For starters, please note that it is possible to create a policy even if no user were created beforehand but you won’t be able to apply it to any device: we recommend you to create users first (have a look here on how to add users one by one or import a list of users from a CSV file).

To create a policy and apply it to the devices:

Go to the Policies tab and click on Create a policy. From here, you can manage users / device security settings / apps / OS upgrade / internet filtering / wifi configuration, etc.


1. Users

group configuration

The first step is to add users to this policy by simply ticking the box next to their name, or next to the group if several users belong to the same group. To manage groups, click on the icon showing a group of users at the right of the group name: a popup will appear so you can change group names if needed.

2. Device security

In this section, you can:

  • Disable finger print and face recognition authentications
  • Set the password type (letter/numeric/special character password, pattern, PIN…), its minimum size and its timeout delay to force end-users updating it regularly. More info about security policy here.
device security challenge

In a Work Profile setup, you will be able to enforce a security password to access the secure folder containing all business apps and data. Whenever the employee needs to access the Work Profile’s content, he will be prompted to enter a password compliant with his policy.

3. Apps management

In here you will find all your Enterprise approved apps (public, private and web ones). When an app is greyed out, it’s because it is approved business-wide but not in this policy. You can authorise / forbid an app in this particular policy by clicking on it.

To turn your device into a Kiosk, tick the checkbox Enable lock task mode. What is Kiosk mode?

app management

4. Internet filtering

TinyMDM’s web filtering technology helps you create a SAFE FOR WORK internet environment, no matter the browser used. From here you can choose between 4 levels of restriction:

  1. No restriction
  2. Anti-phishing/malware
  3. Safe for work: anti-phishing/malware + forbid inappropriate websites (drugs, porn, gambling, violence…)
  4. Whitelist only: authorise only a few websites

Alos, by clicking on the Visited sites tab, you have a list of the visited websites on the last 15 days.


If you want to forbid some websites in particular, go to the Forbidden sites tab and enter its name (ex: You will have to choose between forbidding only or all website of this domain.


Please note that in a Work Profile setup this option won’t be available since device-wide controls are only available on fully managed devices.

5. WIFI settings

Choose to preconfigure favorite networks, disable Wi-Fi on some devices, forbid connections to unsecured networks, etc. Everything is designed to help you protect your sensitive data and save some time when using the devices. You can configure Wi-Fi on company-owned devices as well as BYOD devices used for work. This allows Wi-Fi networks to be automatically configured on these devices, without the end-users having to know or type the password.

  • First, go to the Wi-Fi Networks tab and click on either Configure a new wifi network or Configure a new EAP wifi nextwork
  • Enter the information of the network: its name (ssid) & password (for EAP Wi-Fi, more info will be needed, such as additional passwords or certificates)
  • All the Wi-Fi networks you add will be listed here, and you’ll be able to push them to the devices just by ticking the box next to them

6. Connectivity management

From this section, you can:

  • Disable internet connection sharing
  • Disable Bluetooth
  • Disable NFC to beam out data from apps
  • Disable mobile data settings
  • Disable data roaming
  • Disable airplane mode

Please note that this option is not available in a Work Profile setup as device-wide controls are only accessible in a Fully Managed mode.

7. Device-wide controls

From this section, you can:

  • Select when Android OS will be updated: automatically, after midnight, or 30 days later
  • Prevent end users from adding their own Google account on the device
  • Allow installation of all Play Store applications of added google account
  • Prevent reset factory: when enabled, a temporary code will be displayed and the end user will need it to be able to reset his device.
  • Disable Google FRP
  • Disable camera
  • Block access to location settings
  • Disable usb files access

Please note that this option is not available in a Work Profile setup as device-wide controls are only accessible in a Fully Managed mode.

8. Screen settings

From this section, you can:

  • Set a wallpaper
  • Show user and device identifiers on device wallpaper
  • Set a sleep mode delay
  • Set brightness level
  • Set up a maximum speed beyond which the device screen will not respond (display only)

Please note that this option is not available in a Work Profile setup as device-wide controls are only accessible in a Fully Managed mode.

8. Shared contacts and shared files

In the last two sections Shared Contacts and Shared files, you can add or remove contacts and files on all the devices within this policy in one click !

Learn more about Contacts sharing.
Learn more about Files sharing.

screen control