Configure profile policies by device platform
Last updated July 26th, 2023
In a device profile, you can configure policies for device controls, such as security and app policies. After, to deploy the policies, you can apply the profile to the assigned organization or group. Going forward, for devices running a Work Profile on a company-owned device, Knox Manage now supports Knox policies.
To add policies to a profile:
For detailed information about each of the look up items, see List of lookup items.
Navigate to Profile.
On the Profile page, click the name of the profile to configure policies for.
On the Profile Details page, click Modify Policy.
Configure the policy details by device platform. Each device platform has different groups of policies.
Select the platform to configure, for example, Samsung Knox.
Find the setting you want to configure by selecting the proper category or by performing a keyword search in the Search Policy field.
Configure the policy as needed.
Save the policy:
Click Save & Assign to save your changes and proceed to assigning the profile to groups or organizations.
Click Save to save your changes.
In the Profile Version Update dialog, enter a description for the changes you made in this version, then click OK.
Android policy details
When applying system updates to devices running Android 9 and higher, IT admins can now use the Freeze Period option to delay deployment of system update to target devices. The following are important points to consider:
- Support for all update policies — The Freeze Period option supports many update policies such as automatic, postpone, and windowed.
- Freeze periods apply one at a time — Currently, IT admins cannot set up freeze periods that overlap each other. IT admins can set up multiple freeze periods but only one freeze period applies to devices at one time.
- Freeze period duration — IT admins can add a total freeze period of 90 days.
- Multiple freeze periods — Two freeze periods cannot overlap each other and must remain separated by a minimum of 60 days.
Chrome OS policy details
On Knox Manage, Chrome OS organizations, users, and devices sync with the Google Admin console. By default, a Chrome OS policy on the Knox Manage console is unset and greyed out, because it inherits the setting from either a parent organization or the Google Admin console. When you apply a policy setting on the Knox Manage console, you are in fact overriding it.
Within an enterprise, organizations have parent-child relationships with each other. If an organization has no parent, unset policies show as Inherit from Google Default, which reflects that the original policy values come from the Google Admin console. If an organization is a child of another organization, its unset policies show as Inherit from parent organization, which reflects that the original policy values come from its parent. If a child organization has children, its policy overrides cascade down to its children.
In order to set a policy, you must first deactivate its inheritance by selecting Locally applied from the drop-down next to it:
Is this page helpful?