1# MDM Kit Development 2 3## Introduction 4 5MDM Kit provides capabilities for the device administrator application, including enterprise device management and event listening, application management, feature restriction management, security management, device settings, device control, device information acquisition, hardware peripheral management, system management, and network management. For details about the APIs, see [API Reference](../reference/apis-mdm-kit/js-apis-EnterpriseAdminExtensionAbility.md). 6 7A device administrator application is an application with the [EnterpriseAdminExtensionAbility](./mdm-kit-admin.md). 8 9## How to Develop 10 11To develop a device administrator application, perform the following steps: 12 13<!--RP1--> 14 151. Create an **EnterpriseAdminExtensionAbility** instance. 16 172. Declare the permissions required. 18 193. Develop and debug MDM functionalities. 20 21<!--RP1End--> 22 23 24<!--RP2--><!--RP2End--> 25 26### Creating an **EnterpriseAdminExtensionAbility** Instance 27 28For details, see [EnterpriseAdminExtensionAbility Development](mdm-kit-admin.md). 29 30### Declaring Required Permissions 31 32Before declaring the required permissions, ensure that the [basic principles for using permissions](../security/AccessToken/app-permission-mgmt-overview.md#basic-principles-for-using-permissions) are met. Then, declare the permissions required by the application under **requestPermissions** in the [module.json5](../quick-start/module-configuration-file.md) file of the module of the project. Example: 33 34```ts 35"requestPermissions": [ 36 { 37 "name": "ohos.permission.ENTERPRISE_MANAGE_RESTRICTIONS" 38 }, 39] 40``` 41 42> **NOTE** 43> 44> The required permissions vary with the API to call. For details, see [Enterprise Device Management](../reference/apis-mdm-kit/js-apis-enterprise-adminManager.md) and other related APIs. 45> 46> <!--RP4--><!--RP4End--> 47 48### Developing MDM Functionalities 49 501. Import modules. MDM Kit provides a wide variety of APIs for application management, communication management, security management, feature restriction management, intra-system management, device settings and query, device control, and more. Import related modules based on service requirements. In this example, **adminManager** and **restrictions** are imported. 51 52 ```ts 53 import { adminManager, restrictions } from '@kit.MDMKit'; 54 ``` 55 562. Call APIs to implement related functionalities. For example, disable Wi-Fi for devices. 57 58 ```ts 59 import { Want } from '@kit.AbilityKit'; 60 61 let wantTemp: Want = { 62 bundleName: 'com.example.xxx', 63 abilityName: 'EnterpriseAdminAbility', 64 }; 65 try { 66 restrictions.setDisallowedPolicy(wantTemp, "wifi", true); 67 console.info("disable wifi success."); 68 } catch (error) { 69 console.error("disable wifi fail."); 70 } 71 ``` 72 73### Debugging 74 75The MDM APIs can be called only after the **EnterpriseAdminExtensionAbility** is enabled. During the debugging process, you can use the following hdc commands to enable and disable an **EnterpriseAdminExtensionAbility**: 76 77```bash 78# Enable a super administrator application. 79hdc shell edm enable-admin -n Bundle_name -a EnterpriseAdminExtensionAbility class name 80# Enable a BYOD device administrator application. 81hdc shell edm enable-admin -n Bundle_name -a EnterpriseAdminExtensionAbility class name -t byod 82# Disable an EnterpriseAdminExtensionAbility. 83hdc shell edm disable-admin -n Bundle_name 84``` 85 86> **NOTE** 87> 88> Only one super device administrator application can be enabled on a device. 89> 90> BYOD, or Bring Your Own Device, allows enterprise employees to use their own mobile devices, such as laptops, tablets, and smartphones, on premises to obtain internal information and operate authorized enterprise applications. 91> 92> <!--RP5--><!--RP5End--> 93 94<!--RP6--><!--RP6End--> 95