How to lock Chrome to a single site by using Android Enterprise policies ?


Allow access to a list of URLs

Data type:

List of strings [Android:string] (encoded as a JSON string, for details see

Windows registry location for Windows clients:

Android restriction name:



Allows access to the listed URLs, as exceptions to the URL blacklist.

See the description of the URL blacklist policy for the format of entries of this list.

This policy can be used to open exceptions to restrictive blacklists. For example, ‘*’ can be blacklisted to block all requests, and this policy can be used to allow access to a limited list of URLs. It can be used to open exceptions to certain schemes, subdomains of other domains, ports, or specific paths.

The most specific filter will determine if a URL is blocked or allowed. The whitelist takes precedence over the blacklist.

If this policy is not set there will be no exceptions to the blacklist from the ‘URLBlacklist’ policy.


[ “”, ““, “”, “https://server:8080/path“, “” ]

  • The way Android Managed configuration is designed is CEM only saves and sends the config to google android management via google api , its google who sends the config to Chrome app installed inside Work container. There is no Secure Hub involved in this . The policy keys, values all are decided by App developer.
  • It could also be that when the policy is configured on the CEM server you are not passing the right expected format for the values .

Based on the doc here ,

please Block all sites and allow selected site as below.


Leave a Reply