The Android User Policy manages user-account–related restrictions and customization controls on managed Android devices.
These settings help organizations maintain security, enforce consistent configurations, and prevent unauthorized profile, account, or personalization changes.
Minimum Requirements: Android 9+
Policy Overview
This policy allows administrators to:
Restrict adding or removing user accounts
Prevent account modifications
Block changes to user icons and device wallpaper
Control credential provider availability
Disable credential configuration changes
These controls are especially valuable for shared devices, corporate-owned deployments, and environments enforcing strict security or branding requirements.
Settings
1. Disable Adding Users
Description:
Prevents users from adding new accounts or profiles on the device.
When enabled, users cannot create additional user accounts, guest accounts, or work profiles—ensuring that only authorized accounts remain.
Use cases:
Corporate-owned devices
Shared devices (kiosks, frontline, retail)
Preventing personal account usage on enterprise hardware
Minimum Requirements: Android 9+
Values:
Enabled — New account creation blocked
Disabled (default) — Users may add accounts depending on system policies
2. Credential Provider Policy Default
Controls the default enabled state of credential providers.
This setting defines whether credential providers (such as password managers or authentication apps) are allowed or restricted by default when no explicit provider policy exists.
Minimum Requirements: Android 9+
Values include (depending on system configuration):
ENABLED
DISABLED
UNSPECIFIED
3. Disable Credentials Configuration
Description:
Prevents users from modifying any credential settings on the device.
When enabled, users cannot add or change passwords, PINs, certificates, or authentication configurations.
This ensures consistent enforcement of security policies across all devices.
Minimum Requirements: Android 9+
Values:
Enabled — Credential settings locked
Disabled (default)
4. Disable Account Modification
Description:
Prevents users from editing existing accounts or adding new ones.
When enabled, account management becomes admin-controlled only.
Use cases:
Prevent unauthorized apps from inserting accounts
Stop users from modifying work accounts
Lock down shared devices
Minimum Requirements: Android 9+
Values:
Enabled — Account changes blocked
Disabled (default)
5. Disable User Removal
Description:
Blocks users from removing any accounts on the device.
When enabled, users cannot delete the primary account, work account, or any local accounts configured by administrators.
Use cases:
Ensures persistent MDM enrollment
Prevents users from removing required enterprise accounts
Maintains audit and compliance integrity
Minimum Requirements: Android 9+
Values:
Enabled — Users cannot remove accounts
Disabled (default)
6. Disable User Icon Changes
Description:
Prevents users from changing their profile picture or user icon.
Useful when enforcing consistent identification or preventing inappropriate imagery on work devices.
Minimum Requirements: Android 9+
Values:
Enabled — Icon changes blocked
Disabled (default)
7. Disable Wallpaper Changes
Description:
Prevents users from modifying the device wallpaper.
This is typically used for branding, uniform presentation, or preventing display of personal images on corporate hardware.
Minimum Requirements: Android 9+
Values:
Enabled — Wallpaper fixed and cannot be changed
Disabled (default)
Summary
The Android User Policy offers key controls for managing user accounts, credentials, and personalization features on Android devices.
By applying this policy, administrators can:
Maintain strict account governance
Enforce consistent security behaviors
Preserve corporate branding
Prevent unauthorized or risky user modifications
This policy is recommended for corporate-owned, shared, and high-security device deployments.