UX for enabling/disabling app install lockdown mode

Off the top of my head, a flexible UX would to allow install lockdown to be toggled at any point. To keep it safe, it would require a pin/fingerprint to change. I think that UX would only make sense if there is an existing pattern we can follow regarding a "secure setting". Having this only configurable at setup would be good for the most secure setups, like where an IT dept hones a standard setup, then sets up all employee devices. But would make it a lot harder for lots of use cases. Like if a freelance journalist is setting up their own device, but want it as locked down as possible. I guess those different UXes could be handled by different MDM apps.

I think it makes sense to follow a well established UX for this, so we should look at some existing MDM setups for ideas. There are some existing MDM UXs that do allow settings to be changed, but perhaps only via remote management.

Here is one MDM app to draw from: https://f-droid.org/en/packages/org.flyve.mdm.agent.mqtt/