Redes
LosIn administradoresthis desection ITyou puedencan aprovisionarconfigure silenciosamentenetworking-related configuraciones de Wi-policies.
Wi‑Fi empresarialesconfigurations encan dispositivosbe administrados.provisioned Lasand configuracionesmanaged deby Wi-the system via WiFi configurations. Depending on the value set on Configure Wi‑Fi, tambiénusers semay puedenhave bloquearlimited paraor evitarno quecontrol losover usuariosadding/modifying creen configuraciones o modifiquen las configuraciones corporativas.
1. Bluetooth desactivado
Si el bluetooth está desactivado.networks.
Device radio state
1. Wi‑Fi state
Controls current state of Wi‑Fi and if the user can change its state.
User choice (default): User is allowed to enable/disable Wi‑Fi.
Enabled: Wi‑Fi is on and the user is not allowed to turn it off (Android 13+).
Disabled: Wi‑Fi is off and the user is not allowed to turn it on (Android 13+).
2. CompartirMinimum contactosWi‑Fi porsecurity level
The minimum required security level of Wi‑Fi networks that the device can connect to. Supported on Android 13 and above, for fully managed devices and work profiles on company-owned devices.
Open network (default): The device can connect to all types of Wi‑Fi networks.
Personal network: Disallows open Wi‑Fi networks; requires at least personal security (for example WPA2‑PSK).
Enterprise network: Requires enterprise EAP networks; disallows Wi‑Fi networks below this security level.
192‑bit enterprise network: Requires 192‑bit enterprise networks; strictest option.
3. Ultra wideband (UWB) state
Controls the state of the ultra wideband setting and whether the user can toggle it on or off.
User choice (default): The user is allowed to toggle UWB on or off.
Disabled: UWB is disabled and the user is not allowed to toggle it via settings (Android 14+).
Device connectivity management
4. Bluetooth desactivado
Controls whether Bluetooth sharing is allowed.
Allowed: Bluetooth sharing is allowed (default on fully managed devices, Android 8+).
Disallowed: Bluetooth sharing is disallowed (default on work profiles, Android 8+).
5. Configure Wi‑Fi
Controls Wi‑Fi configuring privileges. Depending on the selected option, the user has full, limited, or no control in configuring Wi‑Fi networks.
Allow configuring Wi‑Fi (default): The user is allowed to configure Wi‑Fi.
Disallow add Wi‑Fi config: Adding new Wi‑Fi configurations is disallowed. The user can switch between already configured networks (Android 13+; fully managed and company-owned work profiles).
Disallow configuring Wi‑Fi: Disallows configuring Wi‑Fi networks. For fully managed devices this removes user-configured networks and retains only networks configured via WiFi configurations. For company-owned work profiles, existing networks are not affected but users cannot add/remove/modify Wi‑Fi networks.
When configuring Wi‑Fi is disabled and the device cannot connect at boot time, the system can show the network escape hatch to let the user temporarily connect and refresh policy.
6. Wi‑Fi direct settings
Controls configuring and using Wi‑Fi direct settings. Supported on company-owned devices running Android 13 and above.
Allow (default): The user is allowed to use Wi‑Fi direct.
Disallow: The user is not allowed to use Wi‑Fi direct.
7. Tethering settings
Controls tethering settings. Based on the value set, the user is partially or fully disallowed from using different forms of tethering.
Allow all tethering (default): Allows configuration and use of all forms of tethering.
Disallow Wi‑Fi tethering: Disallows the user from using Wi‑Fi tethering (company-owned Android 13+).
Disallow all tethering: Disallows all forms of tethering (fully managed + company-owned work profiles).
8. Wi‑Fi SSID policy
Restrictions on which Wi‑Fi SSIDs the device can connect to (this does not affect which networks can be configured on the device). Supported on company-owned devices running Android 13 and above.
SSID denylist (default): The device cannot connect to any Wi‑Fi network whose SSID is listed, but can connect to other networks.
SSID allowlist: The device can connect only to the SSIDs listed. The SSID list must not be empty.
Use Add SSID to add entries. Depending on the selected policy type, the list is interpreted as allowed or denied SSIDs.
In the Policy Editor UI, the SSID list is labeled Allowed Wi‑Fi SSIDs for allowlists and Denied Wi‑Fi SSIDs for denylists.
9. Wi‑Fi roaming settings
Configure Wi‑Fi roaming mode per SSID. Use Add Wi‑Fi roaming setting to create entries.
Each entry includes:
SSID: The SSID to which the roaming setting applies (required).
WiFi roaming mode: Default / Disabled / Aggressive. Disabled and Aggressive require Android 15+ and are supported only on fully managed devices and work profiles on company-owned devices.
Network restrictions
10. Bluetooth disabled
Whether bluetooth is disabled. Prefer this setting over Bluetooth config disabled because Bluetooth config disabled can be bypassed by the user.
11. Bluetooth contact sharing disabled
Si el intercambio de contactos por Bluetooth está desactivado.
3. Configuración de12. Bluetooth desactivadaconfig disabled
Si la configuración de bluetooth está desactivada.
4.13. ConfiguraciónNetwork dereset itinerancia desactivada
Si la configuración de itinerancia y puntos de acceso portátiles está desactivada.
5. Wi-Fi desactivado
Si la configuración de puntos de acceso Wi-Fi está deshabilitada.
6. Restablecer red desactivadodisabled
Si restablecer la configuración de red está deshabilitado.
7.14. SalidaOutgoing debeam haz desactivadadisabled
Si el uso de NFC para enviar datos desde aplicaciones está desactivado.
VPN
8.15. AplicaciónAlways On VPN de Acceso Constanteapp
EspecificaSpecify unaan Always On VPN depackage Accesoname Constanteto paraensure garantizarthat quedata losfrom datosspecified demanaged lasapps aplicacioneswill administradasalways indicadasgo siemprethrough pasena porconfigured unaVPN.
Note: This feature requires deploying a VPN configurada.
Nota:client estathat funciónsupports requiereboth laAlways implementaciónOn deand un clienteper-app VPN que admita tanto las funciones de VPN de Acceso Constante como de VPN por aplicación.features.
9. Bloqueo16. VPN lockdown
Impide la conexión de red cuando la VPN no está conectada.
10. Configuración17. VPN deshabilitadaconfig disabled
Si la configuración de la VPN está desactivada.
Proxy and network services
11.18. ServicioPreferential denetwork red preferenteservice
ControlaControls siwhether elpreferential servicionetwork deservice redis preferenteenabled estáon habilitadothe enwork elprofile. perfilFor deexample, trabajo.an Pororganization ejemplo,may unahave organizaciónan puedeagreement tener un acuerdo con un operador que exige que todos los datos de trabajo de los dispositivos de sus empleados se envíenwith a travéscarrier dethat unwork serviciodata deis redsent dedicadovia ala usocarrier empresarial.network Unservice ejemplodedicated defor servicioenterprise deuse red(for preferenteexample, compatiblean esenterprise laslice porciónon empresarial5G ennetworks). redesThis 5G. Estohas no tieneeffect ningúnon efectofully enmanaged los dispositivos totalmente administrados.devices.
Deshabilitado: El servicio de red preferente está deshabilitado en el perfil de trabajo.
Activado: El servicio de red preferente está activado en el perfil de trabajo.
If you use enterprise network slicing, also configure 5G Network Slicing Configuration under the Cellular policy panel and assign apps to a slice using their Preferential Network setting.
12.19. ProxyRecommended global recomendadoproxy
ElThe network-independent global HTTP proxy. Typically proxies should be configured per-network in WiFi configurations. A global proxy HTTPmay be useful for unusual configurations like general internal filtering. The global independiente de la red. Normalmente, los proxies deben configurarse por red en openNetworkConfiguration. Sin embargo, para configuraciones inusuales como el filtrado interno general, un proxy HTTPis global puede ser útil. Si el proxy no es accesible, el accesoonly a larecommendation redand podríasome fallar.apps Elmay proxyignore global es solo una recomendación y algunas aplicaciones podrían ignorarlo.it.
Deshabilitado
Proxy directo
Configuración automática de proxy (PAC)
12.119.1. Host
El host del proxy directo.
12.219.2. PuertoPort
El puerto del proxy directo.
12.19.3. PAC URI PAC
La URI del script PAC utilizada para configurar el proxy.
12.19.4. HostsExcluded excluidoshosts
ParaFor una direct proxy, the hosts for which the proxy directo,is losbypassed. hostsHost paranames losmay quecontain sewildcards omitesuch elas proxy. Los nombres de host pueden contener comodines como *.example.com.com.
Use Add excluded host to add entries (available for direct proxy only).
13. Configuraciones de WiFi
Define Wi‑Fi network configurations that the system will apply on devices. Use Add WiFi configuration to create an entry and remove it with the delete action.
20. WiFi configuration fields
ConfiguraciónEach deconfiguration redincludes:
Configuration paraname: elRequired.
SSID: dispositivo.Required.
13.1.
Auto Nombreconnect: deWhether lathe configuración
13.2.network SSID
13.3.should Conectarbe automáticamente
connected to automatically when in range.SiFast laTransition: redWhether debethe conectarseclient automáticamenteshould cuandoattempt estéto dentrouse delFast alcance.
13.4. Transición rápida
Indica si el cliente debe intentar usar Transición RápidaTransition (IEEE 802.11r-2008) conwith lathe red.network.
13.5.
MAC randomization mode: Hardware or Automatic (Android 13+).
20.1. Security
IndicandoWi‑Fi sisecurity se transmitirá el SSID.options:
13.6. Seguridad
WPA‑PSK: WPA/WPA2/WPA3-Personal (ClavePre-Shared Precompartida)Key).
WPA‑EAP: WPA/WPA2/WPA3-Enterprise (ProtocoloExtensible deAuthentication Autenticación Extensible)
13.7. Contraseña de frase
Contraseña, para opciones de seguridad de Clave precompartidaProtocol).
13.8. Método EAP
Método de Protocolo de Autenticación Extensible
EAP-WPA3 192-bit mode: WPA‑EAP network allowing only WPA3 192-bit mode.
20.2. Passphrase (Pre‑Shared Key)
Shown when Security is WEP‑PSK or WPA‑PSK. The passphrase is required.
20.3. EAP method (Enterprise)
Shown when Security is WPA‑EAP or WPA3 192-bit mode. Select one EAP outer method:
EAP‑TLS
EAP-EAP‑TTLS
PEAP
EAP-EAP‑SIM
EAP-EAP‑AKA
13.9.20.4. Autenticación de fasePhase 2 authentication
Shown for tunneling outer methods (EAP‑TTLS and PEAP).
MSCHAPv2
PAP
13.10. Credenciales20.5. EAP decredentials losfrom usuariosusers
CuandoWhen estáenabled, habilitado,the elsystem sistemaautomatically aplicará automáticamente las credencialesapplies EAP encredentials loson dispositivosdevices de forma individual por usuario. Puedes configurar las credenciales de los usuarios en la sección Usuarios.
13.11. Certificado de cliente
Certificadoon a utilizarper-user parabasis. autenticarYou dispositivoscan conconfigure estauser redcredentials WiFi.in Parathe másUsers información,section.
20.6. leeClient lacertificate
For secciónEAP‑TLS, you can assign a client certificate used for Wi‑Fi authentication. For more information read the GestiónCertificate de certificadosmanagement. page.
If a certificate is already assigned, you can use Open certificate to view it or Change certificate to select a different one.
Alternatively, you can specify Client certificate key pair alias, which references a client certificate stored in the Android keychain and allowed for Wi‑Fi authentication.
If both Client certificate and Client certificate key pair alias are set, the key pair alias is ignored.
13.12.20.7. IdentidadIdentity
IdentidadIdentity deof usuario.user. ParaFor eltunneling túnelouter de protocolos externosprotocols (PEAP, EAP-EAP‑TTLS), estothis seis utilizaused parato autenticarauthenticate dentroinside delthe túnel,tunnel, yand identidadAnonymous anónimaidentity seis utilizaused parafor la identidadthe EAP fueraidentity deloutside túnel.the Paratunnel. protocolosFor externosnon-tunneling queouter noprotocols, utilizanthis túneles,is estoused sefor utilizathe paraEAP la identidad EAP. Este valor está sujeto a expansiones de cadenas.identity.
13.13.20.8. IdentidadAnonymous anónimaidentity
SoloFor paratunneling protocolosprotocols deonly, túnel,this estoindicates indicathe laidentity identidadof delthe usuariouser presentadapresented alto protocolothe externo.outer Este valor está sujeto a expansiones de cadena. Si no se especifica, usar cadena vacía.protocol.
13.14.20.9. ContraseñaPassword
Contraseña del usuario. Si no se especifica, se solicita al usuario.
13.15.20.10. CertificadosServer CA del servidorcertificates
ListaList de certificadosof CA quecertificates seto utilizaránbe paraused verificarfor laverifying cadenathe dehost’s certificadoscertificate delchain. host.At Alleast menos uno de los certificadosone CA debecertificate coincidir.must Simatch. noFor semore establece,information elread clientethe noCertificate compruebamanagement quepage.
Use elAdd certificado del servidor esté firmado por unaServer CA específica.certificate Unato verificaciónadd utilizandoentries losand certificadosremove CAthem delwith sistemathe puededelete seguiraction.
20.11. aplicándose.Domain Parasuffix másmatches
A información,list leeof laconstraints Gestiónfor dethe certificadosserver sección.domain name. The entries are used as suffix match requirements against the DNS name(s) of the alternative subject name of an authentication server certificate.