- Basics
- About Knox
- Knox licenses
- Knox white paper
- Sign up for Samsung Knox
- Latest release notes
- General Knox FAQ
- General Knox KBAs
- Submit a support ticket
- User Acceptance Testing
- For IT admins
- Knox Admin Portal
- Knox Suite
- Knox Platform for Enterprise
- Introduction
- How-to videos
- Before you begin
- Get started with UEMs
- Introduction
- Blackberry UEM
- Citrix Endpoint Management
- FAMOC
- IBM MaaS360
- Microsoft Intune
- MobileIron Cloud
- MobileIron Core
- Samsung Knox Manage
- SOTI MobiControl
- VMware Workspace ONE UEM
- Knox Service Plugin
- Release notes
- Migrate to Android 11
- FAQs
- Troubleshoot
- KBAs
- Knox Mobile Enrollment
- Knox Configure
- Mobile
- Wearables
- Shared Device
- FAQ
- KBAs
- Knox Capture
- Introduction
- How it works
- How-to videos
- IT admins: Get started
- Getting started with Knox Capture
- Step 1: Launch Knox Capture
- Step 2: Create a scanning profile
- Step 3: Select apps and activities
- Step 4: Configure the scanner
- Step 5: Set keystroke output rules
- Step 6: Test apps in your configuration
- Step 7: Share your configuration
- Step 8: Deploy Knox Capture in Managed mode
- End users: Get started
- Features
- Release notes
- FAQ
- KBAs
- Troubleshoot
- Knox Asset Intelligence
- Knox Manage
- Introduction
- How-to videos
- Get started
- Video: Getting started with Knox Manage
- Integration with Managed Service Provider
- Access Knox Manage
- Configure basic environments
- Create user accounts
- Create groups
- Create organization
- Set up devices and profiles
- Create a new profile
- Assign profiles to groups and organizations
- Enroll devices
- Shared Android device quickstart
- Non-shared Android device enrollment quickstart
- Android Management API device enrollment quickstart
- Apple User Enrollment quickstart
- View device information
- Apply profiles to organizations
- Set up Knox Manage deployment with a Knox Suite license
- Manage Chromebooks
- Manage Android devices with the Android Management API
- Manage Shared iPads
- Configure
- Licenses
- Organization
- Users
- Sync user information
- Groups
- Devices
- Content
- Applications
- Profile
- Knox E-FOTA
- Certificates
- Advanced settings
- Monitor
- Kiosk devices
- Knox Remote Support
- Active Directory
- Microsoft Exchange
- Mobile Admin
- Appendix
- Release notes
- Features
- FAQ
- KBAs
- Knox E-FOTA
- Introduction
- How-to videos
- Get started
- Features
- EMM integration
- Appendix
- Release notes
- FAQ
- KBAs
- Troubleshoot
- Knox E-FOTA On-Premises
- Legacy Knox E-FOTA products
- Knox Guard
- Introduction
- How-to video
- Get started
- Using Knox Guard
- Dashboard
- Manage devices
- Device management
- Accept or reject devices
- Upload devices
- Delete devices
- Complete device management
- Send notifications
- Enable or disable SIM control
- Download devices as CSV
- View device log
- View device deletion log
- Start and stop blinking reminder
- Lock and unlock devices
- Update lock message
- Send relock timestamp
- Turn on/off relock reminder
- Manage policies
- Manage licenses
- Manage resellers
- Manage admins and roles
- Activity log
- Knox Deployment App
- Release notes
- FAQ
- KBAs
- Support
- Open API reference
- Samsung Care+ for Business
- For Knox Partners
- Knox Deployment Program
- Knox MSP Program
How to restrict a user from sharing or accessing device data to prevent security breaches
Environment
- Knox Manage (KM)
- Device Owner
Overview
This article provides information on how to restrict a user from sharing or accessing device data. This information will be helpful in various use cases, such as the following:
- Users sharing device data via various apps.
- Stolen or lost devices with sensitive information on SD cards.
- Users attempting to export data through printing.
How can I restrict the access and sharing of device data?
There are multiple ways a user can share device data to a PC or other devices. We can restrict a user and secure the device so that no one will be able to access and read stolen data.
Below is a list of policies and solutions to restrict a user.
Users can connect a device to PC in order to access storage. We can disallow this, which will be helpful in the case of a stolen device.
- Profile > Android Enterprise > Interface > PC Connection > Disallow.
Users can share any file to other devices through Bluetooth. With this policy, they will not be able to share through Bluetooth.
- Profile > Android Enterprise > Interface > Bluetooth Share > Disallow.
Users can share data to other devices through Wi-Fi Direct. With this policy, they will not be able to use Wi-Fi Direct.
- Profile > Android Enterprise > Interface > Wi-Fi > Allow and then Wi-Fi Direct > Disallow.
Data can be breached if users are able to use the print service. With this policy, users will not be able to print any content like PDF, Word documents, images, etc.
- Profile > Android Enterprise > Interface > Printing > Disallow.
If the device is stolen, the SD card data can be read by inserting the card in any other device. With this policy, the saved data will be encrypted and inaccessible.
- Profile > Android Enterprise > System > Encryption for Storage > Allow.
Users can use the Share via feature in any app. With this policy, users will not be able to use the share data feature in any app.
- Profile > Samsung Knox Android Enterprise > System > Share via Apps > Disallow.
Through DeX, users can access the device on a desktop and control it. But users will not be able to share and control the enrolled device through DeX with this policy.
- Profile > Samsung Knox Android Enterprise > DeX > Allow DeX mode > Disallow.
Additional information
To read more about Knox Manage, please refer to the Knox Manage Guide.
For more about Knox Manage policies, see Configure profile policies by device platform.
