Back to top

Configure profile policies by device platform

Last updated March 26th, 2024

In a device profile, you can configure policies for device controls, such as security and app policies. After, to deploy the policies, you can apply the profile to the assigned organization or group. Going forward, for devices running a Work Profile on a company-owned device, Knox Manage now supports Knox policies.

To add policies to a profile:

For detailed information about each of the look up items, see List of lookup items.

  1. Navigate to Profile.

  2. On the Profile page, click the name of the profile to configure policies for.

  3. On the Profile Details page, click Modify Policy.

  4. Configure the policy details by device platform. Each device platform has different groups of policies.

    1. Select the platform to configure, for example, Samsung Knox.

    2. Find the setting you want to configure by selecting the proper category or by performing a keyword search in the Search Policy field.

    3. Configure the policy as needed.

  5. Save the policy:

    • Click Save & Assign to save your changes and proceed to assigning the profile to groups or organizations.

    • Click Save to save your changes.

  6. In the Profile Version Update dialog, enter a description for the changes you made in this version, then click OK.

Android policy details

Freeze periods

When applying system updates to devices running Android 9 and higher, IT admins can now use the Freeze Period option to delay deployment of system update to target devices. The following are important points to consider:

  • Support for all update policies. The Freeze Period option supports many update policies such as automatic, postpone, and windowed.

  • Freeze periods apply one at a time. Currently, IT admins can’t set up freeze periods that overlap each other. IT admins can set up multiple freeze periods but only one freeze period applies to devices at a time.

  • Freeze period duration. IT admins can add a total freeze period of 90 days.

  • Multiple freeze periods. Two freeze periods can’t overlap each other and must remain separated by a minimum of 60 days.

ChromeOS policy details

On Knox Manage, ChromeOS organizations, users, and devices sync with the Google Admin console. By default, a ChromeOS policy on the Knox Manage console is unset and greyed out, because it inherits the setting from either a parent organization or the Google Admin console. When you apply a policy setting on the Knox Manage console, you are in fact overriding it.

Within an enterprise, organizations have parent-child relationships with each other. If an organization has no parent, unset policies show as Inherit from Google Default, which reflects that the original policy values come from the Google Admin console. If an organization is a child of another organization, its unset policies show as Inherit from parent organization, which reflects that the original policy values come from its parent. If a child organization has children, its policy overrides cascade down to its children.

In order to set a policy, you must first deactivate its inheritance by selecting Locally applied from the drop-down next to it:

Selecting Locally applied from the local override drop-down.

Is this page helpful?