above. .", "type": "string", "enumDescriptions": [ "Unspecified. Defaults to PRINTING_ALLOWED.", "Printing is disallowed. A nonComplianceDetail with API_LEVEL is reported if the Android version is less than 9.", "Printing is allowed." ], "enum": [ "PRINTING_POLICY_UNSPECIFIED", "PRINTING_DISALLOWED", "PRINTING_ALLOWED" ] } } }, "ApplicationPolicy": { "id": "ApplicationPolicy", "description": "Policy for an individual app. Note: Application availability on a given device cannot be changed using this policy if installAppsDisabled is enabled. The maximum number of applications that you can specify per policy is 3,000.", "type": "object", "properties": { "packageName": { "description": "The package name of the app. For example, com.google.android.youtube for the YouTube app.", "type": "string" }, "installType": { "description": "The type of installation to perform.", "type": "string", "enumDescriptions": [ "Unspecified. Defaults to AVAILABLE.", "The app is automatically installed and can be removed by the user.", "The app is automatically installed regardless of a set maintenance window and can't be removed by the user.", "The app is blocked and can't be installed. If the app was installed under a previous policy, it will be uninstalled. This also blocks its instant app functionality.", "The app is available to install.", "The app is automatically installed and can't be removed by the user and will prevent setup from completion until installation is complete.", "The app is automatically installed in kiosk mode: it's set as the preferred home intent and whitelisted for lock task mode. Device setup won't complete until the app is installed. After installation, users won't be able to remove the app. You can only set this installType for one app per policy. When this is present in the policy, status bar will be automatically disabled." ], "enum": [ "INSTALL_TYPE_UNSPECIFIED", "PREINSTALLED", "FORCE_INSTALLED", "BLOCKED", "AVAILABLE", "REQUIRED_FOR_SETUP", "KIOSK" ] }, "lockTaskAllowed": { "description": "Whether the app is allowed to lock itself in full-screen mode. DEPRECATED. Use InstallType KIOSK or kioskCustomLauncherEnabled to configure a dedicated device.", "deprecated": true, "type": "boolean" }, "defaultPermissionPolicy": { "description": "The default policy for all permissions requested by the app. If specified, this overrides the policy-level default_permission_policy which applies to all apps. It does not override the permission_grants which applies to all apps.", "type": "string", "enumDescriptions": [ "Policy not specified. If no policy is specified for a permission at any level, then the PROMPT behavior is used by default.", "Prompt the user to grant a permission.", "Automatically grant a permission.On Android 12 and above, Manifest.permission.READ_SMS (https://developer.android.com/reference/android/Manifest.permission#READ_SMS) and following sensor-related permissions can only be granted on fully managed devices: Manifest.permission.ACCESS_FINE_LOCATION (https://developer.android.com/reference/android/Manifest.permission#ACCESS_FINE_LOCATION) Manifest.permission.ACCESS_BACKGROUND_LOCATION (https://developer.android.com/reference/android/Manifest.permission#ACCESS_BACKGROUND_LOCATION) Manifest.permission.ACCESS_COARSE_LOCATION (https://developer.android.com/reference/android/Manifest.permission#ACCESS_COARSE_LOCATION) Manifest.permission.CAMERA (https://developer.android.com/reference/android/Manifest.permission#CAMERA) Manifest.permission.RECORD_AUDIO (https://developer.android.com/reference/android/Manifest.permission#RECORD_AUDIO) Manifest.permission.ACTIVITY_RECOGNITION (https://developer.android.com/reference/android/Manifest.permission#ACTIVITY_RECOGNITION) Manifest.permission.BODY_SENSORS (https://developer.android.com/reference/android/Manifest.permission#BODY_SENSORS)", "Automatically deny a permission." ], "enum": [ "PERMISSION_POLICY_UNSPECIFIED", "PROMPT", "GRANT", "DENY" ] }, "permissionGrants": { "description": "Explicit permission grants or denials for the app. These values override the default_permission_policy and permission_grants which apply to all apps.", "type": "array", "items": { "$ref": "PermissionGrant" } }, "managedConfiguration": { "description": "Managed configuration applied to the app. The format for the configuration is dictated by the ManagedProperty values supported by the app. Each field name in the managed configuration must match the key field of the ManagedProperty. The field value must be compatible with the type of the ManagedProperty: *type* *JSON value* BOOL true or false STRING string INTEGER number CHOICE string MULTISELECT array of strings HIDDEN string BUNDLE_ARRAY array of objects ", "type": "object", "additionalProperties": { "type": "any", "description": "Properties of the object." } }, "disabled": { "description": "Whether the app is disabled. When disabled, the app data is still preserved.", "type": "boolean" }, "minimumVersionCode": { "description": "The minimum version of the app that runs on the device. If set, the device attempts to update the app to at least this version code. If the app is not up-to-date, the device will contain a NonComplianceDetail with non_compliance_reason set to APP_NOT_UPDATED. The app must already be published to Google Play with a version code greater than or equal to this value. At most 20 apps may specify a minimum version code per policy.", "type": "integer", "format": "int32" }, "delegatedScopes": { "description": "The scopes delegated to the app from Android Device Policy. These provide additional privileges for the applications they are applied to.", "type": "array", "items": { "type": "string", "enumDescriptions": [ "No delegation scope specified.", "Grants access to certificate installation and management.", "Grants access to managed configurations management.", "Grants access to blocking uninstallation.", "Grants access to permission policy and permission grant state.", "Grants access to package access state.", "Grants access for enabling system apps.", "Grants access to network activity logs. Allows the delegated application to call setNetworkLoggingEnabled (https://developer.android.com/reference/android/app/admin/DevicePolicyManager#setNetworkLoggingEnabled%28android.content.ComponentName,%20boolean%29), isNetworkLoggingEnabled (https://developer.android.com/reference/android/app/admin/DevicePolicyManager#isNetworkLoggingEnabled%28android.content.ComponentName%29) and retrieveNetworkLogs (https://developer.android.com/reference/android/app/admin/DevicePolicyManager#retrieveNetworkLogs%28android.content.ComponentName,%20long%29) methods. This scope can be delegated to at most one application. Supported for fully managed devices on Android 10 and above. Supported for a work profile on Android 12 and above. When delegation is supported and set, NETWORK_ACTIVITY_LOGS is ignored.", "Grants access to security logs. Allows the delegated application to call setSecurityLoggingEnabled (https://developer.android.com/reference/android/app/admin/DevicePolicyManager#setSecurityLoggingEnabled%28android.content.ComponentName,%20boolean%29), isSecurityLoggingEnabled (https://developer.android.com/reference/android/app/admin/DevicePolicyManager#isSecurityLoggingEnabled%28android.content.ComponentName%29), retrieveSecurityLogs (https://developer.android.com/reference/android/app/admin/DevicePolicyManager#retrieveSecurityLogs%28android.content.ComponentName%29) and retrievePreRebootSecurityLogs (https://developer.android.com/reference/android/app/admin/DevicePolicyManager#retrievePreRebootSecurityLogs%28android.content.ComponentName%29) methods. This scope can be delegated to at most one application. Supported for fully managed devices and company-owned devices with a work profile on Android 12 and above. When delegation is supported and set, SECURITY_LOGS is ignored.", "Grants access to selection of KeyChain certificates on behalf of requesting apps. Once granted, the delegated application will start receiving DelegatedAdminReceiver#onChoosePrivateKeyAlias (https://developer.android.com/reference/android/app/admin/DelegatedAdminReceiver#onChoosePrivateKeyAlias%28android.content.Context,%20android.content.Intent,%20int,%20android.net.Uri,%20java.lang.String%29). Allows the delegated application to call grantKeyPairToApp (https://developer.android.com/reference/android/app/admin/DevicePolicyManager#grantKeyPairToApp%28android.content.ComponentName,%20java.lang.String,%20java.lang.String%29) and revokeKeyPairFromApp (https://developer.android.com/reference/android/app/admin/DevicePolicyManager#revokeKeyPairFromApp%28android.content.ComponentName,%20java.lang.String,%20java.lang.String%29) methods. There can be at most one app that has this delegation. choosePrivateKeyRules must be empty and privateKeySelectionEnabled has no effect if certificate selection is delegated to an application." ], "enum": [ "DELEGATED_SCOPE_UNSPECIFIED", "CERT_INSTALL", "MANAGED_CONFIGURATIONS", "BLOCK_UNINSTALL", "PERMISSION_GRANT", "PACKAGE_ACCESS", "ENABLE_SYSTEM_APP", "NETWORK_ACTIVITY_LOGS", "SECURITY_LOGS", "CERT_SELECTION" ] } }, "managedConfigurationTemplate": { "description": "The managed configurations template for the app, saved from the managed configurations iframe. This field is ignored if managed_configuration is set.", "$ref": "ManagedConfigurationTemplate" }, "accessibleTrackIds": { "description": "List of the app’s track IDs that a device belonging to the enterprise can access. If the list contains multiple track IDs, devices receive the latest version among all accessible tracks. If the list contains no track IDs, devices only have access to the app’s production track. More details about each track are available in AppTrackInfo.", "type": "array", "items": { "type": "string" } }, "connectedWorkAndPersonalApp": { "description": "Controls whether the app can communicate with itself across a device’s work and personal profiles, subject to user consent.", "type": "string", "enumDescriptions": [ "Unspecified. Defaults to CONNECTED_WORK_AND_PERSONAL_APPS_DISALLOWED.", "Default. Prevents the app from communicating cross-profile.", "Allows the app to communicate across profiles after receiving user consent." ], "enum": [ "CONNECTED_WORK_AND_PERSONAL_APP_UNSPECIFIED", "CONNECTED_WORK_AND_PERSONAL_APP_DISALLOWED", "CONNECTED_WORK_AND_PERSONAL_APP_ALLOWED" ] }, "autoUpdateMode": { "description": "Controls the auto-update mode for the app.", "type": "string", "enumDescriptions": [ "Unspecified. Defaults to AUTO_UPDATE_DEFAULT.", "The default update mode.The app is automatically updated with low priority to minimize the impact on the user.The app is updated when all of the following constraints are met: The device is not actively used. The device is connected to an unmetered network. The device is charging. The app to be updated is not running in the foreground.The device is notified about a new update within 24 hours after it is published by the developer, after which the app is updated the next time the constraints above are met.", "The app is not automatically updated for a maximum of 90 days after the app becomes out of date.90 days after the app becomes out of date, the latest available version is installed automatically with low priority (see AUTO_UPDATE_DEFAULT). After the app is updated it is not automatically updated again until 90 days after it becomes out of date again.The user can still manually update the app from the Play Store at any time.", "The app is updated as soon as possible. No constraints are applied.The device is notified as soon as possible about a new update after it becomes available." ], "enum": [ "AUTO_UPDATE_MODE_UNSPECIFIED", "AUTO_UPDATE_DEFAULT", "AUTO_UPDATE_POSTPONED", "AUTO_UPDATE_HIGH_PRIORITY" ] }, "extensionConfig": { "description": "Configuration to enable this app as an extension app, with the capability of interacting with Android Device Policy offline.This field can be set for at most one app.", "$ref": "ExtensionConfig" }, "alwaysOnVpnLockdownExemption": { "description": "Specifies whether the app is allowed networking when the VPN is not connected and alwaysOnVpnPackage.lockdownEnabled is enabled. If set to VPN_LOCKDOWN_ENFORCED, the app is not allowed networking, and if set to VPN_LOCKDOWN_EXEMPTION, the app is allowed networking. Only supported on devices running Android 10 and above. If this is not supported by the device, the device will contain a NonComplianceDetail with non_compliance_reason set to API_LEVEL and a fieldPath. If this is not applicable to the app, the device will contain a NonComplianceDetail with non_compliance_reason set to UNSUPPORTED and a fieldPath. The fieldPath is set to applications[i].alwaysOnVpnLockdownExemption, where i is the index of the package in the applications policy.", "type": "string", "enumDescriptions": [ "Unspecified. Defaults to VPN_LOCKDOWN_ENFORCED.", "The app respects the always-on VPN lockdown setting.", "The app is exempt from the always-on VPN lockdown setting." ], "enum": [ "ALWAYS_ON_VPN_LOCKDOWN_EXEMPTION_UNSPECIFIED", "VPN_LOCKDOWN_ENFORCED", "VPN_LOCKDOWN_EXEMPTION" ] }, "workProfileWidgets": { "description": "Specifies whether the app installed in the work profile is allowed to add widgets to the home screen.", "type": "string", "enumDescriptions": [ "Unspecified. Defaults to work_profile_widgets_default", "Work profile widgets are allowed. This means the application will be able to add widgets to the home screen.", "Work profile widgets are disallowed. This means the application will not be able to add widgets to the home screen." ], "enum": [ "WORK_PROFILE_WIDGETS_UNSPECIFIED", "WORK_PROFILE_WIDGETS_ALLOWED", "WORK_PROFILE_WIDGETS_DISALLOWED" ] }, "credentialProviderPolicy": { "description": "Optional. Whether the app is allowed to act as a credential provider on Android 14 and above.", "type": "string", "enumDescriptions": [ "Unspecified. The behaviour is governed by credentialProviderPolicyDefault.", "App is allowed to act as a credential provider." ], "enum": [ "CREDENTIAL_PROVIDER_POLICY_UNSPECIFIED", "CREDENTIAL_PROVIDER_ALLOWED" ] }, "installConstraint": { "description": "Optional. The constraints for installing the app. You can specify a maximum of one InstallConstraint. Multiple constraints are rejected.", "type": "array", "items": { "$ref": "InstallConstraint" } }, "installPriority": { "description": "Optional. Amongst apps with installType set to: FORCE_INSTALLED PREINSTALLEDthis controls the relative priority of installation. A value of 0 (default) means this app has no priority over other apps. For values between 1 and 10,000, a lower value means a higher priority. Values outside of the range 0 to 10,000 inclusive are rejected.", "type": "integer", "format": "int32" } } }, "PermissionGrant": { "id": "PermissionGrant", "description": "Configuration for an Android permission and its grant state.", "type": "object", "properties": { "permission": { "description": "The Android permission or group, e.g. android.permission.READ_CALENDAR or android.permission_group.CALENDAR.", "type": "string" }, "policy": { "description": "The policy for granting the permission.", "type": "string", "enumDescriptions": [ "Policy not specified. If no policy is specified for a permission at any level, then the PROMPT behavior is used by default.", "Prompt the user to grant a permission.", "Automatically grant a permission.On Android 12 and above, Manifest.permission.READ_SMS (https://developer.android.com/reference/android/Manifest.permission#READ_SMS) and following sensor-related permissions can only be granted on fully managed devices: Manifest.permission.ACCESS_FINE_LOCATION (https://developer.android.com/reference/android/Manifest.permission#ACCESS_FINE_LOCATION) Manifest.permission.ACCESS_BACKGROUND_LOCATION (https://developer.android.com/reference/android/Manifest.permission#ACCESS_BACKGROUND_LOCATION) Manifest.permission.ACCESS_COARSE_LOCATION (https://developer.android.com/reference/android/Manifest.permission#ACCESS_COARSE_LOCATION) Manifest.permission.CAMERA (https://developer.android.com/reference/android/Manifest.permission#CAMERA) Manifest.permission.RECORD_AUDIO (https://developer.android.com/reference/android/Manifest.permission#RECORD_AUDIO) Manifest.permission.ACTIVITY_RECOGNITION (https://developer.android.com/reference/android/Manifest.permission#ACTIVITY_RECOGNITION) Manifest.permission.BODY_SENSORS (https://developer.android.com/reference/android/Manifest.permission#BODY_SENSORS)", "Automatically deny a permission." ], "enum": [ "PERMISSION_POLICY_UNSPECIFIED", "PROMPT", "GRANT", "DENY" ] } } }, "ManagedConfigurationTemplate": { "id": "ManagedConfigurationTemplate", "description": "The managed configurations template for the app, saved from the managed configurations iframe.", "type": "object", "properties": { "templateId": { "description": "The ID of the managed configurations template.", "type": "string" }, "configurationVariables": { "description": "Optional, a map containing configuration variables defined for the configuration.", "type": "object", "additionalProperties": { "type": "string" } } } }, "ExtensionConfig": { "id": "ExtensionConfig", "description": "Configuration to enable an app as an extension app, with the capability of interacting with Android Device Policy offline. For Android versions 13 and above, extension apps are exempt from battery restrictions so will not be placed into the restricted App Standby Bucket (https://developer.android.com/topic/performance/appstandby#restricted-bucket). Extensions apps are also protected against users clearing their data or force-closing the application, although admins can continue to use the clear app data command on extension apps if needed for Android 13 and above.", "type": "object", "properties": { "signingKeyFingerprintsSha256": { "description": "Hex-encoded SHA-256 hash of the signing certificate of the extension app. Only hexadecimal string representations of 64 characters are valid.If not specified, the signature for the corresponding package name is obtained from the Play Store instead.If this list is empty, the signature of the extension app on the device must match the signature obtained from the Play Store for the app to be able to communicate with Android Device Policy.If this list is not empty, the signature of the extension app on the device must match one of the entries in this list for the app to be able to communicate with Android Device Policy.In production use cases, it is recommended to leave this empty.", "type": "array", "items": { "type": "string" } }, "notificationReceiver": { "description": "Fully qualified class name of the receiver service class for Android Device Policy to notify the extension app of any local command status updates.", "type": "string" } } }, "InstallConstraint": { "id": "InstallConstraint", "description": "Amongst apps with InstallType set to: FORCE_INSTALLED PREINSTALLEDthis defines a set of restrictions for the app installation. At least one of the fields must be set. When multiple fields are set, then all the constraints need to be satisfied for the app to be installed.", "type": "object", "properties": { "networkTypeConstraint": { "description": "Optional. Network type constraint.", "type": "string", "enumDescriptions": [ "Unspecified. Default to INSTALL_ON_ANY_NETWORK.", "Any active networks (Wi-Fi, cellular, etc.).", "Any unmetered network (e.g. Wi-FI)." ], "enum": [ "NETWORK_TYPE_CONSTRAINT_UNSPECIFIED", "INSTALL_ON_ANY_NETWORK", "INSTALL_ONLY_ON_UNMETERED_NETWORK" ] }, "chargingConstraint": { "description": "Optional. Charging constraint.", "type": "string", "enumDescriptions": [ "Unspecified. Default to CHARGING_NOT_REQUIRED.", "Device doesn't have to be charging.", "Device has to be charging." ], "enum": [ "CHARGING_CONSTRAINT_UNSPECIFIED", "CHARGING_NOT_REQUIRED", "INSTALL_ONLY_WHEN_CHARGING" ] }, "deviceIdleConstraint": { "description": "Optional. Device idle constraint.", "type": "string", "enumDescriptions": [ "Unspecified. Default to DEVICE_IDLE_NOT_REQUIRED.", "Device doesn't have to be idle, app can be installed while the user is interacting with the device.", "Device has to be idle." ], "enum": [ "DEVICE_IDLE_CONSTRAINT_UNSPECIFIED", "DEVICE_IDLE_NOT_REQUIRED", "INSTALL_ONLY_WHEN_DEVICE_IDLE" ] } } }, "PersistentPreferredActivity": { "id": "PersistentPreferredActivity", "description": "A default activity for handling intents that match a particular intent filter. Note: To set up a kiosk, use InstallType to KIOSK rather than use persistent preferred activities.", "type": "object", "properties": { "receiverActivity": { "description": "The activity that should be the default intent handler. This should be an Android component name, e.g. com.android.enterprise.app/.MainActivity. Alternatively, the value may be the package name of an app, which causes Android Device Policy to choose an appropriate activity from the app to handle the intent.", "type": "string" }, "actions": { "description": "The intent actions to match in the filter. If any actions are included in the filter, then an intent's action must be one of those values for it to match. If no actions are included, the intent action is ignored.", "type": "array", "items": { "type": "string" } }, "categories": { "description": "The intent categories to match in the filter. An intent includes the categories that it requires, all of which must be included in the filter in order to match. In other words, adding a category to the filter has no impact on matching unless that category is specified in the intent.", "type": "array", "items": { "type": "string" } } } }, "SystemUpdate": { "id": "SystemUpdate", "description": "Configuration for managing system updatesNote: Google Play system updates (https://source.android.com/docs/core/ota/modular-system) (also called Mainline updates) are automatically downloaded but require a device reboot to be installed. Refer to the mainline section in Manage system updates (https://developer.android.com/work/dpc/system-updates#mainline) for further details.", "type": "object", "properties": { "type": { "description": "The type of system update to configure.", "type": "string", "enumDescriptions": [ "Follow the default update behavior for the device, which typically requires the user to accept system updates.", "Install automatically as soon as an update is available.", "Install automatically within a daily maintenance window. This also configures Play apps to be updated within the window. This is strongly recommended for kiosk devices because this is the only way apps persistently pinned to the foreground can be updated by Play.If autoUpdateMode is set to AUTO_UPDATE_HIGH_PRIORITY for an app, then the maintenance window is ignored for that app and it is updated as soon as possible even outside of the maintenance window.", "Postpone automatic install up to a maximum of 30 days. This policy does not affect security updates (e.g. monthly security patches)." ], "enum": [ "SYSTEM_UPDATE_TYPE_UNSPECIFIED", "AUTOMATIC", "WINDOWED", "POSTPONE" ] }, "startMinutes": { "description": "If the type is WINDOWED, the start of the maintenance window, measured as the number of minutes after midnight in the device's local time. This value must be between 0 and 1439, inclusive.", "type": "integer", "format": "int32" }, "endMinutes": { "description": "If the type is WINDOWED, the end of the maintenance window, measured as the number of minutes after midnight in device's local time. This value must be between 0 and 1439, inclusive. If this value is less than start_minutes, then the maintenance window spans midnight. If the maintenance window specified is smaller than 30 minutes, the actual window is extended to 30 minutes beyond the start time.", "type": "integer", "format": "int32" }, "freezePeriods": { "description": "An annually repeating time period in which over-the-air (OTA) system updates are postponed to freeze the OS version running on a device. To prevent freezing the device indefinitely, each freeze period must be separated by at least 60 days.", "type": "array", "items": { "$ref": "FreezePeriod" } } } }, "FreezePeriod": { "id": "FreezePeriod", "description": "A system freeze period. When a device’s clock is within the freeze period, all incoming system updates (including security patches) are blocked and won’t be installed.When the device is outside any set freeze periods, the normal policy behavior (automatic, windowed, or postponed) applies.Leap years are ignored in freeze period calculations, in particular: If Feb. 29th is set as the start or end date of a freeze period, the freeze period will start or end on Feb. 28th instead. When a device’s system clock reads Feb. 29th, it’s treated as Feb. 28th. When calculating the number of days in a freeze period or the time between two freeze periods, Feb. 29th is ignored and not counted as a day.Note: For Freeze Periods to take effect, SystemUpdateType cannot be specified as SYSTEM_UPDATE_TYPE_UNSPECIFIED, because freeze periods require a defined policy to be specified.", "type": "object", "properties": { "startDate": { "description": "The start date (inclusive) of the freeze period. Note: year must not be set. For example, {\"month\": 1,\"date\": 30}.", "$ref": "Date" }, "endDate": { "description": "The end date (inclusive) of the freeze period. Must be no later than 90 days from the start date. If the end date is earlier than the start date, the freeze period is considered wrapping year-end. Note: year must not be set. For example, {\"month\": 1,\"date\": 30}.", "$ref": "Date" } } }, "Date": { "id": "Date", "description": "Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: A full date, with non-zero year, month, and day values. A month and day, with a zero year (for example, an anniversary). A year on its own, with a zero month and a zero day. A year and month, with a zero day (for example, a credit card expiration date).Related types: google.type.TimeOfDay google.type.DateTime google.protobuf.Timestamp", "type": "object", "properties": { "year": { "description": "Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.", "type": "integer", "format": "int32" }, "month": { "description": "Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.", "type": "integer", "format": "int32" }, "day": { "description": "Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.", "type": "integer", "format": "int32" } } }, "StatusReportingSettings": { "id": "StatusReportingSettings", "description": "Settings controlling the behavior of status reports.", "type": "object", "properties": { "applicationReportsEnabled": { "description": "Whether app reports are enabled.", "type": "boolean" }, "deviceSettingsEnabled": { "description": "Whether device settings reporting is enabled.", "type": "boolean" }, "softwareInfoEnabled": { "description": "Whether software info reporting is enabled.", "type": "boolean" }, "memoryInfoEnabled": { "description": "Whether memory event reporting is enabled.", "type": "boolean" }, "networkInfoEnabled": { "description": "Whether network info reporting is enabled.", "type": "boolean" }, "displayInfoEnabled": { "description": "Whether displays reporting is enabled. Report data is not available for personally owned devices with work profiles.", "type": "boolean" }, "powerManagementEventsEnabled": { "description": "Whether power management event reporting is enabled. Report data is not available for personally owned devices with work profiles.", "type": "boolean" }, "hardwareStatusEnabled": { "description": "Whether hardware status reporting is enabled. Report data is not available for personally owned devices with work profiles.", "type": "boolean" }, "systemPropertiesEnabled": { "description": "Whether system properties reporting is enabled.", "type": "boolean" }, "applicationReportingSettings": { "description": "Application reporting settings. Only applicable if application_reports_enabled is true.", "$ref": "ApplicationReportingSettings" }, "commonCriteriaModeEnabled": { "description": "Whether Common Criteria Mode reporting is enabled.", "type": "boolean" } } }, "ApplicationReportingSettings": { "id": "ApplicationReportingSettings", "description": "Settings controlling the behavior of application reports.", "type": "object", "properties": { "includeRemovedApps": { "description": "Whether removed apps are included in application reports.", "type": "boolean" } } }, "PackageNameList": { "id": "PackageNameList", "description": "A list of package names.", "type": "object", "properties": { "packageNames": { "description": "A list of package names.", "type": "array", "items": { "type": "string" } } } }, "ProxyInfo": { "id": "ProxyInfo", "description": "Configuration info for an HTTP proxy. For a direct proxy, set the host, port, and excluded_hosts fields. For a PAC script proxy, set the pac_uri field.", "type": "object", "properties": { "host": { "description": "The host of the direct proxy.", "type": "string" }, "port": { "description": "The port of the direct proxy.", "type": "integer", "format": "int32" }, "excludedHosts": { "description": "For a direct proxy, the hosts for which the proxy is bypassed. The host names may contain wildcards such as *.example.com.", "type": "array", "items": { "type": "string" } }, "pacUri": { "description": "The URI of the PAC script used to configure the proxy.", "type": "string" } } }, "ChoosePrivateKeyRule": { "id": "ChoosePrivateKeyRule", "description": "Controls apps' access to private keys. The rule determines which private key, if any, Android Device Policy grants to the specified app. Access is granted either when the app calls KeyChain.choosePrivateKeyAlias (https://developer.android.com/reference/android/security/KeyChain#choosePrivateKeyAlias%28android.app.Activity,%20android.security.KeyChainAliasCallback,%20java.lang.String[],%20java.security.Principal[],%20java.lang.String,%20int,%20java.lang.String%29) (or any overloads) to request a private key alias for a given URL, or for rules that are not URL-specific (that is, if urlPattern is not set, or set to the empty string or .*) on Android 11 and above, directly so that the app can call KeyChain.getPrivateKey (https://developer.android.com/reference/android/security/KeyChain#getPrivateKey%28android.content.Context,%20java.lang.String%29), without first having to call KeyChain.choosePrivateKeyAlias.When an app calls KeyChain.choosePrivateKeyAlias if more than one choosePrivateKeyRules matches, the last matching rule defines which key alias to return.", "type": "object", "properties": { "urlPattern": { "description": "The URL pattern to match against the URL of the request. If not set or empty, it matches all URLs. This uses the regular expression syntax of java.util.regex.Pattern.", "type": "string" }, "packageNames": { "description": "The package names to which this rule applies. The hash of the signing certificate for each app is verified against the hash provided by Play. If no package names are specified, then the alias is provided to all apps that call KeyChain.choosePrivateKeyAlias (https://developer.android.com/reference/android/security/KeyChain#choosePrivateKeyAlias%28android.app.Activity,%20android.security.KeyChainAliasCallback,%20java.lang.String[],%20java.security.Principal[],%20java.lang.String,%20int,%20java.lang.String%29) or any overloads (but not without calling KeyChain.choosePrivateKeyAlias, even on Android 11 and above). Any app with the same Android UID as a package specified here will have access when they call KeyChain.choosePrivateKeyAlias.", "type": "array", "items": { "type": "string" } }, "privateKeyAlias": { "description": "The alias of the private key to be used.", "type": "string" } } }, "AlwaysOnVpnPackage": { "id": "AlwaysOnVpnPackage", "description": "Configuration for an always-on VPN connection.", "type": "object", "properties": { "packageName": { "description": "The package name of the VPN app.", "type": "string" }, "lockdownEnabled": { "description": "Disallows networking when the VPN is not connected.", "type": "boolean" } } }, "ComplianceRule": { "id": "ComplianceRule", "deprecated": true, "description": "A rule declaring which mitigating actions to take when a device is not compliant with its policy. For every rule, there is always an implicit mitigating action to set policy_compliant to false for the Device resource, and display a message on the device indicating that the device is not compliant with its policy. Other mitigating actions may optionally be taken as well, depending on the field values in the rule.", "type": "object", "properties": { "nonComplianceDetailCondition": { "description": "A condition which is satisfied if there exists any matching NonComplianceDetail for the device.", "$ref": "NonComplianceDetailCondition" }, "apiLevelCondition": { "description": "A condition which is satisfied if the Android Framework API level on the device doesn't meet a minimum requirement.", "$ref": "ApiLevelCondition" }, "disableApps": { "description": "If set to true, the rule includes a mitigating action to disable apps so that the device is effectively disabled, but app data is preserved. If the device is running an app in locked task mode, the app will be closed and a UI showing the reason for non-compliance will be displayed.", "type": "boolean" }, "packageNamesToDisable": { "description": "If set, the rule includes a mitigating action to disable apps specified in the list, but app data is preserved.", "type": "array", "items": { "type": "string" } } } }, "NonComplianceDetailCondition": { "id": "NonComplianceDetailCondition", "deprecated": true, "description": "A compliance rule condition which is satisfied if there exists any matching NonComplianceDetail for the device. A NonComplianceDetail matches a NonComplianceDetailCondition if all the fields which are set within the NonComplianceDetailCondition match the corresponding NonComplianceDetail fields.", "type": "object", "properties": { "settingName": { "description": "The name of the policy setting. This is the JSON field name of a top-level Policy field. If not set, then this condition matches any setting name.", "type": "string" }, "nonComplianceReason": { "description": "The reason the device is not in compliance with the setting. If not set, then this condition matches any reason.", "type": "string", "enumDescriptions": [ "This value is disallowed.", "The setting is not supported in the API level of the Android version running on the device.", "The management mode (profile owner, device owner, etc.) doesn't support the setting.", "The user has not taken required action to comply with the setting.", "The setting has an invalid value.", "The app required to implement the policy is not installed.", "The policy is not supported by the version of Android Device Policy on the device.", "A blocked app is installed.", "The setting hasn't been applied at the time of the report, but is expected to be applied shortly.", "The setting can't be applied to the app because the app doesn't support it, for example because its target SDK version is not high enough.", "The app is installed, but it hasn't been updated to the minimum version code specified by policy.", "The device is incompatible with the policy requirements." ], "enum": [ "NON_COMPLIANCE_REASON_UNSPECIFIED", "API_LEVEL", "MANAGEMENT_MODE", "USER_ACTION", "INVALID_VALUE", "APP_NOT_INSTALLED", "UNSUPPORTED", "APP_INSTALLED", "PENDING", "APP_INCOMPATIBLE", "APP_NOT_UPDATED", "DEVICE_INCOMPATIBLE" ] }, "packageName": { "description": "The package name of the app that's out of compliance. If not set, then this condition matches any package name.", "type": "string" } } }, "ApiLevelCondition": { "id": "ApiLevelCondition", "deprecated": true, "description": "A compliance rule condition which is satisfied if the Android Framework API level on the device doesn't meet a minimum requirement. There can only be one rule with this type of condition per policy.", "type": "object", "properties": { "minApiLevel": { "description": "The minimum desired Android Framework API level. If the device doesn't meet the minimum requirement, this condition is satisfied. Must be greater than zero.", "type": "integer", "format": "int32" } } }, "SetupAction": { "id": "SetupAction", "description": "An action executed during setup.", "type": "object", "properties": { "launchApp": { "description": "An action to launch an app. The app will be launched with an intent containing an extra with key com.google.android.apps.work.clouddpc.EXTRA_LAUNCHED_AS_SETUP_ACTION set to the boolean value true to indicate that this is a setup action flow. If SetupAction references an app, the corresponding installType in the application policy must be set as REQUIRED_FOR_SETUP or said setup will fail.", "$ref": "LaunchAppAction" }, "title": { "description": "Title of this action.", "$ref": "UserFacingMessage" }, "description": { "description": "Description of this action.", "$ref": "UserFacingMessage" } } }, "LaunchAppAction": { "id": "LaunchAppAction", "description": "An action to launch an app.", "type": "object", "properties": { "packageName": { "description": "Package name of app to be launched", "type": "string" } } }, "PolicyEnforcementRule": { "id": "PolicyEnforcementRule", "description": "A rule that defines the actions to take if a device or work profile is not compliant with the policy specified in settingName. In the case of multiple matching or multiple triggered enforcement rules, a merge will occur with the most severe action being taken. However, all triggered rules are still kept track of: this includes initial trigger time and all associated non-compliance details. In the situation where the most severe enforcement rule is satisfied, the next most appropriate action is applied.", "type": "object", "properties": { "settingName": { "description": "The top-level policy to enforce. For example, applications or passwordPolicies.", "type": "string" }, "blockAction": { "description": "An action to block access to apps and data on a company owned device or in a work profile. This action also triggers a user-facing notification with information (where possible) on how to correct the compliance issue. Note: wipeAction must also be specified.", "$ref": "BlockAction" }, "wipeAction": { "description": "An action to reset a company owned device or delete a work profile. Note: blockAction must also be specified.", "$ref": "WipeAction" } } }, "BlockAction": { "id": "BlockAction", "description": "An action to block access to apps and data on a fully managed device or in a work profile. This action also triggers a device or work profile to displays a user-facing notification with information (where possible) on how to correct the compliance issue. Note: wipeAction must also be specified.", "type": "object", "properties": { "blockAfterDays": { "description": "Number of days the policy is non-compliant before the device or work profile is blocked. To block access immediately, set to 0. blockAfterDays must be less than wipeAfterDays.", "type": "integer", "format": "int32" }, "blockScope": { "description": "Specifies the scope of this BlockAction. Only applicable to devices that are company-owned.", "type": "string", "enumDescriptions": [ "Unspecified. Defaults to BLOCK_SCOPE_WORK_PROFILE.", "Block action is only applied to apps in the work profile. Apps in the personal profile are unaffected.", "Block action is applied to the entire device, including apps in the personal profile." ], "enum": [ "BLOCK_SCOPE_UNSPECIFIED", "BLOCK_SCOPE_WORK_PROFILE", "BLOCK_SCOPE_DEVICE" ] } } }, "WipeAction": { "id": "WipeAction", "description": "An action to reset a company owned device or delete a work profile. Note: blockAction must also be specified.", "type": "object", "properties": { "wipeAfterDays": { "description": "Number of days the policy is non-compliant before the device or work profile is wiped. wipeAfterDays must be greater than blockAfterDays.", "type": "integer", "format": "int32" }, "preserveFrp": { "description": "Whether the factory-reset protection data is preserved on the device. This setting doesn’t apply to work profiles.", "type": "boolean" } } }, "KioskCustomization": { "id": "KioskCustomization", "description": "Settings controlling the behavior of a device in kiosk mode. To enable kiosk mode, set kioskCustomLauncherEnabled to true or specify an app in the policy with installType KIOSK.", "type": "object", "properties": { "powerButtonActions": { "description": "Sets the behavior of a device in kiosk mode when a user presses and holds (long-presses) the Power button.", "type": "string", "enumDescriptions": [ "Unspecified, defaults to POWER_BUTTON_AVAILABLE.", "The power menu (e.g. Power off, Restart) is shown when a user long-presses the Power button of a device in kiosk mode.", "The power menu (e.g. Power off, Restart) is not shown when a user long-presses the Power button of a device in kiosk mode. Note: this may prevent users from turning off the device." ], "enum": [ "POWER_BUTTON_ACTIONS_UNSPECIFIED", "POWER_BUTTON_AVAILABLE", "POWER_BUTTON_BLOCKED" ] }, "systemErrorWarnings": { "description": "Specifies whether system error dialogs for crashed or unresponsive apps are blocked in kiosk mode. When blocked, the system will force-stop the app as if the user chooses the \"close app\" option on the UI.", "type": "string", "enumDescriptions": [ "Unspecified, defaults to ERROR_AND_WARNINGS_MUTED.", "All system error dialogs such as crash and app not responding (ANR) are displayed.", "All system error dialogs, such as crash and app not responding (ANR) are blocked. When blocked, the system force-stops the app as if the user closes the app from the UI." ], "enum": [ "SYSTEM_ERROR_WARNINGS_UNSPECIFIED", "ERROR_AND_WARNINGS_ENABLED", "ERROR_AND_WARNINGS_MUTED" ] }, "systemNavigation": { "description": "Specifies which navigation features are enabled (e.g. Home, Overview buttons) in kiosk mode.", "type": "string", "enumDescriptions": [ "Unspecified, defaults to NAVIGATION_DISABLED.", "Home and overview buttons are enabled.", "The home and Overview buttons are not accessible.", "Only the home button is enabled." ], "enum": [ "SYSTEM_NAVIGATION_UNSPECIFIED", "NAVIGATION_ENABLED", "NAVIGATION_DISABLED", "HOME_BUTTON_ONLY" ] }, "statusBar": { "description": "Specifies whether system info and notifications are disabled in kiosk mode.", "type": "string", "enumDescriptions": [ "Unspecified, defaults to INFO_AND_NOTIFICATIONS_DISABLED.", "System info and notifications are shown on the status bar in kiosk mode.Note: For this policy to take effect, the device's home button must be enabled using kioskCustomization.systemNavigation.", "System info and notifications are disabled in kiosk mode.", "Only system info is shown on the status bar." ], "enum": [ "STATUS_BAR_UNSPECIFIED", "NOTIFICATIONS_AND_SYSTEM_INFO_ENABLED", "NOTIFICATIONS_AND_SYSTEM_INFO_DISABLED", "SYSTEM_INFO_ONLY" ] }, "deviceSettings": { "description": "Specifies whether the Settings app is allowed in kiosk mode.", "type": "string", "enumDescriptions": [ "Unspecified, defaults to SETTINGS_ACCESS_ALLOWED.", "Access to the Settings app is allowed in kiosk mode.", "Access to the Settings app is not allowed in kiosk mode." ], "enum": [ "DEVICE_SETTINGS_UNSPECIFIED", "SETTINGS_ACCESS_ALLOWED", "SETTINGS_ACCESS_BLOCKED" ] } } }, "AdvancedSecurityOverrides": { "id": "AdvancedSecurityOverrides", "description": "Advanced security settings. In most cases, setting these is not needed.", "type": "object", "properties": { "untrustedAppsPolicy": { "description": "The policy for untrusted apps (apps from unknown sources) enforced on the device. Replaces install_unknown_sources_allowed (deprecated).", "type": "string", "enumDescriptions": [ "Unspecified. Defaults to DISALLOW_INSTALL.", "Default. Disallow untrusted app installs on entire device.", "For devices with work profiles, allow untrusted app installs in the device's personal profile only.", "Allow untrusted app installs on entire device." ], "enum": [ "UNTRUSTED_APPS_POLICY_UNSPECIFIED", "DISALLOW_INSTALL", "ALLOW_INSTALL_IN_PERSONAL_PROFILE_ONLY", "ALLOW_INSTALL_DEVICE_WIDE" ] }, "googlePlayProtectVerifyApps": { "description": "Whether Google Play Protect verification (https://support.google.com/accounts/answer/2812853) is enforced. Replaces ensureVerifyAppsEnabled (deprecated).", "type": "string", "enumDescriptions": [ "Unspecified. Defaults to VERIFY_APPS_ENFORCED.", "Default. Force-enables app verification.", "Allows the user to choose whether to enable app verification." ], "enum": [ "GOOGLE_PLAY_PROTECT_VERIFY_APPS_UNSPECIFIED", "VERIFY_APPS_ENFORCED", "VERIFY_APPS_USER_CHOICE" ] }, "developerSettings": { "description": "Controls access to developer settings: developer options and safe boot. Replaces safeBootDisabled (deprecated) and debuggingFeaturesAllowed (deprecated).", "type": "string", "enumDescriptions": [ "Unspecified. Defaults to DEVELOPER_SETTINGS_DISABLED.", "Default. Disables all developer settings and prevents the user from accessing them.", "Allows all developer settings. The user can access and optionally configure the settings." ], "enum": [ "DEVELOPER_SETTINGS_UNSPECIFIED", "DEVELOPER_SETTINGS_DISABLED", "DEVELOPER_SETTINGS_ALLOWED" ] }, "commonCriteriaMode": { "description": "Controls Common Criteria Mode—security standards defined in the Common Criteria for Information Technology Security Evaluation (https://www.commoncriteriaportal.org/) (CC). Enabling Common Criteria Mode increases certain security components on a device, including AES-GCM encryption of Bluetooth Long Term Keys, and Wi-Fi configuration stores.Warning: Common Criteria Mode enforces a strict security model typically only required for IT products used in national security systems and other highly sensitive organizations. Standard device use may be affected. Only enabled if required.", "type": "string", "enumDescriptions": [ "Unspecified. Defaults to COMMON_CRITERIA_MODE_DISABLED.", "Default. Disables Common Criteria Mode.", "Enables Common Criteria Mode." ], "enum": [ "COMMON_CRITERIA_MODE_UNSPECIFIED", "COMMON_CRITERIA_MODE_DISABLED", "COMMON_CRITERIA_MODE_ENABLED" ] }, "personalAppsThatCanReadWorkNotifications": { "description": "Personal apps that can read work profile notifications using a NotificationListenerService (https://developer.android.com/reference/android/service/notification/NotificationListenerService). By default, no personal apps (aside from system apps) can read work notifications. Each value in the list must be a package name.", "type": "array", "items": { "type": "string" } }, "mtePolicy": { "description": "Optional. Controls Memory Tagging Extension (MTE) (https://source.android.com/docs/security/test/memory-safety/arm-mte) on the device. The device needs to be rebooted to apply changes to the MTE policy.", "type": "string", "enumDescriptions": [ "Unspecified. Defaults to MTE_USER_CHOICE.", "The user can choose to enable or disable MTE on the device if the device supports this.", "MTE is enabled on the device and the user is not allowed to change this setting. This can be set on fully managed devices and work profiles on company-owned devices. A nonComplianceDetail with MANAGEMENT_MODE is reported for other management modes. A nonComplianceDetail with DEVICE_INCOMPATIBLE is reported if the device does not support MTE.Supported on Android 14 and above. A nonComplianceDetail with API_LEVEL is reported if the Android version is less than 14.", "MTE is disabled on the device and the user is not allowed to change this setting. This applies only on fully managed devices. In other cases, a nonComplianceDetail with MANAGEMENT_MODE is reported. A nonComplianceDetail with DEVICE_INCOMPATIBLE is reported if the device does not support MTE.Supported on Android 14 and above. A nonComplianceDetail with API_LEVEL is reported if the Android version is less than 14." ], "enum": [ "MTE_POLICY_UNSPECIFIED", "MTE_USER_CHOICE", "MTE_ENFORCED", "MTE_DISABLED" ] } } }, "PersonalUsagePolicies": { "id": "PersonalUsagePolicies", "description": "Policies controlling personal usage on a company-owned device with a work profile.", "type": "object", "properties": { "cameraDisabled": { "description": "If true, the camera is disabled on the personal profile.", "type": "boolean" }, "screenCaptureDisabled": { "description": "If true, screen capture is disabled for all users.", "type": "boolean" }, "accountTypesWithManagementDisabled": { "description": "Account types that can't be managed by the user.", "type": "array", "items": { "type": "string" } }, "maxDaysWithWorkOff": { "description": "Controls how long the work profile can stay off. The minimum duration must be at least 3 days. Other details are as follows: - If the duration is set to 0, the feature is turned off. - If the duration is set to a value smaller than the minimum duration, the feature returns an error. *Note:* If you want to avoid personal profiles being suspended during long periods of off-time, you can temporarily set a large value for this parameter.", "type": "integer", "format": "int32" }, "personalPlayStoreMode": { "description": "Used together with personalApplications to control how apps in the personal profile are allowed or blocked.", "type": "string", "enumDescriptions": [ "Unspecified. Defaults to BLOCKLIST.", "All Play Store apps are available for installation in the personal profile, except those whose installType is BLOCKED in personalApplications.", "All Play Store apps are available for installation in the personal profile, except those whose installType is BLOCKED in personalApplications.", "Only apps explicitly specified in personalApplications with installType set to AVAILABLE are allowed to be installed in the personal profile." ], "enumDeprecated": [ false, true, false, false ], "enum": [ "PLAY_STORE_MODE_UNSPECIFIED", "BLACKLIST", "BLOCKLIST", "ALLOWLIST" ] }, "personalApplications": { "description": "Policy applied to applications in the personal profile.", "type": "array", "items": { "$ref": "PersonalApplicationPolicy" } } } }, "PersonalApplicationPolicy": { "id": "PersonalApplicationPolicy", "description": "Policies for apps in the personal profile of a company-owned device with a work profile.", "type": "object", "properties": { "packageName": { "description": "The package name of the application.", "type": "string" }, "installType": { "description": "The type of installation to perform.", "type": "string", "enumDescriptions": [ "Unspecified. Defaults to AVAILABLE.", "The app is blocked and can't be installed in the personal profile. If the app was previously installed in the device, it will be uninstalled.", "The app is available to install in the personal profile." ], "enum": [ "INSTALL_TYPE_UNSPECIFIED", "BLOCKED", "AVAILABLE" ] } } }, "OncCertificateProvider": { "id": "OncCertificateProvider", "description": "This feature is not generally available.", "type": "object", "properties": { "contentProviderEndpoint": { "description": "This feature is not generally available.", "$ref": "ContentProviderEndpoint" }, "certificateReferences": { "description": "This feature is not generally available.", "type": "array", "items": { "type": "string" } } } }, "ContentProviderEndpoint": { "id": "ContentProviderEndpoint", "description": "This feature is not generally available.", "type": "object", "properties": { "uri": { "description": "This feature is not generally available.", "type": "string" }, "packageName": { "description": "This feature is not generally available.", "type": "string" }, "signingCertsSha256": { "description": "Required. This feature is not generally available.", "type": "array", "items": { "type": "string" } } } }, "CrossProfilePolicies": { "id": "CrossProfilePolicies", "description": "Controls the data from the work profile that can be accessed from the personal profile and vice versa. A nonComplianceDetail with MANAGEMENT_MODE is reported if the device does not have a work profile.", "type": "object", "properties": { "showWorkContactsInPersonalProfile": { "description": "Whether personal apps can access contacts stored in the work profile.See also exemptions_to_show_work_contacts_in_personal_profile.", "type": "string", "enumDescriptions": [ "Unspecified. Defaults to SHOW_WORK_CONTACTS_IN_PERSONAL_PROFILE_ALLOWED.When this is set, exemptions_to_show_work_contacts_in_personal_profile must not be set.", "Prevents personal apps from accessing work profile contacts and looking up work contacts.When this is set, personal apps specified in exemptions_to_show_work_contacts_in_personal_profile are allowlisted and can access work profile contacts directly.Supported on Android 7.0 and above. A nonComplianceDetail with API_LEVEL is reported if the Android version is less than 7.0.", "Default. Allows apps in the personal profile to access work profile contacts including contact searches and incoming calls.When this is set, personal apps specified in exemptions_to_show_work_contacts_in_personal_profile are blocklisted and can not access work profile contacts directly.Supported on Android 7.0 and above. A nonComplianceDetail with API_LEVEL is reported if the Android version is less than 7.0.", "Prevents most personal apps from accessing work profile contacts including contact searches and incoming calls, except for the OEM default Dialer, Messages, and Contacts apps. Neither user-configured Dialer, Messages, and Contacts apps, nor any other system or play installed apps, will be able to query work contacts directly.When this is set, personal apps specified in exemptions_to_show_work_contacts_in_personal_profile are allowlisted and can access work profile contacts.Supported on Android 14 and above. If this is set on a device with Android version less than 14, the behaviour falls back to SHOW_WORK_CONTACTS_IN_PERSONAL_PROFILE_DISALLOWED and a nonComplianceDetail with API_LEVEL is reported." ], "enum": [ "SHOW_WORK_CONTACTS_IN_PERSONAL_PROFILE_UNSPECIFIED", "SHOW_WORK_CONTACTS_IN_PERSONAL_PROFILE_DISALLOWED", "SHOW_WORK_CONTACTS_IN_PERSONAL_PROFILE_ALLOWED", "SHOW_WORK_CONTACTS_IN_PERSONAL_PROFILE_DISALLOWED_EXCEPT_SYSTEM" ] }, "crossProfileCopyPaste": { "description": "Whether text copied from one profile (personal or work) can be pasted in the other profile.", "type": "string", "enumDescriptions": [ "Unspecified. Defaults to COPY_FROM_WORK_TO_PERSONAL_DISALLOWED", "Default. Prevents users from pasting into the personal profile text copied from the work profile. Text copied from the personal profile can be pasted into the work profile, and text copied from the work profile can be pasted into the work profile.", "Text copied in either profile can be pasted in the other profile." ], "enum": [ "CROSS_PROFILE_COPY_PASTE_UNSPECIFIED", "COPY_FROM_WORK_TO_PERSONAL_DISALLOWED", "CROSS_PROFILE_COPY_PASTE_ALLOWED" ] }, "crossProfileDataSharing": { "description": "Whether data from one profile (personal or work) can be shared with apps in the other profile. Specifically controls simple data sharing via intents. Management of other cross-profile communication channels, such as contact search, copy/paste, or connected work & personal apps, are configured separately.", "type": "string", "enumDescriptions": [ "Unspecified. Defaults to DATA_SHARING_FROM_WORK_TO_PERSONAL_DISALLOWED.", "Prevents data from being shared from both the personal profile to the work profile and the work profile to the personal profile.", "Default. Prevents users from sharing data from the work profile to apps in the personal profile. Personal data can be shared with work apps.", "Data from either profile can be shared with the other profile." ], "enum": [ "CROSS_PROFILE_DATA_SHARING_UNSPECIFIED", "CROSS_PROFILE_DATA_SHARING_DISALLOWED", "DATA_SHARING_FROM_WORK_TO_PERSONAL_DISALLOWED", "CROSS_PROFILE_DATA_SHARING_ALLOWED" ] }, "workProfileWidgetsDefault": { "description": "Specifies the default behaviour for work profile widgets. If the policy does not specify work_profile_widgets for a specific application, it will behave according to the value specified here.", "type": "string", "enumDescriptions": [ "Unspecified. Defaults to WORK_PROFILE_WIDGETS_DEFAULT_DISALLOWED.", "Work profile widgets are allowed by default. This means that if the policy does not specify work_profile_widgets as WORK_PROFILE_WIDGETS_DISALLOWED for the application, it will be able to add widgets to the home screen.", "Work profile widgets are disallowed by default. This means that if the policy does not specify work_profile_widgets as WORK_PROFILE_WIDGETS_ALLOWED for the application, it will be unable to add widgets to the home screen." ], "enum": [ "WORK_PROFILE_WIDGETS_DEFAULT_UNSPECIFIED", "WORK_PROFILE_WIDGETS_DEFAULT_ALLOWED", "WORK_PROFILE_WIDGETS_DEFAULT_DISALLOWED" ] }, "exemptionsToShowWorkContactsInPersonalProfile": { "description": "List of apps which are excluded from the ShowWorkContactsInPersonalProfile setting. For this to be set, ShowWorkContactsInPersonalProfile must be set to one of the following values: SHOW_WORK_CONTACTS_IN_PERSONAL_PROFILE_ALLOWED. In this case, these exemptions act as a blocklist. SHOW_WORK_CONTACTS_IN_PERSONAL_PROFILE_DISALLOWED. In this case, these exemptions act as an allowlist. SHOW_WORK_CONTACTS_IN_PERSONAL_PROFILE_DISALLOWED_EXCEPT_SYSTEM. In this case, these exemptions act as an allowlist, in addition to the already allowlisted system apps.Supported on Android 14 and above. A nonComplianceDetail with API_LEVEL is reported if the Android version is less than 14.", "$ref": "PackageNameList" } } }, "UsageLog": { "id": "UsageLog", "description": "Controls types of device activity logs collected from the device and reported via Pub/Sub notification (https://developers.google.com/android/management/notifications).", "type": "object", "properties": { "enabledLogTypes": { "description": "Specifies which log types are enabled. Note that users will receive on-device messaging when usage logging is enabled.", "type": "array", "items": { "type": "string", "enumDescriptions": [ "This value is not used.", "Enable logging of on-device security events, like when the device password is incorrectly entered or removable storage is mounted. See UsageLogEvent for a complete description of the logged security events. Supported for fully managed devices on Android 7 and above. Supported for company-owned devices with a work profile on Android 12 and above, on which only security events from the work profile are logged. Can be overridden by the application delegated scope SECURITY_LOGS", "Enable logging of on-device network events, like DNS lookups and TCP connections. See UsageLogEvent for a complete description of the logged network events. Supported for fully managed devices on Android 8 and above. Supported for company-owned devices with a work profile on Android 12 and above, on which only network events from the work profile are logged. Can be overridden by the application delegated scope NETWORK_ACTIVITY_LOGS" ], "enum": [ "LOG_TYPE_UNSPECIFIED", "SECURITY_LOGS", "NETWORK_ACTIVITY_LOGS" ] } }, "uploadOnCellularAllowed": { "description": "Specifies which of the enabled log types can be uploaded over mobile data. By default logs are queued for upload when the device connects to WiFi.", "type": "array", "items": { "type": "string", "enumDescriptions": [ "This value is not used.", "Enable logging of on-device security events, like when the device password is incorrectly entered or removable storage is mounted. See UsageLogEvent for a complete description of the logged security events. Supported for fully managed devices on Android 7 and above. Supported for company-owned devices with a work profile on Android 12 and above, on which only security events from the work profile are logged. Can be overridden by the application delegated scope SECURITY_LOGS", "Enable logging of on-device network events, like DNS lookups and TCP connections. See UsageLogEvent for a complete description of the logged network events. Supported for fully managed devices on Android 8 and above. Supported for company-owned devices with a work profile on Android 12 and above, on which only network events from the work profile are logged. Can be overridden by the application delegated scope NETWORK_ACTIVITY_LOGS" ], "enum": [ "LOG_TYPE_UNSPECIFIED", "SECURITY_LOGS", "NETWORK_ACTIVITY_LOGS" ] } } } }, "DeviceConnectivityManagement": { "id": "DeviceConnectivityManagement", "description": "Covers controls for device connectivity such as Wi-Fi, USB data access, keyboard/mouse connections, and more.", "type": "object", "properties": { "usbDataAccess": { "description": "Controls what files and/or data can be transferred via USB. Supported only on company-owned devices.", "type": "string", "enumDescriptions": [ "Unspecified. Defaults to DISALLOW_USB_FILE_TRANSFER.", "All types of USB data transfers are allowed. usbFileTransferDisabled is ignored.", "Transferring files over USB is disallowed. Other types of USB data connections, such as mouse and keyboard connection, are allowed. usbFileTransferDisabled is ignored.", "When set, all types of USB data transfers are prohibited. Supported for devices running Android 12 or above with USB HAL 1.3 or above. If the setting is not supported, DISALLOW_USB_FILE_TRANSFER will be set. A nonComplianceDetail with API_LEVEL is reported if the Android version is less than 12. A nonComplianceDetail with DEVICE_INCOMPATIBLE is reported if the device does not have USB HAL 1.3 or above. usbFileTransferDisabled is ignored." ], "enum": [ "USB_DATA_ACCESS_UNSPECIFIED", "ALLOW_USB_DATA_TRANSFER", "DISALLOW_USB_FILE_TRANSFER", "DISALLOW_USB_DATA_TRANSFER" ] }, "configureWifi": { "description": "Controls Wi-Fi configuring privileges. Based on the option set, user will have either full or limited or no control in configuring Wi-Fi networks.", "type": "string", "enumDescriptions": [ "Unspecified. Defaults to ALLOW_CONFIGURING_WIFI unless wifiConfigDisabled is set to true. If wifiConfigDisabled is set to true, this is equivalent to DISALLOW_CONFIGURING_WIFI.", "The user is allowed to configure Wi-Fi. wifiConfigDisabled is ignored.", "Adding new Wi-Fi configurations is disallowed. The user is only able to switch between already configured networks. Supported on Android 13 and above, on fully managed devices and work profiles on company-owned devices. If the setting is not supported, ALLOW_CONFIGURING_WIFI is set. A nonComplianceDetail with API_LEVEL is reported if the Android version is less than 13. wifiConfigDisabled is ignored.", "Disallows configuring Wi-Fi networks. The setting wifiConfigDisabled is ignored when this value is set. Supported on fully managed devices and work profile on company-owned devices, on all supported API levels. For fully managed devices, setting this removes all configured networks and retains only the networks configured using openNetworkConfiguration policy. For work profiles on company-owned devices, existing configured networks are not affected and the user is not allowed to add, remove, or modify Wi-Fi networks. Note: If a network connection can't be made at boot time and configuring Wi-Fi is disabled then network escape hatch will be shown in order to refresh the device policy (see networkEscapeHatchEnabled)." ], "enum": [ "CONFIGURE_WIFI_UNSPECIFIED", "ALLOW_CONFIGURING_WIFI", "DISALLOW_ADD_WIFI_CONFIG", "DISALLOW_CONFIGURING_WIFI" ] }, "wifiDirectSettings": { "description": "Controls configuring and using Wi-Fi direct settings. Supported on company-owned devices running Android 13 and above.", "type": "string", "enumDescriptions": [ "Unspecified. Defaults to ALLOW_WIFI_DIRECT", "The user is allowed to use Wi-Fi direct.", "The user is not allowed to use Wi-Fi direct. A nonComplianceDetail with API_LEVEL is reported if the Android version is less than 13." ], "enum": [ "WIFI_DIRECT_SETTINGS_UNSPECIFIED", "ALLOW_WIFI_DIRECT", "DISALLOW_WIFI_DIRECT" ] }, "tetheringSettings": { "description": "Controls tethering settings. Based on the value set, the user is partially or fully disallowed from using different forms of tethering.", "type": "string", "enumDescriptions": [ "Unspecified. Defaults to ALLOW_ALL_TETHERING unless tetheringConfigDisabled is set to true. If tetheringConfigDisabled is set to true, this is equivalent to DISALLOW_ALL_TETHERING.", "Allows configuration and use of all forms of tethering. tetheringConfigDisabled is ignored.", "Disallows the user from using Wi-Fi tethering. Supported on company owned devices running Android 13 and above. If the setting is not supported, ALLOW_ALL_TETHERING will be set. A nonComplianceDetail with API_LEVEL is reported if the Android version is less than 13. tetheringConfigDisabled is ignored.", "Disallows all forms of tethering. Supported on fully managed devices and work profile on company-owned devices, on all supported android versions. The setting tetheringConfigDisabled is ignored." ], "enum": [ "TETHERING_SETTINGS_UNSPECIFIED", "ALLOW_ALL_TETHERING", "DISALLOW_WIFI_TETHERING", "DISALLOW_ALL_TETHERING" ] }, "wifiSsidPolicy": { "description": "Restrictions on which Wi-Fi SSIDs the device can connect to. Note that this does not affect which networks can be configured on the device. Supported on company-owned devices running Android 13 and above.", "$ref": "WifiSsidPolicy" } } }, "WifiSsidPolicy": { "id": "WifiSsidPolicy", "description": "Restrictions on which Wi-Fi SSIDs the device can connect to. Note that this does not affect which networks can be configured on the device. Supported on company-owned devices running Android 13 and above.", "type": "object", "properties": { "wifiSsidPolicyType": { "description": "Type of the Wi-Fi SSID policy to be applied.", "type": "string", "enumDescriptions": [ "Defaults to WIFI_SSID_DENYLIST. wifiSsids must not be set. There are no restrictions on which SSID the device can connect to.", "The device cannot connect to any Wi-Fi network whose SSID is in wifiSsids, but can connect to other networks.", "The device can make Wi-Fi connections only to the SSIDs in wifiSsids. wifiSsids must not be empty. The device will not be able to connect to any other Wi-Fi network." ], "enum": [ "WIFI_SSID_POLICY_TYPE_UNSPECIFIED", "WIFI_SSID_DENYLIST", "WIFI_SSID_ALLOWLIST" ] }, "wifiSsids": { "description": "Optional. List of Wi-Fi SSIDs that should be applied in the policy. This field must be non-empty when WifiSsidPolicyType is set to WIFI_SSID_ALLOWLIST. If this is set to a non-empty list, then a nonComplianceDetail detail with API_LEVEL is reported if the Android version is less than 13 and a nonComplianceDetail with MANAGEMENT_MODE is reported for non-company-owned devices.", "type": "array", "items": { "$ref": "WifiSsid" } } } }, "WifiSsid": { "id": "WifiSsid", "description": "Represents a Wi-Fi SSID.", "type": "object", "properties": { "wifiSsid": { "description": "Required. Wi-Fi SSID represented as a string.", "type": "string" } } }, "DeviceRadioState": { "id": "DeviceRadioState", "description": "Controls for device radio settings.", "type": "object", "properties": { "wifiState": { "description": "Controls current state of Wi-Fi and if user can change its state.", "type": "string", "enumDescriptions": [ "Unspecified. Defaults to WIFI_STATE_USER_CHOICE", "User is allowed to enable/disable Wi-Fi.", "Wi-Fi is on and the user is not allowed to turn it off. A nonComplianceDetail with API_LEVEL is reported if the Android version is less than 13.", "Wi-Fi is off and the user is not allowed to turn it on. A nonComplianceDetail with API_LEVEL is reported if the Android version is less than 13." ], "enum": [ "WIFI_STATE_UNSPECIFIED", "WIFI_STATE_USER_CHOICE", "WIFI_ENABLED", "WIFI_DISABLED" ] }, "airplaneModeState": { "description": "Controls whether airplane mode can be toggled by the user or not.", "type": "string", "enumDescriptions": [ "Unspecified. Defaults to AIRPLANE_MODE_USER_CHOICE.", "The user is allowed to toggle airplane mode on or off.", "Airplane mode is disabled. The user is not allowed to toggle airplane mode on. A nonComplianceDetail with API_LEVEL is reported if the Android version is less than 9." ], "enum": [ "AIRPLANE_MODE_STATE_UNSPECIFIED", "AIRPLANE_MODE_USER_CHOICE", "AIRPLANE_MODE_DISABLED" ] }, "ultraWidebandState": { "description": "Controls the state of the ultra wideband setting and whether the user can toggle it on or off.", "type": "string", "enumDescriptions": [ "Unspecified. Defaults to ULTRA_WIDEBAND_USER_CHOICE.", "The user is allowed to toggle ultra wideband on or off.", "Ultra wideband is disabled. The user is not allowed to toggle ultra wideband on via settings. A nonComplianceDetail with API_LEVEL is reported if the Android version is less than 14." ], "enum": [ "ULTRA_WIDEBAND_STATE_UNSPECIFIED", "ULTRA_WIDEBAND_USER_CHOICE", "ULTRA_WIDEBAND_DISABLED" ] }, "cellularTwoGState": { "description": "Controls whether cellular 2G setting can be toggled by the user or not.", "type": "string", "enumDescriptions": [ "Unspecified. Defaults to CELLULAR_TWO_G_USER_CHOICE.", "The user is allowed to toggle cellular 2G on or off.", "Cellular 2G is disabled. The user is not allowed to toggle cellular 2G on via settings. A nonComplianceDetail with API_LEVEL is reported if the Android version is less than 14." ], "enum": [ "CELLULAR_TWO_G_STATE_UNSPECIFIED", "CELLULAR_TWO_G_USER_CHOICE", "CELLULAR_TWO_G_DISABLED" ] }, "minimumWifiSecurityLevel": { "description": "The minimum required security level of Wi-Fi networks that the device can connect to.", "type": "string", "enumDescriptions": [ "Defaults to OPEN_NETWORK_SECURITY, which means the device will be able to connect to all types of Wi-Fi networks.", "The device will be able to connect to all types of Wi-Fi networks.", "A personal network such as WEP, WPA2-PSK is the minimum required security. The device will not be able to connect to open wifi networks. This is stricter than OPEN_NETWORK_SECURITY. A nonComplianceDetail with API_LEVEL is reported if the Android version is less than 13.", "An enterprise EAP network is the minimum required security level. The device will not be able to connect to Wi-Fi network below this security level. This is stricter than PERSONAL_NETWORK_SECURITY. A nonComplianceDetail with API_LEVEL is reported if the Android version is less than 13.", "A 192-bit enterprise network is the minimum required security level. The device will not be able to connect to Wi-Fi network below this security level. This is stricter than ENTERPRISE_NETWORK_SECURITY. A nonComplianceDetail with API_LEVEL is reported if the Android version is less than 13." ], "enum": [ "MINIMUM_WIFI_SECURITY_LEVEL_UNSPECIFIED", "OPEN_NETWORK_SECURITY", "PERSONAL_NETWORK_SECURITY", "ENTERPRISE_NETWORK_SECURITY", "ENTERPRISE_BIT192_NETWORK_SECURITY" ] } } }, "ListPoliciesResponse": { "id": "ListPoliciesResponse", "description": "Response to a request to list policies for a given enterprise.", "type": "object", "properties": { "policies": { "description": "The list of policies.", "type": "array", "items": { "$ref": "Policy" } }, "nextPageToken": { "description": "If there are more results, a token to retrieve next page of results.", "type": "string" } } }, "Command": { "id": "Command", "description": "A command.", "type": "object", "properties": { "type": { "description": "The type of the command.", "type": "string", "enumDescriptions": [ "This value is disallowed.", "Lock the device, as if the lock screen timeout had expired.", "Reset the user's password.", "Reboot the device. Only supported on fully managed devices running Android 7.0 (API level 24) or higher.", "Removes the work profile and all policies from a company-owned Android 8.0+ device, relinquishing the device for personal use. Apps and data associated with the personal profile(s) are preserved. The device will be deleted from the server after it acknowledges the command.", "Clears the application data of specified apps. This is supported on Android 9 and above. Note that an application can store data outside of its application data, for example in external storage or in a user dictionary. See also clear_apps_data_params.", "Puts the device into lost mode. Only supported on fully managed devices or organization-owned devices with a managed profile. See also start_lost_mode_params.", "Takes the device out of lost mode. Only supported on fully managed devices or organization-owned devices with a managed profile. See also stop_lost_mode_params." ], "enum": [ "COMMAND_TYPE_UNSPECIFIED", "LOCK", "RESET_PASSWORD", "REBOOT", "RELINQUISH_OWNERSHIP", "CLEAR_APP_DATA", "START_LOST_MODE", "STOP_LOST_MODE" ] }, "createTime": { "description": "The timestamp at which the command was created. The timestamp is automatically generated by the server.", "type": "string", "format": "google-datetime" }, "duration": { "description": "The duration for which the command is valid. The command will expire if not executed by the device during this time. The default duration if unspecified is ten minutes. There is no maximum duration.", "type": "string", "format": "google-duration" }, "userName": { "description": "The resource name of the user that owns the device in the form enterprises/{enterpriseId}/users/{userId}. This is automatically generated by the server based on the device the command is sent to.", "type": "string" }, "errorCode": { "description": "If the command failed, an error code explaining the failure. This is not set when the command is cancelled by the caller.", "type": "string", "enumDescriptions": [ "There was no error.", "An unknown error occurred.", "The API level of the device does not support this command.", "The management mode (profile owner, device owner, etc.) does not support the command.", "The command has an invalid parameter value.", "The device doesn't support the command. Updating Android Device Policy to the latest version may resolve the issue." ], "enum": [ "COMMAND_ERROR_CODE_UNSPECIFIED", "UNKNOWN", "API_LEVEL", "MANAGEMENT_MODE", "INVALID_VALUE", "UNSUPPORTED" ] }, "newPassword": { "description": "For commands of type RESET_PASSWORD, optionally specifies the new password. Note: The new password must be at least 6 characters long if it is numeric in case of Android 14 devices. Else the command will fail with INVALID_VALUE.", "type": "string" }, "resetPasswordFlags": { "description": "For commands of type RESET_PASSWORD, optionally specifies flags.", "type": "array", "items": { "type": "string", "enumDescriptions": [ "This value is ignored.", "Don't allow other admins to change the password again until the user has entered it.", "Don't ask for user credentials on device boot.", "Lock the device after password reset." ], "enum": [ "RESET_PASSWORD_FLAG_UNSPECIFIED", "REQUIRE_ENTRY", "DO_NOT_ASK_CREDENTIALS_ON_BOOT", "LOCK_NOW" ] } }, "clearAppsDataParams": { "description": "Parameters for the CLEAR_APP_DATA command to clear the data of specified apps from the device. See ClearAppsDataParams. If this is set, then it is suggested that type should not be set. In this case, the server automatically sets it to CLEAR_APP_DATA. It is also acceptable to explicitly set type to CLEAR_APP_DATA.", "$ref": "ClearAppsDataParams" }, "startLostModeParams": { "description": "Parameters for the START_LOST_MODE command to put the device into lost mode. See StartLostModeParams. If this is set, then it is suggested that type should not be set. In this case, the server automatically sets it to START_LOST_MODE. It is also acceptable to explicitly set type to START_LOST_MODE.", "$ref": "StartLostModeParams" }, "stopLostModeParams": { "description": "Parameters for the STOP_LOST_MODE command to take the device out of lost mode. See StopLostModeParams. If this is set, then it is suggested that type should not be set. In this case, the server automatically sets it to STOP_LOST_MODE. It is also acceptable to explicitly set type to STOP_LOST_MODE.", "$ref": "StopLostModeParams" }, "clearAppsDataStatus": { "description": "Output only. Status of the CLEAR_APP_DATA command to clear the data of specified apps from the device. See ClearAppsDataStatus.", "readOnly": true, "$ref": "ClearAppsDataStatus" }, "startLostModeStatus": { "description": "Output only. Status of the START_LOST_MODE command to put the device into lost mode. See StartLostModeStatus.", "readOnly": true, "$ref": "StartLostModeStatus" }, "stopLostModeStatus": { "description": "Output only. Status of the STOP_LOST_MODE command to take the device out of lost mode. See StopLostModeStatus.", "readOnly": true, "$ref": "StopLostModeStatus" } } }, "ClearAppsDataParams": { "id": "ClearAppsDataParams", "description": "Parameters associated with the CLEAR_APP_DATA command to clear the data of specified apps from the device.", "type": "object", "properties": { "packageNames": { "description": "The package names of the apps whose data will be cleared when the command is executed.", "type": "array", "items": { "type": "string" } } } }, "StartLostModeParams": { "id": "StartLostModeParams", "description": "Parameters associated with the START_LOST_MODE command to put the device into lost mode. At least one of the parameters, not including the organization name, must be provided in order for the device to be put into lost mode.", "type": "object", "properties": { "lostMessage": { "description": "The message displayed to the user when the device is in lost mode.", "$ref": "UserFacingMessage" }, "lostPhoneNumber": { "description": "The phone number that will be called when the device is in lost mode and the call owner button is tapped.", "$ref": "UserFacingMessage" }, "lostEmailAddress": { "description": "The email address displayed to the user when the device is in lost mode.", "type": "string" }, "lostStreetAddress": { "description": "The street address displayed to the user when the device is in lost mode.", "$ref": "UserFacingMessage" }, "lostOrganization": { "description": "The organization name displayed to the user when the device is in lost mode.", "$ref": "UserFacingMessage" } } }, "StopLostModeParams": { "id": "StopLostModeParams", "description": "Parameters associated with the STOP_LOST_MODE command to take the device out of lost mode.", "type": "object", "properties": {} }, "ClearAppsDataStatus": { "id": "ClearAppsDataStatus", "description": "Status of the CLEAR_APP_DATA command to clear the data of specified apps from the device.", "type": "object", "properties": { "results": { "description": "The per-app results, a mapping from package names to the respective clearing result.", "type": "object", "additionalProperties": { "$ref": "PerAppResult" } } } }, "PerAppResult": { "id": "PerAppResult", "description": "The result of an attempt to clear the data of a single app.", "type": "object", "properties": { "clearingResult": { "description": "The result of an attempt to clear the data of a single app.", "type": "string", "enumDescriptions": [ "Unspecified result.", "This app’s data was successfully cleared.", "This app’s data could not be cleared because the app was not found.", "This app’s data could not be cleared because the app is protected. For example, this may apply to apps critical to the functioning of the device, such as Google Play Store.", "This app’s data could not be cleared because the device API level does not support this command." ], "enum": [ "CLEARING_RESULT_UNSPECIFIED", "SUCCESS", "APP_NOT_FOUND", "APP_PROTECTED", "API_LEVEL" ] } } }, "StartLostModeStatus": { "id": "StartLostModeStatus", "description": "Status of the START_LOST_MODE command to put the device into lost mode.", "type": "object", "properties": { "status": { "description": "The status. See StartLostModeStatus.", "type": "string", "enumDescriptions": [ "Unspecified. This value is not used.", "The device was put into lost mode.", "The device could not be put into lost mode because the admin reset the device's password recently.", "The device could not be put into lost mode because the user exited lost mode recently.", "The device is already in lost mode." ], "enum": [ "STATUS_UNSPECIFIED", "SUCCESS", "RESET_PASSWORD_RECENTLY", "USER_EXIT_LOST_MODE_RECENTLY", "ALREADY_IN_LOST_MODE" ] } } }, "StopLostModeStatus": { "id": "StopLostModeStatus", "description": "Status of the STOP_LOST_MODE command to take the device out of lost mode.", "type": "object", "properties": { "status": { "description": "The status. See StopLostModeStatus.", "type": "string", "enumDescriptions": [ "Unspecified. This value is not used.", "The device was taken out of lost mode.", "The device is not in lost mode." ], "enum": [ "STATUS_UNSPECIFIED", "SUCCESS", "NOT_IN_LOST_MODE" ] } } }, "Application": { "id": "Application", "description": "Information about an app.", "type": "object", "properties": { "name": { "description": "The name of the app in the form enterprises/{enterprise}/applications/{package_name}.", "type": "string" }, "title": { "description": "The title of the app. Localized.", "type": "string" }, "permissions": { "description": "The permissions required by the app.", "type": "array", "items": { "$ref": "ApplicationPermission" } }, "managedProperties": { "description": "The set of managed properties available to be pre-configured for the app.", "type": "array", "items": { "$ref": "ManagedProperty" } }, "iconUrl": { "description": "A link to an image that can be used as an icon for the app. This image is suitable for use up to a pixel size of 512 x 512.", "type": "string" }, "smallIconUrl": { "description": "A link to a smaller image that can be used as an icon for the app. This image is suitable for use up to a pixel size of 128 x 128.", "type": "string" }, "appTracks": { "description": "Application tracks visible to the enterprise.", "type": "array", "items": { "$ref": "AppTrackInfo" } }, "author": { "description": "The name of the author of the apps (for example, the app developer).", "type": "string" }, "playStoreUrl": { "description": "A link to the (consumer) Google Play details page for the app.", "type": "string" }, "distributionChannel": { "description": "How and to whom the package is made available.", "type": "string", "enumDescriptions": [ "Unspecified.", "Package is available through the Play store and not restricted to a specific enterprise.", "Package is a private app (restricted to an enterprise) but hosted by Google.", "Private app (restricted to an enterprise) and is privately hosted." ], "enum": [ "DISTRIBUTION_CHANNEL_UNSPECIFIED", "PUBLIC_GOOGLE_HOSTED", "PRIVATE_GOOGLE_HOSTED", "PRIVATE_SELF_HOSTED" ] }, "appPricing": { "description": "Whether this app is free, free with in-app purchases, or paid. If the pricing is unspecified, this means the app is not generally available anymore (even though it might still be available to people who own it).", "type": "string", "enumDescriptions": [ "Unknown pricing, used to denote an approved app that is not generally available.", "The app is free.", "The app is free, but offers in-app purchases.", "The app is paid." ], "enum": [ "APP_PRICING_UNSPECIFIED", "FREE", "FREE_WITH_IN_APP_PURCHASE", "PAID" ] }, "description": { "description": "The localized promotional description, if available.", "type": "string" }, "screenshotUrls": { "description": "A list of screenshot links representing the app.", "type": "array", "items": { "type": "string" } }, "category": { "description": "The app category (e.g. RACING, SOCIAL, etc.)", "type": "string" }, "recentChanges": { "description": "A localised description of the recent changes made to the app.", "type": "string" }, "minAndroidSdkVersion": { "description": "The minimum Android SDK necessary to run the app.", "type": "integer", "format": "int32" }, "contentRating": { "description": "The content rating for this app.", "type": "string", "enumDescriptions": [ "Unspecified.", "Content suitable for ages 3 and above only.", "Content suitable for ages 7 and above only.", "Content suitable for ages 12 and above only.", "Content suitable for ages 16 and above only.", "Content suitable for ages 18 and above only." ], "enum": [ "CONTENT_RATING_UNSPECIFIED", "THREE_YEARS", "SEVEN_YEARS", "TWELVE_YEARS", "SIXTEEN_YEARS", "EIGHTEEN_YEARS" ] }, "updateTime": { "description": "Output only. The approximate time (within 7 days) the app was last published.", "readOnly": true, "type": "string", "format": "google-datetime" }, "availableCountries": { "description": "The countries which this app is available in as per ISO 3166-1 alpha-2.", "type": "array", "items": { "type": "string" } }, "features": { "description": "Noteworthy features (if any) of this app.", "type": "array", "items": { "type": "string", "enumDescriptions": [ "Unspecified.", "The app is a VPN." ], "enum": [ "APP_FEATURE_UNSPECIFIED", "VPN_APP" ] } }, "appVersions": { "description": "Versions currently available for this app.", "type": "array", "items": { "$ref": "AppVersion" } }, "fullDescription": { "description": "Full app description, if available.", "type": "string" } } }, "ApplicationPermission": { "id": "ApplicationPermission", "description": "A permission required by the app.", "type": "object", "properties": { "permissionId": { "description": "An opaque string uniquely identifying the permission. Not localized.", "type": "string" }, "name": { "description": "The name of the permission. Localized.", "type": "string" }, "description": { "description": "A longer description of the permission, providing more detail on what it affects. Localized.", "type": "string" } } }, "ManagedProperty": { "id": "ManagedProperty", "description": "Managed property.", "type": "object", "properties": { "key": { "description": "The unique key that the app uses to identify the property, e.g. \"com.google.android.gm.fieldname\".", "type": "string" }, "type": { "description": "The type of the property.", "type": "string", "enumDescriptions": [ "Not used.", "A property of boolean type.", "A property of string type.", "A property of integer type.", "A choice of one item from a set.", "A choice of multiple items from a set.", "A hidden restriction of string type (the default value can be used to pass along information that can't be modified, such as a version code).", "A bundle of properties", "An array of property bundles." ], "enum": [ "MANAGED_PROPERTY_TYPE_UNSPECIFIED", "BOOL", "STRING", "INTEGER", "CHOICE", "MULTISELECT", "HIDDEN", "BUNDLE", "BUNDLE_ARRAY" ] }, "title": { "description": "The name of the property. Localized.", "type": "string" }, "description": { "description": "A longer description of the property, providing more detail of what it affects. Localized.", "type": "string" }, "entries": { "description": "For CHOICE or MULTISELECT properties, the list of possible entries.", "type": "array", "items": { "$ref": "ManagedPropertyEntry" } }, "defaultValue": { "description": "The default value of the property. BUNDLE_ARRAY properties don't have a default value.", "type": "any" }, "nestedProperties": { "description": "For BUNDLE_ARRAY properties, the list of nested properties. A BUNDLE_ARRAY property is at most two levels deep.", "type": "array", "items": { "$ref": "ManagedProperty" } } } }, "ManagedPropertyEntry": { "id": "ManagedPropertyEntry", "description": "An entry of a managed property.", "type": "object", "properties": { "value": { "description": "The machine-readable value of the entry, which should be used in the configuration. Not localized.", "type": "string" }, "name": { "description": "The human-readable name of the value. Localized.", "type": "string" } } }, "AppTrackInfo": { "id": "AppTrackInfo", "description": "Id to name association of a app track.", "type": "object", "properties": { "trackId": { "description": "The unmodifiable unique track identifier, taken from the releaseTrackId in the URL of the Play Console page that displays the app’s track information.", "type": "string" }, "trackAlias": { "description": "The track name associated with the trackId, set in the Play Console. The name is modifiable from Play Console.", "type": "string" } } }, "AppVersion": { "id": "AppVersion", "description": "This represents a single version of the app.", "type": "object", "properties": { "versionString": { "description": "The string used in the Play store by the app developer to identify the version. The string is not necessarily unique or localized (for example, the string could be \"1.4\").", "type": "string" }, "versionCode": { "description": "Unique increasing identifier for the app version.", "type": "integer", "format": "int32" }, "trackIds": { "description": "Track identifiers that the app version is published in. This does not include the production track (see production instead).", "type": "array", "items": { "type": "string" } }, "production": { "description": "If the value is True, it indicates that this version is a production track.", "type": "boolean" } } }, "WebApp": { "id": "WebApp", "description": "A web app.", "type": "object", "properties": { "name": { "description": "The name of the web app, which is generated by the server during creation in the form enterprises/{enterpriseId}/webApps/{packageName}.", "type": "string" }, "title": { "description": "The title of the web app as displayed to the user (e.g., amongst a list of other applications, or as a label for an icon).", "type": "string" }, "startUrl": { "description": "The start URL, i.e. the URL that should load when the user opens the application.", "type": "string" }, "icons": { "description": "A list of icons for the web app. Must have at least one element.", "type": "array", "items": { "$ref": "WebAppIcon" } }, "displayMode": { "description": "The display mode of the web app.", "type": "string", "enumDescriptions": [ "Not used.", "Opens the web app with a minimal set of browser UI elements for controlling navigation and viewing the page URL.", "Opens the web app to look and feel like a standalone native application. The browser UI elements and page URL are not visible, however the system status bar and back button are visible.", "Opens the web app in full screen without any visible controls. The browser UI elements, page URL, system status bar and back button are not visible, and the web app takes up the entirety of the available display area." ], "enum": [ "DISPLAY_MODE_UNSPECIFIED", "MINIMAL_UI", "STANDALONE", "FULL_SCREEN" ] }, "versionCode": { "description": "The current version of the app.Note that the version can automatically increase during the lifetime of the web app, while Google does internal housekeeping to keep the web app up-to-date.", "type": "string", "format": "int64" } } }, "WebAppIcon": { "id": "WebAppIcon", "description": "An icon for a web app. Supported formats are: png, jpg and webp.", "type": "object", "properties": { "imageData": { "description": "The actual bytes of the image in a base64url encoded string (c.f. RFC4648, section 5 \"Base 64 Encoding with URL and Filename Safe Alphabet\"). - The image type can be png or jpg. - The image should ideally be square. - The image should ideally have a size of 512x512. ", "type": "string" } } }, "ListWebAppsResponse": { "id": "ListWebAppsResponse", "description": "Response to a request to list web apps for a given enterprise.", "type": "object", "properties": { "webApps": { "description": "The list of web apps.", "type": "array", "items": { "$ref": "WebApp" } }, "nextPageToken": { "description": "If there are more results, a token to retrieve next page of results.", "type": "string" } } }, "MigrationToken": { "id": "MigrationToken", "description": "A token to initiate the migration of a device from being managed by a third-party DPC to being managed by Android Management API. A migration token is valid only for a single device. See the guide (https://developers.google.com/android/management/dpc-migration) for more details.", "type": "object", "properties": { "name": { "description": "Output only. The name of the migration token, which is generated by the server during creation, in the form enterprises/{enterprise}/migrationTokens/{migration_token}.", "readOnly": true, "type": "string" }, "value": { "description": "Output only. The value of the migration token.", "readOnly": true, "type": "string" }, "expireTime": { "description": "Immutable. The time when this migration token expires. This can be at most seven days from the time of creation. The migration token is deleted seven days after it expires.", "type": "string", "format": "google-datetime" }, "ttl": { "description": "Input only. The time that this migration token is valid for. This is input-only, and for returning a migration token the server will populate the expireTime field. This can be at most seven days. The default is seven days.", "type": "string", "format": "google-duration" }, "createTime": { "description": "Output only. Time when this migration token was created.", "readOnly": true, "type": "string", "format": "google-datetime" }, "userId": { "description": "Required. Immutable. The user id of the Managed Google Play account on the device, as in the Play EMM API. This corresponds to the userId parameter in Play EMM API's Devices.get (https://developers.google.com/android/work/play/emm-api/v1/devices/get#parameters) call.", "type": "string" }, "deviceId": { "description": "Required. Immutable. The id of the device, as in the Play EMM API. This corresponds to the deviceId parameter in Play EMM API's Devices.get (https://developers.google.com/android/work/play/emm-api/v1/devices/get#parameters) call.", "type": "string" }, "managementMode": { "description": "Required. Immutable. The management mode of the device or profile being migrated.", "type": "string", "enumDescriptions": [ "This value must not be used.", "A work profile on a personally owned device. Supported only on devices running Android 9 and above.", "A work profile on a company-owned device. Supported only on devices running Android 11 and above.", "A fully-managed device. Supported only on devices running Android 9 and above." ], "enum": [ "MANAGEMENT_MODE_UNSPECIFIED", "WORK_PROFILE_PERSONALLY_OWNED", "WORK_PROFILE_COMPANY_OWNED", "FULLY_MANAGED" ] }, "policy": { "description": "Required. Immutable. The name of the policy initially applied to the enrolled device, in the form enterprises/{enterprise}/policies/{policy}.", "type": "string" }, "additionalData": { "description": "Immutable. Optional EMM-specified additional data. Once the device is migrated this will be populated in the migrationAdditionalData field of the Device resource. This must be at most 1024 characters.", "type": "string" }, "device": { "description": "Output only. Once this migration token is used to migrate a device, the name of the resulting Device resource will be populated here, in the form enterprises/{enterprise}/devices/{device}.", "readOnly": true, "type": "string" } } }, "ListMigrationTokensResponse": { "id": "ListMigrationTokensResponse", "description": "Response to a request to list migration tokens for a given enterprise.", "type": "object", "properties": { "migrationTokens": { "description": "The migration tokens from the specified enterprise.", "type": "array", "items": { "$ref": "MigrationToken" } }, "nextPageToken": { "description": "A token, which can be sent as page_token to retrieve the next page. If this field is omitted, there are no subsequent pages.", "type": "string" } } }, "ProvisioningInfo": { "id": "ProvisioningInfo", "description": "Information about a device that is available during setup.", "type": "object", "properties": { "name": { "description": "The name of this resource in the form provisioningInfo/{provisioning_info}.", "type": "string" }, "enterprise": { "description": "The name of the enterprise in the form enterprises/{enterprise}.", "type": "string" }, "brand": { "description": "The brand of the device. For example, Google.", "type": "string" }, "model": { "description": "The model of the device. For example, Asus Nexus 7.", "type": "string" }, "apiLevel": { "description": "The API level of the Android platform version running on the device.", "type": "integer", "format": "int32" }, "managementMode": { "description": "The management mode of the device or profile.", "type": "string", "enumDescriptions": [ "This value is disallowed.", "Device owner. Android Device Policy has full control over the device.", "Profile owner. Android Device Policy has control over a managed profile on the device." ], "enum": [ "MANAGEMENT_MODE_UNSPECIFIED", "DEVICE_OWNER", "PROFILE_OWNER" ] }, "ownership": { "description": "Ownership of the managed device.", "type": "string", "enumDescriptions": [ "Ownership is unspecified.", "Device is company-owned.", "Device is personally-owned." ], "enum": [ "OWNERSHIP_UNSPECIFIED", "COMPANY_OWNED", "PERSONALLY_OWNED" ] }, "imei": { "description": "IMEI number of the GSM device. For example, A1000031212.", "type": "string" }, "meid": { "description": "MEID number of the CDMA device. For example, A00000292788E1.", "type": "string" }, "serialNumber": { "description": "The device serial number.", "type": "string" } } }, "IssueCommandResponse": { "id": "IssueCommandResponse", "description": "Response on issuing a command. This is currently empty as a placeholder.", "type": "object", "properties": {} }, "BatchUsageLogEvents": { "id": "BatchUsageLogEvents", "description": "Batched event logs of events from the device.", "type": "object", "properties": { "device": { "description": "The name of the device in the form ‘enterprises/{enterpriseId}/devices/{deviceId}’", "type": "string" }, "user": { "description": "The resource name of the user that owns this device in the form ‘enterprises/{enterpriseId}/users/{userId}’.", "type": "string" }, "retrievalTime": { "description": "The device timestamp when the batch of events were collected from the device.", "type": "string", "format": "google-datetime" }, "usageLogEvents": { "description": "The list of UsageLogEvent that were reported by the device, sorted chronologically by the event time.", "type": "array", "items": { "$ref": "UsageLogEvent" } } } }, "UsageLogEvent": { "id": "UsageLogEvent", "description": "An event logged on the device.", "type": "object", "properties": { "eventId": { "description": "Unique id of the event.", "type": "string", "format": "int64" }, "eventTime": { "description": "Device timestamp when the event was logged.", "type": "string", "format": "google-datetime" }, "eventType": { "description": "The particular usage log event type that was reported on the device. Use this to determine which event field to access.", "type": "string", "enumDescriptions": [ "This value is not used", "Indicates adb_shell_command_event has been set.", "Indicates adb_shell_interactive_event has been set.", "Indicates app_process_start_event has been set.", "Indicates keyguard_dismissed_event has been set.", "Indicates keyguard_dismiss_auth_attempt_event has been set.", "Indicates keyguard_secured_event has been set.", "Indicates file_pulled_event has been set.", "Indicates file_pushed_event has been set.", "Indicates cert_authority_installed_event has been set.", "Indicates cert_authority_removed_event has been set.", "Indicates cert_validation_failure_event has been set.", "Indicates crypto_self_test_completed_event has been set.", "Indicates key_destruction_event has been set.", "Indicates key_generated_event has been set.", "Indicates key_import_event has been set.", "Indicates key_integrity_violation_event has been set.", "Indicates logging_started_event has been set.", "Indicates logging_stopped_event has been set.", "Indicates log_buffer_size_critical_event has been set.", "Indicates media_mount_event has been set.", "Indicates media_unmount_event has been set.", "Indicates os_shutdown_event has been set.", "Indicates os_startup_event has been set.", "Indicates remote_lock_event has been set.", "Indicates wipe_failure_event has been set.", "Indicates connect_event has been set.", "Indicates dns_event has been set.", "Indicates stopLostModeUserAttemptEvent has been set.", "Indicates lostModeOutgoingPhoneCallEvent has been set.", "Indicates lostModeLocationEvent has been set.", "Indicates enrollment_complete_event has been set." ], "enum": [ "EVENT_TYPE_UNSPECIFIED", "ADB_SHELL_COMMAND", "ADB_SHELL_INTERACTIVE", "APP_PROCESS_START", "KEYGUARD_DISMISSED", "KEYGUARD_DISMISS_AUTH_ATTEMPT", "KEYGUARD_SECURED", "FILE_PULLED", "FILE_PUSHED", "CERT_AUTHORITY_INSTALLED", "CERT_AUTHORITY_REMOVED", "CERT_VALIDATION_FAILURE", "CRYPTO_SELF_TEST_COMPLETED", "KEY_DESTRUCTION", "KEY_GENERATED", "KEY_IMPORT", "KEY_INTEGRITY_VIOLATION", "LOGGING_STARTED", "LOGGING_STOPPED", "LOG_BUFFER_SIZE_CRITICAL", "MEDIA_MOUNT", "MEDIA_UNMOUNT", "OS_SHUTDOWN", "OS_STARTUP", "REMOTE_LOCK", "WIPE_FAILURE", "CONNECT", "DNS", "STOP_LOST_MODE_USER_ATTEMPT", "LOST_MODE_OUTGOING_PHONE_CALL", "LOST_MODE_LOCATION", "ENROLLMENT_COMPLETE" ] }, "adbShellCommandEvent": { "description": "A shell command was issued over ADB via “adb shell command”. Part of SECURITY_LOGS.", "$ref": "AdbShellCommandEvent" }, "adbShellInteractiveEvent": { "description": "An ADB interactive shell was opened via “adb shell”. Part of SECURITY_LOGS.", "$ref": "AdbShellInteractiveEvent" }, "appProcessStartEvent": { "description": "An app process was started. Part of SECURITY_LOGS.", "$ref": "AppProcessStartEvent" }, "keyguardDismissedEvent": { "description": "The keyguard was dismissed. Part of SECURITY_LOGS.", "$ref": "KeyguardDismissedEvent" }, "keyguardDismissAuthAttemptEvent": { "description": "An attempt was made to unlock the device. Part of SECURITY_LOGS.", "$ref": "KeyguardDismissAuthAttemptEvent" }, "keyguardSecuredEvent": { "description": "The device was locked either by user or timeout. Part of SECURITY_LOGS.", "$ref": "KeyguardSecuredEvent" }, "filePulledEvent": { "description": "A file was downloaded from the device. Part of SECURITY_LOGS.", "$ref": "FilePulledEvent" }, "filePushedEvent": { "description": "A file was uploaded onto the device. Part of SECURITY_LOGS.", "$ref": "FilePushedEvent" }, "certAuthorityInstalledEvent": { "description": "A new root certificate was installed into the system's trusted credential storage. Part of SECURITY_LOGS.", "$ref": "CertAuthorityInstalledEvent" }, "certAuthorityRemovedEvent": { "description": "A root certificate was removed from the system's trusted credential storage. Part of SECURITY_LOGS.", "$ref": "CertAuthorityRemovedEvent" }, "certValidationFailureEvent": { "description": "An X.509v3 certificate failed to validate, currently this validation is performed on the Wi-FI access point and failure may be due to a mismatch upon server certificate validation. However it may in the future include other validation events of an X.509v3 certificate. Part of SECURITY_LOGS.", "$ref": "CertValidationFailureEvent" }, "cryptoSelfTestCompletedEvent": { "description": "Validates whether Android’s built-in cryptographic library (BoringSSL) is valid. Should always succeed on device boot, if it fails, the device should be considered untrusted. Part of SECURITY_LOGS.", "$ref": "CryptoSelfTestCompletedEvent" }, "keyDestructionEvent": { "description": "A cryptographic key including user installed, admin installed and system maintained private key is removed from the device either by the user or management. Part of SECURITY_LOGS.", "$ref": "KeyDestructionEvent" }, "keyGeneratedEvent": { "description": "A cryptographic key including user installed, admin installed and system maintained private key is installed on the device either by the user or management. Part of SECURITY_LOGS.", "$ref": "KeyGeneratedEvent" }, "keyImportEvent": { "description": "A cryptographic key including user installed, admin installed and system maintained private key is imported on the device either by the user or management. Part of SECURITY_LOGS.", "$ref": "KeyImportEvent" }, "keyIntegrityViolationEvent": { "description": "A cryptographic key including user installed, admin installed and system maintained private key is determined to be corrupted due to storage corruption, hardware failure or some OS issue. Part of SECURITY_LOGS.", "$ref": "KeyIntegrityViolationEvent" }, "loggingStartedEvent": { "description": "usageLog policy has been enabled. Part of SECURITY_LOGS.", "$ref": "LoggingStartedEvent" }, "loggingStoppedEvent": { "description": "usageLog policy has been disabled. Part of SECURITY_LOGS.", "$ref": "LoggingStoppedEvent" }, "logBufferSizeCriticalEvent": { "description": "The audit log buffer has reached 90% of its capacity, therefore older events may be dropped. Part of SECURITY_LOGS.", "$ref": "LogBufferSizeCriticalEvent" }, "mediaMountEvent": { "description": "Removable media was mounted. Part of SECURITY_LOGS.", "$ref": "MediaMountEvent" }, "mediaUnmountEvent": { "description": "Removable media was unmounted. Part of SECURITY_LOGS.", "$ref": "MediaUnmountEvent" }, "osShutdownEvent": { "description": "Device was shutdown. Part of SECURITY_LOGS.", "$ref": "OsShutdownEvent" }, "osStartupEvent": { "description": "Device was started. Part of SECURITY_LOGS.", "$ref": "OsStartupEvent" }, "remoteLockEvent": { "description": "The device or profile has been remotely locked via the LOCK command. Part of SECURITY_LOGS.", "$ref": "RemoteLockEvent" }, "wipeFailureEvent": { "description": "The work profile or company-owned device failed to wipe when requested. This could be user initiated or admin initiated e.g. delete was received. Part of SECURITY_LOGS.", "$ref": "WipeFailureEvent" }, "connectEvent": { "description": "A TCP connect event was initiated through the standard network stack. Part of NETWORK_ACTIVITY_LOGS.", "$ref": "ConnectEvent" }, "dnsEvent": { "description": "A DNS lookup event was initiated through the standard network stack. Part of NETWORK_ACTIVITY_LOGS.", "$ref": "DnsEvent" }, "stopLostModeUserAttemptEvent": { "description": "An attempt to take a device out of lost mode.", "$ref": "StopLostModeUserAttemptEvent" }, "lostModeOutgoingPhoneCallEvent": { "description": "An outgoing phone call has been made when a device in lost mode.", "$ref": "LostModeOutgoingPhoneCallEvent" }, "lostModeLocationEvent": { "description": "A lost mode location update when a device in lost mode.", "$ref": "LostModeLocationEvent" }, "enrollmentCompleteEvent": { "description": "Device has completed enrollment. Part of AMAPI_LOGS.", "$ref": "EnrollmentCompleteEvent" } } }, "AdbShellCommandEvent": { "id": "AdbShellCommandEvent", "description": "A shell command was issued over ADB via “adb shell command”.", "type": "object", "properties": { "shellCmd": { "description": "Shell command that was issued over ADB via \"adb shell command\". Redacted to empty string on organization-owned managed profile devices.", "type": "string" } } }, "AdbShellInteractiveEvent": { "id": "AdbShellInteractiveEvent", "description": "An ADB interactive shell was opened via “adb shell”. Intentionally empty.", "type": "object", "properties": {} }, "AppProcessStartEvent": { "id": "AppProcessStartEvent", "description": "An app process was started. This is available device-wide on fully managed devices and within the work profile on organization-owned devices with a work profile.", "type": "object", "properties": { "processInfo": { "description": "Information about a process.", "$ref": "AppProcessInfo" } } }, "AppProcessInfo": { "id": "AppProcessInfo", "description": "Information about a process. It contains process name, start time, app Uid, app Pid, seinfo tag, hash of the base APK.", "type": "object", "properties": { "processName": { "description": "Process name.", "type": "string" }, "startTime": { "description": "Process start time.", "type": "string", "format": "google-datetime" }, "uid": { "description": "UID of the package.", "type": "integer", "format": "int32" }, "pid": { "description": "Process ID.", "type": "integer", "format": "int32" }, "seinfo": { "description": "SELinux policy info.", "type": "string" }, "apkSha256Hash": { "description": "SHA-256 hash of the base APK, in hexadecimal format.", "type": "string" }, "packageNames": { "description": "Package names of all packages that are associated with the particular user ID. In most cases, this will be a single package name, the package that has been assigned that user ID. If multiple application share a UID then all packages sharing UID will be included.", "type": "array", "items": { "type": "string" } } } }, "KeyguardDismissedEvent": { "id": "KeyguardDismissedEvent", "description": "The keyguard was dismissed. Intentionally empty.", "type": "object", "properties": {} }, "KeyguardDismissAuthAttemptEvent": { "id": "KeyguardDismissAuthAttemptEvent", "description": "An attempt was made to unlock the device.", "type": "object", "properties": { "success": { "description": "Whether the unlock attempt was successful.", "type": "boolean" }, "strongAuthMethodUsed": { "description": "Whether a strong form of authentication (password, PIN, or pattern) was used to unlock device.", "type": "boolean" } } }, "KeyguardSecuredEvent": { "id": "KeyguardSecuredEvent", "description": "The device was locked either by user or timeout. Intentionally empty.", "type": "object", "properties": {} }, "FilePulledEvent": { "id": "FilePulledEvent", "description": "A file was downloaded from the device.", "type": "object", "properties": { "filePath": { "description": "The path of the file being pulled.", "type": "string" } } }, "FilePushedEvent": { "id": "FilePushedEvent", "description": "A file was uploaded onto the device.", "type": "object", "properties": { "filePath": { "description": "The path of the file being pushed.", "type": "string" } } }, "CertAuthorityInstalledEvent": { "id": "CertAuthorityInstalledEvent", "description": "A new root certificate was installed into the system's trusted credential storage. This is available device-wide on fully managed devices and within the work profile on organization-owned devices with a work profile.", "type": "object", "properties": { "certificate": { "description": "Subject of the certificate.", "type": "string" }, "userId": { "description": "The user in which the certificate install event happened. Only available for devices running Android 11 and above.", "type": "integer", "format": "int32" }, "success": { "description": "Whether the installation event succeeded.", "type": "boolean" } } }, "CertAuthorityRemovedEvent": { "id": "CertAuthorityRemovedEvent", "description": "A root certificate was removed from the system's trusted credential storage. This is available device-wide on fully managed devices and within the work profile on organization-owned devices with a work profile.", "type": "object", "properties": { "certificate": { "description": "Subject of the certificate.", "type": "string" }, "userId": { "description": "The user in which the certificate removal event occurred. Only available for devices running Android 11 and above.", "type": "integer", "format": "int32" }, "success": { "description": "Whether the removal succeeded.", "type": "boolean" } } }, "CertValidationFailureEvent": { "id": "CertValidationFailureEvent", "description": "An X.509v3 certificate failed to validate, currently this validation is performed on the Wi-FI access point and failure may be due to a mismatch upon server certificate validation. However it may in the future include other validation events of an X.509v3 certificate.", "type": "object", "properties": { "failureReason": { "description": "The reason why certification validation failed.", "type": "string" } } }, "CryptoSelfTestCompletedEvent": { "id": "CryptoSelfTestCompletedEvent", "description": "Validates whether Android’s built-in cryptographic library (BoringSSL) is valid. Should always succeed on device boot, if it fails, the device should be considered untrusted.", "type": "object", "properties": { "success": { "description": "Whether the test succeeded.", "type": "boolean" } } }, "KeyDestructionEvent": { "id": "KeyDestructionEvent", "description": "A cryptographic key including user installed, admin installed and system maintained private key is removed from the device either by the user or management. This is available device-wide on fully managed devices and within the work profile on organization-owned devices with a work profile.", "type": "object", "properties": { "keyAlias": { "description": "Alias of the key.", "type": "string" }, "applicationUid": { "description": "UID of the application which owns the key.", "type": "integer", "format": "int32" }, "success": { "description": "Whether the operation was successful.", "type": "boolean" } } }, "KeyGeneratedEvent": { "id": "KeyGeneratedEvent", "description": "A cryptographic key including user installed, admin installed and system maintained private key is installed on the device either by the user or management.This is available device-wide on fully managed devices and within the work profile on organization-owned devices with a work profile.", "type": "object", "properties": { "keyAlias": { "description": "Alias of the key.", "type": "string" }, "applicationUid": { "description": "UID of the application which generated the key.", "type": "integer", "format": "int32" }, "success": { "description": "Whether the operation was successful.", "type": "boolean" } } }, "KeyImportEvent": { "id": "KeyImportEvent", "description": "A cryptographic key including user installed, admin installed and system maintained private key is imported on the device either by the user or management. This is available device-wide on fully managed devices and within the work profile on organization-owned devices with a work profile.", "type": "object", "properties": { "keyAlias": { "description": "Alias of the key.", "type": "string" }, "applicationUid": { "description": "UID of the application which imported the key", "type": "integer", "format": "int32" }, "success": { "description": "Whether the operation was successful.", "type": "boolean" } } }, "KeyIntegrityViolationEvent": { "id": "KeyIntegrityViolationEvent", "description": "A cryptographic key including user installed, admin installed and system maintained private key is determined to be corrupted due to storage corruption, hardware failure or some OS issue. This is available device-wide on fully managed devices and within the work profile on organization-owned devices with a work profile.", "type": "object", "properties": { "keyAlias": { "description": "Alias of the key.", "type": "string" }, "applicationUid": { "description": "UID of the application which owns the key", "type": "integer", "format": "int32" } } }, "LoggingStartedEvent": { "id": "LoggingStartedEvent", "description": "usageLog policy has been enabled. Intentionally empty.", "type": "object", "properties": {} }, "LoggingStoppedEvent": { "id": "LoggingStoppedEvent", "description": "usageLog policy has been disabled. Intentionally empty.", "type": "object", "properties": {} }, "LogBufferSizeCriticalEvent": { "id": "LogBufferSizeCriticalEvent", "description": "The usageLog buffer on the device has reached 90% of its capacity, therefore older events may be dropped. Intentionally empty.", "type": "object", "properties": {} }, "MediaMountEvent": { "id": "MediaMountEvent", "description": "Removable media was mounted.", "type": "object", "properties": { "mountPoint": { "description": "Mount point.", "type": "string" }, "volumeLabel": { "description": "Volume label. Redacted to empty string on organization-owned managed profile devices.", "type": "string" } } }, "MediaUnmountEvent": { "id": "MediaUnmountEvent", "description": "Removable media was unmounted.", "type": "object", "properties": { "mountPoint": { "description": "Mount point.", "type": "string" }, "volumeLabel": { "description": "Volume label. Redacted to empty string on organization-owned managed profile devices.", "type": "string" } } }, "OsShutdownEvent": { "id": "OsShutdownEvent", "description": "Device was shutdown. Intentionally empty.", "type": "object", "properties": {} }, "OsStartupEvent": { "id": "OsStartupEvent", "description": "Device was started.", "type": "object", "properties": { "verifiedBootState": { "description": "Verified Boot state.", "type": "string", "enumDescriptions": [ "Unknown value.", "Indicates that there is a full chain of trust extending from the bootloader to verified partitions including the bootloader, boot partition, and all verified partitions.", "Indicates that the boot partition has been verified using the embedded certificate and the signature is valid.", "Indicates that the device may be freely modified. Device integrity is left to the user to verify out-of-band." ], "enum": [ "VERIFIED_BOOT_STATE_UNSPECIFIED", "GREEN", "YELLOW", "ORANGE" ] }, "verityMode": { "description": "dm-verity mode.", "type": "string", "enumDescriptions": [ "Unknown value.", "Indicates that the device will be restarted when corruption is detected.", "Indicates that an I/O error will be returned for an attempt to read corrupted data blocks (also known as eio boot state).", "Indicates that dm-verity is disabled on device." ], "enum": [ "DM_VERITY_MODE_UNSPECIFIED", "ENFORCING", "IO_ERROR", "DISABLED" ] } } }, "RemoteLockEvent": { "id": "RemoteLockEvent", "description": "The device or profile has been remotely locked via the LOCK command.", "type": "object", "properties": { "adminPackageName": { "description": "Package name of the admin app requesting the change.", "type": "string" }, "adminUserId": { "description": "User ID of the admin app from the which the change was requested.", "type": "integer", "format": "int32" }, "targetUserId": { "description": "User ID in which the change was requested in.", "type": "integer", "format": "int32" } } }, "WipeFailureEvent": { "id": "WipeFailureEvent", "description": "The work profile or company-owned device failed to wipe when requested. This could be user initiated or admin initiated e.g. delete was received. Intentionally empty.", "type": "object", "properties": {} }, "ConnectEvent": { "id": "ConnectEvent", "description": "A TCP connect event was initiated through the standard network stack.", "type": "object", "properties": { "destinationIpAddress": { "description": "The destination IP address of the connect call.", "type": "string" }, "destinationPort": { "description": "The destination port of the connect call.", "type": "integer", "format": "int32" }, "packageName": { "description": "The package name of the UID that performed the connect call.", "type": "string" } } }, "DnsEvent": { "id": "DnsEvent", "description": "A DNS lookup event was initiated through the standard network stack.", "type": "object", "properties": { "hostname": { "description": "The hostname that was looked up.", "type": "string" }, "ipAddresses": { "description": "The (possibly truncated) list of the IP addresses returned for DNS lookup (max 10 IPv4 or IPv6 addresses).", "type": "array", "items": { "type": "string" } }, "totalIpAddressesReturned": { "description": "The number of IP addresses returned from the DNS lookup event. May be higher than the amount of ip_addresses if there were too many addresses to log.", "type": "string", "format": "int64" }, "packageName": { "description": "The package name of the UID that performed the DNS lookup.", "type": "string" } } }, "StopLostModeUserAttemptEvent": { "id": "StopLostModeUserAttemptEvent", "description": "A lost mode event indicating the user has attempted to stop lost mode.", "type": "object", "properties": { "status": { "description": "The status of the attempt to stop lost mode.", "type": "string", "enumDescriptions": [ "This value is not used.", "Indicates that the user successfully stopped lost mode.", "Indicates that the user's attempt to stop lost mode failed." ], "enum": [ "STATUS_UNSPECIFIED", "ATTEMPT_SUCCEEDED", "ATTEMPT_FAILED" ] } } }, "LostModeOutgoingPhoneCallEvent": { "id": "LostModeOutgoingPhoneCallEvent", "description": "An event indicating an outgoing phone call has been made when a device is in lost mode. Intentionally empty.", "type": "object", "properties": {} }, "LostModeLocationEvent": { "id": "LostModeLocationEvent", "description": "A lost mode event containing the device location and battery level as a percentage.", "type": "object", "properties": { "location": { "description": "The device location", "$ref": "Location" }, "batteryLevel": { "description": "The battery level as a number between 0 and 100 inclusive", "type": "integer", "format": "int32" } } }, "Location": { "id": "Location", "description": "The device location containing the latitude and longitude.", "type": "object", "properties": { "latitude": { "description": "The latitude position of the location", "type": "number", "format": "double" }, "longitude": { "description": "The longitude position of the location", "type": "number", "format": "double" } } }, "EnrollmentCompleteEvent": { "id": "EnrollmentCompleteEvent", "description": "Represents that the device has completed enrollment. User should be in the launcher at this point, device at this point will be compliant and all setup steps have been completed. Intentionally empty.", "type": "object", "properties": {} } }, "description": "The Android Management API provides remote enterprise management of Android devices and apps.", "kind": "discovery#restDescription", "mtlsRootUrl": "https://androidmanagement.mtls.googleapis.com/", "title": "Android Management API", "fullyEncodeReservedExpansion": true, "revision": "20240425", "protocol": "rest", "id": "androidmanagement:v1", "discoveryVersion": "v1", "name": "androidmanagement", "servicePath": "", "baseUrl": "https://androidmanagement.googleapis.com/", "icons": { "x16": "http://www.google.com/images/icons/product/search-16.gif", "x32": "http://www.google.com/images/icons/product/search-32.gif" }, "canonicalName": "Android Management", "version_module": true, "documentationLink": "https://developers.google.com/android/management", "auth": { "oauth2": { "scopes": { "https://www.googleapis.com/auth/androidmanagement": { "description": "Manage Android devices and apps for your customers" } } } }, "rootUrl": "https://androidmanagement.googleapis.com/", "parameters": { "access_token": { "type": "string", "description": "OAuth access token.", "location": "query" }, "alt": { "type": "string", "description": "Data format for response.", "default": "json", "enum": [ "json", "media", "proto" ], "enumDescriptions": [ "Responses with Content-Type of application/json", "Media download with context-dependent Content-Type", "Responses with Content-Type of application/x-protobuf" ], "location": "query" }, "callback": { "type": "string", "description": "JSONP", "location": "query" }, "fields": { "type": "string", "description": "Selector specifying which fields to include in a partial response.", "location": "query" }, "key": { "type": "string", "description": "API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.", "location": "query" }, "oauth_token": { "type": "string", "description": "OAuth 2.0 token for the current user.", "location": "query" }, "prettyPrint": { "type": "boolean", "description": "Returns response with indentations and line breaks.", "default": "true", "location": "query" }, "quotaUser": { "type": "string", "description": "Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.", "location": "query" }, "upload_protocol": { "type": "string", "description": "Upload protocol for media (e.g. \"raw\", \"multipart\").", "location": "query" }, "uploadType": { "type": "string", "description": "Legacy upload protocol for media (e.g. \"media\", \"multipart\").", "location": "query" }, "$.xgafv": { "type": "string", "description": "V1 error format.", "enum": [ "1", "2" ], "enumDescriptions": [ "v1 error format", "v2 error format" ], "location": "query" } }, "batchPath": "batch", "resources": { "signupUrls": { "methods": { "create": { "id": "androidmanagement.signupUrls.create", "path": "v1/signupUrls", "flatPath": "v1/signupUrls", "httpMethod": "POST", "parameters": { "projectId": { "description": "The ID of the Google Cloud Platform project which will own the enterprise.", "location": "query", "type": "string" }, "callbackUrl": { "description": "The callback URL that the admin will be redirected to after successfully creating an enterprise. Before redirecting there the system will add a query parameter to this URL named enterpriseToken which will contain an opaque token to be used for the create enterprise request. The URL will be parsed then reformatted in order to add the enterpriseToken parameter, so there may be some minor formatting changes.", "location": "query", "type": "string" } }, "parameterOrder": [], "response": { "$ref": "SignupUrl" }, "scopes": [ "https://www.googleapis.com/auth/androidmanagement" ], "description": "Creates an enterprise signup URL." } } }, "enterprises": { "methods": { "create": { "id": "androidmanagement.enterprises.create", "path": "v1/enterprises", "flatPath": "v1/enterprises", "httpMethod": "POST", "parameters": { "projectId": { "description": "The ID of the Google Cloud Platform project which will own the enterprise.", "location": "query", "type": "string" }, "signupUrlName": { "description": "The name of the SignupUrl used to sign up for the enterprise. Set this when creating a customer-managed enterprise (https://developers.google.com/android/management/create-enterprise#customer-managed_enterprises) and not when creating a deprecated EMM-managed enterprise (https://developers.google.com/android/management/create-enterprise#emm-managed_enterprises).", "location": "query", "type": "string" }, "enterpriseToken": { "description": "The enterprise token appended to the callback URL. Set this when creating a customer-managed enterprise (https://developers.google.com/android/management/create-enterprise#customer-managed_enterprises) and not when creating a deprecated EMM-managed enterprise (https://developers.google.com/android/management/create-enterprise#emm-managed_enterprises).", "location": "query", "type": "string" }, "agreementAccepted": { "description": "Whether the enterprise admin has seen and agreed to the managed Google Play Agreement (https://www.android.com/enterprise/terms/). Do not set this field for any customer-managed enterprise (https://developers.google.com/android/management/create-enterprise#customer-managed_enterprises). Set this to field to true for all EMM-managed enterprises (https://developers.google.com/android/management/create-enterprise#emm-managed_enterprises).", "location": "query", "deprecated": true, "type": "boolean" } }, "parameterOrder": [], "request": { "$ref": "Enterprise" }, "response": { "$ref": "Enterprise" }, "scopes": [ "https://www.googleapis.com/auth/androidmanagement" ], "description": "Creates an enterprise. This is the last step in the enterprise signup flow. See also: SigninDetail" }, "delete": { "id": "androidmanagement.enterprises.delete", "path": "v1/{+name}", "flatPath": "v1/enterprises/{enterprisesId}", "httpMethod": "DELETE", "parameters": { "name": { "description": "The name of the enterprise in the form enterprises/{enterpriseId}.", "pattern": "^enterprises/[^/]+$", "location": "path", "required": true, "type": "string" } }, "parameterOrder": [ "name" ], "response": { "$ref": "Empty" }, "scopes": [ "https://www.googleapis.com/auth/androidmanagement" ], "description": "Permanently deletes an enterprise and all accounts and data associated with it. Warning: this will result in a cascaded deletion of all AM API devices associated with the deleted enterprise. Only available for EMM-managed enterprises." }, "get": { "id": "androidmanagement.enterprises.get", "path": "v1/{+name}", "flatPath": "v1/enterprises/{enterprisesId}", "httpMethod": "GET", "parameters": { "name": { "description": "The name of the enterprise in the form enterprises/{enterpriseId}.", "pattern": "^enterprises/[^/]+$", "location": "path", "required": true, "type": "string" } }, "parameterOrder": [ "name" ], "response": { "$ref": "Enterprise" }, "scopes": [ "https://www.googleapis.com/auth/androidmanagement" ], "description": "Gets an enterprise." }, "patch": { "id": "androidmanagement.enterprises.patch", "path": "v1/{+name}", "flatPath": "v1/enterprises/{enterprisesId}", "httpMethod": "PATCH", "parameters": { "name": { "description": "The name of the enterprise in the form enterprises/{enterpriseId}.", "pattern": "^enterprises/[^/]+$", "location": "path", "required": true, "type": "string" }, "updateMask": { "description": "The field mask indicating the fields to update. If not set, all modifiable fields will be modified.", "location": "query", "type": "string", "format": "google-fieldmask" } }, "parameterOrder": [ "name" ], "request": { "$ref": "Enterprise" }, "response": { "$ref": "Enterprise" }, "scopes": [ "https://www.googleapis.com/auth/androidmanagement" ], "description": "Updates an enterprise. See also: SigninDetail" }, "list": { "id": "androidmanagement.enterprises.list", "path": "v1/enterprises", "flatPath": "v1/enterprises", "httpMethod": "GET", "parameters": { "projectId": { "description": "Required. The Cloud project ID of the EMM managing the enterprises.", "location": "query", "type": "string" }, "pageSize": { "description": "The requested page size. The actual page size may be fixed to a min or max value.", "location": "query", "type": "integer", "format": "int32" }, "pageToken": { "description": "A token identifying a page of results returned by the server.", "location": "query", "type": "string" }, "view": { "description": "Specifies which Enterprise fields to return. This method only supports BASIC.", "location": "query", "type": "string", "enumDescriptions": [ "The API will default to the BASIC view for the List method.", "Includes name and enterprise_display_name fields." ], "enum": [ "ENTERPRISE_VIEW_UNSPECIFIED", "BASIC" ] } }, "parameterOrder": [], "response": { "$ref": "ListEnterprisesResponse" }, "scopes": [ "https://www.googleapis.com/auth/androidmanagement" ], "description": "Lists EMM-managed enterprises. Only BASIC fields are returned." } }, "resources": { "enrollmentTokens": { "methods": { "create": { "id": "androidmanagement.enterprises.enrollmentTokens.create", "path": "v1/{+parent}/enrollmentTokens", "flatPath": "v1/enterprises/{enterprisesId}/enrollmentTokens", "httpMethod": "POST", "parameters": { "parent": { "description": "The name of the enterprise in the form enterprises/{enterpriseId}.", "pattern": "^enterprises/[^/]+$", "location": "path", "required": true, "type": "string" } }, "parameterOrder": [ "parent" ], "request": { "$ref": "EnrollmentToken" }, "response": { "$ref": "EnrollmentToken" }, "scopes": [ "https://www.googleapis.com/auth/androidmanagement" ], "description": "Creates an enrollment token for a given enterprise. It's up to the caller's responsibility to manage the lifecycle of newly created tokens and deleting them when they're not intended to be used anymore. Once an enrollment token has been created, it's not possible to retrieve the token's content anymore using AM API. It is recommended for EMMs to securely store the token if it's intended to be reused." }, "delete": { "id": "androidmanagement.enterprises.enrollmentTokens.delete", "path": "v1/{+name}", "flatPath": "v1/enterprises/{enterprisesId}/enrollmentTokens/{enrollmentTokensId}", "httpMethod": "DELETE", "parameters": { "name": { "description": "The name of the enrollment token in the form enterprises/{enterpriseId}/enrollmentTokens/{enrollmentTokenId}.", "pattern": "^enterprises/[^/]+/enrollmentTokens/[^/]+$", "location": "path", "required": true, "type": "string" } }, "parameterOrder": [ "name" ], "response": { "$ref": "Empty" }, "scopes": [ "https://www.googleapis.com/auth/androidmanagement" ], "description": "Deletes an enrollment token. This operation invalidates the token, preventing its future use." }, "get": { "id": "androidmanagement.enterprises.enrollmentTokens.get", "path": "v1/{+name}", "flatPath": "v1/enterprises/{enterprisesId}/enrollmentTokens/{enrollmentTokensId}", "httpMethod": "GET", "parameters": { "name": { "description": "Required. The name of the enrollment token in the form enterprises/{enterpriseId}/enrollmentTokens/{enrollmentTokenId}.", "pattern": "^enterprises/[^/]+/enrollmentTokens/[^/]+$", "location": "path", "required": true, "type": "string" } }, "parameterOrder": [ "name" ], "response": { "$ref": "EnrollmentToken" }, "scopes": [ "https://www.googleapis.com/auth/androidmanagement" ], "description": "Gets an active, unexpired enrollment token. Only a partial view of EnrollmentToken is returned: all the fields but name and expiration_timestamp are empty. This method is meant to help manage active enrollment tokens lifecycle. For security reasons, it's recommended to delete active enrollment tokens as soon as they're not intended to be used anymore." }, "list": { "id": "androidmanagement.enterprises.enrollmentTokens.list", "path": "v1/{+parent}/enrollmentTokens", "flatPath": "v1/enterprises/{enterprisesId}/enrollmentTokens", "httpMethod": "GET", "parameters": { "parent": { "description": "Required. The name of the enterprise in the form enterprises/{enterpriseId}.", "pattern": "^enterprises/[^/]+$", "location": "path", "required": true, "type": "string" }, "pageSize": { "description": "The requested page size. The service may return fewer than this value. If unspecified, at most 10 items will be returned. The maximum value is 100; values above 100 will be coerced to 100.", "location": "query", "type": "integer", "format": "int32" }, "pageToken": { "description": "A token identifying a page of results returned by the server.", "location": "query", "type": "string" } }, "parameterOrder": [ "parent" ], "response": { "$ref": "ListEnrollmentTokensResponse" }, "scopes": [ "https://www.googleapis.com/auth/androidmanagement" ], "description": "Lists active, unexpired enrollment tokens for a given enterprise. The list items contain only a partial view of EnrollmentToken: all the fields but name and expiration_timestamp are empty. This method is meant to help manage active enrollment tokens lifecycle. For security reasons, it's recommended to delete active enrollment tokens as soon as they're not intended to be used anymore." } } }, "webTokens": { "methods": { "create": { "id": "androidmanagement.enterprises.webTokens.create", "path": "v1/{+parent}/webTokens", "flatPath": "v1/enterprises/{enterprisesId}/webTokens", "httpMethod": "POST", "parameters": { "parent": { "description": "The name of the enterprise in the form enterprises/{enterpriseId}.", "pattern": "^enterprises/[^/]+$", "location": "path", "required": true, "type": "string" } }, "parameterOrder": [ "parent" ], "request": { "$ref": "WebToken" }, "response": { "$ref": "WebToken" }, "scopes": [ "https://www.googleapis.com/auth/androidmanagement" ], "description": "Creates a web token to access an embeddable managed Google Play web UI for a given enterprise." } } }, "devices": { "methods": { "get": { "id": "androidmanagement.enterprises.devices.get", "path": "v1/{+name}", "flatPath": "v1/enterprises/{enterprisesId}/devices/{devicesId}", "httpMethod": "GET", "parameters": { "name": { "description": "The name of the device in the form enterprises/{enterpriseId}/devices/{deviceId}.", "pattern": "^enterprises/[^/]+/devices/[^/]+$", "location": "path", "required": true, "type": "string" } }, "parameterOrder": [ "name" ], "response": { "$ref": "Device" }, "scopes": [ "https://www.googleapis.com/auth/androidmanagement" ], "description": "Gets a device. Deleted devices will respond with a 404 error." }, "list": { "id": "androidmanagement.enterprises.devices.list", "path": "v1/{+parent}/devices", "flatPath": "v1/enterprises/{enterprisesId}/devices", "httpMethod": "GET", "parameters": { "parent": { "description": "The name of the enterprise in the form enterprises/{enterpriseId}.", "pattern": "^enterprises/[^/]+$", "location": "path", "required": true, "type": "string" }, "pageSize": { "description": "The requested page size. The actual page size may be fixed to a min or max value.", "location": "query", "type": "integer", "format": "int32" }, "pageToken": { "description": "A token identifying a page of results returned by the server.", "location": "query", "type": "string" } }, "parameterOrder": [ "parent" ], "response": { "$ref": "ListDevicesResponse" }, "scopes": [ "https://www.googleapis.com/auth/androidmanagement" ], "description": "Lists devices for a given enterprise. Deleted devices are not returned in the response." }, "patch": { "id": "androidmanagement.enterprises.devices.patch", "path": "v1/{+name}", "flatPath": "v1/enterprises/{enterprisesId}/devices/{devicesId}", "httpMethod": "PATCH", "parameters": { "name": { "description": "The name of the device in the form enterprises/{enterpriseId}/devices/{deviceId}.", "pattern": "^enterprises/[^/]+/devices/[^/]+$", "location": "path", "required": true, "type": "string" }, "updateMask": { "description": "The field mask indicating the fields to update. If not set, all modifiable fields will be modified.", "location": "query", "type": "string", "format": "google-fieldmask" } }, "parameterOrder": [ "name" ], "request": { "$ref": "Device" }, "response": { "$ref": "Device" }, "scopes": [ "https://www.googleapis.com/auth/androidmanagement" ], "description": "Updates a device." }, "delete": { "id": "androidmanagement.enterprises.devices.delete", "path": "v1/{+name}", "flatPath": "v1/enterprises/{enterprisesId}/devices/{devicesId}", "httpMethod": "DELETE", "parameters": { "name": { "description": "The name of the device in the form enterprises/{enterpriseId}/devices/{deviceId}.", "pattern": "^enterprises/[^/]+/devices/[^/]+$", "location": "path", "required": true, "type": "string" }, "wipeDataFlags": { "description": "Optional flags that control the device wiping behavior.", "location": "query", "repeated": true, "type": "string", "enumDescriptions": [ "This value is ignored.", "Preserve the factory reset protection data on the device.", "Additionally wipe the device's external storage (such as SD cards)." ], "enum": [ "WIPE_DATA_FLAG_UNSPECIFIED", "PRESERVE_RESET_PROTECTION_DATA", "WIPE_EXTERNAL_STORAGE" ] }, "wipeReasonMessage": { "description": "Optional. A short message displayed to the user before wiping the work profile on personal devices. This has no effect on company owned devices. The maximum message length is 200 characters.", "location": "query", "type": "string" } }, "parameterOrder": [ "name" ], "response": { "$ref": "Empty" }, "scopes": [ "https://www.googleapis.com/auth/androidmanagement" ], "description": "Deletes a device. This operation wipes the device. Deleted devices do not show up in enterprises.devices.list calls and a 404 is returned from enterprises.devices.get." }, "issueCommand": { "id": "androidmanagement.enterprises.devices.issueCommand", "path": "v1/{+name}:issueCommand", "flatPath": "v1/enterprises/{enterprisesId}/devices/{devicesId}:issueCommand", "httpMethod": "POST", "parameters": { "name": { "description": "The name of the device in the form enterprises/{enterpriseId}/devices/{deviceId}.", "pattern": "^enterprises/[^/]+/devices/[^/]+$", "location": "path", "required": true, "type": "string" } }, "parameterOrder": [ "name" ], "request": { "$ref": "Command" }, "response": { "$ref": "Operation" }, "scopes": [ "https://www.googleapis.com/auth/androidmanagement" ], "description": "Issues a command to a device. The Operation resource returned contains a Command in its metadata field. Use the get operation method to get the status of the command." } }, "resources": { "operations": { "methods": { "list": { "id": "androidmanagement.enterprises.devices.operations.list", "path": "v1/{+name}", "flatPath": "v1/enterprises/{enterprisesId}/devices/{devicesId}/operations", "httpMethod": "GET", "parameters": { "name": { "description": "The name of the operation's parent resource.", "pattern": "^enterprises/[^/]+/devices/[^/]+/operations$", "location": "path", "required": true, "type": "string" }, "filter": { "description": "The standard list filter.", "location": "query", "type": "string" }, "pageSize": { "description": "The standard list page size.", "location": "query", "type": "integer", "format": "int32" }, "pageToken": { "description": "The standard list page token.", "location": "query", "type": "string" } }, "parameterOrder": [ "name" ], "response": { "$ref": "ListOperationsResponse" }, "scopes": [ "https://www.googleapis.com/auth/androidmanagement" ], "description": "Lists operations that match the specified filter in the request. If the server doesn't support this method, it returns UNIMPLEMENTED." }, "get": { "id": "androidmanagement.enterprises.devices.operations.get", "path": "v1/{+name}", "flatPath": "v1/enterprises/{enterprisesId}/devices/{devicesId}/operations/{operationsId}", "httpMethod": "GET", "parameters": { "name": { "description": "The name of the operation resource.", "pattern": "^enterprises/[^/]+/devices/[^/]+/operations/[^/]+$", "location": "path", "required": true, "type": "string" } }, "parameterOrder": [ "name" ], "response": { "$ref": "Operation" }, "scopes": [ "https://www.googleapis.com/auth/androidmanagement" ], "description": "Gets the latest state of a long-running operation. Clients can use this method to poll the operation result at intervals as recommended by the API service." }, "cancel": { "id": "androidmanagement.enterprises.devices.operations.cancel", "path": "v1/{+name}:cancel", "flatPath": "v1/enterprises/{enterprisesId}/devices/{devicesId}/operations/{operationsId}:cancel", "httpMethod": "POST", "parameters": { "name": { "description": "The name of the operation resource to be cancelled.", "pattern": "^enterprises/[^/]+/devices/[^/]+/operations/[^/]+$", "location": "path", "required": true, "type": "string" } }, "parameterOrder": [ "name" ], "response": { "$ref": "Empty" }, "scopes": [ "https://www.googleapis.com/auth/androidmanagement" ], "description": "Starts asynchronous cancellation on a long-running operation. The server makes a best effort to cancel the operation, but success is not guaranteed. If the server doesn't support this method, it returns google.rpc.Code.UNIMPLEMENTED. Clients can use Operations.GetOperation or other methods to check whether the cancellation succeeded or whether the operation completed despite cancellation. On successful cancellation, the operation is not deleted; instead, it becomes an operation with an Operation.error value with a google.rpc.Status.code of 1, corresponding to Code.CANCELLED." } } } } }, "policies": { "methods": { "get": { "id": "androidmanagement.enterprises.policies.get", "path": "v1/{+name}", "flatPath": "v1/enterprises/{enterprisesId}/policies/{policiesId}", "httpMethod": "GET", "parameters": { "name": { "description": "The name of the policy in the form enterprises/{enterpriseId}/policies/{policyId}.", "pattern": "^enterprises/[^/]+/policies/[^/]+$", "location": "path", "required": true, "type": "string" } }, "parameterOrder": [ "name" ], "response": { "$ref": "Policy" }, "scopes": [ "https://www.googleapis.com/auth/androidmanagement" ], "description": "Gets a policy." }, "list": { "id": "androidmanagement.enterprises.policies.list", "path": "v1/{+parent}/policies", "flatPath": "v1/enterprises/{enterprisesId}/policies", "httpMethod": "GET", "parameters": { "parent": { "description": "The name of the enterprise in the form enterprises/{enterpriseId}.", "pattern": "^enterprises/[^/]+$", "location": "path", "required": true, "type": "string" }, "pageSize": { "description": "The requested page size. The actual page size may be fixed to a min or max value.", "location": "query", "type": "integer", "format": "int32" }, "pageToken": { "description": "A token identifying a page of results returned by the server.", "location": "query", "type": "string" } }, "parameterOrder": [ "parent" ], "response": { "$ref": "ListPoliciesResponse" }, "scopes": [ "https://www.googleapis.com/auth/androidmanagement" ], "description": "Lists policies for a given enterprise." }, "patch": { "id": "androidmanagement.enterprises.policies.patch", "path": "v1/{+name}", "flatPath": "v1/enterprises/{enterprisesId}/policies/{policiesId}", "httpMethod": "PATCH", "parameters": { "name": { "description": "The name of the policy in the form enterprises/{enterpriseId}/policies/{policyId}.", "pattern": "^enterprises/[^/]+/policies/[^/]+$", "location": "path", "required": true, "type": "string" }, "updateMask": { "description": "The field mask indicating the fields to update. If not set, all modifiable fields will be modified.", "location": "query", "type": "string", "format": "google-fieldmask" } }, "parameterOrder": [ "name" ], "request": { "$ref": "Policy" }, "response": { "$ref": "Policy" }, "scopes": [ "https://www.googleapis.com/auth/androidmanagement" ], "description": "Updates or creates a policy." }, "delete": { "id": "androidmanagement.enterprises.policies.delete", "path": "v1/{+name}", "flatPath": "v1/enterprises/{enterprisesId}/policies/{policiesId}", "httpMethod": "DELETE", "parameters": { "name": { "description": "The name of the policy in the form enterprises/{enterpriseId}/policies/{policyId}.", "pattern": "^enterprises/[^/]+/policies/[^/]+$", "location": "path", "required": true, "type": "string" } }, "parameterOrder": [ "name" ], "response": { "$ref": "Empty" }, "scopes": [ "https://www.googleapis.com/auth/androidmanagement" ], "description": "Deletes a policy. This operation is only permitted if no devices are currently referencing the policy." } } }, "applications": { "methods": { "get": { "id": "androidmanagement.enterprises.applications.get", "path": "v1/{+name}", "flatPath": "v1/enterprises/{enterprisesId}/applications/{applicationsId}", "httpMethod": "GET", "parameters": { "name": { "description": "The name of the application in the form enterprises/{enterpriseId}/applications/{package_name}.", "pattern": "^enterprises/[^/]+/applications/[^/]+$", "location": "path", "required": true, "type": "string" }, "languageCode": { "description": "The preferred language for localized application info, as a BCP47 tag (e.g. \"en-US\", \"de\"). If not specified the default language of the application will be used.", "location": "query", "type": "string" } }, "parameterOrder": [ "name" ], "response": { "$ref": "Application" }, "scopes": [ "https://www.googleapis.com/auth/androidmanagement" ], "description": "Gets info about an application." } } }, "webApps": { "methods": { "create": { "id": "androidmanagement.enterprises.webApps.create", "path": "v1/{+parent}/webApps", "flatPath": "v1/enterprises/{enterprisesId}/webApps", "httpMethod": "POST", "parameters": { "parent": { "description": "The name of the enterprise in the form enterprises/{enterpriseId}.", "pattern": "^enterprises/[^/]+$", "location": "path", "required": true, "type": "string" } }, "parameterOrder": [ "parent" ], "request": { "$ref": "WebApp" }, "response": { "$ref": "WebApp" }, "scopes": [ "https://www.googleapis.com/auth/androidmanagement" ], "description": "Creates a web app." }, "get": { "id": "androidmanagement.enterprises.webApps.get", "path": "v1/{+name}", "flatPath": "v1/enterprises/{enterprisesId}/webApps/{webAppsId}", "httpMethod": "GET", "parameters": { "name": { "description": "The name of the web app in the form enterprises/{enterpriseId}/webApp/{packageName}.", "pattern": "^enterprises/[^/]+/webApps/[^/]+$", "location": "path", "required": true, "type": "string" } }, "parameterOrder": [ "name" ], "response": { "$ref": "WebApp" }, "scopes": [ "https://www.googleapis.com/auth/androidmanagement" ], "description": "Gets a web app." }, "list": { "id": "androidmanagement.enterprises.webApps.list", "path": "v1/{+parent}/webApps", "flatPath": "v1/enterprises/{enterprisesId}/webApps", "httpMethod": "GET", "parameters": { "parent": { "description": "The name of the enterprise in the form enterprises/{enterpriseId}.", "pattern": "^enterprises/[^/]+$", "location": "path", "required": true, "type": "string" }, "pageSize": { "description": "The requested page size. This is a hint and the actual page size in the response may be different.", "location": "query", "type": "integer", "format": "int32" }, "pageToken": { "description": "A token identifying a page of results returned by the server.", "location": "query", "type": "string" } }, "parameterOrder": [ "parent" ], "response": { "$ref": "ListWebAppsResponse" }, "scopes": [ "https://www.googleapis.com/auth/androidmanagement" ], "description": "Lists web apps for a given enterprise." }, "patch": { "id": "androidmanagement.enterprises.webApps.patch", "path": "v1/{+name}", "flatPath": "v1/enterprises/{enterprisesId}/webApps/{webAppsId}", "httpMethod": "PATCH", "parameters": { "name": { "description": "The name of the web app in the form enterprises/{enterpriseId}/webApps/{packageName}.", "pattern": "^enterprises/[^/]+/webApps/[^/]+$", "location": "path", "required": true, "type": "string" }, "updateMask": { "description": "The field mask indicating the fields to update. If not set, all modifiable fields will be modified.", "location": "query", "type": "string", "format": "google-fieldmask" } }, "parameterOrder": [ "name" ], "request": { "$ref": "WebApp" }, "response": { "$ref": "WebApp" }, "scopes": [ "https://www.googleapis.com/auth/androidmanagement" ], "description": "Updates a web app." }, "delete": { "id": "androidmanagement.enterprises.webApps.delete", "path": "v1/{+name}", "flatPath": "v1/enterprises/{enterprisesId}/webApps/{webAppsId}", "httpMethod": "DELETE", "parameters": { "name": { "description": "The name of the web app in the form enterprises/{enterpriseId}/webApps/{packageName}.", "pattern": "^enterprises/[^/]+/webApps/[^/]+$", "location": "path", "required": true, "type": "string" } }, "parameterOrder": [ "name" ], "response": { "$ref": "Empty" }, "scopes": [ "https://www.googleapis.com/auth/androidmanagement" ], "description": "Deletes a web app." } } }, "migrationTokens": { "methods": { "create": { "id": "androidmanagement.enterprises.migrationTokens.create", "path": "v1/{+parent}/migrationTokens", "flatPath": "v1/enterprises/{enterprisesId}/migrationTokens", "httpMethod": "POST", "parameters": { "parent": { "description": "Required. The enterprise in which this migration token is created. This must be the same enterprise which already manages the device in the Play EMM API. Format: enterprises/{enterprise}", "pattern": "^enterprises/[^/]+$", "location": "path", "required": true, "type": "string" } }, "parameterOrder": [ "parent" ], "request": { "$ref": "MigrationToken" }, "response": { "$ref": "MigrationToken" }, "scopes": [ "https://www.googleapis.com/auth/androidmanagement" ], "description": "Creates a migration token, to migrate an existing device from being managed by the EMM's Device Policy Controller (DPC) to being managed by the Android Management API. See the guide (https://developers.google.com/android/management/dpc-migration) for more details." }, "get": { "id": "androidmanagement.enterprises.migrationTokens.get", "path": "v1/{+name}", "flatPath": "v1/enterprises/{enterprisesId}/migrationTokens/{migrationTokensId}", "httpMethod": "GET", "parameters": { "name": { "description": "Required. The name of the migration token to retrieve. Format: enterprises/{enterprise}/migrationTokens/{migration_token}", "pattern": "^enterprises/[^/]+/migrationTokens/[^/]+$", "location": "path", "required": true, "type": "string" } }, "parameterOrder": [ "name" ], "response": { "$ref": "MigrationToken" }, "scopes": [ "https://www.googleapis.com/auth/androidmanagement" ], "description": "Gets a migration token." }, "list": { "id": "androidmanagement.enterprises.migrationTokens.list", "path": "v1/{+parent}/migrationTokens", "flatPath": "v1/enterprises/{enterprisesId}/migrationTokens", "httpMethod": "GET", "parameters": { "parent": { "description": "Required. The enterprise which the migration tokens belong to. Format: enterprises/{enterprise}", "pattern": "^enterprises/[^/]+$", "location": "path", "required": true, "type": "string" }, "pageSize": { "description": "The maximum number of migration tokens to return. Fewer migration tokens may be returned. If unspecified, at most 100 migration tokens will be returned. The maximum value is 100; values above 100 will be coerced to 100.", "location": "query", "type": "integer", "format": "int32" }, "pageToken": { "description": "A page token, received from a previous ListMigrationTokens call. Provide this to retrieve the subsequent page.When paginating, all other parameters provided to ListMigrationTokens must match the call that provided the page token.", "location": "query", "type": "string" } }, "parameterOrder": [ "parent" ], "response": { "$ref": "ListMigrationTokensResponse" }, "scopes": [ "https://www.googleapis.com/auth/androidmanagement" ], "description": "Lists migration tokens." } } } } }, "provisioningInfo": { "methods": { "get": { "id": "androidmanagement.provisioningInfo.get", "path": "v1/{+name}", "flatPath": "v1/provisioningInfo/{provisioningInfoId}", "httpMethod": "GET", "parameters": { "name": { "description": "Required. The identifier that Android Device Policy passes to the 3P sign-in page in the form of provisioningInfo/{provisioning_info}.", "pattern": "^provisioningInfo/[^/]+$", "location": "path", "required": true, "type": "string" } }, "parameterOrder": [ "name" ], "response": { "$ref": "ProvisioningInfo" }, "scopes": [ "https://www.googleapis.com/auth/androidmanagement" ], "description": "Get the device provisioning information by the identifier provided in the sign-in url." } } } }, "basePath": "", "ownerName": "Google" }