- Resource: Device
- DeviceState
- NonComplianceDetail
- InstallationFailureReason
- SpecificNonComplianceReason
- SpecificNonComplianceContext
- OncWifiContext
- PasswordPoliciesContext
- SoftwareInfo
- SystemUpdateInfo
- UpdateStatus
- HardwareInfo
- Display
- DisplayState
- ApplicationReport
- ApplicationEvent
- ApplicationEventType
- ApplicationSource
- ApplicationState
- KeyedAppState
- Severity
- UserFacingType
- NetworkInfo
- TelephonyInfo
- MemoryInfo
- MemoryEvent
- MemoryEventType
- PowerManagementEvent
- PowerManagementEventType
- HardwareStatus
- DeviceSettings
- EncryptionStatus
- SecurityPosture
- DevicePosture
- PostureDetail
- SecurityRisk
- CommonCriteriaModeInfo
- CommonCriteriaModeStatus
- PolicySignatureVerificationStatus
- DpcMigrationInfo
- Methods
Resource: Device
A device owned by an enterprise. Unless otherwise noted, all fields are read-only and can't be modified by enterprises.devices.patch
.
JSON representation |
---|
{ "name": string, "userName": string, "managementMode": enum ( |
Fields | |
---|---|
name |
The name of the device in the form |
userName |
The resource name of the user that owns this device in the form |
managementMode |
The type of management mode Android Device Policy takes on the device. This influences which policy settings are supported. |
state |
The state to be applied to the device. This field can be modified by a patch request. Note that when calling |
appliedState |
The state currently applied to the device. |
policyCompliant |
Whether the device is compliant with its policy. |
nonComplianceDetails[] |
Details about policy settings that the device is not compliant with. |
enrollmentTime |
The time of device enrollment. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
lastStatusReportTime |
The last time the device sent a status report. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
lastPolicyComplianceReportTime |
Deprecated. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
lastPolicySyncTime |
The last time the device fetched its policy. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
policyName |
The name of the policy applied to the device, in the form |
appliedPolicyName |
The name of the policy currently applied to the device. |
appliedPolicyVersion |
The version of the policy currently applied to the device. |
apiLevel |
The API level of the Android platform version running on the device. |
enrollmentTokenData |
If the device was enrolled with an enrollment token with additional data provided, this field contains that data. |
enrollmentTokenName |
If the device was enrolled with an enrollment token, this field contains the name of the token. |
disabledReason |
If the device state is |
softwareInfo |
Detailed information about the device software. This information is only available if |
hardwareInfo |
Detailed information about the device hardware. |
displays[] |
Detailed information about displays on the device. This information is only available if |
applicationReports[] |
Reports for apps installed on the device. This information is only available when |
previousDeviceNames[] |
If the same physical device has been enrolled multiple times, this field contains its previous device names. The serial number is used as the unique identifier to determine if the same physical device has enrolled previously. The names are in chronological order. |
networkInfo |
Device network information. This information is only available if |
memoryInfo |
Memory information: contains information about device memory and storage. |
memoryEvents[] |
Events related to memory and storage measurements in chronological order. This information is only available if Events are retained for a certain period of time and old events are deleted. |
powerManagementEvents[] |
Power management events on the device in chronological order. This information is only available if |
hardwareStatusSamples[] |
Hardware status samples in chronological order. This information is only available if |
deviceSettings |
Device settings information. This information is only available if |
user |
The user who owns the device. |
systemProperties |
Map of selected system properties name and value related to the device. This information is only available if An object containing a list of |
securityPosture |
Device's security posture value that reflects how secure the device is. |
ownership |
Ownership of the managed device. |
commonCriteriaModeInfo |
Information about Common Criteria Mode—security standards defined in the Common Criteria for Information Technology Security Evaluation (CC). This information is only available if |
appliedPasswordPolicies[] |
The password requirements currently applied to the device.
|
dpcMigrationInfo |
Output only. Information related to whether this device was migrated from being managed by another Device Policy Controller (DPC). |
DeviceState
States that may be applied to a device.
Enums | |
---|---|
DEVICE_STATE_UNSPECIFIED |
This value is disallowed. |
ACTIVE |
The device is active. |
DISABLED |
The device is disabled. |
DELETED |
The device was deleted. This state is never returned by an API call, but is used in the final status report when the device acknowledges the deletion. If the device is deleted via the API call, this state is published to Pub/Sub. If the user deletes the work profile or resets the device, the device state will remain unknown to the server. |
PROVISIONING |
The device is being provisioned. Newly enrolled devices are in this state until they have a policy applied. |
LOST |
The device is lost. This state is only possible on organization-owned devices. |
PREPARING_FOR_MIGRATION |
The device is preparing for migrating to Android Management API. No further action is needed for the migration to continue. |
DEACTIVATED_BY_DEVICE_FINANCE |
This is a financed device that has been "locked" by the financing agent. This means certain policy settings have been applied which limit device functionality until the device has been "unlocked" by the financing agent. The device will continue to apply policy settings excluding those overridden by the financing agent. When the device is "locked", the state is reported in appliedState as DEACTIVATED_BY_DEVICE_FINANCE . |
NonComplianceDetail
Provides detail about non-compliance with a policy setting.
JSON representation |
---|
{ "settingName": string, "nonComplianceReason": enum ( |
Fields | |
---|---|
settingName |
The name of the policy setting. This is the JSON field name of a top-level |
nonComplianceReason |
The reason the device is not in compliance with the setting. |
packageName |
The package name indicating which app is out of compliance, if applicable. |
fieldPath |
For settings with nested fields, if a particular nested field is out of compliance, this specifies the full path to the offending field. The path is formatted in the same way the policy JSON field would be referenced in JavaScript, that is: 1) For object-typed fields, the field name is followed by a dot then by a subfield name. 2) For array-typed fields, the field name is followed by the array index enclosed in brackets. For example, to indicate a problem with the |
currentValue |
If the policy setting could not be applied, the current value of the setting on the device. |
installationFailureReason |
If |
specificNonComplianceReason |
The policy-specific reason the device is not in compliance with the setting. |
specificNonComplianceContext |
Additional context for |
InstallationFailureReason
Reasons an app installation might fail.
Enums | |
---|---|
INSTALLATION_FAILURE_REASON_UNSPECIFIED |
This value is disallowed. |
INSTALLATION_FAILURE_REASON_UNKNOWN |
An unknown condition is preventing the app from being installed. Some potential reasons are that the device doesn't have enough storage, the device network connection is unreliable, or the installation is taking longer than expected. The installation will be retried automatically. |
IN_PROGRESS |
The installation is still in progress. |
NOT_FOUND |
The app was not found in Play. |
NOT_COMPATIBLE_WITH_DEVICE |
The app is incompatible with the device. |
NOT_APPROVED |
The app has not been approved by the admin. |
PERMISSIONS_NOT_ACCEPTED |
The app has new permissions that have not been accepted by the admin. |
NOT_AVAILABLE_IN_COUNTRY |
The app is not available in the user's country. |
NO_LICENSES_REMAINING |
There are no licenses available to assign to the user. |
NOT_ENROLLED |
The enterprise is no longer enrolled with Managed Google Play or the admin has not accepted the latest Managed Google Play Terms of Service. |
USER_INVALID |
The user is no longer valid. The user may have been deleted or disabled. |
NETWORK_ERROR_UNRELIABLE_CONNECTION |
A network error on the user's device has prevented the install from succeeding. This usually happens when the device's internet connectivity is degraded, unavailable or there's a network configuration issue. Please ensure the device has access to full internet connectivity on a network that meets |
INSUFFICIENT_STORAGE |
The user's device does not have sufficient storage space to install the app. This can be resolved by clearing up storage space on the device. App install or update will automatically resume once the device has sufficient storage. |
SpecificNonComplianceReason
More details for the reason a device might not be compliant with a policy setting. New values can be added to the enum in the future.
Enums | |
---|---|
SPECIFIC_NON_COMPLIANCE_REASON_UNSPECIFIED |
Specific non-compliance reason is not specified. Fields in are not set. |
PASSWORD_POLICIES_USER_CREDENTIALS_CONFIRMATION_REQUIRED |
User needs to confirm credentials by entering the screen lock. Fields in are not set. is set to . |
PASSWORD_POLICIES_PASSWORD_EXPIRED |
The device or profile password has expired. is set. is set to . |
PASSWORD_POLICIES_PASSWORD_NOT_SUFFICIENT |
The device password does not satisfy password requirements. is set. is set to . |
ONC_WIFI_INVALID_VALUE |
There is an incorrect value in ONC Wi-Fi configuration. specifies which field value is incorrect. is set. is set to . |
ONC_WIFI_API_LEVEL |
The ONC Wi-Fi setting is not supported in the API level of the Android version running on the device. specifies which field value is not supported. is set. is set to . |
ONC_WIFI_INVALID_ENTERPRISE_CONFIG |
The enterprise Wi-Fi network is missing either the root CA or domain name. is set to . |
ONC_WIFI_USER_SHOULD_REMOVE_NETWORK |
User needs to remove the configured Wi-Fi network manually. This is applicable only on work profiles on personally-owned devices. is set to . |
ONC_WIFI_KEY_PAIR_ALIAS_NOT_CORRESPONDING_TO_EXISTING_KEY |
Key pair alias specified via ClientCertKeyPairAlias field in does not correspond to an existing key installed on the device. is set to . |
SpecificNonComplianceContext
Additional context for
.SpecificNonComplianceReason
JSON representation |
---|
{ "oncWifiContext": { object ( |
Fields | |
---|---|
oncWifiContext |
Additional context for non-compliance related to Wi-Fi configuration. See |
passwordPoliciesContext |
Additional context for non-compliance related to password policies. See |
OncWifiContext
Additional context for non-compliance related to Wi-Fi configuration.
JSON representation |
---|
{ "wifiGuid": string } |
Fields | |
---|---|
wifiGuid |
The GUID of non-compliant Wi-Fi configuration. |
PasswordPoliciesContext
Additional context for non-compliance related to password policies.
JSON representation |
---|
{
"passwordPolicyScope": enum ( |
Fields | |
---|---|
passwordPolicyScope |
The scope of non-compliant password. |
SoftwareInfo
Information about device software.
JSON representation |
---|
{
"androidVersion": string,
"androidDevicePolicyVersionCode": integer,
"androidDevicePolicyVersionName": string,
"androidBuildNumber": string,
"deviceKernelVersion": string,
"bootloaderVersion": string,
"androidBuildTime": string,
"securityPatchLevel": string,
"primaryLanguageCode": string,
"deviceBuildSignature": string,
"systemUpdateInfo": {
object ( |
Fields | |
---|---|
androidVersion |
The user-visible Android version string. For example, |
androidDevicePolicyVersionCode |
The Android Device Policy app version code. |
androidDevicePolicyVersionName |
The Android Device Policy app version as displayed to the user. |
androidBuildNumber |
Android build ID string meant for displaying to the user. For example, |
deviceKernelVersion |
Kernel version, for example, |
bootloaderVersion |
The system bootloader version number, e.g. |
androidBuildTime |
Build time. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
securityPatchLevel |
Security patch level, e.g. |
primaryLanguageCode |
An IETF BCP 47 language code for the primary locale on the device. |
deviceBuildSignature |
SHA-256 hash of |
systemUpdateInfo |
Information about a potential pending system update. |
SystemUpdateInfo
Information about a potential pending system update.
JSON representation |
---|
{
"updateStatus": enum ( |
Fields | |
---|---|
updateStatus |
The status of an update: whether an update exists and what type it is. |
updateReceivedTime |
The time when the update was first available. A zero value indicates that this field is not set. This field is set only if an update is available (that is, A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
UpdateStatus
The status of an update: whether an update exists and what type it is.
Enums | |
---|---|
UPDATE_STATUS_UNKNOWN |
It is unknown whether there is a pending system update. This happens when, for example, the device API level is less than 26, or if the version of Android Device Policy is outdated. |
UP_TO_DATE |
There is no pending system update available on the device. |
UNKNOWN_UPDATE_AVAILABLE |
There is a pending system update available, but its type is not known. |
SECURITY_UPDATE_AVAILABLE |
There is a pending security update available. |
OS_UPDATE_AVAILABLE |
There is a pending OS update available. |
HardwareInfo
Information about device hardware. The fields related to temperature thresholds are only available if hardwareStatusEnabled
is true in the device's policy.
JSON representation |
---|
{ "brand": string, "hardware": string, "deviceBasebandVersion": string, "manufacturer": string, "serialNumber": string, "model": string, "batteryShutdownTemperatures": [ number ], "batteryThrottlingTemperatures": [ number ], "cpuShutdownTemperatures": [ number ], "cpuThrottlingTemperatures": [ number ], "gpuShutdownTemperatures": [ number ], "gpuThrottlingTemperatures": [ number ], "skinShutdownTemperatures": [ number ], "skinThrottlingTemperatures": [ number ], "enterpriseSpecificId": string } |
Fields | |
---|---|
brand |
Brand of the device. For example, |
hardware |
Name of the hardware. For example, |
deviceBasebandVersion |
Baseband version. For example, |
manufacturer |
Manufacturer. For example, |
serialNumber |
The device serial number. |
model |
The model of the device. For example, |
batteryShutdownTemperatures[] |
Battery shutdown temperature thresholds in Celsius for each battery on the device. |
batteryThrottlingTemperatures[] |
Battery throttling temperature thresholds in Celsius for each battery on the device. |
cpuShutdownTemperatures[] |
CPU shutdown temperature thresholds in Celsius for each CPU on the device. |
cpuThrottlingTemperatures[] |
CPU throttling temperature thresholds in Celsius for each CPU on the device. |
gpuShutdownTemperatures[] |
GPU shutdown temperature thresholds in Celsius for each GPU on the device. |
gpuThrottlingTemperatures[] |
GPU throttling temperature thresholds in Celsius for each GPU on the device. |
skinShutdownTemperatures[] |
Device skin shutdown temperature thresholds in Celsius. |
skinThrottlingTemperatures[] |
Device skin throttling temperature thresholds in Celsius. |
enterpriseSpecificId |
Output only. ID that uniquely identifies a personally-owned device in a particular organization. On the same physical device when enrolled with the same organization, this ID persists across setups and even factory resets. This ID is available on personally-owned devices with a work profile on devices running Android 12 and above. |
Display
Device display information.
JSON representation |
---|
{
"name": string,
"displayId": integer,
"refreshRate": integer,
"state": enum ( |
Fields | |
---|---|
name |
Name of the display. |
displayId |
Unique display id. |
refreshRate |
Refresh rate of the display in frames per second. |
state |
State of the display. |
width |
Display width in pixels. |
height |
Display height in pixels. |
density |
Display density expressed as dots-per-inch. |
DisplayState
The state of a display.
Enums | |
---|---|
DISPLAY_STATE_UNSPECIFIED |
This value is disallowed. |
OFF |
Display is off. |
ON |
Display is on. |
DOZE |
Display is dozing in a low power state |
SUSPENDED |
Display is dozing in a suspended low power state. |
ApplicationReport
Information reported about an installed app.
JSON representation |
---|
{ "packageName": string, "versionName": string, "versionCode": integer, "events": [ { object ( |
Fields | |
---|---|
packageName |
Package name of the app. |
versionName |
The app version as displayed to the user. |
versionCode |
The app version code, which can be used to determine whether one version is more recent than another. |
events[] |
The list of app events which have occurred in the last 30 hours. |
displayName |
The display name of the app. |
packageSha256Hash |
The SHA-256 hash of the app's APK file, which can be used to verify the app hasn't been modified. Each byte of the hash value is represented as a two-digit hexadecimal number. |
signingKeyCertFingerprints[] |
The SHA-1 hash of each |
installerPackageName |
The package name of the app that installed this app. |
applicationSource |
The source of the package. |
state |
Application state. |
keyedAppStates[] |
List of keyed app states reported by the app. |
userFacingType |
Whether the app is user facing. |
ApplicationEvent
An app-related event.
JSON representation |
---|
{
"eventType": enum ( |
Fields | |
---|---|
eventType |
App event type. |
createTime |
The creation time of the event. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
ApplicationEventType
A type of app-related event.
Enums | |
---|---|
APPLICATION_EVENT_TYPE_UNSPECIFIED |
This value is disallowed. |
INSTALLED |
The app was installed. |
CHANGED |
The app was changed, for example, a component was enabled or disabled. |
DATA_CLEARED |
The app data was cleared. |
REMOVED |
The app was removed. |
REPLACED |
A new version of the app has been installed, replacing the old version. |
RESTARTED |
The app was restarted. |
PINNED |
The app was pinned to the foreground. |
UNPINNED |
The app was unpinned. |
ApplicationSource
The source that provided an app.
Enums | |
---|---|
APPLICATION_SOURCE_UNSPECIFIED |
The app was sideloaded from an unspecified source. |
SYSTEM_APP_FACTORY_VERSION |
This is a system app from the device's factory image. |
SYSTEM_APP_UPDATED_VERSION |
This is an updated system app. |
INSTALLED_FROM_PLAY_STORE |
The app was installed from the Google Play Store. |
ApplicationState
The current installation status.
Enums | |
---|---|
APPLICATION_STATE_UNSPECIFIED |
App state is unspecified |
REMOVED |
App was removed from the device |
INSTALLED |
App is installed on the device |
KeyedAppState
Keyed app state reported by the app.
JSON representation |
---|
{
"key": string,
"severity": enum ( |
Fields | |
---|---|
key |
The key for the app state. Acts as a point of reference for what the app is providing state for. For example, when providing managed configuration feedback, this key could be the managed configuration key. |
severity |
The severity of the app state. |
message |
Optionally, a free-form message string to explain the app state. If the state was triggered by a particular value (e.g. a managed configuration value), it should be included in the message. |
data |
Optionally, a machine-readable value to be read by the EMM. For example, setting values that the admin can choose to query against in the EMM console (e.g. “notify me if the battery_warning data < 10”). |
createTime |
The creation time of the app state on the device. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
lastUpdateTime |
The time the app state was most recently updated. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
Severity
The severity of the app state.
Enums | |
---|---|
SEVERITY_UNSPECIFIED |
Unspecified severity level. |
INFO |
Information severity level. |
ERROR |
Error severity level. This should only be set for genuine error conditions that a management organization needs to take action to fix. |
UserFacingType
Whether the app is user facing.
Enums | |
---|---|
USER_FACING_TYPE_UNSPECIFIED |
App user facing type is unspecified. |
NOT_USER_FACING |
App is not user facing. |
USER_FACING |
App is user facing. |
NetworkInfo
Device network info.
JSON representation |
---|
{
"imei": string,
"meid": string,
"wifiMacAddress": string,
"networkOperatorName": string,
"telephonyInfos": [
{
object ( |
Fields | |
---|---|
imei |
IMEI number of the GSM device. For example, |
meid |
MEID number of the CDMA device. For example, |
wifiMacAddress |
Wi-Fi MAC address of the device. For example, |
networkOperatorName |
Alphabetic name of current registered operator. For example, Vodafone. |
telephonyInfos[] |
Provides telephony information associated with each SIM card on the device. Only supported on fully managed devices starting from Android API level 23. |
TelephonyInfo
Telephony information associated with a given SIM card on the device. Only supported on fully managed devices starting from Android API level 23.
JSON representation |
---|
{ "phoneNumber": string, "carrierName": string, "iccId": string } |
Fields | |
---|---|
phoneNumber |
The phone number associated with this SIM card. |
carrierName |
The carrier name associated with this SIM card. |
iccId |
Output only. The ICCID associated with this SIM card. |
MemoryInfo
Information about device memory and storage.
JSON representation |
---|
{ "totalRam": string, "totalInternalStorage": string } |
Fields | |
---|---|
totalRam |
Total RAM on device in bytes. |
totalInternalStorage |
Total internal storage on device in bytes. |
MemoryEvent
An event related to memory and storage measurements.
To distinguish between new and old events, we recommend using the
field.createTime
JSON representation |
---|
{
"eventType": enum ( |
Fields | |
---|---|
eventType |
Event type. |
createTime |
The creation time of the event. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
byteCount |
The number of free bytes in the medium, or for |
MemoryEventType
The type of event.
Enums | |
---|---|
MEMORY_EVENT_TYPE_UNSPECIFIED |
Unspecified. No events have this type. |
RAM_MEASURED |
Free space in RAM was measured. |
INTERNAL_STORAGE_MEASURED |
Free space in internal storage was measured. |
EXTERNAL_STORAGE_DETECTED |
A new external storage medium was detected. The reported byte count is the total capacity of the storage medium. |
EXTERNAL_STORAGE_REMOVED |
An external storage medium was removed. The reported byte count is zero. |
EXTERNAL_STORAGE_MEASURED |
Free space in an external storage medium was measured. |
PowerManagementEvent
A power management event.
JSON representation |
---|
{
"eventType": enum ( |
Fields | |
---|---|
eventType |
Event type. |
createTime |
The creation time of the event. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
batteryLevel |
For |
PowerManagementEventType
The type of event.
Enums | |
---|---|
POWER_MANAGEMENT_EVENT_TYPE_UNSPECIFIED |
Unspecified. No events have this type. |
BATTERY_LEVEL_COLLECTED |
Battery level was measured. |
POWER_CONNECTED |
The device started charging. |
POWER_DISCONNECTED |
The device stopped charging. |
BATTERY_LOW |
The device entered low-power mode. |
BATTERY_OKAY |
The device exited low-power mode. |
BOOT_COMPLETED |
The device booted. |
SHUTDOWN |
The device shut down. |
HardwareStatus
Hardware status. Temperatures may be compared to the temperature thresholds available in hardwareInfo
to determine hardware health.
JSON representation |
---|
{ "createTime": string, "batteryTemperatures": [ number ], "cpuTemperatures": [ number ], "gpuTemperatures": [ number ], "skinTemperatures": [ number ], "fanSpeeds": [ number ], "cpuUsages": [ number ] } |
Fields | |
---|---|
createTime |
The time the measurements were taken. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
batteryTemperatures[] |
Current battery temperatures in Celsius for each battery on the device. |
cpuTemperatures[] |
Current CPU temperatures in Celsius for each CPU on the device. |
gpuTemperatures[] |
Current GPU temperatures in Celsius for each GPU on the device. |
skinTemperatures[] |
Current device skin temperatures in Celsius. |
fanSpeeds[] |
Fan speeds in RPM for each fan on the device. Empty array means that there are no fans or fan speed is not supported on the system. |
cpuUsages[] |
CPU usages in percentage for each core available on the device. Usage is 0 for each unplugged core. Empty array implies that CPU usage is not supported in the system. |
DeviceSettings
Information about security related device settings on device.
JSON representation |
---|
{
"isDeviceSecure": boolean,
"unknownSourcesEnabled": boolean,
"developmentSettingsEnabled": boolean,
"adbEnabled": boolean,
"isEncrypted": boolean,
"encryptionStatus": enum ( |
Fields | |
---|---|
isDeviceSecure |
Whether the device is secured with PIN/password. |
unknownSourcesEnabled |
Whether installing apps from unknown sources is enabled. |
developmentSettingsEnabled |
Whether developer mode is enabled on the device. |
adbEnabled |
Whether ADB is enabled on the device. |
isEncrypted |
Whether the storage encryption is enabled. |
encryptionStatus |
Encryption status from DevicePolicyManager. |
verifyAppsEnabled |
Whether Google Play Protect verification is enforced on the device. |
EncryptionStatus
Encryption status of a device.
Enums | |
---|---|
ENCRYPTION_STATUS_UNSPECIFIED |
Unspecified. No device should have this type. |
UNSUPPORTED |
Encryption is not supported by the device. |
INACTIVE |
Encryption is supported by the device, but is not currently active. |
ACTIVATING |
Encryption is not currently active, but is currently being activated. |
ACTIVE |
Encryption is active. |
ACTIVE_DEFAULT_KEY |
Encryption is active, but an encryption key is not set by the user. |
ACTIVE_PER_USER |
Encryption is active, and the encryption key is tied to the user profile. |
SecurityPosture
The security posture of the device, as determined by the current device state and the policies applied.
JSON representation |
---|
{ "devicePosture": enum ( |
Fields | |
---|---|
devicePosture |
Device's security posture value. |
postureDetails[] |
Additional details regarding the security posture of the device. |
DevicePosture
Possible security posture values of a device under management.
Enums | |
---|---|
POSTURE_UNSPECIFIED |
Unspecified. There is no posture detail for this posture value. |
SECURE |
This device is secure. |
AT_RISK |
This device may be more vulnerable to malicious actors than is recommended for use with corporate data. |
POTENTIALLY_COMPROMISED |
This device may be compromised and corporate data may be accessible to unauthorized actors. |
PostureDetail
Additional details regarding the security posture of the device.
JSON representation |
---|
{ "securityRisk": enum ( |
Fields | |
---|---|
securityRisk |
A specific security risk that negatively affects the security posture of the device. |
advice[] |
Corresponding admin-facing advice to mitigate this security risk and improve the security posture of the device. |
SecurityRisk
The risk that makes the device not in the most secure state.
Enums | |
---|---|
SECURITY_RISK_UNSPECIFIED |
Unspecified. |
UNKNOWN_OS |
Play Integrity API detects that the device is running an unknown OS (basicIntegrity check succeeds but ctsProfileMatch fails). |
COMPROMISED_OS |
Play Integrity API detects that the device is running a compromised OS (basicIntegrity check fails). |
HARDWARE_BACKED_EVALUATION_FAILED |
Play Integrity API detects that the device does not have a strong guarantee of system integrity, if the MEETS_STRONG_INTEGRITY label doesn't show in the device integrity field. |
CommonCriteriaModeInfo
Information about Common Criteria Mode—security standards defined in the Common Criteria for Information Technology Security Evaluation (CC).
This information is only available if statusReportingSettings.commonCriteriaModeEnabled
is true
in the device's policy.
JSON representation |
---|
{ "commonCriteriaModeStatus": enum ( |
Fields | |
---|---|
commonCriteriaModeStatus |
Whether Common Criteria Mode is enabled. |
policySignatureVerificationStatus |
Output only. The status of policy signature verification. |
CommonCriteriaModeStatus
Whether Common Criteria Mode is enabled.
Enums | |
---|---|
COMMON_CRITERIA_MODE_STATUS_UNKNOWN |
Unknown status. |
COMMON_CRITERIA_MODE_DISABLED |
Common Criteria Mode is currently disabled. |
COMMON_CRITERIA_MODE_ENABLED |
Common Criteria Mode is currently enabled. |
PolicySignatureVerificationStatus
The status of policy signature verification.
Enums | |
---|---|
POLICY_SIGNATURE_VERIFICATION_STATUS_UNSPECIFIED |
Unspecified. The verification status has not been reported. This is set only if is false. |
POLICY_SIGNATURE_VERIFICATION_DISABLED |
Policy signature verification is disabled on the device as is set to false. |
POLICY_SIGNATURE_VERIFICATION_SUCCEEDED |
Policy signature verification succeeded. |
POLICY_SIGNATURE_VERIFICATION_NOT_SUPPORTED |
Policy signature verification is not supported, e.g. because the device has been enrolled with a CloudDPC version that does not support the policy signature verification. |
POLICY_SIGNATURE_VERIFICATION_FAILED |
The policy signature verification failed. The policy has not been applied. |
DpcMigrationInfo
Information related to whether this device was migrated from being managed by another Device Policy Controller (DPC).
JSON representation |
---|
{ "previousDpc": string, "additionalData": string } |
Fields | |
---|---|
previousDpc |
Output only. If this device was migrated from another DPC, this is its package name. Not populated otherwise. |
additionalData |
Output only. If this device was migrated from another DPC, the |
Methods |
|
---|---|
|
Deletes a device. |
|
Gets a device. |
|
Issues a command to a device. |
|
Lists devices for a given enterprise. |
|
Updates a device. |