Android policies

Allows the device user and apps to operate the camera.

Values

• Allow (default)
• Don't allow

Allows the device user and apps to take screenshots.

Values

• Allow (default)
• Don't allow

Allows the device user to factory reset the device.

Values

• Allow (default)
• Don't allow

Allows the device user to toggle developer mode.

Values

• Allow (default)
• Don't allow

Android 8 and higher

Allows using a mock location for development or test purposes. Applies to Samsung devices only.

Android 8 and higher

Knox 2.0 and higher

Allows limiting background processes on the device.

Allows closing all apps when the device user signs out of the device

Allows use of the Safe Mode on the device.

Android 8 and higher

Determines the schedule for firmware updates on the device.

Values

• Automatically install updates when available (default). The device will perform firmware updates as soon as they become available.
• Postpone updates for 30 days after it becomes available. For each firmware update, the device will wait 30 days before applying it.

• Set a time period. The device will perform firmware updates during a specified period in the day. If set, you must also define the start and end of the period:

  • From. Specifies the start of the update period, in 24-hour time format.
  • To. Specifies the end of the update period, in 24-hour time format.

Additionally, you can schedule one or more freeze periods, which are stretches of time where the device won't apply any firmware updates, on top of whichever update setting you select. These periods will recur every year. You can configure as many freeze periods as you need.

• Start date. Specifies the month and day to begin the firmware freeze period.
• End date. Specifies the month and day to end the firmware freeze period.

Click ADD ANOTHER PERIOD to schedule an additional freeze period.

Specifies start time and end time to install updates.

Specifies dates on which to block installation of updates.

Allows backup of device data.

Values

• Allow (default)
• Don't allow

Android 8 and higher

Allows the device user to adjust the clock and current date.

Values

• Allow (default)
• Don't allow

Android 8 and higher

Allows the device user to set a certificate.

Values

• Allow (default)
• Don't allow

Android 8 and higher

Allows the device user to change the language.

Values

• Allow (default)
• Don't allow

Android 8 and higher

Allows the device user to change the screen brightness setting.

Values

• Allow (default)
• Don't allow

Android 8 and higher

Allows the always on display feature that displays information on the lock screen.

Values

• Allow (default)
• Don't allow

Android 8 and higher

Allows the device user to run the Easter egg game on a device.

Values

• Allow (default)
• Don't allow

Android 8 and higher

Allows both the device user and apps to change the wallpaper.

Values

• Allow
• Don't allow

Applies a custom wallpaper on the device.

Values

• Set for home and lock screen (default)
• Set for home screen only
• Set for Lock screen only

Specifies a custom wallpaper to apply to the home screen. Only available if the Set custom wallpaper policy is set for both the home and lock screens.

Values

1. To add custom images, click Browse. The image file can be in BMP, GIF, ICO, JPG, JPEG, or PNG format and can't exceed 10 MB in size.
2. Select Portrait or Landscape to specify the display orientation.

Specifies a custom wallpaper to apply to the home screen. Only available if the Set custom wallpaper policy is set for both the home and lock screens.

Values

1. To add custom images, click Browse. The image file can be in BMP, GIF, ICO, JPG, JPEG, or PNG format and can't exceed 10 MB in size.
2. Select Portrait or Landscape to specify the display orientation.

Specifies a custom wallpaper to apply to the home or lock screen. Only available if the Set custom wallpaper policy is set for home screen or lock screen.

Values

1. To add custom images, click Browse. The image file can be in BMP, GIF, ICO, JPG, JPEG, or PNG format and can't exceed 10 MB in size.
2. Select Portrait or Landscape to specify the display orientation.

Allows display of notification messages on the device.

Values

• Allow (default)
• Don't allow

Allows the display of notifications related to app crashes.

Values

• Allow
• Don't allow

Allows display of custom messages on the device. A default message is displayed if you don't set a custom message.

Values

• Set custom short message. The short message shows in a dialog on the device.
• Set custom long message. The long message displays when device users view more details.

Allows the display of notification messages on locked screen of a device.

Values

• Write message. The maximum length is 65 characters.

Allows the use of the device's microphone.

Values

• Allow (default)
• Don't allow

Allows recording with the microphone.

Values

• Allow (default)
• Don't allow

Allows the adjustment of volume

Values

• Allow (default)
• Don't allow

Allows the use of voice calls on non-Samsung devices.

Values

• Allow (default)
• Don't allow

Allows users to send text messages on non-Samsung devices.

Values

• Allow (default)
• Don't allow

Allows devices to receive emergency alerts from carriers.

Values

• Allow (default)
• Don't allow

Allows you to upload contact lists using a downloadable template.

Select BULK UPLOAD. On the page that opens, you can download a Microsoft Excel template or upload your contact list.

Select a measure to take when a compromised OS is detected.

Values

• Lock device (default) — Locks the device.
• Factory reset — Resets the user device but not the SD card.
• Factory reset and initialize SD Card — Factory resets the user device and the SD card.

Enables factory reset protection. When this security measure is enabled, if the device undergoes a factory reset it can't be reactivated without the previous user's Google Account.

Values

• Allow — (default) Enables factory reset protection for all devices that use this profile.
• Don't Allow — Disables factory reset protection.

To enable factory reset protection:

1. Set the value to Allow.
2. For the Google users field, enter the email address of the Google Account that will protect devices using this profile. This account must be appropriate for use by support providers.

3. Use the people.get method from the Google People API to get your Google ID. You can use the Google API reference's in-built API explorer to call the API. In the request parameters set:
   • resourceName field — people/me
   • personalFields field — metadata

4. Execute the API request and copy the value of the ID field in the response.
5. Back on the Knox Manage console, paste the copied ID value in the Google User ID field.

If factory reset protection is configured to allow specific accounts, you may be required to verify those accounts by entering them on screen upon factory-resetting the device. This requirement depends on the device management type and the factory reset method you used:

• For fully managed devices, only factory reset actions performed using device commands from the Knox Manage console require account verification. The verification step is not triggered if the factory reset is initiated through device settings.

• For work profiles on company-owned devices, initiating a factory reset from both device commands and device settings triggers the account verification process.

Specifies the encryption of the device's internal storage or the external SD card.

Values

Select the storage to encrypt.

• System storage
• External SD card

Sets the type of lock screen allowed on a device.

Values

• Set Default Lock Screen. Users must use the password you set to unlock their device.
• Set Custom Lock Screen. Users can set their own password according to the specifications you set.

Sets the default password users must use to unlock their devices. Only available if the Screen lock policies is set to Set Default Lock Screen.

Values

Enter a password between 4 and 10 characters. Only alphanumeric characters are allowed.

Enforces the minimum complexity for the device's lock. There are three complexity levels, each pre-defined by the Android API. The device user must set a lock that meets or exceeds the minimum level.

You can enable this setting and the Set minimum strength at the same time. If you do so, this setting will apply to any assigned devices that are running Android 12 and higher, while Set minimum strength will apply to any devices running Android 8 to 11.

Only available if the Screen lock policies is set to Set Custom Lock Screen.

Values

• Low. The lock must be a pattern or PIN. Repeating (4444) and ordered (1234, 4321, 2468) sequences are allowed.
• Medium. The lock must be A PIN without repeating (4444) or ordered (1234, 4321, 2468) sequences. Or, it must be a password with 4 or more characters.
• High. The lock must be a PIN with 8 or more characters, without repeating (4444) or ordered (1234, 4321, 2468) sequences. Or, it must be a password with 6 or more characters.

Enforces the minimum strength for the device's lock. Each strength level uses a lock type with minimum strength requirements. For PINs and passwords, you can further define the minimum length and complexity requirements across multiple parameters. The device user must set a lock that meets or exceeds the minimum strength.

The password strength increases in the following descending order of the available values, with Weak Biometric being the weakest, and Complex being the strongest.

You can enable this setting and the Set minimum complexity at the same time. If you do so, this setting will apply to any assigned devices that are running Android 8 to 11, while Set minimum complexity will apply to any devices running Android 12 and higher.

Only available if the Screen lock policies is set to Set Custom Lock Screen.

Values

• Weak Biometric. A biometric recognition method.
• Pattern. A pattern.

• Numeric. A PIN.

• Numeric Complex. A pin with no repeating (4444) or ordered (1234, 4321, 2468) sequences.
• Alphabetic. A password with letter characters.
• Alphanumeric. A password with alphanumeric characters.
• Complex. A password with alphanumeric and special characters.

Depending on the value selected above, you must also set the parameters of the password strength:

• Minimum length (default is 4 for most strengths, and 6 for Complex). Specifies the minimum allowed length of the PIN. This value can be between 4 and 16 for most strengths, but is between 6 and 16 for Complex.

  Required if the password strength is set to Numeric, Numeric Complex, Alphabetic, Alphanumeric, or Complex.

• Minimum letters (default is 4). Specifies the minimum number of letters that the password must have.

  Required if the password strength is set to Complex.

• Minimum non-letters (default is 2). Specifies the minimum number of numbers and special characters that the password must have.

  Required if the password strength is set to Complex.

• Minimum lowercase letters (default is 3). Specifies the minimum number of lowercase letters that the password must have.

  Required if the password strength is set to Complex.

• Minimum capital letters (default is 1). Specifies the minimum number of capital letters that the password must have.

  Required if the password strength is set to Complex.

• Minimum special characters (default is 1). Specifies the minimum number of special characters that the password must have.

  Required if the password strength is set to Complex.

• Maximum sequential numbers (default is 10). Specifies the maximum length that any sequence of repeated numbers (such as 4444) can be in the PIN. Leave as 1 to disallow repeated sequences entirely.

  Required if the password strength is set to Numeric, Numeric Complex, Alphabetic, Alphanumeric, or Complex.

  Only takes effect on Samsung devices secured by Knox.

• Maximum sequential characters (default is 10). Specifies the maximum length that any sequence of repeated letters (such as aaaa) can be in the PIN. Leave as 1 to disallow repeated sequences entirely.

  Required if the password strength is set to Alphabetic, Alphanumeric, or Complex.

  Only takes effect on Samsung devices secured by Knox.

Specifies how long the lock will remain active before the device user must change it.

Only available if Set minimum complexity is turned on, or Set minimum strength is set to Pattern, Numeric, Numeric Complex, Alphabetic, Alphanumeric, or Complex.

Values

Enter the number of days, between 1 and 365. Default is 30.

You can also set:

• Notify users about expiring passwords (default off). Pushes a notification to the device that alerts the device user that the password will expire soon. Additionally, select how soon before expiration to send the notification:

  • 1 day before (default)
  • 3 day before
  • 5 day before
  • 7 day before

Specifies how many times how many times someone can fail to unlock the device in a row before the device takes action to protect itself.

Only available if Set minimum complexity is turned on, or Set minimum strength is set to Pattern, Numeric, Numeric Complex, Alphabetic, Alphanumeric, or Complex.

Values

Enter the number of failed unlock attempts are tolerated, between 1 and 10. Default is 1.

You can also set:

• Take action if attempts are exceeded (default off). Controls which action the device takes when the unlock attempt limit is reached. You can select from the following actions:

  • Lock device (default)
  • Factory reset + initialize SD card
  • Factory reset

If the lock complexity is low or its strength is weak, specifies how long after the device is unlocked that it relocks.

Values

Enter the number of hours, between 1 and 72. Default is 1.

Specifies the minimum number of new locks that must be registered before a user can reuse a previous lock.

Values

Enter the minimum number of locks, between 1 and 10. Default is 1.

Specifies what happens if the device user sets a lock that violates the minimum complexity or strength requirements.

Values

• Lock device
• Do nothing (default)

Choose which features to block when the screen is locked.

Values

• Trust agent
• Fingerprint (default)
• Iris (default)
• Face (default)
• Camera (default)
• Previews in pop-ups (default)
• Notification (default)

Specify whether to allow a device user to control the screen lock time setting.

Values

• Allow
• Don't allow

Specifies the longest duration that the device user can set for automatic screen timeout and lock.

Values

• 15 sec
• 30 sec
• 1 min
• 2 min
• 5 min
• 10 min (default)

Enter a description for the certificate.

Specify where the certificate should be installed.

Values

• Device

Specify what category of certificate you want to use.

Values

• EMM management certificate. Register an external certificate on the Knox Manage server for each network setting, and then verify each network setting using that certificate. All users share the same certificate.
• > Root
• > User
• Issuing external CA. Register a certificate obtained from an external certificate authority to Advanced > Certificate > Certificate Template. Then, you register a certificate template for each network setting, and verify it as a user certificate.

Add apps to grant them silent privileged access to use the certificate while running.

Values

Click SELECT APPS > select an app > CONFIRM.

Allows tethering.

Values

• Allow (default)
• Don't allow

Allows the device user to transfer files between the device and other devices through USB. Charging through the USB connector isn't affected.

Values

• Allow (default)
• Don't allow

Allows the device user to mount storage media connected through the SD card slot.

Values

• Allow (default)
• Don't allow

Controls Bluetooth availability.

Values

• Allow (default). The device user can turn Bluetooth on and off.
• Force off

Allows Bluetooth sharing.

Values

• Allow (default)
• Don't allow

Allows device users to control Bluetooth settings on their device.

Values

• Allow (default)
• Don't allow

Controls Wi-Fi availability.

Values

• Allow (default). The device user can turn Wi-Fi on and off.
• Force on
• Force off

Android 8 and higher

Controls the use of Wi-Fi Direct connection for Samsung devices.

Values

• Allow (default)
• Don't allow

Android 8 and higher

Knox 1.0 and higher

Allows the use of airplane mode.

Values

• Allow (default)
• Don't allow

Allows the use of VPN on a device.

Values

• Allow (default)
• Don't allow

Allows desktop's to connect with the user's device using Bluetooth.

Values

• Allow (default)
• Don't allow

Allows device search mode.

Values

• Allow (default)
• Don't allow

Allows the device to send print commands to connected printers.

Values

• Allow (default)
• Don't allow

Allows device users to reset network usage.

For Android 7 and lower devices, this applies to Samsung devices (Knox1 and higher) only.

Values

• Allow (default)
• Don't allow

Allows device users to configure the mobile network settings.

Values

• Allow (default)
• Don't allow

Allows transfer of data using NFC.

Values

• Allow (default)
• Don't allow

Allows a cellular data connection while using roaming service.

Values

• Allow (default)
• Don't allow

Determines the name of the policy.

Values

Enter a unique name for the policy. The name must:

• Be at least 3 characters long
• Contain only ASCII alphanumeric characters, and underscores (_)
• Not contain a space at the start or the end

Determines the name of the policy.

Values

Enter a name.

So that Knox Manage can correctly process and store the name, it must:

• Be between 3 and 50 characters long
• Contain only ASCII alphanumeric characters, and underscores (_)
• Not contain a space at the start or the end

Specifies a description for the policy that is displayed on the Knox Manage console.

Values

Enter a description up to 1,000 characters long.

The security protocol of the Wi-Fi network. This value must match the actual security protocol that the network uses.

Values

• None
• WPA/WPA2-PSK (default)
• 802.1xEAP

The password of the Wi-Fi network. This value must match the actual password that the network uses.

Only available if Security type is set to WPA/WPA2-PSK.

Values

Enter the password.

So that Knox Manage can correctly process and store the password, it must:

• Be between 8 and 30 characters long
• Contain at least one ASCII letter
• Not contain spaces

The Wi-Fi network's proxy. This value must match the actual proxy settings that the network uses.

Values

• None (default).

• Manual. The proxy settings are determined individually.

  • Proxy host name. The name of the proxy server.

    So that Knox Manage can correctly process and store the host name, it must:

    • Contain ASCII alphanumeric characters, colons (:), periods (.), dashes (-), underscores (_), and forward slashes (/).
  • Proxy port. The port of the proxy server. Must be a number between 1 and 5 digits long.

  • Proxy exception. A URL that isn't routed through the proxy.

    So that Knox Manage can correctly process and store the host name, it must:

    • Contain ASCII alphanumeric characters, colons (:), periods (.), dashes (-), and forward slashes (/).

    Click ADD ANOTHER EXCEPTION to create extra exceptions.

• Proxy automatic configuration. The proxy settings are loaded by an external file.

  • PAC Web address. The URL where the proxy auto-config (PAC) file is stored.

Assigns extra settings that control how the device interacts with the Wi-Fi network.

Values

• Automatically connect to Wi-Fi (default off). If in range of the network, the device will connect to it.
• Allow user to remove network from Knox Manage agent configuration (default on). Allows the user to remove the Wi-Fi policy from the Knox Manage agent. This setting has no effect on the network's entry Android Wi-Fi manager.
• Hide Wi-Fi (SSID) (default off). Hides the the network from the Android Wi-Fi manager. This setting has no effect on the Wi-Fi policy in the Knox Manage agent.

Specifies the description of the APN policy.

Specifies the name of the APN policy. Each configuration name must be unique.

Specifies which connection services to allow for this APN policy.

Values

• Default — Allows all services.
• MMS — (Multimedia Messaging Service).
• Supl — (Secure User Plane Location service).
• DUN — (Dial-Up Networking)
• HIPRI — (High Priority).
• FOTA — (Firmware Over-The-Air).
• IMS — (IP Multimedia Subsystem).
• CBS — (Cell Broadcast Service).
• IA — (Internet Access).
• EMERGENCY — (Emergency Access).
• MCX — (Mission Critical Services).
• XCAP — (XML Configuration Access Protocol).
• BIP — (Binary Object Store Access).
• VSIM — (Virtual SIM).
• ENTERPRISE — (Enterprise Access).
• RCS — (Rich Communication Services).

Specifies the MCC of the APN.

Values

Enter a 3-digit MCC. Click INSERT LOOKUP to browse and select available lookup items to include in the MCC.

Specifies the carrier's MNC for the APN.

Values

Enter a 2 or 3-digit MNC.

Click INSERT LOOKUP to browse and select available lookup items to include in the MNC.

Specifies the address of the carrier's MMS server.

Values

Enter a URL.

Specifies the address of the carrier's MMS proxy server.

Values

Enter an IP or domain.

Specifies the port of the carrier's MMS proxy server.

Values

Enter a port.

Specifies the address of the carrier's WAN proxy server.

Values

Enter a URL.

Specifies the port of the carrier's WAN proxy server.

Values

Enter a port.

Specifies the account username to use when connecting to the APN.

Values

Enter a username. By default, the field contains the ${UserName} lookup item, which substitutes for the username associated with the device in Knox Manage.

Specifies the account password to use when connecting to the APN.

Values

Enter a password.

Specifies the protocol to use when authenticating with the APN.

Values

• None — Disables authentication.
• PAP — Uses the Password Authentication Protocol (PAP), which requires a username and password.
• CHAP — Uses the Challenge-Handshake Authentication Protocol (CHAP), which implements challenge messages to validate identities.
• PAP or CHAP — Uses either the PAP or CHAP method, depending on which is available.

Specifies the communications protocol to use when connecting to the APN.

Values

• None
• IPV4
• IPV6
• IPV4/IPV6
• PPP

Specifies the communications protocol to use when connecting to the APN while the device is roaming.

Values

• IPV4
• IPV6
• IPV4/IPV6
• PPP

Specifies the type of identifier used by the APN's mobile virtual network operator (MVNO).

Values

• None
• SPN
• IMSI
• GID
• ICCID

Specifies which wireless broadcast standards can be used when connecting to the APN.

Values

• LTE
• HSPAP
• HSPA
• HSUPA
• HSDPA
• UMTS
• EDGE
• GPRS
• eHRPD
• NR
• EVDO_B
• EVDO_A
• EVDO_0
• 1xRTT
• CDMA
• TD_SCDMA
• IDEN
• GSM
• IWLAN

Allows a device user to delete APN settings.

Values

• None
• Allow
• Disallow

Controls the services that track the device's physical location.

Values

• Allow user to configure (default). Allows the device user to toggle location services.

• Allow user to configure and prompt for location accuracy. Turns on high-precision tracking for location services.

  When turned on, every app that requires location permissions asks the device user to choose a preferred precision.

• Force on. Requires Android 9 and higher.
• Force off

Specifies if collection of data requires user consent.

Values

• Automatic (default)
• Upon user consent

Specifies the time period after which location data must be collected.

Values

• 30 minutes (default)
• 1 hour
• 2 hour
• 4 hour
• 12 hour
• 24 hour

Allows the device user to install apps.

Values

• Allow (default)
• Don't allow

Allows the device user to uninstall apps.

Values

• Allow (default)
• Don't allow

Allows the device user to install Android apps from untrusted sources. This setting doesn't apply to apps on Google Play.

Values

• Allow (default)
• Don't allow

Allows device users to skip the tutorials available for apps.

Values

• Allow (default)
• Don't allow

Determines if device users can modify app settings.

Values

• Allow (default)
• Don't allow

Specify apps with delegation scope enabled. Click Set App Delegation to select the apps.

Values

• Select the apps and system apps

Specify whether to allow the setting of app runtime permissions in all areas.

The admin can grant or deny app runtime permissions without a user's intervention.

Values

• Grant(default). Allows all apps to run on a device.
• Deny. Blocks all apps from running on a device.
• Prompt. Device users are required to grant permission to apps to run.

Specifies the apps that do not need runtime permissions.

Values

Specify the app name.

1. ClickSet Permission to open App permissions page.
2. Select app and click Next.
3. Set permissions for the app, and click Set Permission.

Specifies a list of apps to uninstall from the device and prevent the user from installing.

If you or the user have already installed an app to the device, once you hide it, it automatically uninstalls.

Values

Select one or more apps from the app library.

Specifies a list of pre-installed system apps to reactivate. Apps specified in the Hide apps list take precedence over this list.

Values

Select one or more apps from the known list of system apps.

Specify measures to take if integrity check fails during enrollment.

• Admin Alert — Sends an alert to the administrator.
• Unenrollment (Factory Reset) (for DO only) — Unenrolls the device and performs a factory reset.

Specify measures to take if integrity check fails after enrollment.

• Admin Alert — Sends an alert to the administrator.
• Lock device — Locks the device.
• Unenrollment ( Factory Reset ) — Unenrolls the device and performs a factory reset.

Allows app verification using Google Play Protect.

Values

• Allow (default)
• Force on

Determines whether the Knox Browser app automatically updates. If enabled, the browser also updates when the profile is pushed to the device.

Values

• Allow — Enables automatic Knox Browser updates.
• Don't allow — Disables automatic Knox Browser updates.

Specify whether the Knox Browser restricts access to URLs as an allowlist or blocklist.

Values

• Allowlist — Knox Browser only allows access to listed URLs.
• Blocklist — Knox Browser blocks access to listed URLs.

Hides the address bar.

Values

• Allow — Hides the address bar. Prevents access to websites other than the default Homepage URL, and blocks file downloads.
• Don't allow (default) — Displays the URL address bar.

Enables URLs with web intents, which, when opened, can download and launch apps on Android. Knox Browser supports intent schemes like the following:

• intent://... — Launches the app package specified in the URL scheme.
• market://... — Downloads the specified app package from Google Play Store.

Values

• Allow (default)
• Don't allow

Enables file downloads on Knox Browser.

Values

• Allow (default)
• Don't allow Blocks downloads. If you set the Hide URL policy to Allow, file downloads are blocked automatically.

Allows the device user to take screenshots of web pages on Knox Browser.

Values

• Allow (default)
• Don't allow

Allows the device user to upload files to web pages on Knox Browser.

Values

• Allow (default)
• Don't allow

Allows cookies in the Android browser.

If cookies are not allowed, you can't access websites that authenticate users with cookies.

Values

• Allow (default)
• Don't allow

Allows the device user to copy text from web pages viewed on Knox Browser.

Values

• Allow (default)
• Don't allow

Forces changing the text size on web pages on Knox Browser.

Values

• Allow — Adjusts the text size to the scale set by the Text Scaling > Ratio policy.
• Don't allow — The text size defaults to 100%, and the user can't change it.

If this value is unset, then the text size defaults to 100%, and the device user can change it.

Forces changing the zoom level of web pages on Knox Browser.

Values

• Allow (default) — Adjusts the zoom level to the scale set by the Force Enable Zoom > Ratio policy.
• Don't allow — The zoom level defaults to 100%, and the user can't change it.

Allows auto-completion of information that you enter on websites in the Android browser.

Values

• Allow (default)
• Don't allow

Sets the kiosk mode for devices.

Values

• Multi-app mode. Allows you to customize multiple apps and widgets for your device with the kiosk builder. Click START BUILDING to open the kiosk builder.
• Single-app mode. Specifies the app you want to lock the device down to. Click SELECT APP to choose an app.
• Web mode. Sets a URL that device opens on launch.
• Kiosk package name. This value is fixed at com.sds.emm.singleweb — Knox Browser — and can't be changed.
• Default URL. Enter a URL.

Specifies the home page of the Kiosk Browser.

Values

Enter a fully-formed URL.

You can insert lookup codes for string substitution.

Controls settings related to core kiosk behavior.

Values

• Hide info icon (default off). Hides the info button in the interface, which normally lets the device user exit kiosk mode and view the license. If the button is hidden and the device isn't connected to a network, the device can't exit mode.
• Automatic app updates (default off). Controls whether apps can automatically update.
• File uploads (default off). Allows the device user to upload files through Kiosk Browser.
• Copy text (default off). Allows the device user to copy text in Kiosk Browser.

• Session timeout (default off). Controls if the kiosk session terminates following user inactivity for a specific number of seconds. If this setting is selected, the default timeout period is 1800 seconds. Cookies and other session information are automatically deleted, and Kiosk Browser redirects to the default URL.

  • Screen saver. Allows you to set a screen saver to display while the device is charging and upon session timeout.
  • Images (up to 10 images, max 5 MB per image). Specifies the images to use as a screen saver. PNG, JPG, JPEG, and non-animated GIF file formats are supported.
  • Video (max 50 MB). Specifies the video to use as a screen saver. MP4 and MKV file formats are supported.
• Screen saver (single-app mode only) — Set a screen saver to display when the device is being charged and when the session times out.
• Run JavaScript (default on). Controls whether Kiosk Browser can run JavaScript on web pages.
• Exit Kiosk mode attempt limit (default off). Prevents exiting Kiosk mode following a maximum number of invalid attempts. If this setting is selected, the default maximum is five attempts.
  • Take action if attempts are exceeded (default off). Lets you prevent the user from re-entering a Kiosk mode exit code for a certain period of time upon exceeding the maximum number of invalid attempts. Options are:
    • Prevent re-entering code for 10 min (default)
    • Prevent re-entering code for 30 min

Multi-app mode — fully managed: Android 6 and higher

Single-app mode — fully managed Samsung devices: Android 6 and higher

Single-app mode — fully managed non-Samsung devices: Android 9 and higher

Controls settings related to OS behavior in the kiosk.

Values

• System status bar (default off). Enables the system status bar.
• Notification bar (default off). Enables notifications.
• Power off (default off). Enables the power off button.
• Home button (default off). Enables the home button.
• Recent apps (default off). Enables the recent app button, also known as the Recents button.
• Keyguard (default off). Allows the Lock screen policy to apply to the device. If turned off, the device doesn't won't be protected by a lock screen, and the device user can access the device without first unlocking it.

Allow users to access the following settings while in kiosk mode (multi-app and single-app mode only).

Values

• Wi-Fi
• NFC
• Device maintenance
• Google account setup
• Flashlight
• Location
• Lockscreen
• Mobile networks
• Blue light
• Smart view
• Bluetooth
• Mobile data
• Hotspot
• Time zone
• Accessibility
• Display
• Sound
• Airplane mode
• Language

Allows control of advanced settings while in kiosk mode.

Values

• Delete Kiosk app when policy is removed
• Turn screen on when plugged in
  • AC charger
  • USB charger
  • Wireless charger
• Use HTTP Proxy (web mode only)

Multi-app mode — fully managed: Android 6 and higher

Single-app mode — fully managed Samsung devices: Android 6 and higher

Single-app mode — fully managed non-Samsung devices: Android 9 and higher

Web mode — fully managed: Android 6 and higher

Allows device users to add or delete accounts.

Values

• Allow (default)
• Don't allow

Specifies a list of apps to allow or block on devices.

Values

• Allow (default)
• Don't allow

Specifies the account types to allow or block on devices.

Values

Enter account types

Specifies the accounts to allow on devices.

Values

• Allow all (default)
• Allow only Managed Google Play account
• Allow Managed Google Play and selected accounts

Specifies the accounts to allow when you select Allow Managed Google Play and selected accounts option in the Select accounts to allow in Google Play setting.

Values

Enter account types

Specifies if deletion of users is allowed.

Values

• Allow (default)
• Don't allow