Rede
AdministradoresIn dethis TIsection podemyou configurarcan silenciosamenteconfigure asnetworking-related configurações de Wi-policies.
Wi‑Fi corporativasconfigurations emcan dispositivosbe gerenciados.provisioned Asand configuraçõesmanaged deby Wi-the system via WiFi configurations. Depending on the value set on Configure Wi‑Fi, tambémusers podemmay serhave bloqueadaslimited paraor impedirno quecontrol osover usuáriosadding/modifying criem configurações ou modifiquem as configurações corporativas.
1. Bluetooth desativado
Se o bluetooth está desativado.networks.
Device radio state
1. Wi‑Fi state
Controls current state of Wi‑Fi and if the user can change its state.
User choice (default): User is allowed to enable/disable Wi‑Fi.
Enabled: Wi‑Fi is on and the user is not allowed to turn it off (Android 13+).
Disabled: Wi‑Fi is off and the user is not allowed to turn it on (Android 13+).
2. CompartilhamentoMinimum deWi‑Fi contatossecurity level
The minimum required security level of Wi‑Fi networks that the device can connect to. Supported on Android 13 and above, for fully managed devices and work profiles on company-owned devices.
Open network (default): The device can connect to all types of Wi‑Fi networks.
Personal network: Disallows open Wi‑Fi networks; requires at least personal security (for example WPA2‑PSK).
Enterprise network: Requires enterprise EAP networks; disallows Wi‑Fi networks below this security level.
192‑bit enterprise network: Requires 192‑bit enterprise networks; strictest option.
3. Ultra wideband (UWB) state
Controls the state of the ultra wideband setting and whether the user can toggle it on or off.
User choice (default): The user is allowed to toggle UWB on or off.
Disabled: UWB is disabled and the user is not allowed to toggle it via settings (Android 14+).
Device connectivity management
4. Bluetooth desabilitado
Controls whether Bluetooth sharing is allowed.
Allowed: Bluetooth sharing is allowed (default on fully managed devices, Android 8+).
Disallowed: Bluetooth sharing is disallowed (default on work profiles, Android 8+).
5. Configure Wi‑Fi
Controls Wi‑Fi configuring privileges. Depending on the selected option, the user has full, limited, or no control in configuring Wi‑Fi networks.
Allow configuring Wi‑Fi (default): The user is allowed to configure Wi‑Fi.
Disallow add Wi‑Fi config: Adding new Wi‑Fi configurations is disallowed. The user can switch between already configured networks (Android 13+; fully managed and company-owned work profiles).
Disallow configuring Wi‑Fi: Disallows configuring Wi‑Fi networks. For fully managed devices this removes user-configured networks and retains only networks configured via WiFi configurations. For company-owned work profiles, existing networks are not affected but users cannot add/remove/modify Wi‑Fi networks.
When configuring Wi‑Fi is disabled and the device cannot connect at boot time, the system can show the network escape hatch to let the user temporarily connect and refresh policy.
6. Wi‑Fi direct settings
Controls configuring and using Wi‑Fi direct settings. Supported on company-owned devices running Android 13 and above.
Allow (default): The user is allowed to use Wi‑Fi direct.
Disallow: The user is not allowed to use Wi‑Fi direct.
7. Tethering settings
Controls tethering settings. Based on the value set, the user is partially or fully disallowed from using different forms of tethering.
Allow all tethering (default): Allows configuration and use of all forms of tethering.
Disallow Wi‑Fi tethering: Disallows the user from using Wi‑Fi tethering (company-owned Android 13+).
Disallow all tethering: Disallows all forms of tethering (fully managed + company-owned work profiles).
8. Wi‑Fi SSID policy
Restrictions on which Wi‑Fi SSIDs the device can connect to (this does not affect which networks can be configured on the device). Supported on company-owned devices running Android 13 and above.
SSID denylist (default): The device cannot connect to any Wi‑Fi network whose SSID is listed, but can connect to other networks.
SSID allowlist: The device can connect only to the SSIDs listed. The SSID list must not be empty.
Use Add SSID to add entries. Depending on the selected policy type, the list is interpreted as allowed or denied SSIDs.
In the Policy Editor UI, the SSID list is labeled Allowed Wi‑Fi SSIDs for allowlists and Denied Wi‑Fi SSIDs for denylists.
9. Wi‑Fi roaming settings
Configure Wi‑Fi roaming mode per SSID. Use Add Wi‑Fi roaming setting to create entries.
Each entry includes:
SSID: The SSID to which the roaming setting applies (required).
WiFi roaming mode: Default / Disabled / Aggressive. Disabled and Aggressive require Android 15+ and are supported only on fully managed devices and work profiles on company-owned devices.
Network restrictions
10. Bluetooth disabled
Whether bluetooth is disabled. Prefer this setting over Bluetooth config disabled because Bluetooth config disabled can be bypassed by the user.
11. Bluetooth contact sharing disabled
Se o compartilhamento de contatos via bluetooth estiver desabilitado.
3. Configuração12. Bluetooth desabilitadaconfig disabled
Se a configuração do bluetooth estiver desativada.
4.13. ConfiguraçãoNetwork dereset roteamento desativada
Se a configuração de roteamento e pontos de acesso móveis estiver desativada.
5. Wi-Fi configurado como desativado
Se a configuração de pontos de acesso Wi-Fi estiver desabilitada.
6. Rede resetada desativadadisabled
Se a redefinição das configurações de rede estiver desativada.
7.14. TransmissãoOutgoing debeam feixe de saída desativadadisabled
Se o uso de NFC para enviar dados de aplicativos está desativado.
VPN
8. Aplicativo15. Always On VPN app
EspecifiqueSpecify uma VPNan Always On paraVPN garantirpackage quename osto dadosensure dethat aplicativosdata gerenciadosfrom especificadosspecified sempremanaged passarãoapps porwill umaalways go through a configured VPN.
Note: This feature requires deploying a VPN configurada.
Observação:client estethat recursosupports requer a implantação de um cliente VPN que suporte tantoboth Always On quantoand per-app VPN por aplicativo.features.
9. Bloqueio16. VPN lockdown
Impede o acesso à rede quando a VPN não estiver conectada.
10. Configuração de17. VPN desativadaconfig disabled
Se a configuração de VPN estiver desativada.
Proxy and network services
11.18. ServiçoPreferential denetwork rede preferencialservice
ControlaControls sewhether opreferential serviçonetwork deservice redeis preferencialenabled estáon habilitadothe work profile. For example, an organization may have an agreement with a carrier that work data is sent via a carrier network service dedicated for enterprise use (for example, an enterprise slice on 5G networks). This has no perfileffect deon trabalho.fully Pormanaged exemplo, uma organização pode ter um acordo com uma operadora que todo o dado de trabalho dos dispositivos de seus funcionários será enviado via um serviço de rede dedicado para uso empresarial. Um exemplo de serviço de rede preferencial suportado é a fatia empresarial em redes 5G. Isso não tem efeito em dispositivos totalmente gerenciados.devices.
Desabilitado: O serviço de rede preferencial está desativado no perfil de trabalho.
Ativado: O serviço de rede preferencial está ativado no perfil de trabalho.
If you use enterprise network slicing, also configure 5G Network Slicing Configuration under the Cellular policy panel and assign apps to a slice using their Preferential Network setting.
12.19. ProxyRecommended global recomendadoproxy
OThe network-independent global HTTP proxy. Typically proxies should be configured per-network in WiFi configurations. A global proxy HTTPmay be useful for unusual configurations like general internal filtering. The global independente da rede. Normalmente, os proxies devem ser configurados por rede em openNetworkConfiguration. No entanto, para configurações incomuns, como filtragem interna geral, um proxy HTTPis globalonly podea serrecommendation útil.and Sesome oapps proxymay nãoignore estiver acessível, o acesso à rede pode ser interrompido. O proxy global é apenas uma recomendação e alguns aplicativos podem ignorá-lo.it.
Desativado
Proxy direto
Proxy de auto-configuração (PAC)
12.119.1. Host
O host do proxy direto.
12.219.2. PortaPort
A porta do proxy direto.
12.19.3. PAC URI PAC
O URI do script PAC usado para configurar o proxy.
12.19.4. HostsExcluded excluídoshosts
ParaFor uma direct proxy, the hosts for which the proxy direto,is osbypassed. hostsHost paranames osmay quaiscontain owildcards such as *.example.com.
Use Add excluded host to add entries (available for direct proxy é ignorado. Os nomes dos hosts podem conter curingas como *only).example.com.
13. Configurações de Wi-Fi
Define Wi‑Fi network configurations that the system will apply on devices. Use Add WiFi configuration to create an entry and remove it with the delete action.
20. WiFi configuration fields
ConfiguraçãoEach deconfiguration redeincludes:
Configuration doname: dispositivo.Required.
13.1.
SSID: NomeRequired.
Auto daconnect: configuração
13.2.Whether SSID
13.3.the Conectarnetwork automaticamente
should be connected to automatically when in range.SeFast aTransition: redeWhether devethe serclient conectadashould automaticamenteattempt quandoto estiveruse noFast alcance.
13.4. Transição Rápida
Indica se o cliente deve tentar usar Transição RápidaTransition (IEEE 802.11r-2008) comwith athe rede.network.
13.5.
MAC randomization mode: Hardware or Automatic (Android 13+).
20.1. Security
IndicaWi‑Fi sesecurity o SSID será transmitido.options:
13.6. Segurança
WPA‑PSK: WPA/WPA2/WPA3-PessoalPersonal (ChavePre-Shared Pré-Compartilhada)Key).
WPA‑EAP: WPA/WPA2/WPA3-Enterprise (ExtensívelExtensible AutenticaçãoAuthentication Protocolo)
13.7. Frase de acesso
Senha, para opções de segurança de Chave Pré-CompartilhadaProtocol).
13.8. Método EAP
Método de Autenticação Extensível
EAP-WPA3 192-bit mode: WPA‑EAP network allowing only WPA3 192-bit mode.
20.2. Passphrase (Pre‑Shared Key)
Shown when Security is WEP‑PSK or WPA‑PSK. The passphrase is required.
20.3. EAP method (Enterprise)
Shown when Security is WPA‑EAP or WPA3 192-bit mode. Select one EAP outer method:
EAP‑TLS
EAP-EAP‑TTLS
PEAP
EAP-EAP‑SIM
EAP-EAP‑AKA
13.9.20.4. Autenticação da FasePhase 2 authentication
Shown for tunneling outer methods (EAP‑TTLS and PEAP).
MSCHAPv2
PAP
13.10. Credenciais20.5. EAP doscredentials usuáriosfrom users
QuandoWhen ativado,enabled, othe sistemasystem aplicaráautomatically automaticamente as credenciaisapplies EAP emcredentials dispositivoson dedevices forma individual por usuário. Você pode configurar as credenciais dos usuários na seção Usuários.
13.11. Certificado do cliente
Certificadoon a serper-user usadobasis. paraYou autenticarcan dispositivosconfigure comuser estacredentials redein WiFi.the ParaUsers maissection.
20.6. informações,Client leiacertificate
For EAP‑TLS, you can assign a client certificate used for Wi‑Fi authentication. For more information read the GerenciamentoCertificate de certificadosmanagement seção.page.
If a certificate is already assigned, you can use Open certificate to view it or Change certificate to select a different one.
Alternatively, you can specify Client certificate key pair alias, which references a client certificate stored in the Android keychain and allowed for Wi‑Fi authentication.
If both Client certificate and Client certificate key pair alias are set, the key pair alias is ignored.
13.12.20.7. IdentidadeIdentity
IdentidadeIdentity doof usuário.user. ParaFor tunelamentotunneling deouter protocolos externosprotocols (PEAP, EAP-EAP‑TTLS), istothis éis usadoused parato autenticarauthenticate dentroinside dothe túnel,tunnel, eand identidadeAnonymous anônimaidentity éis usadaused parafor a identidadethe EAP foraidentity dooutside túnel.the Paratunnel. protocolosFor externosnon-tunneling queouter nãoprotocols, usamthis túnel,is istoused éfor usado para a identidade EAP. Este valor está sujeito a expansões de string.
13.13. A identidade anônima é usada para a identidadethe EAP foraidentity.20.8. doAnonymous túnel. Para protocolos externos que não usam túnel, isto é usado para a identidade EAP. Este valor está sujeito a expansões de stringidentity
ApenasFor paratunneling protocolosprotocols deonly, tunelamento,this issoindicates indicathe aidentity identidadeof dothe usuáriouser apresentadapresented aoto protocolothe externo.outer Este valor está sujeito a expansões de string. Caso não especificado, usar string vazia.protocol.
13.14.20.9. SenhaPassword
Senha do usuário
13.15.20.10. CertificadosServer CA do servidorcertificates
ListaList de certificadosof CA acertificates seremto utilizadosbe paraused verificarfor averifying cadeiathe dehost’s certificadoscertificate dochain. host.At Peloleast menos um dos certificadosone CA devecertificate corresponder.must Sematch. nãoFor more information read the Certificate management page.
Use Add Server CA certificate to add entries and remove them with the delete action.
20.11. Domain suffix matches
A list of constraints for definido,the oserver clientedomain nãoname. verificaThe seentries oare certificadoused doas servidorsuffix ématch assinadorequirements poragainst umathe CADNS específica.name(s) Umaof verificaçãothe utilizandoalternative ossubject certificadosname CAof doan sistemaauthentication aindaserver pode ser aplicada. Para mais informações, leia a seção Gerenciamento de certificados.certificate.