Menu

How to restrict a user from sharing or accessing device data to prevent security breaches

Environment

  • Knox Manage (KM)
  • Device Owner

Overview

This article provides information on how to restrict a user from sharing or accessing device data. This information will be helpful in various use cases, such as the following:

  • Users sharing device data via various apps.
  • Stolen or lost devices with sensitive information on SD cards.
  • Users attempting to export data through printing.

How can I restrict the access and sharing of device data?

There are multiple ways a user can share device data to a PC or other devices. We can restrict a user and secure the device so that no one will be able to access and read stolen data.

Below is a list of policies and solutions to restrict a user.

Users can connect a device to PC in order to access storage. We can disallow this, which will be helpful in the case of a stolen device.

  • Profile > Android Enterprise > Interface > PC Connection > Disallow.

Users can share any file to other devices through Bluetooth. With this policy, they will not be able to share through Bluetooth.

  • Profile > Android Enterprise > Interface > Bluetooth Share > Disallow.

Users can share data to other devices through Wi-Fi Direct. With this policy, they will not be able to use Wi-Fi Direct.

  • Profile > Android Enterprise > Interface > Wi-Fi > Allow and then Wi-Fi Direct > Disallow.

Data can be breached if users are able to use the print service. With this policy, users will not be able to print any content like PDF, Word documents, images, etc.

  • Profile > Android Enterprise > Interface > Printing > Disallow.

If the device is stolen, the SD card data can be read by inserting the card in any other device. With this policy, the saved data will be encrypted and inaccessible.

  • Profile > Android Enterprise > System > Encryption for Storage > Allow.

Users can use the Share via feature in any app. With this policy, users will not be able to use the share data feature in any app.

  • Profile > Samsung Knox Android Enterprise > System > Share via Apps > Disallow.

Through DeX, users can access the device on a desktop and control it. But users will not be able to share and control the enrolled device through DeX with this policy.

  • Profile > Samsung Knox Android Enterprise > DeX > Allow DeX mode > Disallow.

Additional information

To read more about Knox Manage, please refer to the Knox Manage Guide.

For more about Knox Manage policies, please refer to the Knox Manage Policies.