"description":"The callback URL to which the admin will be redirected after successfully creating an enterprise. Before redirecting there the system will add a query parameter to this URL named enterpriseToken which will contain an opaque token to be used for the create enterprise request. The URL will be parsed then reformatted in order to add the enterpriseToken parameter, so there may be some minor formatting changes.",
"description":"The preferred language for localized application info, as a BCP47 tag (e.g. \"en-US\", \"de\"). If not specified the default language of the application will be used.",
"description":"Gets the latest state of a long-running operation. Clients can use this method to poll the operation result at intervals as recommended by the API service.",
"description":"Lists operations that match the specified filter in the request. If the server doesn't support this method, it returns UNIMPLEMENTED.NOTE: the name binding allows API services to override the binding to use different resource name schemes, such as users/*/operations. To override the binding, API services can add a binding such as \"/v1/{name=users/*}/operations\" to their service configuration. For backwards compatibility, the default name includes the operations collection id, however overriding users must ensure the name binding is the parent resource, without the operations collection id.",
"description":"Deletes a long-running operation. This method indicates that the client is no longer interested in the operation result. It does not cancel the operation. If the server doesn't support this method, it returns google.rpc.Code.UNIMPLEMENTED.",
"description":"Starts asynchronous cancellation on a long-running operation. The server makes a best effort to cancel the operation, but success is not guaranteed. If the server doesn't support this method, it returns google.rpc.Code.UNIMPLEMENTED. Clients can use Operations.GetOperation or other methods to check whether the cancellation succeeded or whether the operation completed despite cancellation. On successful cancellation, the operation is not deleted; instead, it becomes an operation with an Operation.error value with a google.rpc.Status.code of 1, corresponding to Code.CANCELLED.",
"description":"Issues a command to a device. The Operation resource returned contains a Command in its metadata field. Use the get operation method to get the status of the command.",
"description":"If the device state is DISABLED, an optional message that is displayed on the device indicating the reason the device is disabled. This field may be modified by an update request.",
"description":"The name of the policy that is intended to be applied to the device. If empty, the policy_name for the user that owns this device is applied. This field may be modified by an update request. The name of the policy is in the form enterprises/{enterpriseId}/policies/{policyId}. It is also permissible to only specify the policyId when updating this field as long as the policyId contains no slashes since the rest of the policy name can be inferred from context.",
"The device was deleted. This state will never be returned by an API call, but will be used in the final policy compliance report published to Cloud Pub/Sub when the device acknowledges the deletion.",
"The device is being provisioned. Newly enrolled devices will be in this state until they have applied policy."
"description":"The state that is intended to be applied to the device. This field may be modified by an update request. Note that UpdateDevice only handles toggling between ACTIVE and DISABLED states. Use the delete device method to cause the device to enter the DELETED state.",
"The device was deleted. This state will never be returned by an API call, but will be used in the final policy compliance report published to Cloud Pub/Sub when the device acknowledges the deletion.",
"The device is being provisioned. Newly enrolled devices will be in this state until they have applied policy."
"description":"Detailed information about the device software. This information is only available when softwareInfoEnabled is true in the device's policy.",
"description":"Events related to memory and storage measurements in chronological order. This information is only available when memoryInfoEnabled is true in the device's policy.",
"description":"The previous device names used for the same physical device when it has been enrolled multiple times. The serial number is used as the unique identifier to determine if the same physical device has enrolled previously. The names are in chronological order.",
"description":"Hardware status samples in chronological order. This information is only available when hardwareStatusEnabled is true in the device's policy.",
"description":"Power management events on the device in chronological order. This information is only available when powerManagementEventsEnabled is true in the device's policy.",
"description":"The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC (https://github.com/grpc). The error model is designed to be:\nSimple to use and understand for most users\nFlexible enough to meet unexpected needsOverviewThe Status message contains three pieces of data: error code, error message, and error details. The error code should be an enum value of google.rpc.Code, but it may accept additional error codes if needed. The error message should be a developer-facing English message that helps developers understand and resolve the error. If a localized user-facing error message is needed, put the localized message in the error details or localize it in the client. The optional error details may contain arbitrary information about the error. There is a predefined set of error detail types in the package google.rpc that can be used for common error conditions.Language mappingThe Status message is the logical representation of the error model, but it is not necessarily the actual wire format. When the Status message is exposed in different client libraries and different wire protocols, it can be mapped differently. For example, it will likely be mapped to some exceptions in Java, but more likely mapped to some error codes in C.Other usesThe error model and the Status message can be used in a variety of environments, either with or without APIs, to provide a consistent developer experience across different environments.Example uses of this error model include:\nPartial errors. If a service needs to return partial errors to the client, it may embed the Status in the normal response to indicate the partial errors.\nWorkflow errors. A typical workflow has multiple steps. Each step may have a Status message for error reporting.\nBatch operations. If a client uses batch request and batch response, the Status message should be used directly inside batch response, one for each error sub-response.\nAsynchronous operations. If an API call embeds asynchronous operation results in its response, the status of those operations should be represented directly using the Status message.\nLogging. If some API errors are stored in logs, the message Status could be used directly after any stripping needed for security/privacy reasons.",
"description":"A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.",
"description":"Managed configuration applied to the app. The format for the configuration is dictated by the ManagedProperty values supported by the app. Each field name in the managed configuration must match the key field of the ManagedProperty. The field value must be compatible with the type of the ManagedProperty: \u003ctable\u003e \u003ctr\u003e\u003ctd\u003e\u003ci\u003etype\u003c/i\u003e\u003c/td\u003e\u003ctd\u003e\u003ci\u003eJSON value\u003c/i\u003e\u003c/td\u003e\u003c/tr\u003e \u003ctr\u003e\u003ctd\u003eBOOL\u003c/td\u003e\u003ctd\u003etrue or false\u003c/td\u003e\u003c/tr\u003e \u003ctr\u003e\u003ctd\u003eSTRING\u003c/td\u003e\u003ctd\u003estring\u003c/td\u003e\u003c/tr\u003e \u003ctr\u003e\u003ctd\u003eINTEGER\u003c/td\u003e\u003ctd\u003enumber\u003c/td\u003e\u003c/tr\u003e \u003ctr\u003e\u003ctd\u003eCHOICE\u003c/td\u003e\u003ctd\u003estring\u003c/td\u003e\u003c/tr\u003e \u003ctr\u003e\u003ctd\u003eMULTISELECT\u003c/td\u003e\u003ctd\u003earray of strings\u003c/td\u003e\u003c/tr\u003e \u003ctr\u003e\u003ctd\u003eHIDDEN\u003c/td\u003e\u003ctd\u003estring\u003c/td\u003e\u003c/tr\u003e \u003ctr\u003e\u003ctd\u003eBUNDLE_ARRAY\u003c/td\u003e\u003ctd\u003earray of objects\u003c/td\u003e\u003c/tr\u003e \u003c/table\u003e",
"description":"The default policy for all permissions requested by the app. If specified, this overrides the policy-level default_permission_policy which applies to all apps.",
"description":"Configuration info for an HTTP proxy. For a direct proxy, set the host, port, and excluded_hosts fields. For a PAC script proxy, set the pac_uri field.",
"type":"object",
"properties":{
"host":{
"description":"The host of the direct proxy.",
"type":"string"
},
"port":{
"description":"The port of the direct proxy.",
"type":"integer",
"format":"int32"
},
"excludedHosts":{
"description":"For a direct proxy, the hosts for which the proxy is bypassed. The host names may contain wildcards such as *.example.com.",
"type":"array",
"items":{
"type":"string"
}
},
"pacUri":{
"description":"The URI of the PAC script used to configure the proxy.",
"description":"If the value is false, it means the operation is still in progress. If true, the operation is completed, and either error or response is available.",
"description":"Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.",
"description":"The normal response of the operation in case of success. If the original method returns no data on success, such as Delete, the response is google.protobuf.Empty. If the original method is standard Get/Create/Update, the response should be the resource. For other methods, the response should have the type XxxResponse, where Xxx is the original method name. For example, if the original method name is TakeSnapshot(), the inferred response type is TakeSnapshotResponse.",
"description":"The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the name should have the format of operations/some/unique/name.",
"description":"A compliance rule condition which is satisfied if there exists any matching NonComplianceDetail for the device. A NonComplianceDetail matches a NonComplianceDetailCondition if all the fields which are set within the NonComplianceDetailCondition match the corresponding NonComplianceDetail fields.",
"The setting cannot be applied to the application because the application doesn't support it, for example because its target SDK version is not high enough.",
"description":"The name of the policy setting. This is the JSON field name of a top-level Policy field. If not set, then this condition matches any setting name.",
"description":"If package_name is set and the non-compliance reason is APP_NOT_INSTALLED or APP_NOT_UPDATED, the detailed reason the app cannot be installed or updated.",
"An unknown condition is preventing the app from being installed. Some potential reaons are that the device does not have enough storage, the device network connection is unreliable, or the installation is taking longer than expected. The installation will be retried automatically.",
"description":"For settings with nested fields, if a particular nested field is out of compliance, this specifies the full path to the offending field. The path is formatted in the same way the policy JSON field would be referenced in JavaScript, that is: 1) For object-typed fields, the field name is followed by a dot then by a subfield name. 2) For array-typed fields, the field name is followed by the array index enclosed in brackets. For example, to indicate a problem with the url field in the externalData field in the 3rd application, the path would be applications[2].externalData.url",
"The setting cannot be applied to the application because the application doesn't support it, for example because its target SDK version is not high enough.",
"description":"The activity that should be the default intent handler. This should be an Android component name, e.g. com.android.enterprise.app/.MainActivity. Alternatively, the value may be the package name of an app, which causes Android Device Policy to choose an appropriate activity from the app to handle the intent.",
"description":"The intent actions to match in the filter. If any actions are included in the filter, then an intent's action must be one of those values for it to match. If no actions are included, the intent action is ignored.",
"description":"The intent categories to match in the filter. An intent includes the categories that it requires, all of which must be included in the filter in order to match. In other words, adding a category to the filter has no impact on matching unless that category is specified in the intent.",
"description":"Whether bluetooth is disabled. Prefer this setting over bluetooth_config_disabled because bluetooth_config_disabled can be bypassed by the user.",
"description":"The battery plugged in modes for which the device stays on. When using this setting, it is recommended to clear maximum_time_to_lock so that the device doesn't lock itself while it stays on.",
"description":"Whether the network escape hatch is enabled. If a network connection can't be made at boot time, the escape hatch prompts the user to temporarily connect to a network in order to refresh the device policy. After applying policy, the temporary network will be forgotten and the device will continue booting. This prevents being unable to connect to a network if there is no suitable network in the last policy and the device boots into an app in lock task mode, or the user is otherwise unable to reach device settings.",
"description":"The network-independent global HTTP proxy. Typically proxies should be configured per-network in open_network_configuration. However for unusual configurations like general internal filtering a global HTTP proxy may be useful. If the proxy is not accessible, network access may break. The global proxy is only a recommendation and some apps may ignore it.",
"description":"If present, only input methods provided by packages in this list are permitted. If this field is present, but the list is empty, then only system input methods are permitted.",
"description":"Email addresses of device administrators for factory reset protection. When the device is factory reset, it will require one of these admins to log in with the Google account email and password to unlock the device. If no admins are specified, the device will not provide factory reset protection.",
"description":"Whether the user is allowed to have fun. Controls whether the Easter egg game in Settings is disabled.",
"type":"boolean"
},
"openNetworkConfiguration":{
"description":"Network configuration for the device. See configure networks for more information.",
"additionalProperties":{
"description":"Properties of the object.",
"type":"any"
},
"type":"object"
},
"unmuteMicrophoneDisabled":{
"description":"Whether the microphone is muted and adjusting microphone volume is disabled.",
"type":"boolean"
},
"systemUpdate":{
"description":"The system update policy, which controls how OS updates are applied. If the update type is WINDOWED, the update window will automatically apply to Play app updates as well.",
"description":"Whether application verification is forced to be enabled.",
"type":"boolean"
},
"kioskCustomLauncherEnabled":{
"description":"Whether the kiosk custom launcher is enabled. This replaces the home screen with a launcher that locks down the device to the apps installed via the applications setting. The apps appear on a single page in alphabetical order. It is recommended to also use status_bar_disabled to block access to device settings.",
"description":"Whether the status bar is disabled. This disables notifications, quick settings and other screen overlays that allow escape from full-screen mode.",
"description":"The version of the policy. This is a read-only field. The version is incremented each time the policy is updated.",
"type":"string",
"format":"int64"
},
"complianceRules":{
"description":"Rules declaring which mitigating actions to take when a device is not compliant with its policy. When the conditions for multiple rules are satisfied, all of the mitigating actions for the rules are taken. There is a maximum limit of 100 rules.",
"description":"Whether applications other than the ones configured in applications are blocked from being installed. When set, applications that were installed under a previous policy but no longer appear in the policy are automatically uninstalled.",
"type":"boolean"
},
"debuggingFeaturesAllowed":{
"description":"Whether the user is allowed to enable debugging features.",
"description":"The duration for which the command is valid. The command will expire if not executed by the device during this time. The default duration if unspecified is ten minutes. There is no maximum duration.",
"description":"A rule declaring which mitigating actions to take when a device is not compliant with its policy. For every rule, there is always an implicit mitigating action to set policy_compliant to false for the Device resource, and display a message on the device indicating that the device is not compliant with its policy. Other mitigating actions may optionally be taken as well, depending on the field values in the rule.",
"description":"If set to true, the rule includes a mitigating action to disable applications so that the device is effectively disabled, but application data is preserved. If the device is running an app in locked task mode, the app will be closed and a UI showing the reason for non-compliance will be displayed.",
"description":"The name of the policy that will be initially applied to the enrolled device in the form enterprises/{enterpriseId}/policies/{policyId}. If not specified, the policy_name for the user that owns the device is applied. If user_name also isn't specified, the policy defaults to enterprises/{enterpriseId}/policies/default. It is permissible to only specify the policyId when updating this field as long as the policyId contains no slashes since the rest of the policy name can be inferred from context.",
"description":"The name of the enrollment token, which is generated by the server during creation, in the form enterprises/{enterpriseId}/enrollmentTokens/{enrollmentTokenId}",
"description":"Optional, arbitrary data associated with the enrollment token. This could contain, for example, the id of an org unit to which the device is assigned after enrollment. After a device enrolls with the token, this data will be exposed in the enrollment_token_data field of the Device resource. The data must be 1024 characters or less; otherwise, the creation request will fail.",
"description":"A JSON string whose UTF-8 representation can be used to generate a QR code to enroll a device with this enrollment token. To enroll a device using NFC, the NFC record must contain a serialized java.util.Properties representation of the properties in the JSON.",
"description":"The token value which is used in the hosting page to generate the iframe with the embedded UI. This is a read-only field generated by the server.",
"description":"The name of the web token, which is generated by the server during creation, in the form enterprises/{enterpriseId}/webTokens/{webTokenId}.",
"description":"The URL of the parent frame hosting the iframe with the embedded UI. To prevent XSS, the iframe may not be hosted at other URLs. The URL must use the https scheme.",
"description":"When Cloud Pub/Sub notifications are enabled, this field is required to indicate the topic to which the notifications will be published. The format of this field is projects/{project}/topics/{topic}. You must have granted the publish permission on this topic to android-cloud-policy@system.gserviceaccount.com",
"description":"An image displayed as a logo during device provisioning. Supported types are: image/bmp, image/gif, image/x-ico, image/jpeg, image/png, image/webp, image/vnd.wap.wbmp, image/x-adobe-dng.",
"description":"A color in RGB format indicating the predominant color to display in the device management app UI. The color components are stored as follows: (red \u003c\u003c 16) | (green \u003c\u003c 8) | blue, where each component may take a value between 0 and 255 inclusive.",
"description":"Whether app auto-approval is enabled. When enabled, apps installed via policy for this enterprise have all permissions automatically approved. When enabled, it is the caller's responsibility to display the permissions required by an app to the enterprise admin before setting the app to be installed in a policy.",
"description":"The absolute URL to the data, which must use either the http or https scheme. Android Device Policy does not provide any credentials in the GET request, so the URL must be publicly accessible. Including a long, random component in the URL may be used to prevent attackers from discovering the URL.",
"description":"The base-64 encoded SHA-256 hash of the content hosted at url. If the content does not match this hash, Android Device Policy will not use the data.",
"description":"The default message that gets displayed if no localized message is specified, or the user's locale does not match with any of the localized messages. A default message must be provided if any localized messages are provided.",
"description":"Minimum number of non-letter characters (numerical digits or symbols) required in the password. Only enforced when password_quality is COMPLEX.",
"description":"A device will be wiped after too many incorrect device-unlock passwords have been entered. A value of 0 means there is no restriction.",
"There must be at least low-security biometric recognition technology to secure the device. This includes technologies that can recognize the identity of an individual to about a 3 digit PIN (false detection is less than 1 in 1,000).",
"The password must contain at both numeric and alphabetic (or symbol) characters.",
"The password must contain at least a letter, a numerical digit and a special symbol. Other password constraints, for example, password_minimum_letters are enforced."
"description":"The minimum allowed password length. A value of 0 means there is no restriction. Only enforced when password_quality is NUMERIC, NUMERIC_COMPLEX, ALPHABETIC, ALPHANUMERIC, or COMPLEX.",
"description":"The length of the password history. After setting this, the user will not be able to enter a new password that is the same as any password in the history. A value of 0 means there is no restriction.",
"description":"Information about device hardware. The fields related to temperature thresholds are only available when hardwareStatusEnabled is true in the device's policy.",
"description":"A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance:\nservice Foo {\n rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty);\n}\nThe JSON representation for Empty is empty JSON object {}.",
"description":"A compliance rule condition which is satisfied if the Android Framework API level on the device does not meet a minimum requirement. There can only be one rule with this type of condition per policy.",
"description":"The minimum desired Android Framework API level. If the device does not meet the minimum requirement, this condition is satisfied. Must be greater than zero.",
"description":"Information about security related device settings on device.",
"type":"object",
"properties":{
"developmentSettingsEnabled":{
"description":"If the developer mode is enabled Settings.Global.DEVELOPMENT_SETTINGS_ENABLED.",
"type":"boolean"
},
"adbEnabled":{
"description":"If the ADB is enabled Settings.Global.ADB_ENABLED.",
"type":"boolean"
},
"isDeviceSecure":{
"description":"Device secured with PIN/password.",
"type":"boolean"
},
"isEncrypted":{
"description":"Whether the storage encryption is enabled DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE or DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE_PER_USER in N+ devices.",
"type":"boolean"
},
"unknownSourcesEnabled":{
"description":"If installing apps from unknown sources is enabled. Settings.Secure.INSTALL_NON_MARKET_APPS.",
"type":"boolean"
},
"encryptionStatus":{
"description":"Encryption status from DevicePolicyManager.",
"enum":[
"ENCRYPTION_STATUS_UNSPECIFIED",
"UNSUPPORTED",
"INACTIVE",
"ACTIVATING",
"ACTIVE",
"ACTIVE_DEFAULT_KEY",
"ACTIVE_PER_USER"
],
"enumDescriptions":[
"Unspecified. No device should have this type.",
"Encryption is not supported by the device.",
"Encryption is supported by the device, but not currently active.",
"Encryption is not currently active, but is currently being activated.",
"Encryption is active",
"Encryption is active, but an encryption key is not set by the user",
"Encrpyiton is active, and the encryption key is tied to the user profile."
"description":"If the type is WINDOWED, the start of the maintenance window, measured as the number of minutes after midnight in device local time. This value must be between 0 and 1439, inclusive.",
"Install automatically within a daily maintenance window. This also configures Play apps to be updated within the window. This is strongly recommended for kiosk devices because this is the only way apps persistently pinned to the foreground can be updated by Play.",
"description":"If the type is WINDOWED, the end of the maintenance window, measured as the number of minutes after midnight in device local time. This value must be between 0 and 1439, inclusive. If this value is less than start_minutes, then the maintenance window spans midnight. If the maintenance window specified is smaller than 30 minutes, the actual window is extended to 30 minutes beyond the start time.",
"description":"CPU usages in percentage for each core available on the device. Usage is 0 for each unplugged core. Empty array implies that CPU usage is not supported in the system.",
"description":"Returns response with indentations and line breaks.",
"default":"true",
"type":"boolean",
"location":"query"
},
"key":{
"description":"API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.",
"type":"string",
"location":"query"
},
"quotaUser":{
"description":"Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.",
"type":"string",
"location":"query"
},
"pp":{
"description":"Pretty-print response.",
"default":"true",
"type":"boolean",
"location":"query"
},
"fields":{
"description":"Selector specifying which fields to include in a partial response.",
"type":"string",
"location":"query"
},
"alt":{
"description":"Data format for response.",
"location":"query",
"enum":[
"json",
"media",
"proto"
],
"default":"json",
"enumDescriptions":[
"Responses with Content-Type of application/json",
"Media download with context-dependent Content-Type",
"Responses with Content-Type of application/x-protobuf"
],
"type":"string"
},
"$.xgafv":{
"description":"V1 error format.",
"enum":[
"1",
"2"
],
"enumDescriptions":[
"v1 error format",
"v2 error format"
],
"type":"string",
"location":"query"
},
"callback":{
"description":"JSONP",
"type":"string",
"location":"query"
},
"oauth_token":{
"description":"OAuth 2.0 token for the current user.",
"type":"string",
"location":"query"
},
"uploadType":{
"description":"Legacy upload protocol for media (e.g. \"media\", \"multipart\").",
"type":"string",
"location":"query"
},
"bearer_token":{
"description":"OAuth bearer token.",
"type":"string",
"location":"query"
},
"upload_protocol":{
"description":"Upload protocol for media (e.g. \"raw\", \"multipart\").",