Rete

~~Gli~~In ~~amministratori~~this ITsection ~~possono~~you ~~distribuire~~can ~~silenziosamente~~configure ~~configurazioni~~networking-related ~~Wi-~~policies.

Wi‑Fi ~~aziendali~~configurations ~~sui~~can ~~dispositivi~~be ~~gestiti.~~provisioned Leand ~~configurazioni~~managed ~~Wi-~~by the system via WiFi configurations. Depending on the value set on Configure Wi‑Fi, ~~possono~~users ~~anche~~may ~~essere~~have ~~bloccate~~limited ~~per~~or ~~impedire~~no ~~agli~~control ~~utenti~~over diadding/modifying ~~creare configurazioni o modificare quelle aziendali.~~

1. Bluetooth disabilitato

~~Che il Bluetooth sia disattivato. Preferire questa impostazione a bluetoothConfigDisabled perché bluetoothConfigDisabled può essere bypassata dall'utente.~~networks.

Device radio state

1. Wi‑Fi state

Controls current state of Wi‑Fi and if the user can change its state.

User choice (default): User is allowed to enable/disable Wi‑Fi.

Enabled: Wi‑Fi is on and the user is not allowed to turn it off (Android 13+).

Disabled: Wi‑Fi is off and the user is not allowed to turn it on (Android 13+).

2. CondivisioneMinimum contattiWi‑Fi security level

The minimum required security level of Wi‑Fi networks that the device can connect to. Supported on Android 13 and above, for fully managed devices and work profiles on company-owned devices.

Open network (default): The device can connect to all types of Wi‑Fi networks.

Personal network: Disallows open Wi‑Fi networks; requires at least personal security (for example WPA2‑PSK).

Enterprise network: Requires enterprise EAP networks; disallows Wi‑Fi networks below this security level.

192‑bit enterprise network: Requires 192‑bit enterprise networks; strictest option.

3. Ultra wideband (UWB) state

Controls the state of the ultra wideband setting and whether the user can toggle it on or off.

User choice (default): The user is allowed to toggle UWB on or off.

Disabled: UWB is disabled and the user is not allowed to toggle it via settings (Android 14+).

Device connectivity management

sharing

5. Configure Wi‑Fi

Controls Wi‑Fi configuring privileges. Depending on the selected option, the user has full, limited, or no control in configuring Wi‑Fi networks.

Allow configuring Wi‑Fi (default): The user is allowed to configure Wi‑Fi.

Disallow add Wi‑Fi config: Adding new Wi‑Fi configurations is disallowed. The user can switch between already configured networks (Android 13+; fully managed and company-owned work profiles).

Disallow configuring Wi‑Fi: Disallows configuring Wi‑Fi networks. For fully managed devices this removes user-configured networks and retains only networks configured via WiFi configurations. For company-owned work profiles, existing networks are not affected but users cannot add/remove/modify Wi‑Fi networks.

When configuring Wi‑Fi is disabled and the device cannot connect at boot time, the system can show the network escape hatch to let the user temporarily connect and refresh policy.

6. Wi‑Fi direct settings

Controls configuring and using Wi‑Fi direct settings. Supported on company-owned devices running Android 13 and above.

Allow (default): The user is allowed to use Wi‑Fi direct.

Disallow: The user is not allowed to use Wi‑Fi direct.

7. Tethering settings

Controls tethering settings. Based on the value set, the user is partially or fully disallowed from using different forms of tethering.

Allow all tethering (default): Allows configuration and use of all forms of tethering.

Disallow Wi‑Fi tethering: Disallows the user from using Wi‑Fi tethering (company-owned Android 13+).

Disallow all tethering: Disallows all forms of tethering (fully managed + company-owned work profiles).

8. Wi‑Fi SSID policy

Restrictions on which Wi‑Fi SSIDs the device can connect to (this does not affect which networks can be configured on the device). Supported on company-owned devices running Android 13 and above.

SSID denylist (default): The device cannot connect to any Wi‑Fi network whose SSID is listed, but can connect to other networks.

SSID allowlist: The device can connect only to the SSIDs listed. The SSID list must not be empty.

Use Add SSID to add entries. Depending on the selected policy type, the list is interpreted as allowed or denied SSIDs.

In the Policy Editor UI, the SSID list is labeled Allowed Wi‑Fi SSIDs for allowlists and Denied Wi‑Fi SSIDs for denylists.

9. Wi‑Fi roaming settings

Configure Wi‑Fi roaming mode per SSID. Use Add Wi‑Fi roaming setting to create entries.

Each entry includes:

SSID: The SSID to which the roaming setting applies (required).

WiFi roaming mode: Default / Disabled / Aggressive. Disabled and Aggressive require Android 15+ and are supported only on fully managed devices and work profiles on company-owned devices.

Network restrictions

10. Bluetooth disabled

Whether bluetooth is disabled. Prefer this setting over Bluetooth config disabled because Bluetooth config disabled can be bypassed by the user.

11. Bluetooth contact sharing disabled

Che la condivisione contatti Bluetooth sia disabilitata.

3. Configurazione12. Bluetooth disabilitataconfig disabled

Che la configurazione di bluetooth sia disabilitata.

4.13. ConfigurazioneNetwork tetheringreset disabilitata

~~Che la configurazione della tethering e dei hotspot portatili sia disabilitata.~~

5. Wi-Fi config disabilitato

~~Che la configurazione dei punti di accesso Wi-Fi sia disabilitata.~~

6. Ripristino rete disabilitatodisabled

Se il ripristino delle impostazioni di rete è disabilitato.

7.14. RaggioOutgoing inbeam uscita disabilitatodisabled

Utilizzo di NFC per inviare dati da app disabilitato.

VPN

8.15. AppAlways On VPN Sempre Attivaapp

~~Specifica~~Specify ~~una~~an Always On VPN ~~Sempre~~package ~~Attiva~~name ~~per~~to ~~garantire~~ensure ~~che~~that idata ~~dati~~from ~~delle~~specified ~~app~~managed ~~gestite~~apps ~~specificate~~will ~~vengano~~always ~~sempre~~go ~~indirizzati~~through ~~tramite~~a ~~una~~configured VPN.

Note: This feature requires deploying a VPN ~~configurata.~~

~~Nota:~~client ~~questa~~that ~~funzionalità~~supports ~~richiede~~both laAlways ~~distribuzione~~On diand ~~un client~~per-app VPN ~~che supporti sia le funzionalità VPN sempre attive che VPN per app.~~features.

9.16. VPN lockdown

Disabilita la rete quando la VPN non è connessa.

10. Configurazione17. VPN disabilitataconfig disabled

Che la configurazione VPN sia disabilitata.

Proxy and network services

11.18. ServizioPreferential dinetwork rete preferenzialeservice

~~Controlla~~Controls sewhether ilpreferential ~~servizio~~network diservice ~~rete~~is ~~preferenziale~~enabled èon ~~abilitato~~the ~~nel~~work ~~profilo~~profile. diFor ~~lavoro.~~example, Adan ~~esempio,~~organization ~~un'organizzazione~~may ~~potrebbe~~have ~~avere~~an unagreement ~~accordo~~with ~~con~~a uncarrier ~~operatore~~that ~~che~~work ~~consente~~data ~~l'invio~~is disent ~~tutti~~via ia ~~dati~~carrier dinetwork ~~lavoro~~service ~~dai~~dedicated ~~dispositivi~~for ~~dei~~enterprise ~~suoi~~use ~~dipendenti~~(for ~~tramite~~example, unan ~~servizio~~enterprise dislice ~~rete~~on ~~dedicato~~5G ~~all'uso~~networks). ~~aziendale.~~This Unhas ~~esempio~~no dieffect ~~servizio~~on difully ~~rete~~managed ~~preferenziale supportato è la rete privata su reti 5G. Non ha effetto sui dispositivi completamente gestiti.~~devices.

Disabilitato: Il servizio di rete preferenziale è disabilitato nel profilo di lavoro.

Attivato: Il servizio di rete preferenziale è attivo nel profilo di lavoro.

If you use enterprise network slicing, also configure 5G Network Slicing Configuration under the Cellular policy panel and assign apps to a slice using their Preferential Network setting.

12.19. ProxyRecommended globaleglobal consigliataproxy

IlThe network-independent global HTTP proxy. Typically proxies should be configured per-network in WiFi configurations. A global proxy ~~HTTP~~may ~~globale~~be ~~indipendente~~useful ~~dalla~~for ~~rete.~~unusual ~~Generalmente,~~configurations ilike general internal filtering. The global proxy ~~dovrebbero~~is ~~essere~~only ~~configurati~~a ~~per~~recommendation ~~rete~~and insome ~~openNetworkConfiguration.~~apps ~~Tuttavia,~~may ~~per~~ignore configurazioni insolite, come il filtraggio interno generale, un proxy HTTP globale può essere utile. Se il proxy non è accessibile, l'accesso alla rete potrebbe non funzionare. Il proxy globale è solo un suggerimento e alcune app potrebbero ignorarlo.it.

Disabilitato

Proxy diretto

Proxy di configurazione automatica (PAC)

12.119.1. Host

L'host del proxy diretto.

12.219.2. PortaPort

La porta del proxy diretto.

12.19.3. PAC URI PAC

L'URI dello script PAC utilizzato per configurare il proxy.

12.19.4. Excluded hosts

For a direct proxy, the hosts for which the proxy is bypassed. Host ~~esclusi~~names may contain wildcards such as *.example.com.

~~Per~~Use unAdd excluded host to add entries (available for direct proxy diretto, gli host per i quali il proxy viene ignorato. I nomi host possono contenere caratteri jolly come *only).~~example.com.~~

13.

Configurazioni Wi-Fi

Define Wi‑Fi network configurations that the system will apply on devices. Use Add WiFi configuration to create an entry and remove it with the delete action.

20. WiFi configuration fields

~~Configurazione~~Each ~~rete~~configuration ~~per~~includes:

Configuration ilname: ~~dispositivo.~~Required.

13.1.
SSID: NomeRequired.
Auto configurazione

13.2.connect: SSID

13.3.Whether Connessionethe automatica

Senetwork lashould ~~rete~~be ~~deve~~connected ~~essere~~to ~~connessa~~automatically ~~automaticamente quando è~~when in ~~copertura.~~range.

13.4.
Fast TransizioneTransition: rapida

~~Indicare~~Whether ~~se il~~the client ~~deve~~should ~~tentare~~attempt dito ~~utilizzare~~use Fast Transition (IEEE 802.11r-2008) ~~con~~with lathe ~~rete.~~network.

13.5.
Hidden SSID: Whether the SSID nascostowill be broadcast.
MAC randomization mode: Hardware or Automatic (Android 13+).

20.1. Security

~~Indicare~~Wi‑Fi sesecurity ~~il SSID verrà trasmesso.~~options:

13.6. Sicurezza

WEP‑PSK: WEP (~~Chiave~~Pre-Shared ~~Precondivisa)~~Key).

WPA‑PSK: WPA/WPA2/WPA3-~~Personale~~Personal (~~Chiave~~Pre-Shared ~~Precondivisa)~~Key).

WPA‑EAP: WPA/WPA2/WPA3-Enterprise (~~Estensione~~Extensible ~~del~~Authentication ~~protocollo di autenticazione)~~

13.7. Frase di accesso

~~Password, per le opzioni di sicurezza a chiave precondivisa~~ ~~Pre-Shared Key~~Protocol).

13.8. Metodo EAP

~~Metodo di autenticazione estesa~~

~~EAP-~~WPA3 192-bit mode: WPA‑EAP network allowing only WPA3 192-bit mode.

20.2. Passphrase (Pre‑Shared Key)

Shown when Security is WEP‑PSK or WPA‑PSK. The passphrase is required.

20.3. EAP method (Enterprise)

Shown when Security is WPA‑EAP or WPA3 192-bit mode. Select one EAP outer method:

EAP‑TLS

~~EAP-~~EAP‑TTLS

PEAP

~~EAP-~~EAP‑SIM

~~EAP-~~EAP‑AKA

13.9.20.4. Autenticazione di fasePhase 2 authentication

Shown for tunneling outer methods (EAP‑TTLS and PEAP).

MSCHAPv2

PAP

13.10. Credenziali20.5. EAP fornitecredentials daglifrom utentiusers

~~Quando~~When ~~abilitata,~~enabled, ilthe ~~sistema~~system ~~applicherà~~automatically ~~automaticamente le credenziali~~applies EAP ~~sui~~credentials ~~dispositivi~~on ~~per~~devices ~~utente.~~on ~~Puoi~~a ~~configurare~~per-user lebasis. ~~credenziali~~You ~~dell’utente~~can ~~nella~~configure ~~sezione~~user credentials in the ~~Utenti~~Users. section.

13.11.20.6. CertificatoClient certificate

For EAP‑TLS, you can assign a client

~~Certificato~~ dacertificate ~~utilizzare~~used ~~per~~for ~~autenticare~~Wi‑Fi iauthentication. ~~dispositivi~~For ~~con~~more ~~questa~~information ~~rete~~read ~~Wi-Fi. Per maggiori informazioni, consulta la sezione~~the ~~Gestione~~Certificate ~~certificati~~management. page.

If a certificate is already assigned, you can use Open certificate to view it or Change certificate to select a different one.

Alternatively, you can specify Client certificate key pair alias, which references a client certificate stored in the Android keychain and allowed for Wi‑Fi authentication.

If both Client certificate and Client certificate key pair alias are set, the key pair alias is ignored.

13.12.20.7. IdentitàIdentity

~~Identità~~Identity ~~dell'utente.~~of ~~Per~~user. ilFor tunneling ~~dei~~outer ~~protocolli esterni~~protocols (PEAP, ~~EAP-~~EAP‑TTLS), ~~questa~~this ~~viene~~is ~~utilizzata~~used ~~per~~to ~~l'autenticazione~~authenticate ~~all'interno~~inside ~~del~~the tunnel, eand ~~identità~~Anonymous ~~anonima~~identity ~~viene~~is ~~utilizzata~~used ~~per~~for ~~l'identità~~the EAP alidentity dioutside ~~fuori del~~the tunnel. ~~Per~~For inon-tunneling ~~protocolli~~outer ~~esterni~~protocols, ~~non~~this ~~tunneling,~~is ~~questa~~used ~~viene~~for ~~utilizzata~~the ~~per~~EAP ~~l'identità EAP. Questo valore è soggetto a espansioni di stringhe.~~identity.

13.13.20.8. IdentitàAnonymous anonimaidentity

~~Solo~~For ~~per~~tunneling ~~protocolli~~protocols dionly, ~~tunnelling,~~this ~~indica~~indicates ~~l'identità~~the ~~dell'utente~~identity ~~presentata~~of althe ~~protocollo~~user ~~esterno.~~presented ~~Questo~~to ~~valore~~the èouter ~~soggetto a espansioni di stringhe. Se non specificato, utilizzare stringa vuota.~~protocol.

13.14.20.9. Password

Password dell'utente.

13.15.20.10. CertificatiServer CA del servercertificates

~~Elenco~~List ~~dei certificati~~of CA dacertificates ~~utilizzare~~to ~~per~~be ~~verificare~~used lafor ~~catena~~verifying dithe ~~certificati~~host’s ~~dell’host.~~certificate ~~Almeno~~chain. ~~uno~~At ~~dei~~least ~~certificati~~one CA ~~deve~~certificate ~~corrispondere.~~must Sematch. ~~non~~For ~~impostato,~~more ilinformation ~~client~~read ~~non~~the ~~verifica~~Certificate ~~che~~management ilpage.

Use ~~certificato~~Add ~~del~~Server CA certificate to add entries and remove them with the delete action.

20.11. Domain suffix matches

A list of constraints for the server ~~sia~~domain ~~firmato~~name. daThe ~~una~~entries CAare ~~specifica.~~used ~~Potrebbe~~as ~~comunque~~suffix ~~essere~~match ~~applicata~~requirements ~~una~~against ~~verifica~~the ~~utilizzando~~DNS iname(s) ~~certificati~~of CAthe ~~del~~alternative ~~sistema.~~subject ~~Per~~name ~~maggiori~~of ~~informazioni~~an ~~consultare~~authentication laserver ~~sezione~~ ~~Gestione dei certificati~~.certificate.

Rete

1. Bluetooth disabilitato

Device radio state

1. Wi‑Fi state

2. CondivisioneMinimum contattiWi‑Fi security level

3. Ultra wideband (UWB) state

Device connectivity management

4. Bluetooth disabilitata

5. Configure Wi‑Fi

6. Wi‑Fi direct settings

7. Tethering settings

8. Wi‑Fi SSID policy

9. Wi‑Fi roaming settings

Network restrictions

10. Bluetooth disabled

11. Bluetooth contact sharing disabled

3. Configurazione12. Bluetooth disabilitataconfig disabled

4.13. ConfigurazioneNetwork tetheringreset disabilitata

5. Wi-Fi config disabilitato

6. Ripristino rete disabilitatodisabled

7.14. RaggioOutgoing inbeam uscita disabilitatodisabled

VPN

8.15. AppAlways On VPN Sempre Attivaapp

9.16. VPN lockdown

10. Configurazione17. VPN disabilitataconfig disabled

Proxy and network services

11.18. ServizioPreferential dinetwork rete preferenzialeservice

12.19. ProxyRecommended globaleglobal consigliataproxy

12.119.1. Host

12.219.2. PortaPort

12.19.3. PAC URI PAC

12.19.4. Excluded hosts

13.

Configurazioni Wi-Fi

20. WiFi configuration fields

13.1.SSID: NomeRequired.Auto configurazione

13.2.connect: SSID

13.3.Whether Connessionethe automatica

13.4.Fast TransizioneTransition: rapida

13.5.Hidden SSID: Whether the SSID nascostowill be broadcast.MAC randomization mode: Hardware or Automatic (Android 13+).

20.1. Security

13.6. Sicurezza

13.7. Frase di accesso

13.8. Metodo EAP

20.2. Passphrase (Pre‑Shared Key)

20.3. EAP method (Enterprise)

13.9.20.4. Autenticazione di fasePhase 2 authentication

13.10. Credenziali20.5. EAP fornitecredentials daglifrom utentiusers

13.11.20.6. CertificatoClient certificate

13.12.20.7. IdentitàIdentity

13.13.20.8. IdentitàAnonymous anonimaidentity

13.14.20.9. Password

13.15.20.10. CertificatiServer CA del servercertificates

20.11. Domain suffix matches

13.1.
SSID: NomeRequired.
Auto configurazione

13.4.
Fast TransizioneTransition: rapida

13.5.
Hidden SSID: Whether the SSID nascostowill be broadcast.
MAC randomization mode: Hardware or Automatic (Android 13+).