Back to top

Applicable policies for Knox Manage agent

Last updated June 26th, 2024

The following policies are available for Knox Manage Agent:

Policy Description Supported devices
Maximum Failed Sign-in Attempts Set the maximum number of incorrect password attempts before access is restricted. The value can be between 0 - 10 times. Android iOS Windows 10
> Sign-in Failure Policy

Select the action to be performed when the maximum number of failed attempts is reached.

  • None: The device is unrestricted.
  • Factory reset: Resets the user device.
  • Lock device: Locks the device.
  • Lock Knox Manage Agent: Locks the Knox Manage Agent.
Android iOS Windows 10
Use Lock Screen

Allows the use of the lock screen for the Knox Manage Agent.

This policy has no effect on shared Android devices.

Android iOS Windows 10
Install Area

Select where to install the Knox Manage Agent.

  • General Area
  • Knox Workspace
Android
Lock Screen After (sec) Set the duration for locking the device when the user has not set up a password for the screen lock. The value can be between 300--3600 seconds. Android iOS Windows 10
Lock Knox Workspace Screen After (sec)

Set the duration for locking the Knox Workspace area screen when the application is not used for a certain period of time. The value can be between 300--3600 seconds.

The KWS license is required to set this policy.

Android
> Fingerprint Authentication Allows the use of the fingerprint unlock control. Android iOS
> Maximum Password Entry Attempts Set the maximum number of incorrect password attempts before access is restricted. The value can be between 0 - 10 times. Android iOS Windows 10
>> Password Entry Failure Policy

Select the action to be performed when the maximum number of failed attempts is reached.

  • None: The device is unrestricted.
  • Factory reset: Resets the user device.
  • Lock device: Locks the device.
  • Lock Knox Manage Agent: Locks the Knox Manage Agent.
Android iOS Windows 10
> Minimum Password Length Set the minimum length of the password. The value can be between 6--20 characters. Android iOS Windows 10
> Requirements for Password

Select to include which character type in a password.

  • At least 1 capital letter
  • At least 1 number
  • At least 1 special character
Android iOS Windows 10
> Allow 3 Consecutive Characters Allows 3 or more consecutive characters to be used in a password. Android iOS Windows 10
KM Agent Auto Update
  • Starting with the Knox Manage console 21.1 release, these settings are available under the Basic configuration settings menu. To go to this menu option, go to Settings > Basic configuration > Device page. For more information, see Basic configuration > Device settings.
  • Even if this option is set to Do not use, if the Auto Update Apps on Android Enterprisesetting is set to Always auto update, then the Knox Manage agent is automatically updated.
Allow Unenroll Request Allows the disabling buttons on the device so that deactivation requests can be sent. Android iOS
Show All Applied Policies Allows showing all of the policies applied on the policy list in the Knox Manage Agent. Android iOS
Limitation of the Download Screen Display in the Public Application Limits the display of the download screens of public applications in the Knox Manage Agent. Only the registered public applications are displayed on the download screen. Android iOS
Availability for Android Version Control Checks the Android OS version and performs actions when the device violates the OS version and conditions. Android
> Recommended Version Sets the Android OS version. Android
> Conditions for Checking OS Version

Sets the conditions for the recommended OS version to apply the violation measures.

  • Allow recommended version only
  • Allow recommended version or below only
  • Allow recommended version or above only
Android
> OS Version Violation Policy

Select an action to perform when the device violates the OS version and conditions.

  • Lock device: Locks the device.
Android
Availability for iOS Version Control Checks the iOS OS version and performs actions when the device violates the OS version and the conditions. iOS
> Recommended Version Sets the iOS OS version. iOS
> Version Control Policy

Sets the conditions for the recommended OS version to apply the violation measures.

  • Allow recommended version only
  • Allow recommended version or below only
  • Allow recommended version or above only
iOS
> OS Version Violation Policy

Select an action to perform when the device violates the OS version and the conditions.

  • Lock device: Locks the device.
iOS
Windows 10 Desktop Data Deployment Sets the data distribution mechanisms for Windows 10 desktops. Windows 10
> PPKG File Select a data provisioning package (PPKG) file to apply to the desktops. In the TMS Admin Portal, navigate to Management > Service Profile, and click . Then, navigate to Settings > Windows 10 > PPKG File Management, and select a provisioning package. Windows 10
Windows 10 Mobile Data Deployment Sets the data distribution mechanisms for the Windows 10 mobile devices. Windows 10
> PPKG File Select a data provisioning package (PPKG) file to apply on the mobile devices. In the TMS Admin Portal, navigate to Management > Service Profile, and click . Then, navigate to Settings > Windows 10 > PPKG File Management, and select a provisioning package. Windows 10
Allow collecting location data

Set whether to collect location data from iOS and Windows devices.

Values

  • Allow
  • Disallow

For iOS devices, device users must set the location collection policy on their devices as Always Allow.

For Windows devices, the Location policy must be set to Force location on.

iOS, Windows 10

Is this page helpful?