Back to top
Home / Knox Manage / New Knox Manage console / References /

Android policies

Last updated June 26th, 2024

System

Setting Description Supported system
Camera

Allows the device user and apps to operate the camera.

Values
  • Allow (default)
  • Don't allow
 Android 8 and higher
Screen capture

Allows the device user and apps to take screenshots.

Values
  • Allow (default)
  • Don't allow
 Android 8 and higher
Developer mode

Allows the device user to toggle developer mode.

Values
  • Allow (default)
  • Don't allow

Android 8 and higher

Knox 2.0 and higher
Factory reset

Allows the device user to factory reset the device.

Values
  • Allow (default)
  • Don't allow
 Android 8 and higher
Date and time

Allows the user to adjust the clock and current date.

Values
  • Allow (default)
  • Don't allow
 Android 8 and higher
System updates

Determines the schedule for firmware updates on the device.

Values
  • Automatically install updates when available (default). The device will perform firmware updates as soon as they become available.
  • Postpone updates for 30 days after it becomes available. For each firmware update, the device will wait 30 days before applying it.

  • Set a time period. The device will perform firmware updates during a specified period in the day. If set, you must also define the start and end of the period:

    • From. Specifies the start of the update period, in 24-hour time format.
    • To. Specifies the end of the update period, in 24-hour time format.

Additionally, you can schedule one or more freeze periods, which are stretches of time where the device won't apply any firmware updates, on top of whichever update setting you select. These periods will recur every year. You can configure as many freeze periods as you need.

  • Start date. Specifies the month and day to begin the firmware freeze period.
  • End date. Specifies the month and day to end the firmware freeze period.

Click ADD ANOTHER PERIOD to schedule an additional freeze period.

 Android 8 and higher

Connectivity

Setting Description Supported system
Wi-Fi

Controls Wi-Fi availability.

Values
  • Allow (default). The device user can turn Wi-Fi on and off.
  • Force on
  • Force off

Android 8 and higher

Knox 1.0 and higher
Bluetooth

Controls Bluetooth availability.

Values
  • Allow (default). The device user can turn Bluetooth on and off.
  • Force off
 Android 8 and higher
USB file transfer

Allows the device user to transfer files between the device and other devices through USB. Charging through the USB connector isn't affected.

Values
  • Allow (default)
  • Don't allow
 Android 8 and higher
External SD card

Allows the device user to mount storage media connected through the SD card slot.

Values
  • Allow (default)
  • Don't allow
 Android 8 and higher

Wi-Fi

Sets up a Wi-Fi policy on the device, which are preset Wi-Fi configurations that contain an SSID, password, security type, proxy, and connection behavior of a network or access point.

Each unique SSID requires a separate policy. Click ADD WI-FI POLICY to add configure additional networks or access points. You can add or edit up to 10 policies.

Setting Description
Policy name

Determines the name of the policy.

Values

Enter a unique name for the policy. The name must:

  • Be at least 3 characters long
  • Contain only ASCII alphanumeric characters, and underscores (_)
  • Not contain a space at the start or the end
Network name (SSID)

Determines the name of the policy.

Values

Enter a name.

So that Knox Manage can correctly process and store the name, it must:

  • Be between 3 and 50 characters long
  • Contain only ASCII alphanumeric characters, and underscores (_)
  • Not contain a space at the start or the end
Description

Specifies a description for the policy that is displayed on the Knox Manage console.

Values

Enter a description up to 1,000 characters long.
Security type

The security protocol of the Wi-Fi network. This value must match the actual security protocol that the network uses.

Values
  • None
  • WPA/WPA2-PSK (default)
Password

The password of the Wi-Fi network. This value must match the actual password that the network uses.

Only available if Security type is set to WPA/WPA2-PSK.

Values

Enter the password.

So that Knox Manage can correctly process and store the password, it must:

  • Be between 8 and 30 characters long
  • Contain at least one ASCII letter
  • Not contain spaces
Proxy configuration

The Wi-Fi network's proxy. This value must match the actual proxy settings that the network uses.

Values
  • None (default).

  • Manual. The proxy settings are determined individually.

    • Proxy host name. The name of the proxy server.

      So that Knox Manage can correctly process and store the host name, it must:

      • Contain ASCII alphanumeric characters, colons (:), periods (.), dashes (-), underscores (_), and forward slashes (/).
    • Proxy port. The port of the proxy server. Must be a number between 1 and 5 digits long.

    • Proxy exception. A URL that isn't routed through the proxy.

      So that Knox Manage can correctly process and store the host name, it must:

      • Contain ASCII alphanumeric characters, colons (:), periods (.), dashes (-), and forward slashes (/).

      Click ADD ANOTHER EXCEPTION to create extra exceptions.

  • Proxy automatic configuration. The proxy settings are loaded by an external file.

    • PAC Web address. The URL where the proxy auto-config (PAC) file is stored.
Additional settings

Assigns extra settings that control how the device interacts with the Wi-Fi network.

Values
  • Automatically connect to the network (default off). If in range of the network, the device will connect to it.
  • Allow user to remove the network from the Knox Manage agent configuration (default on). Allows the user to remove the Wi-Fi policy from the Knox Manage agent. This setting has no effect on the network's entry Android Wi-Fi manager.
  • Hidden network (default off). Hides the the network from the Android Wi-Fi manager. This setting has no effect on the Wi-Fi policy in the Knox Manage agent.

Lock screen

Setting Description Supported system
Policy settings

Turns on settings related to the lock screen.

 Android 8 and higher
Set minimum complexity

Enforces the minimum complexity for the device's lock. There are three complexity levels, each pre-defined by the Android API. The device user must set a lock that meets or exceeds the minimum level.

You can enable this setting and the Set minimum strength at the same time. If you do so, this setting will apply to any assigned devices that are running Android 12 and higher, while Set minimum strength will apply to any devices running Android 8 to 11.

Only available if Screen lock policies is turned on.

Values
  • Low. The lock must be a pattern or PIN. Repeating (4444) and ordered (1234, 4321, 2468) sequences are allowed.
  • Medium. The lock must be A PIN without repeating (4444) or ordered (1234, 4321, 2468) sequences. Or, it must be a password with 4 or more characters.
  • High. The lock must be a PIN with 8 or more characters, without repeating (4444) or ordered (1234, 4321, 2468) sequences. Or, it must be a password with 6 or more characters.
 Android 12 and higher
Set minimum strength

Enforces the minimum strength for the device's lock. Each strength level uses a lock type with minimum strength requirements. For PINs and passwords, you can further define the minimum length and complexity requirements across multiple parameters. The device user must set a lock that meets or exceeds the minimum strength.

The password strength increases in the following descending order of the available values, with Weak Biometric being the weakest, and Complex being the strongest.

You can enable this setting and the Set minimum complexity at the same time. If you do so, this setting will apply to any assigned devices that are running Android 8 to 11, while Set minimum complexity will apply to any devices running Android 12 and higher.

Only available if Screen lock policies is turned on.

Values
  • Weak Biometric. A biometric recognition method.
  • Pattern. A pattern.

  • Numeric. A PIN.

  • Numeric Complex. A pin with no repeating (4444) or ordered (1234, 4321, 2468) sequences.
  • Alphabetic. A password with letter characters.
  • Alphanumeric. A password with alphanumeric characters.
  • Complex. A password with alphanumeric and special characters.

Depending on the value selected above, you must also set the parameters of the password strength:

  • Minimum length (default is 4 for most strengths, and 6 for Complex). Specifies the minimum allowed length of the PIN. This value can be between 4 and 16 for most strengths, but is between 6 and 16 for Complex.

    Required if the password strength is set to Numeric, Numeric Complex, Alphabetic, Alphanumeric, or Complex.

  • Minimum letters (default is 4). Specifies the minimum number of letters that the password must have.

    Required if the password strength is set to Complex.

  • Minimum non-letters (default is 2). Specifies the minimum number of numbers and special characters that the password must have.

    Required if the password strength is set to Complex.

  • Minimum lowercase letters (default is 3). Specifies the minimum number of lowercase letters that the password must have.

    Required if the password strength is set to Complex.

  • Minimum capital letters (default is 1). Specifies the minimum number of capital letters that the password must have.

    Required if the password strength is set to Complex.

  • Minimum special characters (default is 1). Specifies the minimum number of special characters that the password must have.

    Required if the password strength is set to Complex.

  • Maximum sequential numbers (default is 10). Specifies the maximum length that any sequence of repeated numbers (such as 4444) can be in the PIN. Leave as 1 to disallow repeated sequences entirely.

    Required if the password strength is set to Numeric, Numeric Complex, Alphabetic, Alphanumeric, or Complex.

    Only takes effect on Samsung devices secured by Knox.

  • Maximum sequential characters (default is 10). Specifies the maximum length that any sequence of repeated letters (such as aaaa) can be in the PIN. Leave as 1 to disallow repeated sequences entirely.

    Required if the password strength is set to Alphabetic, Alphanumeric, or Complex.

    Only takes effect on Samsung devices secured by Knox.

 Android 8 to 11
Screen lock expiration (days)

Specifies how long the lock will remain active before the device user must change it.

Only available if Set minimum complexity is turned on, or Set minimum strength is set to Pattern, Numeric, Numeric Complex, Alphabetic, Alphanumeric, or Complex.

Values

Enter the number of days, between 1 and 365. Default is 30.

You can also set:

  • Send notification before expiration (default off). Pushes a notification to the device that alerts the device user that the password will expire soon. Additionally, select how soon before expiration to send the notification:

    • 1 day before (default)
    • 3 day before
    • 5 day before
    • 7 day before
 Android 8 and higher
Unlock attempt limit

Specifies how many times how many times someone can fail to unlock the device in a row before the device takes action to protect itself.

Only available if Set minimum complexity is turned on, or Set minimum strength is set to Pattern, Numeric, Numeric Complex, Alphabetic, Alphanumeric, or Complex.

Values

Enter the number of failed unlock attempts are tolerated, between 1 and 10. Default is 1.

You can also set:

  • Take action if attempts are exceeded (default off). Controls which action the device takes when the unlock attempt limit is reached. You can select from the following actions:

    • Lock device (default)
    • Factory reset + initialize SD card
    • Factory reset
 Android 8 and higher
Screen lock timer (hours)

If the lock complexity is low or its strength is weak, specifies how long after the device is unlocked that it relocks.

Values

Enter the number of hours, between 1 and 72. Default is 1.

 Android 8 and higher
Screen lock history

Specifies the minimum number of new locks that must be registered before a user can reuse a previous lock.

Values

Enter the minimum number of locks, between 1 and 10. Default is 1.

 Android 8 and higher
Screen lock compliance violation

Specifies what happens if the device user sets a lock that violates the minimum complexity or strength requirements.

Values
  • Lock device
  • Do nothing (default)
 Android 8 and higher
Maximum screen timeout allowed

Specifies the longest duration that the device user can set for automatic screen timeout and lock.

Values
  • 15 sec
  • 30 sec
  • 1 min
  • 2 min
  • 5 min
  • 10 min (default)
 Android 8 and higher

Location

Setting Description Supported system
Location settings

Controls the services that track the device's physical location.

Values
  • Allow user to configure (default). Allows the device user to toggle location services.

  • Allow user to configure and prompt for location accuracy. Turns on high-precision tracking for location services.

    When turned on, every app that requires location permissions asks the device user to choose a preferred precision.

  • Force on. Requires Android 9 and higher.
  • Force off
 Android 8 and higher

App restrictions

Setting Description Supported system
App installation

Allows the device user to install apps.

Values
  • Allow (default)
  • Don't allow
 Android 8 and higher
App uninstallation

Allows the device user to uninstall apps.

Values
  • Allow (default)
  • Don't allow
 Android 8 and higher
App installation from other sources

Allows the device user to install Android apps from untrusted sources. This setting doesn't apply to apps on Google Play.

Values
  • Allow (default)
  • Don't allow
 Android 8 and higher
Hide apps

Specifies a list of apps to uninstall from the device and prevent the user from installing.

If you or the user have already installed an app to the device, once you hide it, it automatically uninstalls.

Values

Select one or more apps from the app library.

 Android 8 and higher
Activate certain pre-installed system apps

Specifies a list of pre-installed system apps to reactivate. Apps specified in the Hide apps list take precedence over this list.

Values

Select one or more apps from the known list of system apps.

 Android 8 and higher
Block certain apps from running

Specifies a list of apps that are not run on devices.

Values

Select one or more apps from the app library.

 Android 8 and higher
Block certain apps from being uninstalled

Specifies a list of apps that must not be uninstalled from devices.

Values

Select one or more apps from the app library.

 Android 8 and higher

Kiosk

Configures the device as a kiosk. As of Knox Manage 23.12, you can only configure single-app kiosks, and the app can only be Knox Browser.

Only one kiosk configuration is allowed in a profile.

Setting Description
Kiosk package name

Specifies the single app to offer in the kiosk experience.

Values

Enter the package name.

As of Knox Manage 23.12, this value is fixed at com.sds.emm.singleweb — Knox Browser — and can't be changed.
Default URL

Specifies the home page of the Kiosk Browser.

Values

Enter a fully-formed URL.

You can insert lookup codes for string substitution.
Basic settings

Controls settings related to core kiosk behavior.

Values
  • Hide info icon (default off). Hides the info button in the interface, which normally lets the device user exit kiosk mode and view the license. If the button is hidden and the device isn't connected to a network, the device can't exit mode.
  • Automatic app updates (default off). Controls whether apps can automatically update.
  • File uploads (default off). Allows the device user to upload files through Kiosk Browser.
  • Copy text (default off). Allows the device user to copy text in Kiosk Browser.

  • Screen saver (default off). Controls whether to use a screen saver. The screen saver launches when no user activity is detected for a specific amount of time, or when the device is charging.

    • Images (Up to 10 images, max 5MB per image). Specifies the images to use as a screen saver. Each image can be up to 5 MB in size. You can add up to 10 images, in the PNG, JPG, JPEG, or GIF formats. If an image is a GIF, it can't be animated.
    • Video (Max 50MB). Specifies the video to use as a screen saver. the corresponding files. The video file can be up to 50 MB in size. The MP4 and MKV file formats are supported.
    • Session timeout (default 1800). Specifies the amount of time, in seconds, that the device must be idle before the screen saver launches. Enter a value between 10 and 3,600.
  • Run JavaScript (default on). Controls whether Kiosk Browser can run JavaScript on web pages.
Utility settings

Controls settings related to OS behavior in the kiosk.

Values
  • System status bar (default off). Enables the system status bar.
  • Notification bar (default off). Enables notifications.
  • Power off (default on). Enables the power off button.
  • Home button (default off). Enables the home button.
  • Recent apps (default off). Enables the recent app button, also known as the Recents button.
  • Keyguard (default on). Allows the Lock screen policy to apply to the device. If turned off, the device doesn't won't be protected by a lock screen, and the device user can access the device without first unlocking it.

On this page

Is this page helpful?