Keyguard Management device policy

Android keyguard manages the device and work challenge lock screens. This policy lets you manage features for Android Enterprise work profile keyguard and advanced device keyguard. You can control:

  • Keyguard management on work profile devices. You can specify the features available to users before they unlock the device keyguard and the work challenge keyguard. For example, by default users can use fingerprint unlock and view unredacted notifications on the lock screen.

  • Keyguard management on fully managed and dedicated devices. You can specify the features available, such as trust agents and secure camera, before they unlock the keyguard screen. Or, you can choose to disable all keyguard features.

To add or configure this policy, go to Configure > Device Policies. For more information, see Device policies.

Android Enterprise settings

Device Policies configuration screen

  • Work profile keyguard features: Controls whether the following features are available before a user unlocks the work profile keyguard (lock screen).
    • Disable trust agents: If Off, trust agents can operate on secure keyguard screens when a challenge is set on the work profile. Set to On to disable all trust agents on the work profile. Default is Off.
    • Disable fingerprint unlock: If Off, fingerprint unlock is available on secure keyguard screens when a challenge is set on the work profile. Set to On to disable fingerprint unlock on the work profile. Default is Off.
    • Disable unredacted notifications: If Off, unredacted notifications appear on secure keyguard screens. Set to On to show unredacted notifications. Default is Off, which means only redacted notifications on secure keyguard screens are allowed.
  • Fully managed device keyguard features: Controls whether the following features are available before a user unlocks the device keyguard (lock screen). These features apply to fully managed or dedicated devices.

    • Disable all keyguard features: If Off, all current and future keyguard customizations are available on the secure keyguard screens. Set to On to disable all keyguard customizations. Default is Off.
    • Disable trust agents: If Off, trust agents can operate on secure keyguard screens. Set to On to disable trust agents. Default is Off.
    • Disable fingerprint lock: If Off, the fingerprint lock feature is available on secure keyguard screens. Set to On to disable the fingerprint lock feature. Default is Off.
    • Disable all notifications: If Off, all notifications appear on secure keyguard screens. Set to On to show all notifications. Default is Off.
    • Disable unredacted notifications: If Off, unredacted notifications appear on secure keyguard screens. If you disable unredacted notifications, only redacted notifications are allowed on secure keyguard screens. Set to On to include unredacted notifications. Default is Off.
    • Disable secure camera: If Off, secure camera is available on secure keyguard screens. Set to On to disable the secure camera. Default is Off.

Keyguard Management device policy