Android policies

Setting	Description	Supported system
Use Camera	Allows the device user and apps to operate the camera. Values Allow (default) Don't allow	Android 8 and higher
Screen capture permission	Allows the device user and apps to take screenshots. Values Allow (default) Don't allow	Android 8 and higher
Factory reset	Allows the device user to factory reset the device. Values Allow (default) Don't allow	Android 8 and higher
Developer mode	Allows the device user to toggle developer mode. Values Allow (default) Don't allow	Android 8 and higher
> Use mock location for testing	Allows using a mock location for development or test purposes. Applies to Samsung devices only.	Android 8 and higher Knox 2.0 and higher
> Set limit for background processes	Allows limiting background processes on the device.
> Close apps if user signs out of device	Allows closing all apps when the device user signs out of the device
Safe mode	Allows use of the Safe Mode on the device.	Android 8 and higher
Install system updates	Determines the schedule for firmware updates on the device. Values Automatically install updates when available (default). The device will perform firmware updates as soon as they become available. Postpone updates for 30 days after it becomes available. For each firmware update, the device will wait 30 days before applying it. Set a time period. The device will perform firmware updates during a specified period in the day. If set, you must also define the start and end of the period: From. Specifies the start of the update period, in 24-hour time format. To. Specifies the end of the update period, in 24-hour time format. Additionally, you can schedule one or more freeze periods, which are stretches of time where the device won't apply any firmware updates, on top of whichever update setting you select. These periods will recur every year. You can configure as many freeze periods as you need. Start date. Specifies the month and day to begin the firmware freeze period. End date. Specifies the month and day to end the firmware freeze period. Click ADD ANOTHER PERIOD to schedule an additional freeze period.	Android 8 and higher
> Set time range	Specifies start time and end time to install updates.
> Set dates to block updates	Specifies dates on which to block installation of updates.
Backup data on cloud	Allows backup of device data. Values Allow (default) Don't allow	Android 8 and higher
Set date and time	Allows the device user to adjust the clock and current date. Values Allow (default) Don't allow	Android 8 and higher
Set user certificates	Allows the device user to set a certificate. Values Allow (default) Don't allow	Android 8 and higher
Change language	Allows the device user to change the language. Values Allow (default) Don't allow	Android 8 and higher
Change brightness setting	Allows the device user to change the screen brightness setting. Values Allow (default) Don't allow	Android 8 and higher
Always on display	Allows the always on display feature that displays information on the lock screen. Values Allow (default) Don't allow	Android 8 and higher
Android Easter egg game	Allows the device user to run the Easter egg game on a device. Values Allow (default) Don't allow	Android 8 and higher

Policy	Description	Supported system
Change wallpaper	Allows both the device user and apps to change the wallpaper. Values Allow Don't allow	Android 8 and higher
Set custom wallpaper	Applies a custom wallpaper on the device. Values Set for home and lock screen (default) Set for home screen only Set for Lock screen only	Android 8 and higher
> Home screen	Specifies a custom wallpaper to apply to the home screen. Only available if the Set custom wallpaper policy is set for both the home and lock screens. Values To add custom images, click Browse. The image file can be in BMP, GIF, ICO, JPG, JPEG, or PNG format and can't exceed 10 MB in size. Select Portrait or Landscape to specify the display orientation.	Android 8 and higher
> Lock screen	Specifies a custom wallpaper to apply to the home screen. Only available if the Set custom wallpaper policy is set for both the home and lock screens. Values To add custom images, click Browse. The image file can be in BMP, GIF, ICO, JPG, JPEG, or PNG format and can't exceed 10 MB in size. Select Portrait or Landscape to specify the display orientation.	Android 8 and higher
> Wallpaper file	Specifies a custom wallpaper to apply to the home or lock screen. Only available if the Set custom wallpaper policy is set for home screen or lock screen. Values To add custom images, click Browse. The image file can be in BMP, GIF, ICO, JPG, JPEG, or PNG format and can't exceed 10 MB in size. Select Portrait or Landscape to specify the display orientation.	Android 8 and higher

Policy	Description	Supported system
Show notifications on device	Allows display of notification messages on the device. Values Allow (default) Don't allow	Android 8 and higher
Show error notification after app crash	Allows the display of notifications related to app crashes. Values Allow Don't allow	Android 9 and higher
Show notification if event is triggered	Allows the display of notifications when an event occurs. Values User defined (default) Show notification Hide notification	Android 8 and higher
Show notification if event is disabled	Allows the display of notifications when an event is disabled. Values User defined (default) Show notification Hide notification	Android 8 and higher
Remove notifications from Quick panel	Set the removal of notifications from a device's Quick panel. Values User defined (default). Device users can remove notifications using the settings menu of Knox Manage agent. Show notification. Device users can't remove notifications from the device's Quick Panel. Hide notification. Device users can remove notifications from the device's Quick Panel.	Android 8 and higher
Show message for blocked settings	Allows display of custom messages on the device. A default message is displayed if you don't set a custom message. Values Set custom short message. The short message shows in a dialog on the device. Set custom long message. The long message displays when device users view more details.	Android 8 and higher
Show custom message on lock screen	Allows the display of notification messages on locked screen of a device. Values Write message. The maximum length is 65 characters.	Android 8 and higher

Setting	Description	Supported system
Use Microphone	Allows the use of the device's microphone. Values Allow (default) Don't allow	Android 1 (SDK1) and higher
> Record with Microphone	Allows recording with the microphone. Values Allow (default) Don't allow	Samsung device (Knox1 and higher)
> Use S Voice	Allows the use of S Voice. Values Allow (default) Don't allow	Samsung device (Knox1 and higher)
Adjust Volume	Allows the adjustment of volume Values Allow (default) Don't allow	Android 5 and higher

Setting	Description	Supported system
Make voice calls on non-Samsung devices	Allows the use of voice calls on non-Samsung devices. Values Allow (default) Don't allow	Android 5 and higher
Send text messages on non-Samsung devices	Allows users to send text messages on non-Samsung devices. Values Allow (default) Don't allow	Android 5 and higher
Emergency alerts	Allows devices to receive emergency alerts from carriers. Values Allow (default) Don't allow	Android 5 and higher

Setting

Description

Supported system

Make voice calls on non-Samsung devices

Allows the use of voice calls on non-Samsung devices.

Values

Allow (default)
Don't allow

Android 5 and higher

Send text messages on non-Samsung devices

Allows users to send text messages on non-Samsung devices.

Values

Allow (default)
Don't allow

Android 5 and higher

Emergency alerts

Allows devices to receive emergency alerts from carriers.

Values

Allow (default)
Don't allow

Android 5 and higher

Policy	Description	Supported system
Take action if OS is compromised	Select a measure to take when a compromised OS is detected. Values Lock device (default) — Locks the device. Factory reset — Resets the user device but not the SD card. Factory reset and initialize SD Card — Factory resets the user device and the SD card.	Android 8 and higher
Factory reset protection	Enables factory reset protection. When this security measure is enabled, if the device undergoes a factory reset it can't be reactivated without the previous user's Google Account. Values Allow — (default) Enables factory reset protection for all devices that use this profile. Don't Allow — Disables factory reset protection. To enable factory reset protection: Set the value to Allow. For the Google users field, enter the email address of the Google Account that will protect devices using this profile. This account must be appropriate for use by support providers. As this account email and password might be shared with support providers, do not use your Google Account associated with Android Enterprise. Use the people.get method from the Google People API to get your Google ID. You can use the Google API reference's in-built API explorer to call the API. In the request parameters set: resourceName field — `people/me` personalFields field — `metadata` Execute the API request and copy the value of the ID field in the response. Back on the Knox Manage console, paste the copied ID value in the Google User ID field. If factory reset protection is configured to allow specific accounts, you may be required to verify those accounts by entering them on screen upon factory-resetting the device. This requirement depends on the device management type and the factory reset method you used: For fully managed devices, only factory reset actions performed using device commands from the Knox Manage console require account verification. The verification step is not triggered if the factory reset is initiated through device settings. For work profiles on company-owned devices, initiating a factory reset from both device commands and device settings triggers the account verification process.	Android 11 and higher
> Google users	Email address and User ID of the Google Account that will protect the devices that use this profile.	Android 11 and higher
Set encryption for device storage	Specifies the encryption of the device's internal storage or the external SD card. Values Select the storage to encrypt. System storage External SD card	Android 8 to 10

Setting	Description	Supported system
Set minimum complexity	Enforces the minimum complexity for the device's lock. There are three complexity levels, each pre-defined by the Android API. The device user must set a lock that meets or exceeds the minimum level. You can enable this setting and the Set minimum strength at the same time. If you do so, this setting will apply to any assigned devices that are running Android 12 and higher, while Set minimum strength will apply to any devices running Android 8 to 11. Only available if Screen lock policies is turned on. Values Low. The lock must be a pattern or PIN. Repeating (4444) and ordered (1234, 4321, 2468) sequences are allowed. Medium. The lock must be A PIN without repeating (4444) or ordered (1234, 4321, 2468) sequences. Or, it must be a password with 4 or more characters. High. The lock must be a PIN with 8 or more characters, without repeating (4444) or ordered (1234, 4321, 2468) sequences. Or, it must be a password with 6 or more characters.	Android 12 and higher
Set minimum strength	Enforces the minimum strength for the device's lock. Each strength level uses a lock type with minimum strength requirements. For PINs and passwords, you can further define the minimum length and complexity requirements across multiple parameters. The device user must set a lock that meets or exceeds the minimum strength. The password strength increases in the following descending order of the available values, with Weak Biometric being the weakest, and Complex being the strongest. You can enable this setting and the Set minimum complexity at the same time. If you do so, this setting will apply to any assigned devices that are running Android 8 to 11, while Set minimum complexity will apply to any devices running Android 12 and higher. Only available if Screen lock policies is turned on. Values Weak Biometric. A biometric recognition method. Pattern. A pattern. Numeric. A PIN. Numeric Complex. A pin with no repeating (4444) or ordered (1234, 4321, 2468) sequences. Alphabetic. A password with letter characters. Alphanumeric. A password with alphanumeric characters. Complex. A password with alphanumeric and special characters. Depending on the value selected above, you must also set the parameters of the password strength: Minimum length (default is 4 for most strengths, and 6 for Complex). Specifies the minimum allowed length of the PIN. This value can be between 4 and 16 for most strengths, but is between 6 and 16 for Complex. Required if the password strength is set to Numeric, Numeric Complex, Alphabetic, Alphanumeric, or Complex. Minimum letters (default is 4). Specifies the minimum number of letters that the password must have. Required if the password strength is set to Complex. Minimum non-letters (default is 2). Specifies the minimum number of numbers and special characters that the password must have. Required if the password strength is set to Complex. Minimum lowercase letters (default is 3). Specifies the minimum number of lowercase letters that the password must have. Required if the password strength is set to Complex. Minimum capital letters (default is 1). Specifies the minimum number of capital letters that the password must have. Required if the password strength is set to Complex. Minimum special characters (default is 1). Specifies the minimum number of special characters that the password must have. Required if the password strength is set to Complex. Maximum sequential numbers (default is 10). Specifies the maximum length that any sequence of repeated numbers (such as 4444) can be in the PIN. Leave as 1 to disallow repeated sequences entirely. Required if the password strength is set to Numeric, Numeric Complex, Alphabetic, Alphanumeric, or Complex. Only takes effect on Samsung devices secured by Knox. Maximum sequential characters (default is 10). Specifies the maximum length that any sequence of repeated letters (such as aaaa) can be in the PIN. Leave as 1 to disallow repeated sequences entirely. Required if the password strength is set to Alphabetic, Alphanumeric, or Complex. Only takes effect on Samsung devices secured by Knox.	Android 8 to 11
Set days before user must reset password	Specifies how long the lock will remain active before the device user must change it. Only available if Set minimum complexity is turned on, or Set minimum strength is set to Pattern, Numeric, Numeric Complex, Alphabetic, Alphanumeric, or Complex. Values Enter the number of days, between 1 and 365. Default is 30. You can also set: Notify users about expiring passwords (default off). Pushes a notification to the device that alerts the device user that the password will expire soon. Additionally, select how soon before expiration to send the notification: 1 day before (default) 3 day before 5 day before 7 day before	Android 8 and higher
Limit wrong unlock attempts	Specifies how many times how many times someone can fail to unlock the device in a row before the device takes action to protect itself. Only available if Set minimum complexity is turned on, or Set minimum strength is set to Pattern, Numeric, Numeric Complex, Alphabetic, Alphanumeric, or Complex. Values Enter the number of failed unlock attempts are tolerated, between 1 and 10. Default is 1. You can also set: Take action if attempts are exceeded (default off). Controls which action the device takes when the unlock attempt limit is reached. You can select from the following actions: Lock device (default) Factory reset + initialize SD card Factory reset	Android 8 and higher
Lock devices after a set number of hours	If the lock complexity is low or its strength is weak, specifies how long after the device is unlocked that it relocks. Values Enter the number of hours, between 1 and 72. Default is 1.	Android 8 and higher
Screen lock history	Specifies the minimum number of new locks that must be registered before a user can reuse a previous lock. Values Enter the minimum number of locks, between 1 and 10. Default is 1.	Android 8 and higher
Screen lock compliance violation	Specifies what happens if the device user sets a lock that violates the minimum complexity or strength requirements. Values Lock device Do nothing (default)	Android 8 and higher
Block certain actions if screen is locked	Choose which features to block when the screen is locked. Values Trust agent Fingerprint (default) Iris (default) Face (default) Camera (default) Previews in pop-ups (default) Notification (default)	Android 8 and higher
Screen lock time changes by device user	Specify whether to allow a device user to control the screen lock time setting. Values Allow Don't allow	Android 9 and higher
Set maximum screen timeout allowed	Specifies the longest duration that the device user can set for automatic screen timeout and lock. Values 15 sec 30 sec 1 min 2 min 5 min 10 min (default)	Android 8 and higher

Connectivity

Connection settings

Setting	Description	Supported system
Share internet connection using tethering	Allows tethering. Values Allow (default) Don't allow	Android 5 and higher
Transfer files through USB	Allows the device user to transfer files between the device and other devices through USB. Charging through the USB connector isn't affected. Values Allow (default) Don't allow	Android 8 and higher
Use external SD card	Allows the device user to mount storage media connected through the SD card slot. Values Allow (default) Don't allow	Android 8 and higher
Use Bluetooth	Controls Bluetooth availability. Values Allow (default). The device user can turn Bluetooth on and off. Force off	Android 8 and higher
Send and receive files through Bluetooth	Allows Bluetooth sharing. Values Allow (default) Don't allow	Android 8 and higher
Control Bluetooth settings	Allows device users to control Bluetooth settings on their device. Values Allow (default) Don't allow	Android 8 and higher
Use Wi-Fi	Controls Wi-Fi availability. Values Allow (default). The device user can turn Wi-Fi on and off. Force on Force off	Android 8 and higher
Wi-Fi direct	Controls the use of Wi-Fi Direct connection for Samsung devices. Values Allow (default) Don't allow	Android 8 and higher Knox 1.0 and higher
Turn on airplane mode	Allows the use of airplane mode. Values Allow (default) Don't allow	Android 9 and higher
Use VPN	Allows the use of VPN on a device. Values Allow (default) Don't allow	Android 8 and higher
> Desktop connection	Allows desktop's to connect with the user's device using Bluetooth. Values Allow (default) Don't allow	Android 8 and higher
> Search mode	Allows device search mode. Values Allow (default) Don't allow	Android 8 and higher
Use printer	Allows the device to send print commands to connected printers. Values Allow (default) Don't allow	Android 9 and higher
Reset mobile data usage	Allows device users to reset network usage. For Android 7 and lower devices, this applies to Samsung devices (Knox1 and higher) only. Values Allow (default) Don't allow	Android 6 and higher
Configure mobile network settings	Allows device users to configure the mobile network settings. Values Allow (default) Don't allow	Android 5 and higher
Transfer data using NFC	Allows transfer of data using NFC. Values Allow (default) Don't allow	Android 8 and higher

Setting	Description
Policy name	Determines the name of the policy. Values Enter a unique name for the policy. The name must: Be at least 3 characters long Contain only ASCII alphanumeric characters, and underscores (_) Not contain a space at the start or the end
Network name (SSID)	Determines the name of the policy. Values Enter a name. So that Knox Manage can correctly process and store the name, it must: Be between 3 and 50 characters long Contain only ASCII alphanumeric characters, and underscores (_) Not contain a space at the start or the end
Description	Specifies a description for the policy that is displayed on the Knox Manage console. Values Enter a description up to 1,000 characters long.
Security type	The security protocol of the Wi-Fi network. This value must match the actual security protocol that the network uses. Values None WPA/WPA2-PSK (default)
Password	The password of the Wi-Fi network. This value must match the actual password that the network uses. Only available if Security type is set to WPA/WPA2-PSK. Values Enter the password. So that Knox Manage can correctly process and store the password, it must: Be between 8 and 30 characters long Contain at least one ASCII letter Not contain spaces
Proxy configuration	The Wi-Fi network's proxy. This value must match the actual proxy settings that the network uses. Values None (default). Manual. The proxy settings are determined individually. Proxy host name. The name of the proxy server. So that Knox Manage can correctly process and store the host name, it must: Contain ASCII alphanumeric characters, colons (:), periods (.), dashes (-), underscores (_), and forward slashes (/). Proxy port. The port of the proxy server. Must be a number between 1 and 5 digits long. Proxy exception. A URL that isn't routed through the proxy. So that Knox Manage can correctly process and store the host name, it must: Contain ASCII alphanumeric characters, colons (:), periods (.), dashes (-), and forward slashes (/). Click ADD ANOTHER EXCEPTION to create extra exceptions. Proxy automatic configuration. The proxy settings are loaded by an external file. PAC Web address. The URL where the proxy auto-config (PAC) file is stored.
Additional settings	Assigns extra settings that control how the device interacts with the Wi-Fi network. Values Automatically connect to Wi-Fi (default off). If in range of the network, the device will connect to it. Allow user to remove network from Knox Manage agent configuration (default on). Allows the user to remove the Wi-Fi policy from the Knox Manage agent. This setting has no effect on the network's entry Android Wi-Fi manager. Hide Wi-Fi (SSID) (default off). Hides the the network from the Android Wi-Fi manager. This setting has no effect on the Wi-Fi policy in the Knox Manage agent.

Location

Location settings

Setting	Description	Supported system
Location settings	Controls the services that track the device's physical location. Values Allow user to configure (default). Allows the device user to toggle location services. Allow user to configure and prompt for location accuracy. Turns on high-precision tracking for location services. When turned on, every app that requires location permissions asks the device user to choose a preferred precision. Force on. Requires Android 9 and higher. Force off	Android 8 and higher
Allow collection of location data	Specifies if collection of data requires user consent. Values Automatic (default) Upon user consent	Android 8 and higher
> Set collection time	Specifies the time period after which location data must be collected. Values 30 minutes (default) 1 hour 2 hour 4 hour 12 hour 24 hour	Android 8 and higher

Setting

Description

Supported system

Location settings

Controls the services that track the device's physical location.

Values

Allow user to configure (default). Allows the device user to toggle location services.
Allow user to configure and prompt for location accuracy. Turns on high-precision tracking for location services.

When turned on, every app that requires location permissions asks the device user to choose a preferred precision.
Force on. Requires Android 9 and higher.
Force off

Android 8 and higher

Allow collection of location data

Specifies if collection of data requires user consent.

Values

Automatic (default)
Upon user consent

Android 8 and higher

> Set collection time

Specifies the time period after which location data must be collected.

Values

30 minutes (default)
1 hour
2 hour
4 hour
12 hour
24 hour

Android 8 and higher

Setting	Description	Supported system
App installation	Allows the device user to install apps. Values Allow (default) Don't allow	Android 8 and higher
App uninstallation	Allows the device user to uninstall apps. Values Allow (default) Don't allow	Android 8 and higher
App installation from other sources	Allows the device user to install Android apps from untrusted sources. This setting doesn't apply to apps on Google Play. Values Allow (default) Don't allow	Android 8 and higher
Skip app tutorials	Allows device users to skip the tutorials available for apps. Values Allow (default) Don't allow	Android 8 and higher
Control apps from settings	Determines if device users can modify app settings. Values Allow (default) Don't allow	Android 8 and higher
Delegated scopes for apps	Specify apps with delegation scope enabled. Click Set App Delegation to select the apps. Values Select the apps and system apps	Android 8 and higher
Runtime permissions for all apps	Specify whether to allow the setting of app runtime permissions in all areas. The admin can grant or deny app runtime permissions without a user's intervention. Values Grant(default). Allows all apps to run on a device. Deny. Blocks all apps from running on a device. Prompt. Device users are required to grant permission to apps to run. For work profile devices running Android 12 and higher, even if the app permissions are set to Grant, functions such as camera, location, microphone, and body sensor are not allowed for privacy.	Android 8 and higher
> Exceptions list	Specifies the apps that do not need runtime permissions. Values Specify the app name. ClickSet Permission to open App permissions page. Select app and click Next. Set permissions for the app, and click Set Permission.	Android 8 and higher
Hide apps	Specifies a list of apps to uninstall from the device and prevent the user from installing. If you or the user have already installed an app to the device, once you hide it, it automatically uninstalls. Values Select one or more apps from the app library.	Android 11 and higher
Activate certain pre-installed system apps	Specifies a list of pre-installed system apps to reactivate. Apps specified in the Hide apps list take precedence over this list. Values Select one or more apps from the known list of system apps.	Android 8 and higher

Setting	Description	Supported system
Block certain apps from running	Blocks specific apps from running on the device.	Android 8 and higher
Block certain apps from being uninstalled	Prevent specific apps from being uninstalled.	Android 5 and higher
Block certain apps from using mobile data	Specifies a list of apps that can't use mobile data.	Android 10 and higher

Setting	Description	Supported system
Check devices through Play Integrity	Enable periodic device checks with Play Integrity.	Android 6 and higher
> Set time period between checks	Set an interval at which to assess the devices. Values 1-365 (default: 1)	Android 6 and higher
> Take action if device fails check during enrollment	Specify measures to take if integrity check fails during enrollment. Admin Alert — Sends an alert to the administrator. Unenrollment (Factory Reset) (for DO only) — Unenrolls the device and performs a factory reset.	Android 6 and higher
> Take action if device fails check after enrollment	Specify measures to take if integrity check fails after enrollment. Admin Alert — Sends an alert to the administrator. Lock device — Locks the device. Unenrollment ( Factory Reset ) — Unenrolls the device and performs a factory reset.	Android 6 and higher
App verification using Google Play Protect	Allows app verification using Google Play Protect. Values Allow (default) Force on	Android 5 and higher

Policy	Description	Supported system
Homepage URL	Sets the home page of the Knox Browser app. If set, the user can't change the home page. This is a required value for deploying the Knox Browser.	Android 10 and higher
Automatic app updates	Determines whether the Knox Browser app automatically updates. If enabled, the browser also updates when the profile is pushed to the device. Values Allow — Enables automatic Knox Browser updates. Don't allow — Disables automatic Knox Browser updates.	Android 10 and higher
Add URLs to allowlist or blocklist	Specify whether the Knox Browser restricts access to URLs as an allowlist or blocklist. Values Allowlist — Knox Browser only allows access to listed URLs. Blocklist — Knox Browser blocks access to listed URLs.	Android 10 and higher
> URLs	Enter the list of restricted URLs. This list is an allowlist or a blocklist depending on the value for Add URLs to allowlist or blocklist.	Android 10 and higher
Hide URL address bar	Hides the address bar. Values Allow — Hides the address bar. Prevents access to websites other than the default Homepage URL, and blocks file downloads. Don't allow (default) — Displays the URL address bar.	Android 10 and higher
Web intents	Enables URLs with web intents, which, when opened, can download and launch apps on Android. Knox Browser supports intent schemes like the following: intent://... — Launches the app package specified in the URL scheme. market://... — Downloads the specified app package from Google Play Store. Values Allow (default) Don't allow	Android 10 and higher
Download files	Enables file downloads on Knox Browser. Values Allow (default) Don't allow Blocks downloads. If you set the Hide URL policy to Allow, file downloads are blocked automatically.	Android 10 and higher
Screen Capture	Allows the device user to take screenshots of web pages on Knox Browser. Values Allow (default) Don't allow	Android 10 and higher
Add bookmarks	Defines a collection of bookmarks to push to Knox Browser.	Android 10 and higher
Upload files	Allows the device user to upload files to web pages on Knox Browser. Values Allow (default) Don't allow	Android 10 and higher
Store cookies	Allows cookies in the Android browser. If cookies are not allowed, you can't access websites that authenticate users with cookies. Values Allow (default) Don't allow	Android 10 and higher
Copy text	Allows the device user to copy text from web pages viewed on Knox Browser. Values Allow (default) Don't allow	Android 10 and higher
Text scaling	Forces changing the text size on web pages on Knox Browser. Values Allow — Adjusts the text size to the scale set by the Text Scaling > Ratio policy. Don't allow — The text size defaults to 100%, and the user can't change it. If this value is unset, then the text size defaults to 100%, and the device user can change it.	Android 10 and higher
> Ratio	Specifies the scale of the text size on Knox Browser. Values To set the scale, adjust the slider. The slider has a range of 50–200% (100% default) and moves in 5% increments.	Android 10 and higher
Force Page Zoom	Forces changing the zoom level of web pages on Knox Browser. Values Allow (default) — Adjusts the zoom level to the scale set by the Force Enable Zoom > Ratio policy. Don't allow — The zoom level defaults to 100%, and the user can't change it.	Android 10 and higher
> Default Ratio	Specifies the zoom level of web pages on Knox Browser. Only available if the Knox Browser App and Text Scaling policies are set to Use. Values To set the scale, adjust the slider. The slider has a range of 100–200% (100% default) and moves in 5% increments.	Android 10 and higher

Policy	Description	Supported system
Auto-completion in browser	Allows auto-completion of information that you enter on websites in the Android browser. Values Allow (default) Don't allow	Android 8 and higher

Policy

Description

Supported system

Auto-completion in browser

Allows auto-completion of information that you enter on websites in the Android browser.

Values

Allow (default)
Don't allow

Android 8 and higher

Setting	Description	Supported system
Kiosk package name	Specifies the single app to offer in the kiosk experience. Values Enter the package name. As of Knox Manage 23.12, this value is fixed at com.sds.emm.singleweb — Knox Browser — and can't be changed.	Android 9 and higher
Default URL	Specifies the home page of the Kiosk Browser. Values Enter a fully-formed URL. You can insert lookup codes for string substitution.	Android 9 and higher
Basic settings	Controls settings related to core kiosk behavior. Values Hide info icon (default off). Hides the info button in the interface, which normally lets the device user exit kiosk mode and view the license. If the button is hidden and the device isn't connected to a network, the device can't exit mode. Automatic app updates (default off). Controls whether apps can automatically update. File uploads (default off). Allows the device user to upload files through Kiosk Browser. Copy text (default off). Allows the device user to copy text in Kiosk Browser. Session timeout (default off). Controls if the kiosk session terminates following user inactivity for a specific number of seconds. If this setting is selected, the default timeout period is 1800 seconds. Cookies and other session information are automatically deleted, and Kiosk Browser redirects to the default URL. Screen saver. Allows you to set a screen saver to display while the device is charging and upon session timeout. Images (up to 10 images, max 5 MB per image). Specifies the images to use as a screen saver. PNG, JPG, JPEG, and non-animated GIF file formats are supported. Video (max 50 MB). Specifies the video to use as a screen saver. MP4 and MKV file formats are supported. Screen saver (single-app mode only) — Set a screen saver to display when the device is being charged and when the session times out. Run JavaScript (default on). Controls whether Kiosk Browser can run JavaScript on web pages. Exit Kiosk mode attempt limit (default off). Prevents exiting Kiosk mode following a maximum number of invalid attempts. If this setting is selected, the default maximum is five attempts. Take action if attempts are exceeded (default off). Lets you prevent the user from re-entering a Kiosk mode exit code for a certain period of time upon exceeding the maximum number of invalid attempts. Options are: Prevent re-entering code for 10 min (default) Prevent re-entering code for 30 min	Android 9 and higher
Apps outside kiosk	Allows adding apps from outside the kiosk (multi-app and single-app mode only).	Multi-app mode — fully managed: Android 6 and higher Single-app mode — fully managed Samsung devices: Android 6 and higher Single-app mode — fully managed non-Samsung devices: Android 9 and higher
Utility settings	Controls settings related to OS behavior in the kiosk. Values System status bar (default off). Enables the system status bar. Notification bar (default off). Enables notifications. Power off (default off). Enables the power off button. Home button (default off). Enables the home button. Recent apps (default off). Enables the recent app button, also known as the Recents button. Keyguard (default off). Allows the Lock screen policy to apply to the device. If turned off, the device doesn't won't be protected by a lock screen, and the device user can access the device without first unlocking it.	Android 9 and higher
Settings menu preferences	Allow users to access the following settings while in kiosk mode (multi-app and single-app mode only). Values Wi-Fi NFC Device maintenance Google account setup Flashlight Location Lockscreen Mobile networks Blue light Smart view Bluetooth Mobile data Hotspot Time zone Accessibility Display Sound Airplane mode Language	Multi-app mode — fully managed: Android 6 and higher Single-app mode — fully managed Samsung devices: Android 6 and higher Single-app mode — fully managed non-Samsung devices: Android 9 and higher
Advanced settings	Allows control of advanced settings while in kiosk mode. Values Delete Kiosk app when policy is removed Turn screen on when plugged in AC charger USB charger Wireless charger Use HTTP Proxy (web mode only)	Multi-app mode — fully managed: Android 6 and higher Single-app mode — fully managed Samsung devices: Android 6 and higher Single-app mode — fully managed non-Samsung devices: Android 9 and higher Web mode — fully managed: Android 6 and higher

Setting	Description	Supported system
Add or delete account	Allows device users to add or delete accounts. Values Allow (default) Don't allow	Android 8 and higher
Account type allowlist and blocklist	Specifies a list of apps to allow or block on devices. Values Allow (default) Don't allow	Android 8 and higher
> Account types	Specifies the account types to allow or block on devices. Values Enter account types	Android 8 and higher
> Select accounts to allow in Google Play	Specifies the accounts to allow on devices. Values Allow all (default) Allow only Managed Google Play account Allow Managed Google Play and selected accounts	Android 8 and higher
>> Accounts	Specifies the accounts to allow when you select Allow Managed Google Play and selected accounts option in the Select accounts to allow in Google Play setting. Values Enter account types	Android 8 and higher
User deletion	Specifies if deletion of users is allowed. Values Allow (default) Don't allow	Android 8 and higher

Device

System settings

Values

Values

Values

Values

Values

Values

Values

Values

Values

Values

Values

Values

Wallpaper

Values

Values

Values

Values

Values

Notification

Values

Values

Values

Values

Values

Values

Values

Hardware controls

Call and message

Security

Security settings

Values

Values

Lock screen

Values

Values

Values

Values

Values

Values

Values

Values

Values

Values

Connectivity

Connection settings

Values

Values

Values

Values

Values

Values

Values

Values

Values

Values

Wi-Fi

Values

Values

Values

Values

Values

Values

Values

Location

Location settings

Values

Values

Values

App

App controls

Values

Values

Values

Values

Values

Values

Values