public sealed class DevicePolicy : IMessage<DevicePolicy>, IEquatable<DevicePolicy>, IDeepCloneable<DevicePolicy>, IBufferMessage, IMessage
Reference documentation and code samples for the Identity Access Context Manager v1 API class DevicePolicy.
DevicePolicy specifies device specific restrictions necessary to acquire a
given access level. A DevicePolicy specifies requirements for requests from
devices to be granted access levels, it does not do any enforcement on the
device. DevicePolicy acts as an AND over all specified fields, and each
repeated field is an OR over its elements. Any unset fields are ignored. For
example, if the proto is { os_type : DESKTOP_WINDOWS, os_type :
DESKTOP_LINUX, encryption_status: ENCRYPTED}, then the DevicePolicy will be
true for requests originating from encrypted Linux desktops and encrypted
Windows desktops.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-28 UTC."],[[["\u003cp\u003eThe latest version of the \u003ccode\u003eDevicePolicy\u003c/code\u003e API class is 2.5.0, with documentation also available for versions ranging from 1.2.0 to 2.4.0.\u003c/p\u003e\n"],["\u003cp\u003e\u003ccode\u003eDevicePolicy\u003c/code\u003e specifies device-specific restrictions for access levels, acting as an AND operation across all specified fields.\u003c/p\u003e\n"],["\u003cp\u003eThe class \u003ccode\u003eDevicePolicy\u003c/code\u003e is implemented with several interfaces including \u003ccode\u003eIMessage\u003c/code\u003e, \u003ccode\u003eIEquatable\u003c/code\u003e, \u003ccode\u003eIDeepCloneable\u003c/code\u003e, and \u003ccode\u003eIBufferMessage\u003c/code\u003e.\u003c/p\u003e\n"],["\u003cp\u003e\u003ccode\u003eDevicePolicy\u003c/code\u003e includes properties to manage device restrictions, such as allowed management levels, encryption statuses, OS versions, admin approval requirements, corp ownership, and screen lock requirements.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003eDevicePolicy\u003c/code\u003e is found under the \u003ccode\u003eGoogle.Identity.AccessContextManager.V1\u003c/code\u003e namespace and is contained within the \u003ccode\u003eGoogle.Identity.AccessContextManager.V1.dll\u003c/code\u003e assembly.\u003c/p\u003e\n"]]],[],null,["# Identity Access Context Manager v1 API - Class DevicePolicy (2.5.0)\n\nVersion latestkeyboard_arrow_down\n\n- [2.5.0 (latest)](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/latest/Google.Identity.AccessContextManager.V1.DevicePolicy)\n- [2.4.0](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/2.4.0/Google.Identity.AccessContextManager.V1.DevicePolicy)\n- [2.3.0](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/2.3.0/Google.Identity.AccessContextManager.V1.DevicePolicy)\n- [2.2.0](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/2.2.0/Google.Identity.AccessContextManager.V1.DevicePolicy)\n- [2.1.0](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/2.1.0/Google.Identity.AccessContextManager.V1.DevicePolicy)\n- [2.0.0](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/2.0.0/Google.Identity.AccessContextManager.V1.DevicePolicy)\n- [1.5.0](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/1.5.0/Google.Identity.AccessContextManager.V1.DevicePolicy)\n- [1.4.0](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/1.4.0/Google.Identity.AccessContextManager.V1.DevicePolicy)\n- [1.3.0](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/1.3.0/Google.Identity.AccessContextManager.V1.DevicePolicy)\n- [1.2.0](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/1.2.0/Google.Identity.AccessContextManager.V1.DevicePolicy) \n\n public sealed class DevicePolicy : IMessage\u003cDevicePolicy\u003e, IEquatable\u003cDevicePolicy\u003e, IDeepCloneable\u003cDevicePolicy\u003e, IBufferMessage, IMessage\n\nReference documentation and code samples for the Identity Access Context Manager v1 API class DevicePolicy.\n\n`DevicePolicy` specifies device specific restrictions necessary to acquire a\ngiven access level. A `DevicePolicy` specifies requirements for requests from\ndevices to be granted access levels, it does not do any enforcement on the\ndevice. `DevicePolicy` acts as an AND over all specified fields, and each\nrepeated field is an OR over its elements. Any unset fields are ignored. For\nexample, if the proto is { os_type : DESKTOP_WINDOWS, os_type :\nDESKTOP_LINUX, encryption_status: ENCRYPTED}, then the DevicePolicy will be\ntrue for requests originating from encrypted Linux desktops and encrypted\nWindows desktops. \n\nInheritance\n-----------\n\n[object](https://learn.microsoft.com/dotnet/api/system.object) \\\u003e DevicePolicy \n\nImplements\n----------\n\n[IMessage](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IMessage-1.html)[DevicePolicy](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/latest/Google.Identity.AccessContextManager.V1.DevicePolicy), [IEquatable](https://learn.microsoft.com/dotnet/api/system.iequatable-1)[DevicePolicy](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/latest/Google.Identity.AccessContextManager.V1.DevicePolicy), [IDeepCloneable](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IDeepCloneable-1.html)[DevicePolicy](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/latest/Google.Identity.AccessContextManager.V1.DevicePolicy), [IBufferMessage](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IBufferMessage.html), [IMessage](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IMessage.html) \n\nInherited Members\n-----------------\n\n[object.GetHashCode()](https://learn.microsoft.com/dotnet/api/system.object.gethashcode) \n[object.GetType()](https://learn.microsoft.com/dotnet/api/system.object.gettype) \n[object.ToString()](https://learn.microsoft.com/dotnet/api/system.object.tostring)\n\nNamespace\n---------\n\n[Google.Identity.AccessContextManager.V1](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/latest/Google.Identity.AccessContextManager.V1)\n\nAssembly\n--------\n\nGoogle.Identity.AccessContextManager.V1.dll\n\nConstructors\n------------\n\n### DevicePolicy()\n\n public DevicePolicy()\n\n### DevicePolicy(DevicePolicy)\n\n public DevicePolicy(DevicePolicy other)\n\nProperties\n----------\n\n### AllowedDeviceManagementLevels\n\n public RepeatedField\u003cDeviceManagementLevel\u003e AllowedDeviceManagementLevels { get; }\n\nAllowed device management levels, an empty list allows all management\nlevels.\n\n### AllowedEncryptionStatuses\n\n public RepeatedField\u003cDeviceEncryptionStatus\u003e AllowedEncryptionStatuses { get; }\n\nAllowed encryptions statuses, an empty list allows all statuses.\n\n### OsConstraints\n\n public RepeatedField\u003cOsConstraint\u003e OsConstraints { get; }\n\nAllowed OS versions, an empty list allows all types and all versions.\n\n### RequireAdminApproval\n\n public bool RequireAdminApproval { get; set; }\n\nWhether the device needs to be approved by the customer admin.\n\n### RequireCorpOwned\n\n public bool RequireCorpOwned { get; set; }\n\nWhether the device needs to be corp owned.\n\n### RequireScreenlock\n\n public bool RequireScreenlock { get; set; }\n\nWhether or not screenlock is required for the DevicePolicy to be true.\nDefaults to `false`."]]
