Create a policy

policies (also called a policy) are the core resource of the Android Management API. You use them to create and save groups of device and app management settings for your customers to apply to devices.

See example policies

We've created several examples of recommended policies for different device setups and scenarios:

Apply a policy to devices

A policy can be applied to one or more devices. However, a device can only have a single policy at any given time.

A device should be associated with a policy during device enrollment. To do this, include the policyName when creating an enrollment token. After a device is enrolled with the enrollment token, the policies resource linked to the policyName is applied to the device or work profile, depending on the provisioning method used.

Devices enrolled without a policy are blocked from all functions until a policy is applied. If a policy isn't applied within five minutes, then enrollment will fail and the device will be factory reset.

Set a default policy for an enterprise

To prevent devices from being enrolled without a policy, you can define a single default policy for an enterprise. To do this, set the name of a designated default policy to "default". This policy will then be applied to all newly enrolled devices by default, unless another policyName is specified in the device's enrollment token.

Unspecified values

_UNSPECIFIED values are used to represent empty or unset policies. The associated API documentation will outline the default behavior when the policy is not explicitly set.

We generally avoid changing default behavior, except for example when required for security reasons or to align with changes in Android platform. We will provide advance notice to the EMM community when such a change is anticipated to allow for EMMs and admins to adapt their policies accordingly.

As an example, see the _UNSPECIFIED enum value for CrossProfileDataSharing .

Update or change a device's policy

To update a policy, call enterprises.policies.patch . When you update a policies resource, the update is enforced on all devices associated with that policy.

To apply a different policy to the device, call enterprises.devices.patch .

Note: We recommend defining one policy per device to enable granular device-level management capabilities. If there is no need for device-level granularity, AM API supports having a single policy shared across several devices. Automatic patch propagation will occur regardless of your choice to use multiple or a single policy per device.