Policies and Restrictions under COPE

In a COPE profile, the enterprise is able to control certain device wide polices, enforce some restrictions on the personal side such as turn off the camera etc. The data and info on the work container created on the company-owned devices will be fully controlled by the IT admin of the organization.

This document describes the policies and restrictions offered under Scalefusion Dashboard that can be applied on COPE devices.


For work profile on corporate owned devices, you need to create a BYOD profile with COPE configurations. To do so,

  1. Sign In to Scalefusion Dashboard and navigate to Device Profiles & Policies ➞ Device Profiles.
  2. Click on Create New Profile in the upper right corner or edit an existing BYO profile.
  3. Under the Android tab, select Personal (BYOD) option. Enter a name for your new Profile and click SUBMIT, to see the profile creator window.
  4. Here, click on WPCO/COPE on the left menu and click on Create Configuration.
  5. The policies can be defined under following heads:
    1. Device Usages
    2. Installation Policy
    3. Security Settings
    4. Update Settings
    5. General Settings

These are described below:

Device Usages



Configure Personal Usage Schedule

Configure the timeframe for which you can use the personal profile on WPCO/COPE devices. Following are the options. Choose any one:

  • Allow Always: Personal usage is allowed all the time and user is able to access personal side apps.
  • Disallow Always: Personal usage is never allowed and user is not allowed to access personal side apps except few apps like phone, play store, messages.
  • Disallow during the configured timeframe: The personal usage will not be allowed during the set time and frequency. During the remaining time, personal apps will be enabled.

Configure the maximum number of work off days

Configure the maximum number of days for which the work profile can be disabled. The minimum no. of days for which it can be disabled is, 0.

Once Work profile is manually disabled on the device, you have to enable it manually after said number of days. If you do not enable after set no. of days, the personal side will automatically get disabled. It will be enabled only after the work profile is enabled.

Installation Policy

From here you can configure application installation policy to allow or block selected applications' installation on devices. Select one from the following options:

  • No Application Policy: No restrictions to installation of apps
  • Only Allow selected: Only the selected applications will be allowed to be installed and all other applications will be blocked from installing.
  • Block selected: All applications except the selected applications will be allowed to install.

The applications are listed and you can search apps by app name, package. If an application is not listed, it can be added. To do so,

  1. Click on Add Application button.
  2. A dialog will be opened for entering the application name and the package name.
  3. Enter the details and click on Add button.
  4. This will add and list the application to the Apps list. Enable or disable the toggle to allow or block the app as per policy requirement.

Security Settings

Communication Settings




Allow Outgoing Phone Calls

Normally disabling the Phone app will achieve this, however there might be some apps that might attempt to make phone calls. This option lets you completely disable outgoing calls.


Allow Send/Receive SMS

Normally disabling the default messaging app will achieve this, however there might be some apps that can send SMS discreetly. This option lets you completely block the SMS.


Allow Bluetooth

Allows a user to connect to a Bluetooth device. User is allowed to enable/disable bluetooth


Allow Bluetooth Sharing

Allows a user to send files via Bluetooth. Outgoing bluetooth sharing is enabled.


Allow Data Roaming

The user is allowed to use cellular data while on roaming.


Network & Security Settings




Allow Mobile Network Changes

Allows user to change mobile network settings if they have access to Settings app.


Allow Tethering From All Sources

Allow users to enable Tethering via USB or Bluetooth.


Allow WiFi Changes

Allow users to modify/change Wifi network from System Settings if they have access to.

This may cause them to lose connectivity and hence it is suggested that you allow them to use Scalefusion's Wifi connection options as a fallback.


Allow Screen Capture

Allows users to capture the screenshots.


Allow Camera

The user is allowed to use the Camera


Allow User to enable/disable airplane mode

The user is permitted to enable/disable the airplane mode on device


Allow User to enable/disable Location

If enabled, the user is allowed to enable/disable location

This will work when Force GPS always On is enabled under global location settings.


Allow Location Sharing

If enabled, users are allowed to share locations.

This will work when Enable/disable location tracking is disabled under global location settings.


Allow Unmute Microphone

The user is allowed to unmute microphone and control the volume


Device Management




Allow user to boot devices in safe mode

The user can boot devices in safe mode by using the power-off key.


USB Device Management




Allow MTP access

The user can access the media on the device via MTP protocol when connected with a device via USB cable.


Allow user to connect device via USB Access

The users can connect the device via USB cable and access the USB storage and other options.


Allow user to connect USB in debuggable mode

If enabled, users can use the USB Debugging feature when connected to a USB cable.


Update Settings

From here you can configure a policy for installing Android OS Updates and control the installation of updates on your managed Android devices. The policies are as follows:

System Update Policy Settings

  • None: No policy applies for OS Updates
  • Postpone: Postpones the installation of updates by 30 days
  • Automatic Install Update: The updates are automatically installed
  • Install within maintenance window: Specify the start time and end time and the updates will get installed during that timeframe.

Enable Freeze Period

Freeze period is specified to freeze the system updates for a certain timeframe. During the freeze period, all incoming system updates including security patches are blocked and do not get installed on the device. When a device is outside the freeze period, normal update behavior applies.

If freeze period is enabled, the freeze window overrides the existing system update policy settings. When the freeze period ends, the updates work according to the system updates policy.

To configure freeze period:

  1. Toggle on the setting Enable Freeze Period, in OS Update Settings
  2. Enter name in the text field.
  3. Select Start Date and End Date.
  4. If you want to add another freeze period, click on the button Add Freeze Period. This will open up a new row for configuring the next freeze window.
  5. To delete a freeze period, click on the delete icon next to each specified freeze period.

Important Points on Freeze period:

  • Freeze period can be enabled only if system update policy is not set to None.
  • Maximum freeze window allowed is for 90 days, that is, the end date selection should be 90 days from start date.
  • There can be multiple freeze windows. The minimum gap between two freeze windows should be at least 60 days.
  • Freeze period will repeat every year until it is deleted.

General Settings

Timezone Settings



Configure Automatic Network Time & Timezone

You can configure the time & timezone to be picked up by the device. There are three options to choose from:

  • Enable: Forces the device to use network time only, if available. If this is enabled, the rest of the timezone settings cannot be configured.
  • Disable: Disables the network based time
  • Allow Users: Users get option to toggle this setting to on or off.

Choose Timezone configuration

Enforce a default timezone for the devices from a list of previously created TimeZone configuration [Device Profile & Policies → All configurations → Android Utilities → Timezone Configurations]

Display Settings



Screen Time out Settings

With this setting you can specify a duration of inactivity after which the screen will go to sleep. On the device, users will be able to see and select the options up to the specified duration. The duration can be selected from the drop-down:

  • 15 seconds
  • 30 seconds
  • 1 minute
  • 2 minutes
  • 5 minutes
  • 10 minutes
  • 30 minutes
  • None

How did we do?

Powered by HelpDocs (opens in a new tab)