Android

Password

    Password required : Numerical password
    Policy defines requirements for device password. Once done, user must set the device password.
  • Password length
  • Number of attempts to unlock
  • Number of passwords saved
  • Password expiration
  • Allow unlock device using fingerprint
  • Allow the iris scanner
  • Allow face recognition
  • Password required : Compound password
    Policy defines requirements for device password. Once done, user must set the device password.
  • Password length
  • Required number of numerical characters
  • Required number of lower case characters
  • Required number of capital characters.
  • Required number of special characters
  • Number of attempts to unlock
  • Number of passwords saved
  • Password expiration
  • Allow unlock device using fingerprint
  • Allow the iris scanner
  • Allow face recognition

Security

    Allow clearing of application data
  • Allow clearing of application data.
  • Take action after exceeding the device’s inactivity time
  • Policy determines whether a defined action should be taken (Clear device data or Clear company data) after a specified period of inactivity. Action will be taken automatically if the last contact of the device with the server exceeds the defined inactivity time.
  • Force device periodically connection to the server
  • Policy determines whether the device have to connect to the MDM server at a specific time interval. Enabling this policy forces the device to contact the server periodically. The date of the last connection will be saved on the server each time.
  • Require device encryption
  • Policy forces the device to be encrypted if it is supported by the device.

Samsung Knox

Password

    Password required : Pattern
    Policy defines requirements for device password. Once done, user must set the device password.
    Password required : Numerical password
    Policy defines requirements for device password. Once done, user must set the device password.
  • Password length
  • Number of attempts to unlock
  • Number of passwords saved
  • Password expiration
  • Allow unlock device using fingerprint
  • Allow the iris scanner
  • Allow face recognition
  • Password required : Compound password
    Policy defines requirements for device password. Once done, user must set the device password.
  • Password length
  • Required number of numerical characters
  • Required number of lower case characters
  • Required number of capital characters.
  • Required number of special characters
  • Number of attempts to unlock
  • Number of passwords saved
  • Password expiration
  • Allow unlock device using fingerprint
  • Allow the iris scanner
  • Allow face recognition
  • Require lock screen message
    Policy determines whether a defined message is visible on the locked screen of the device. If the policy is disabled, the user can set his own message. The message can contain up to 300 characters.
  • Lock screen message – In the window you can define the message that is sent to the device and displayed on the locked screen of the device. The global variables are active in the popup pane. So, if you set {UserDisplayName} to a device with this policy, a value matching the global variable for that user will be sent.
  • Require device lock with wrong password
  • The policy allows you to enter a device lock after a certain number of unsuccessful attempts to enter the password by the user. The policy works simultaneously with the policy “Number of attempts to unlock”.

Functionality

    Allow use of the camera
  • Policy determines whether you can use microphone. If the policy is disabled, the policy results in deactivation of the mike. No apps using the mike are working. Policy requires KNOX Standard SDK 2.0.0
  • Allow voice calls while roaming
  • Policy determines whether the user can make voice calls when the device is in roaming. Policy requires KNOX Standard SDK 3.0.0
  • Allow use of Bluetooth
  • Policy determines whether you can use Bluetooth. Policy requires KNOX Standard SDK 2.0.0
  • Allow use of NFC
  • Policy determines whether you can use NFC. Policy requires KNOX Standard SDK 2.0.0
  • Allow Wi-Fi
  • Policy determines whether the device can connect to a Wi-Fi network. If the policy will be disabled and then re-enabled, the device can not connect to the Wi-Fi network until the device is restarted.
  • Allow Wi-Fi Direct
  • Policy determines whether the device can use Wi-Fi Direct technology. The policy also applies to S Beam functionality on Samsung devices. Policy requires KNOX Standard SDK 4.0.0
  • Allow VPN
  • Policy determines whether the device can make a VPN connection. If the policy is disabled, the user also cannot access the VPN connection settings. Policy requires KNOX Standard SDK 2.2.0
  • Allow mobile data usage while roaming
  • Policy determines whether the device can use mobile data transfer while roaming. Policy requires KNOX Standard SDK 1.0.0
  • Allow automatic sync while roaming
  • Policy determines whether the device may automatically synchronizes account and application data while roaming. If the policy is disabled, the user cannot synchronize data and cannot change these settings. Policy requires KNOX Standard SDK 1.0.0
  • Allow WAP push while roaming
  • Policy determines whether the device can receive WAP messages while roaming. If the policy is disabled, the device cannot receive MMS message and the user cannot change these settings. Policy requires KNOX Standard SDK 1.0.0
  • Allow use USB OTG
  • Policy determines whether the user can connect external devices such as a pendrive or a memory card reader using the USB OTG port installed in the device. If the policy is disabled, the user cannot connect any external device using the USB OTG. Policy requires KNOX Standard SDK 4.0.0
  • Allow Media Transfer Protocol (MTP)
  • Policy determines whether the user can send data via USB via MPT protocol. If policy is disabled, uploads of photos using PTP protocol is also blocked. Policy requires KNOX Standard SDK 2.0.0
  • Allow use of microphone
  • Policy determines whether you can use microphone. Deactivating the policy results in deactivation of the mike; no apps using the mike are working. Policy requires KNOX Standard SDK 2.0.0
  • Allow video recording
  • Policy defines if audio recording is allowed. It applies to voice calls, voice identification, and VoIP technology. Policy requires KNOX Standard SDK 2.0.0.
  • Allow date and time changes
  • Policy determines whether the user can change the date and time on the device. Policy requires KNOX Standard SDK 3.0.0.
  • Force automatic time sync
  • The policy determines whether the device should automatically update the date and time. The policy requires Standard SDK 2.0.0.
  • Manage location services
  • Policy allows you to specify one of three location service status in which a user: must use, cannot use or can choose whether want to use location services. Policy requires KNOX Standard SDK 2.0.0
  • Allow adding email accounts
  • Policy defines if user may add email accounts. Policy requires KNOX Standard SDK 4.0.0.
  • Allow Google auto-sync
  • Policy determine whether the device can automatically sync Google accounts (like Gmail) and automatically update apps from the Google Play store. If the policy is disabled, the user can still sync accounts and update the application manually. Policy requires KNOX Standard SDK 5.0.0
  • Allow multiple user accounts
  • Policy determines whether multiple user accounts can be created on the device. Policy requires KNOX Standard SDK 4.0.0
  • Allow users to modify the Settings app
  • Policy determines whether the user can make changes to the device settings. Policy requires KNOX Standard SDK 2.0.0.
  • Allow sending Crash Reports to Google
  • Policy defines if the device may send error reports to Google. Policy requires KNOX Standard SDK 3.0.0
  • Allow to change the screen wallpaper
  • Policy determines whether the user can change the screen wallpaper.

Apps

    Allow using cookies
  • Policy defines if browser may use cookies. Policy requires KNOX Standard SDK 2.0.0.
  • Allow autocomplete of fields
  • Policy defines if browser may use autocomplete. Policy requires KNOX Standard SDK 2.0.0.
  • Allow use of JavaScript
  • Policy defines if browser may use JavaScript. Policy requires KNOX Standard SDK 2.0.0
  • Allow pop-ups
  • Policy defines if browser should block pop-ups. Policy requires KNOX Standard SDK 2.0.0.
  • Allow use Google Play
  • Policy defines the use of services such as Gmail, Google Settings, Google Play.
  • Allow using Google services
  • Policy defines the use of services such as Gmail, Google Settings, Google Play.
  • Allow installation of non Google Play apps
  • Policy determines whether a user can install apps other than the Google Play store apps. If the policy is disabled, the user cannot change this setting on the device. If the policy is enabled, the user can access the user interface, which allow installs applications other than the Google Play store apps. Policy requires KNOX Standard SDK 2.0.0
  • Allow Android Backup Service
  • Policy determines whether the user can backup the device using Google services. Device is backup is stored on Googles servers. Policy requires KNOX Standard SDK 2.0.0
  • Allow uninstall apps
  • Policy determines whether the user can uninstall the applications installed on device.

Security

    Allow take screenshots.
  • Policy defines if user can take screenshots. Policy requires KNOX Standard SDK 2.0.0
  • Allow tethering
  • Policy determines whether the device can share mobile data transfer with other devices using Bluetooth, USB, Wi-Fi. Policy requires KNOX Standard SDK 2.0.0
  • Allow developer mode
  • Policy determines whether the user can enable Developer Mode. If the policy is disabled, the Developer Mode return to the default settings. Policy requires KNOX Standard SDK 5.0.0
  • Allow USB debugging mode
  • Policy defines use of USB debugging mode. Policy requires KNOX Standard SDK 2.0.0
  • Require fast device encryption
  • Policy determines whether the user can use the devices fast encryption option. Encryption of the device will be accelerated, but only limited data will be encrypted. Policy requires a security password. Policy requires KNOX Standard SDK 5.0.0
  • Allow SD card
  • The policy determines whether the user can use an external SD memory card. If the policy is disabled, the system automatically blocks access to the external SD memory card.
  • Require SD card encryption
  • Policy forces the external SD memory card to be encrypted if supported by the device. Policy requires KNOX Standard SDK 2.0.0
  • Allow the user to deactivate the MDM agent
  • The policy determines whether the user can deactivate the device from the MDM agent.
  • Block the possibility of operating system updates
  • Policy determines whether the user can restore the device to factory settings. Policy requires KNOX Standard 2.0.0
  • Block the factory reset of your device
  • Policy determines whether the user can restore the device to factory settings. Policy requires KNOX Standard 2.0.0
  • Allow firmware recovery
  • Policy determines whether the user can start recovery mode to restore the operating system. Policy requires KNOX Standard 5.0.0
  • Allow clearing of application data
  • Allow clearing of application data
  • Allow the user to de-activate the device administrator for the Proget application
  • The policy determines whether the user can deactivate the device administrator for the Proget application in device settings. If the policy will be disabled, user cannot deactivate the necessary rights for the Proget application and then disconnect the device from the MDM server.
  • Allow using two SIM cards at the same time
  • Policy determines whether you can use two SIM cards at the same time if the device supports two SIM card slots. If the policy is turned off, the device will be blocked until the second SIM card is removed.
  • Take action after exceeding the device”s inactivity time
  • Policy determines whether a defined action should be taken (Clear device data or Clear company data) after a specified period of inactivity. Action will be taken automatically if the last contact of the device with the server exceeds the defined inactivity time.
  • Block the SIM card with the PIN code for slot 1
  • Policy defines whether the device should save a permanent PIN code to unlock the SIM card. Turning on a permanent PIN will block the company”s SIM card usage on another device. Each time a company device is turned on, device will automatically unlocks the SIM card using the permanent PIN code. However, if the SIM card is moved to another device, it will remain locked because the PIN code is not known to the user. The policy applies to slot 1.
  • Block the SIM card with PIN code for slot 2 (if applicable)
  • Policy defines whether the device should save a permanent PIN code to unlock the SIM card. Turning on a permanent PIN will block the company”s SIM card usage on another device. Each time a company device is turned on, device will automatically unlocks the SIM card using the permanent PIN code. However, if the SIM card is moved to another device, it will remain locked because the PIN code is not known to the user. The policy applies to slot 2 (if applicable).
  • Force device periodically connection to the server
  • Policy determines whether the device have to connect to the MDM server at a specific time interval. Enabling this policy forces the device to contact the server periodically. The date of the last connection will be saved on the server each time.
  • Require device encryption
  • Policy forces the device to be encrypted if it is supported by the device.
  • Service password
  • The service password allows to define a password to unlock a blocked device, i.e. lost mode. The password defined in the policy works simultaneously with the password on the device card.

Connectivity

    Allow data on mobile network
    Policy determines whether the device can use mobile data. Policy requires KNOX Standard SDK 3.0.0
  • Force mobile data transmission rules
  • Allow incoming calls
    Policy determines whether the user can receive incoming calls. Policy requires KNOX Standard SDK 3.0.0
  • Force incoming phone call rules
  • Allow incoming MMS
    Policy determines whether the device can receive incoming MMS. Policy requires KNOX Standard SDK 3.0.0
  • Force incoming MMS rules
  • Allow incoming SMS
    Policy determines whether the device can receive incoming SMS. Policy requires KNOX Standard SDK 3.0.0
  • Force incoming SMS rules
  • Allow outgoing calls
    Policy determines whether the user can make outgoing calls. Policy requires KNOX Standard SDK 3.0.0
  • Force outgoing phone call rules
  • Allow outgoing MMS
    Policy determines whether the device can send MMS. Policy requires KNOX Standard SDK 3.0.0
  • Force outgoing MMS rules
  • Allow outgoing SMS
    Policy determines whether the device can send SMS. Policy requires KNOX Standard SDK 3.0.0
  • Force outgoing SMS rules

Android Enterprise – Profile Owner

Password – Android

    Password required : Pattern
    Policy defines requirements for device password. Once done, user must set the device password.
    Password required : Numerical password
    Policy defines requirements for device password. Once done, user must set the device password.
  • Password length
  • Number of attempts to unlock
  • Number of passwords saved
  • Allow unlock device using fingerprint
  • Allow the iris scanner
  • Allow face recognition
  • Password required : Compound password
    Policy defines requirements for device password. Once done, user must set the device password.
  • Password length
  • Required number of numerical characters
  • Required number of lower case characters
  • Required number of capital characters.
  • Required number of special characters
  • Number of attempts to unlock
  • Number of passwords saved
  • Allow unlock device using fingerprint
  • Allow the iris scanner
  • Allow face recognition

Password – Android Enterprise

    Password required : Pattern
    Policy defines requirements for device password. Once done, user must set the device password.
    Password required : Numerical password
    Policy defines requirements for device password. Once done, user must set the device password.
  • Password length
  • Number of attempts to unlock
  • Number of passwords saved
  • Password expiration
  • Allow unlock device using fingerprint
  • Allow the iris scanner
  • Allow face recognition
  • Password required : Compound password
    Policy defines requirements for device password. Once done, user must set the device password.
  • Password length
  • Required number of numerical characters
  • Required number of lower case characters
  • Required number of capital characters.
  • Required number of special characters
  • Number of attempts to unlock
  • Number of passwords saved
  • Password expiration
  • Allow unlock device using fingerprint
  • Allow the iris scanner
  • Allow face recognition
  • Max inactive time
  • Policy defines user inactive time duration, then blanks the screen and blocks the device with the current password.

Functionality

    Allowed input methods
  • Policy determines whether the user can use any input method (for example, a keyboard), only the input methods provided by the device, or only the input methods provided by the device plus additional input methods you specify. This rule applies only to devices running Android 5.0.0 and later.

Apps

    Allow using Google services
  • Policy defines the use of services such as Gmail, Google Settings, Google Play.
  • Allow uninstall apps
  • Policy determines whether the user can uninstall the applications installed in the container.
  • Specify how to grant permissions for apps
  • Policy determines how the permissions for applications are granted. Policy determines whether application permissions are granted automatically, are automatically discarded, or whether the user can decide.
  • Google Play Auto-Update
  • The policy defines how to update applications from Google Play

Security

    Allow take screenshots.
  • Policy defines if user can take screenshots. Policy requires KNOX Standard SDK 2.0.0
  • Allow installation of applications from unknown sources
  • Policies determine whether a user can install applications from unknown sources such as * .apk
  • Allow copying of text between the container and the device
  • Policy determines whether the user can copy between spaces, content generated in the container or device.
  • Allow searching for contacts in private space
  • The Policy determines whether user can search for business contacts in private space.
  • Allow you to identify your work contact for incoming calls
  • The Policy determines whether caller ID information from the managed profile will be shown in the personal space.
  • Allow the user to deactivate the MDM agent
  • The policy determines whether the user can deactivate the device from the MDM agent.
  • Allow clearing of application data
  • Allow clearing of application data
  • Allow adding and deleting Google accounts
  • Policy determines whether a user can add and delete Google accounts in the Android Enterprise container. If the policy is turned off, the user can not add new or delete existing Google accounts.
  • Allow using two SIM cards at the same time
  • Policy determines whether you can use two SIM cards at the same time if the device supports two SIM card slots. If the policy is turned off, the device will be blocked until the second SIM card is removed.
  • Take action after exceeding the device”s inactivity time
  • Policy determines whether a defined action should be taken (Clear device data or Clear company data) after a specified period of inactivity. Action will be taken automatically if the last contact of the device with the server exceeds the defined inactivity time.
  • Force device periodically connection to the server
  • Policy determines whether the device have to connect to the MDM server at a specific time interval. Enabling this policy forces the device to contact the server periodically. The date of the last connection will be saved on the server each time.
  • Service password
  • The service password allows to define a password to unlock a blocked device, i.e. lost mode. The password defined in the policy works simultaneously with the password on the device card.

Android Enterprise – Device Owner

Password

    Password required : Pattern
    Policy defines requirements for device password. Once done, user must set the device password.
    Password required : Numerical password
    Policy defines requirements for device password. Once done, user must set the device password.
  • Password length
  • Number of attempts to unlock
  • Number of passwords saved
  • Password expiration
  • Allow unlock device using fingerprint
  • Allow the iris scanner
  • Allow face recognition
  • Password required : Compound password
    Policy defines requirements for device password. Once done, user must set the device password.
  • Password length
  • Required number of numerical characters
  • Required number of lower case characters
  • Required number of capital characters.
  • Required number of special characters
  • Number of attempts to unlock
  • Number of passwords saved
  • Password expiration
  • Allow unlock device using fingerprint
  • Allow the iris scanner
  • Allow face recognition
  • Require lock screen message
    Policy determines whether a defined message is visible on the locked screen of the device. The message can contain up to 100 characters. This rule applies only to devices running Android 7.0 and later.
  • Lock screen message – In the window you can define the message that is sent to the device and displayed on the locked screen of the device. The global variables are active in the popup pane. So, if you set {UserDisplayName} to a device with this policy, a value matching the global variable for that user will be sent.
  • Require device lock with wrong password
  • The policy allows you to enter a device lock after a certain number of unsuccessful attempts to enter the password by the user. The policy works simultaneously with the policy “Number of attempts to unlock”.

Functionality

    Allow Bluetooth configuration
  • Policy determines whether the user can connect to other devices using a Bluetooth connection. If policy is disabled, the ability to set up new connections is blocked. Bluetooth connections which was added before policy implementation will continue to be active but will be not editable.
  • Allow camera
  • Policy determines whether the user can use camera
  • Allow microphone
  • Policy determines whether the user can use microphone
  • Allow configuring mobile networks
  • Policy determines whether the user can change the mobile network settings such as network access points, operating mode, network operators. This rule applies only to devices running Android 5.0.0 and later.
  • Allow mobile data usage while roaming
  • Policy determines whether the user can use cellular data when the device is in roaming. If the policy is disabled, the user cannot use the Internet while the device is in roaming.
  • Allow tethering configuration and mobile hotspots
  • Policy determines whether the user can set up a tethering and mobile hotspot. This rule applies only to devices running Android 5.0.0 and later.
  • Allows add Wi-Fi connections
  • Policy determines whether the user can add new Wi-Fi connections. If policy is disabled, the ability to set up new connections is blocked. Wi-Fi connections which was added before policy implementation will continue to be active but will be not editable.
  • Specify settings for Wi-Fi sleep configuration
  • Policy determines the Wi-Fi sleep settings when the device is idle. This rule applies only to devices running Android 4.2.0 and later.
  • Allow user-configured VPN
  • Policy determines whether the user can manually configure the VPN profile and change the settings of already added VPN connections. VPN profiles which was added before policy implementation will continue to be active. This rule applies only to devices running Android 6.0.0 and later.
  • Allow mounting physical media
  • Policy determines whether the user can mounting physical media such as SD card and flash drive using USB OTG. This rule applies only to devices running Android 5.0.0 and later.
  • Allow deleting users
  • Policy determines whether the user can delete other users from the device. The second user can delete only his own account. This rule applies only to devices running Android 4.3.0 and later.
  • Allow outgoing calls
  • Policy determines whether the user can make outgoing calls.
  • Allow SMS messages
  • Policy determines whether the user can send and receive SMS. This rule applies only to devices running Android 5.0.0 and later.
  • Allow USB file transfer
  • Policy determines whether the user can transfer data from and to the device using a USB connection. This rule applies only to devices running Android 4.3.0 and later.
  • Set time automatically
  • Policy determines whether the user can change the time settings. If the policy is enabled, the user cannot manually change the time on the device. This rule applies only to devices running Android 5.0.0 and later.
  • Set timezone automatically
  • Policy determines whether the device can automatically change the time zone. If the policy is enabled, the user cannot change the time zone on the device.
  • Allowed input methods
  • Policy determines whether the user can use any input method (for example, a keyboard), only the input methods provided by the device, or only the input methods provided by the device plus additional input methods you specify. This rule applies only to devices running Android 5.0.0 and later.
  • Allowed accessibility services
  • Policy determine accessibility services that the user can access. By default the user can use any accessibility service. System accessibility services may be for example Voice Assistant. This rule applies only to devices running Android 5.0.0 and later.
  • Default launcher
  • Policy determines the package ID of the launcher app that must be used on the device. For this rule to apply to the device, you must push the launcher app to the device. This rule applies only to devices running Android 5.0.0 and later.
  • Manage location services
  • Policy determines one of four location settings in which you can: force of using the high localization accuracy, allow only location using GPS, force of using the battery saving mode or disable location services.

Apps

    Allow uninstall apps
  • Policy determines whether the user can uninstall the applications installed in the container.
  • Specify how to grant permissions for apps
  • Policy determines how the permissions for applications are granted. Policy determines whether application permissions are granted automatically, are automatically discarded, or whether the user can decide.
  • Google Play Auto-Update
  • The policy defines how to update applications from Google Play

Security

    Allow adding users
  • Policy determines whether the user can add new users and user profiles to the device. This rule applies only to devices running Android 5.0.0 and later.
  • Allow adding and delete users
  • Policy determines whether the user can add and delete accounts such as the mail account. This rule applies only to devices running Android 4.3.0 and later.
  • Allow take screenshots.
  • Policy determines whether the user can take screenshots. This rule applies only to devices running Android 5.0.0 and later.
  • Allow USB debugging mode
  • Policy determines whether the user can enable and use development options. This rule applies only to devices running Android 5.0.0 and later.
  • Allow safe boot of the device
  • Policy determines whether the user can start safe mode on the device. In safe mode, the device starts up without the third party applications.
  • Allow factory reset
  • Policy determines whether the user can restore the device to factory. Restoring device to factory removes the MDM agent and device will be unmanaged.
  • Allow the user to deactivate the MDM agent
  • The policy determines whether the user can deactivate the device from the MDM agent.
  • Allow clearing of application data
  • Allow clearing of application data
  • Allow installation of non Google Play apps
  • Policy determine whether a user can install non-Google Play apps using the ACTION_INSTALL_PACKAGE mechanism. This rule applies only to devices running Android 5.1.0 and later.
  • Allow adding and deleting Google accounts
  • Policy determines whether a user can add and delete Google accounts in the Android Enterprise container. If the policy is turned off, the user can not add new or delete existing Google accounts.
  • Allow using two SIM cards at the same time
  • Policy determines whether you can use two SIM cards at the same time if the device supports two SIM card slots. If the policy is turned off, the device will be blocked until the second SIM card is removed.
  • Take action after exceeding the device”s inactivity time
  • Policy determines whether a defined action should be taken (Clear device data or Clear company data) after a specified period of inactivity. Action will be taken automatically if the last contact of the device with the server exceeds the defined inactivity time.
  • Force device periodically connection to the server
  • Policy determines whether the device have to connect to the MDM server at a specific time interval. Enabling this policy forces the device to contact the server periodically. The date of the last connection will be saved on the server each time.
  • Service password
  • The service password allows to define a password to unlock a blocked device, i.e. lost mode. The password defined in the policy works simultaneously with the password on the device card.

Location

    Manage location modes
  • Policy allows to define the mode in which the location on the device should be run.
  • Manage location state
  • Policy allows to set location services on the device.