Back to top

SIM control policy

Last updated December 6th, 2023

Set a default SIM control configuration

This functionality is only available upon request. Please contact your Knox Guard administrator to enable this feature.

Configure a default bundle of settings that restrict SIM functionality or lock the device. This default policy can be used consistently across deployments until more granular modifications are needed for specific deployment objectives. You can add a maximum of ten SIM control policies. SIM cards that match the MCC/MNC codes entered in a SIM control policy can be used without restriction on devices that receive SIM control policies in the Devices menu. Any unlisted SIM cards can be configured to restrict some functionality as well as lock the device. For dual-SIM devices, restrictions only apply to the unlisted SIM card. Each mobile device carrier has their own unique MCC and MNC pair. You can list a maximum of 50 MCC/MNC pairs. For step-by-step instructions to apply this policy to selected user devices, see Enable and disable SIM control.

To set a default SIM control configuration for Knox Guard managed devices:

  1. Select Policies from the left-hand navigation menu.

  2. Select SIM CONTROL under the ADVANCED CONTROLS field.

    SIM control screen showing policy options

  3. Enter the Policy name. It can’t match an existing policy name.

  4. Fill the MCC and MNC fields for SIM control restriction exclusion.

  5. Set the following restrictions for the unlisted MCC/MNC:

    Restriction Result
    Make outgoing calls Restricts the device's ability to make phone calls.
    Receive incoming calls Restrcits the device's ability to recieve phone calls.
    Send or receive SMS/MMS/RCS Restricts the device's ability to send and receive text messages.
    Data usage Prevents apps on the device from consuming mobile data.
    Check the insert allowed SIM (Apply when the allowed SIM is inserted) If the device is dual-SIM and an allowed SIM card is present, allows the other SIM to use restricted features. If this setting is selected, you can choose which features to allow for the other SIM.
    Apply the above restrictions when international roaming is in use Restricts the device's phone, text and data usage when connecting to a mobile network in a country other than the device's original country of deployment. This setting applies to restricted SIMs in a dual-SIM device only.
    Lock device

    Locks the device in order to prevent the usage of unlisted SIM cards.

    The available sub-settings are:

    • Mobile Number Lock. Allows customers to enable or disable IMSI policies regardless of whether MCC/MNC information is provided.
    • Turn on network registration verification. Validates that a blocked SIM card is not being misused by verifying that the connected network matches the allowlisted networks (via MCC/MNC).
    • Block incoming calls when device is locked. You can add phone numbers that are allowed to call.
    • Allow PIN Code unlock. Allows the SIM locked device to be unlocked using a PIN. For details, see How to unlock devices using pin code?
  6. Enter the contact information for your support services in the CUSTOMER SUPPORT OPTIONS section.

  7. The Advanced support methods section is also displayed on the SIM lock page but is centrally configured in Lock screen.

  8. (Optional) Click Primary support option to select the main support contact information. It is centrally configured in Lock screen.

  9. Select SAVE to commit the default SIM control settings.

Delete SIM control policy

You can only delete a policy if it isn’t currently applied to any device.

To delete a SIM control policy:

  1. Go to Policies.
  2. Select SIM CONTROL in the ADVANCED CONTROLS section.
  3. Click the X next to the SIM control policy you want to delete.

SIM control screen showing policy delete buttons

Is this page helpful?