Android

Password

Password required : Empty
Policy defines requirements for device password. Once done, user must set the device password.
Password required : Numerical password
Policy defines requirements for device password. Once done, user must set the device password.
Password length
Number of attempts to unlock
Number of passwords saved
Password expiration
Allow unlock device using fingerprint
Allow the iris scanner
Allow face recognition
Password required : Compound password
Policy defines requirements for device password. Once done, user must set the device password.
Password length
Required number of numerical characters
Required number of lower case characters
Required number of capital characters.
Required number of special characters
Number of attempts to unlock
Number of passwords saved
Password expiration
Allow unlock device using fingerprint
Allow the iris scanner
Allow face recognition

Security

Allow clearing of application data
Allow clearing of application data.
Take action after exceeding the device’s inactivity time
Policy determines whether a defined action should be taken (Clear device data or Clear company data) after a specified period of inactivity. Action will be taken automatically if the last contact of the device with the server exceeds the defined inactivity time.
Force device periodically connection to the server
Policy determines whether the device have to connect to the MDM server at a specific time interval. Enabling this policy forces the device to contact the server periodically. The date of the last connection will be saved on the server each time.
Require device encryption
Policy forces the device to be encrypted if it is supported by the device.

Samsung Knox

Password

Password required : Pattern
Policy defines requirements for device password. Once done, user must set the device password.
Password required : Numerical password
Policy defines requirements for device password. Once done, user must set the device password.
Password length
Number of attempts to unlock
Number of passwords saved
Password expiration
Allow unlock device using fingerprint
Allow the iris scanner
Allow face recognition
Password required : Compound password
Policy defines requirements for device password. Once done, user must set the device password.
Password length
Required number of numerical characters
Required number of lower case characters
Required number of capital characters.
Required number of special characters
Number of attempts to unlock
Number of passwords saved
Password expiration
Allow unlock device using fingerprint
Allow the iris scanner
Allow face recognition
Require lock screen message
Policy determines whether a defined message is visible on the locked screen of the device. If the policy is disabled, the user can set his own message. The message can contain up to 300 characters.
Lock screen message – In the window you can define the message that is sent to the device and displayed on the locked screen of the device. The global variables are active in the popup pane. So, if you set {UserDisplayName} to a device with this policy, a value matching the global variable for that user will be sent.
Require device lock with wrong password
The policy allows you to enter a device lock after a certain number of unsuccessful attempts to enter the password by the user. The policy works simultaneously with the policy “Number of attempts to unlock”.

Functionality

Allow use of the camera
Policy determines whether you can use microphone. If the policy is disabled, the policy results in deactivation of the mike. No apps using the mike are working. Policy requires KNOX Standard SDK 2.0.0
Allow voice calls while roaming
Policy determines whether the user can make voice calls when the device is in roaming. Policy requires KNOX Standard SDK 3.0.0
Allow use of Bluetooth
Policy determines whether you can use Bluetooth. Policy requires KNOX Standard SDK 2.0.0
Allow use of NFC
Policy determines whether you can use NFC. Policy requires KNOX Standard SDK 2.0.0
Allow Wi-Fi
Policy determines whether the device can connect to a Wi-Fi network. If the policy will be disabled and then re-enabled, the device can not connect to the Wi-Fi network until the device is restarted.
Allow Wi-Fi Direct
Policy determines whether the device can use Wi-Fi Direct technology. The policy also applies to S Beam functionality on Samsung devices. Policy requires KNOX Standard SDK 4.0.0
Allow VPN
Policy determines whether the device can make a VPN connection. If the policy is disabled, the user also cannot access the VPN connection settings. Policy requires KNOX Standard SDK 2.2.0
Allow mobile data usage while roaming
Policy determines whether the device can use mobile data transfer while roaming. Policy requires KNOX Standard SDK 1.0.0
Allow automatic sync while roaming
Policy determines whether the device may automatically synchronizes account and application data while roaming. If the policy is disabled, the user cannot synchronize data and cannot change these settings. Policy requires KNOX Standard SDK 1.0.0
Allow WAP push while roaming
Policy determines whether the device can receive WAP messages while roaming. If the policy is disabled, the device cannot receive MMS message and the user cannot change these settings. Policy requires KNOX Standard SDK 1.0.0
Allow use USB OTG
Policy determines whether the user can connect external devices such as a pendrive or a memory card reader using the USB OTG port installed in the device. If the policy is disabled, the user cannot connect any external device using the USB OTG. Policy requires KNOX Standard SDK 4.0.0
Allow Media Transfer Protocol (MTP)
Policy determines whether the user can send data via USB via MPT protocol. If policy is disabled, uploads of photos using PTP protocol is also blocked. Policy requires KNOX Standard SDK 2.0.0
Allow use of microphone
Policy determines whether you can use microphone. Deactivating the policy results in deactivation of the mike; no apps using the mike are working. Policy requires KNOX Standard SDK 2.0.0
Allow video recording
Policy defines if audio recording is allowed. It applies to voice calls, voice identification, and VoIP technology. Policy requires KNOX Standard SDK 2.0.0.
Allow date and time changes
Policy determines whether the user can change the date and time on the device. Policy requires KNOX Standard SDK 3.0.0.
Force automatic time sync
The policy determines whether the device should automatically update the date and time. The policy requires Standard SDK 2.0.0.
Manage location services
Policy allows you to specify one of three location service status in which a user: must use, cannot use or can choose whether want to use location services. Policy requires KNOX Standard SDK 2.0.0
Allow adding email accounts
Policy defines if user may add email accounts. Policy requires KNOX Standard SDK 4.0.0.
Allow Google auto-sync
Policy determine whether the device can automatically sync Google accounts (like Gmail) and automatically update apps from the Google Play store. If the policy is disabled, the user can still sync accounts and update the application manually. Policy requires KNOX Standard SDK 5.0.0
Allow multiple user accounts
Policy determines whether multiple user accounts can be created on the device. Policy requires KNOX Standard SDK 4.0.0
Allow users to modify the Settings app
Policy determines whether the user can make changes to the device settings. Policy requires KNOX Standard SDK 2.0.0.
Allow sending Crash Reports to Google
Policy defines if the device may send error reports to Google. Policy requires KNOX Standard SDK 3.0.0
Allow to change the screen wallpaper
Policy determines whether the user can change the screen wallpaper.

Apps

Allow using cookies
Policy defines if browser may use cookies. Policy requires KNOX Standard SDK 2.0.0.
Allow autocomplete of fields
Policy defines if browser may use autocomplete. Policy requires KNOX Standard SDK 2.0.0.
Allow use of JavaScript
Policy defines if browser may use JavaScript. Policy requires KNOX Standard SDK 2.0.0
Allow pop-ups
Policy defines if browser should block pop-ups. Policy requires KNOX Standard SDK 2.0.0.
Allow use Google Play
Policy defines the use of services such as Gmail, Google Settings, Google Play.
Allow using Google services
Policy defines the use of services such as Gmail, Google Settings, Google Play.
Allow installation of non Google Play apps
Policy determines whether a user can install apps other than the Google Play store apps. If the policy is disabled, the user cannot change this setting on the device. If the policy is enabled, the user can access the user interface, which allow installs applications other than the Google Play store apps. Policy requires KNOX Standard SDK 2.0.0
Allow Android Backup Service
Policy determines whether the user can backup the device using Google services. Device is backup is stored on Googles servers. Policy requires KNOX Standard SDK 2.0.0
Allow uninstall apps
Policy determines whether the user can uninstall the applications installed on device.

Security

Allow take screenshots.
Policy defines if user can take screenshots. Policy requires KNOX Standard SDK 2.0.0
Allow tethering
Policy determines whether the device can share mobile data transfer with other devices using Bluetooth, USB, Wi-Fi. Policy requires KNOX Standard SDK 2.0.0
Allow developer mode
Policy determines whether the user can enable Developer Mode. If the policy is disabled, the Developer Mode return to the default settings. Policy requires KNOX Standard SDK 5.0.0
Allow USB debugging mode
Policy defines use of USB debugging mode. Policy requires KNOX Standard SDK 2.0.0
Require fast device encryption
Policy determines whether the user can use the devices fast encryption option. Encryption of the device will be accelerated, but only limited data will be encrypted. Policy requires a security password. Policy requires KNOX Standard SDK 5.0.0
Allow SD card
The policy determines whether the user can use an external SD memory card. If the policy is disabled, the system automatically blocks access to the external SD memory card.
Require SD card encryption
Policy forces the external SD memory card to be encrypted if supported by the device. Policy requires KNOX Standard SDK 2.0.0
Allow the user to deactivate the MDM agent
The policy determines whether the user can deactivate the device from the MDM agent.
Block the possibility of operating system updates
Policy determines whether the user can restore the device to factory settings. Policy requires KNOX Standard 2.0.0
Block the factory reset of your device
Policy determines whether the user can restore the device to factory settings. Policy requires KNOX Standard 2.0.0
Allow firmware recovery
Policy determines whether the user can start recovery mode to restore the operating system. Policy requires KNOX Standard 5.0.0
Allow clearing of application data
Allow clearing of application data
Allow the user to de-activate the device administrator for the Proget application
The policy determines whether the user can deactivate the device administrator for the Proget application in device settings. If the policy will be disabled, user cannot deactivate the necessary rights for the Proget application and then disconnect the device from the MDM server.
Allow using two SIM cards at the same time
Policy determines whether you can use two SIM cards at the same time if the device supports two SIM card slots. If the policy is turned off, the device will be blocked until the second SIM card is removed.
Take action after exceeding the device”s inactivity time
Policy determines whether a defined action should be taken (Clear device data or Clear company data) after a specified period of inactivity. Action will be taken automatically if the last contact of the device with the server exceeds the defined inactivity time.
Block the SIM card with the PIN code for slot 1
Policy defines whether the device should save a permanent PIN code to unlock the SIM card. Turning on a permanent PIN will block the company”s SIM card usage on another device. Each time a company device is turned on, device will automatically unlocks the SIM card using the permanent PIN code. However, if the SIM card is moved to another device, it will remain locked because the PIN code is not known to the user. The policy applies to slot 1.
Block the SIM card with PIN code for slot 2 (if applicable)
Policy defines whether the device should save a permanent PIN code to unlock the SIM card. Turning on a permanent PIN will block the company”s SIM card usage on another device. Each time a company device is turned on, device will automatically unlocks the SIM card using the permanent PIN code. However, if the SIM card is moved to another device, it will remain locked because the PIN code is not known to the user. The policy applies to slot 2 (if applicable).
Force device periodically connection to the server
Policy determines whether the device have to connect to the MDM server at a specific time interval. Enabling this policy forces the device to contact the server periodically. The date of the last connection will be saved on the server each time.
Require device encryption
Policy forces the device to be encrypted if it is supported by the device.
Service password
The service password allows to define a password to unlock a blocked device, i.e. lost mode. The password defined in the policy works simultaneously with the password on the device card.

Connectivity

Allow data on mobile network
Policy determines whether the device can use mobile data. Policy requires KNOX Standard SDK 3.0.0
Force mobile data transmission rules
Allow incoming calls
Policy determines whether the user can receive incoming calls. Policy requires KNOX Standard SDK 3.0.0
Force incoming phone call rules
Allow incoming MMS
Policy determines whether the device can receive incoming MMS. Policy requires KNOX Standard SDK 3.0.0
Force incoming MMS rules
Allow incoming SMS
Policy determines whether the device can receive incoming SMS. Policy requires KNOX Standard SDK 3.0.0
Force incoming SMS rules
Allow outgoing calls
Policy determines whether the user can make outgoing calls. Policy requires KNOX Standard SDK 3.0.0
Force outgoing phone call rules
Allow outgoing MMS
Policy determines whether the device can send MMS. Policy requires KNOX Standard SDK 3.0.0
Force outgoing MMS rules
Allow outgoing SMS
Policy determines whether the device can send SMS. Policy requires KNOX Standard SDK 3.0.0
Force outgoing SMS rules

Android Enterprise – Profile Owner

Password – Android

Password required : Pattern
Policy defines requirements for device password. Once done, user must set the device password.
Password required : Numerical password
Policy defines requirements for device password. Once done, user must set the device password.
Password length
Number of attempts to unlock
Number of passwords saved
Allow unlock device using fingerprint
Allow the iris scanner
Allow face recognition
Password required : Compound password
Policy defines requirements for device password. Once done, user must set the device password.
Password length
Required number of numerical characters
Required number of lower case characters
Required number of capital characters.
Required number of special characters
Number of attempts to unlock
Number of passwords saved
Allow unlock device using fingerprint
Allow the iris scanner
Allow face recognition

Password – Android Enterprise

Password required : Pattern
Policy defines requirements for device password. Once done, user must set the device password.
Password required : Numerical password
Policy defines requirements for device password. Once done, user must set the device password.
Password length
Number of attempts to unlock
Number of passwords saved
Password expiration
Allow unlock device using fingerprint
Allow the iris scanner
Allow face recognition
Password required : Compound password
Policy defines requirements for device password. Once done, user must set the device password.
Password length
Required number of numerical characters
Required number of lower case characters
Required number of capital characters.
Required number of special characters
Number of attempts to unlock
Number of passwords saved
Password expiration
Allow unlock device using fingerprint
Allow the iris scanner
Allow face recognition
Max inactive time
Policy defines user inactive time duration, then blanks the screen and blocks the device with the current password.

Functionality

Allowed input methods
Policy determines whether the user can use any input method (for example, a keyboard), only the input methods provided by the device, or only the input methods provided by the device plus additional input methods you specify. This rule applies only to devices running Android 5.0.0 and later.

Apps

Allow using Google services
Policy defines the use of services such as Gmail, Google Settings, Google Play.
Allow uninstall apps
Policy determines whether the user can uninstall the applications installed in the container.
Specify how to grant permissions for apps
Policy determines how the permissions for applications are granted. Policy determines whether application permissions are granted automatically, are automatically discarded, or whether the user can decide.
Google Play Auto-Update
The policy defines how to update applications from Google Play

Security

Allow take screenshots.
Policy defines if user can take screenshots. Policy requires KNOX Standard SDK 2.0.0
Allow installation of applications from unknown sources
Policies determine whether a user can install applications from unknown sources such as * .apk
Allow copying of text between the container and the device
Policy determines whether the user can copy between spaces, content generated in the container or device.
Allow searching for contacts in private space
The Policy determines whether user can search for business contacts in private space.
Allow you to identify your work contact for incoming calls
The Policy determines whether caller ID information from the managed profile will be shown in the personal space.
Allow the user to deactivate the MDM agent
The policy determines whether the user can deactivate the device from the MDM agent.
Allow clearing of application data
Allow clearing of application data
Allow adding and deleting Google accounts
Policy determines whether a user can add and delete Google accounts in the Android Enterprise container. If the policy is turned off, the user can not add new or delete existing Google accounts.
Allow using two SIM cards at the same time
Policy determines whether you can use two SIM cards at the same time if the device supports two SIM card slots. If the policy is turned off, the device will be blocked until the second SIM card is removed.
Take action after exceeding the device”s inactivity time
Policy determines whether a defined action should be taken (Clear device data or Clear company data) after a specified period of inactivity. Action will be taken automatically if the last contact of the device with the server exceeds the defined inactivity time.
Force device periodically connection to the server
Policy determines whether the device have to connect to the MDM server at a specific time interval. Enabling this policy forces the device to contact the server periodically. The date of the last connection will be saved on the server each time.
Service password
The service password allows to define a password to unlock a blocked device, i.e. lost mode. The password defined in the policy works simultaneously with the password on the device card.

Android Enterprise – Device Owner

Password

Password required : Empty
Policy defines requirements for device password. Once done, user must set the device password.
Password required : Pattern
Policy defines requirements for device password. Once done, user must set the device password.
Password required : Numerical password
Policy defines requirements for device password. Once done, user must set the device password.
Password length
Number of attempts to unlock
Number of passwords saved
Password expiration
Allow unlock device using fingerprint
Allow the iris scanner
Allow face recognition
Password required : Compound password
Policy defines requirements for device password. Once done, user must set the device password.
Password length
Required number of numerical characters
Required number of lower case characters
Required number of capital characters.
Required number of special characters
Number of attempts to unlock
Number of passwords saved
Password expiration
Allow unlock device using fingerprint
Allow the iris scanner
Allow face recognition
Require lock screen message
Policy determines whether a defined message is visible on the locked screen of the device. The message can contain up to 100 characters. This rule applies only to devices running Android 7.0 and later.
Lock screen message – In the window you can define the message that is sent to the device and displayed on the locked screen of the device. The global variables are active in the popup pane. So, if you set {UserDisplayName} to a device with this policy, a value matching the global variable for that user will be sent.
Require device lock with wrong password
The policy allows you to enter a device lock after a certain number of unsuccessful attempts to enter the password by the user. The policy works simultaneously with the policy “Number of attempts to unlock”.

Functionality

Allow Bluetooth configuration
Policy determines whether the user can connect to other devices using a Bluetooth connection. If policy is disabled, the ability to set up new connections is blocked. Bluetooth connections which was added before policy implementation will continue to be active but will be not editable.
Allow camera
Policy determines whether the user can use camera
Allow microphone
Policy determines whether the user can use microphone
Allow configuring mobile networks
Policy determines whether the user can change the mobile network settings such as network access points, operating mode, network operators. This rule applies only to devices running Android 5.0.0 and later.
Allow mobile data usage while roaming
Policy determines whether the user can use cellular data when the device is in roaming. If the policy is disabled, the user cannot use the Internet while the device is in roaming.
Allow tethering configuration and mobile hotspots
Policy determines whether the user can set up a tethering and mobile hotspot. This rule applies only to devices running Android 5.0.0 and later.
Allows add Wi-Fi connections
Policy determines whether the user can add new Wi-Fi connections. If policy is disabled, the ability to set up new connections is blocked. Wi-Fi connections which was added before policy implementation will continue to be active but will be not editable.
Specify settings for Wi-Fi sleep configuration
Policy determines the Wi-Fi sleep settings when the device is idle. This rule applies only to devices running Android 4.2.0 and later.
Allow user-configured VPN
Policy determines whether the user can manually configure the VPN profile and change the settings of already added VPN connections. VPN profiles which was added before policy implementation will continue to be active. This rule applies only to devices running Android 6.0.0 and later.
Allow mounting physical media
Policy determines whether the user can mounting physical media such as SD card and flash drive using USB OTG. This rule applies only to devices running Android 5.0.0 and later.
Allow deleting users
Policy determines whether the user can delete other users from the device. The second user can delete only his own account. This rule applies only to devices running Android 4.3.0 and later.
Allow outgoing calls
Policy determines whether the user can make outgoing calls.
Allow SMS messages
Policy determines whether the user can send and receive SMS. This rule applies only to devices running Android 5.0.0 and later.
Allow USB file transfer
Policy determines whether the user can transfer data from and to the device using a USB connection. This rule applies only to devices running Android 4.3.0 and later.
Set time automatically
Policy determines whether the user can change the time settings. If the policy is enabled, the user cannot manually change the time on the device. This rule applies only to devices running Android 5.0.0 and later.
Set timezone automatically
Policy determines whether the device can automatically change the time zone. If the policy is enabled, the user cannot change the time zone on the device.
Allowed input methods
Policy determines whether the user can use any input method (for example, a keyboard), only the input methods provided by the device, or only the input methods provided by the device plus additional input methods you specify. This rule applies only to devices running Android 5.0.0 and later.
Allowed accessibility services
Policy determine accessibility services that the user can access. By default the user can use any accessibility service. System accessibility services may be for example Voice Assistant. This rule applies only to devices running Android 5.0.0 and later.
Default launcher
Policy determines the package ID of the launcher app that must be used on the device. For this rule to apply to the device, you must push the launcher app to the device. This rule applies only to devices running Android 5.0.0 and later.
Manage location services
Policy determines one of four location settings in which you can: force of using the high localization accuracy, allow only location using GPS, force of using the battery saving mode or disable location services.

Apps

Allow uninstall apps
Policy determines whether the user can uninstall the applications installed in the container.
Specify how to grant permissions for apps
Policy determines how the permissions for applications are granted. Policy determines whether application permissions are granted automatically, are automatically discarded, or whether the user can decide.
Google Play Auto-Update
The policy defines how to update applications from Google Play

Security

Allow adding users
Policy determines whether the user can add new users and user profiles to the device. This rule applies only to devices running Android 5.0.0 and later.
Allow adding and delete users
Policy determines whether the user can add and delete accounts such as the mail account. This rule applies only to devices running Android 4.3.0 and later.
Allow take screenshots.
Policy determines whether the user can take screenshots. This rule applies only to devices running Android 5.0.0 and later.
Allow USB debugging mode
Policy determines whether the user can enable and use development options. This rule applies only to devices running Android 5.0.0 and later.
Allow safe boot of the device
Policy determines whether the user can start safe mode on the device. In safe mode, the device starts up without the third party applications.
Allow factory reset
Policy determines whether the user can restore the device to factory. Restoring device to factory removes the MDM agent and device will be unmanaged.
Allow the user to deactivate the MDM agent
The policy determines whether the user can deactivate the device from the MDM agent.
Allow clearing of application data
Allow clearing of application data
Allow installation of non Google Play apps
Policy determine whether a user can install non-Google Play apps using the ACTION_INSTALL_PACKAGE mechanism. This rule applies only to devices running Android 5.1.0 and later.
Allow adding and deleting Google accounts
Policy determines whether a user can add and delete Google accounts in the Android Enterprise container. If the policy is turned off, the user can not add new or delete existing Google accounts.
Allow using two SIM cards at the same time
Policy determines whether you can use two SIM cards at the same time if the device supports two SIM card slots. If the policy is turned off, the device will be blocked until the second SIM card is removed.
Take action after exceeding the device”s inactivity time
Policy determines whether a defined action should be taken (Clear device data or Clear company data) after a specified period of inactivity. Action will be taken automatically if the last contact of the device with the server exceeds the defined inactivity time.
Force device periodically connection to the server
Policy determines whether the device have to connect to the MDM server at a specific time interval. Enabling this policy forces the device to contact the server periodically. The date of the last connection will be saved on the server each time.
Service password
The service password allows to define a password to unlock a blocked device, i.e. lost mode. The password defined in the policy works simultaneously with the password on the device card.

Location

Manage location modes
Policy allows to define the mode in which the location on the device should be run.
Manage location state
Policy allows to set location services on the device.