Android policies
Last updated April 3rd, 2024
System
Setting | Description | Supported system |
---|---|---|
Camera |
Allows the device user and apps to operate the camera. Values
|
Android 8 and higher |
Screen capture |
Allows the device user and apps to take screenshots. Values
|
Android 8 and higher |
Developer mode |
Allows the device user to toggle developer mode. Values
|
Android 8 and higher Knox 2.0 and higher |
Factory reset |
Allows the device user to factory reset the device. Values
|
Android 8 and higher |
Date and time |
Allows the user to adjust the clock and current date. Values
|
Android 8 and higher |
System updates |
Determines the schedule for firmware updates on the device. Values
Additionally, you can schedule one or more freeze periods, which are stretches of time where the device won't apply any firmware updates, on top of whichever update setting you select. These periods will recur every year. You can configure as many freeze periods as you need.
Click ADD ANOTHER PERIOD to schedule an additional freeze period. |
Android 8 and higher |
Connectivity
Setting | Description | Supported system |
---|---|---|
Wi-Fi |
Controls Wi-Fi availability. Values
|
Android 8 and higher Knox 1.0 and higher |
Bluetooth |
Controls Bluetooth availability. Values
|
Android 8 and higher |
USB file transfer |
Allows the device user to transfer files between the device and other devices through USB. Charging through the USB connector isn't affected. Values
|
Android 8 and higher |
External SD card |
Allows the device user to mount storage media connected through the SD card slot. Values
|
Android 8 and higher |
Wi-Fi
Sets up a Wi-Fi policy on the device, which are preset Wi-Fi configurations that contain an SSID, password, security type, proxy, and connection behavior of a network or access point.
Each unique SSID requires a separate policy. Click ADD WI-FI POLICY to add configure additional networks or access points. You can add or edit up to 10 policies.
Setting | Description | |
---|---|---|
Policy name |
Determines the name of the policy. ValuesEnter a unique name for the policy. The name must:
|
|
Network name (SSID) |
Determines the name of the policy. ValuesEnter a name. So that Knox Manage can correctly process and store the name, it must:
|
|
Description |
Specifies a description for the policy that is displayed on the Knox Manage console. ValuesEnter a description up to 1,000 characters long. |
|
Security type |
The security protocol of the Wi-Fi network. This value must match the actual security protocol that the network uses. Values
|
|
Password |
The password of the Wi-Fi network. This value must match the actual password that the network uses. Only available if Security type is set to WPA/WPA2-PSK. ValuesEnter the password. So that Knox Manage can correctly process and store the password, it must:
|
|
Proxy configuration |
The Wi-Fi network's proxy. This value must match the actual proxy settings that the network uses. Values
|
|
Additional settings |
Assigns extra settings that control how the device interacts with the Wi-Fi network. Values
|
Setting | Description | Supported system |
---|---|---|
Screen lock policies |
Turns on settings related to the lock screen. |
Android 8 and higher |
Set minimum complexity |
Enforces the minimum complexity for the device's lock. There are three complexity levels, each pre-defined by the Android API. The device user must set a lock that meets or exceeds the minimum level. You can enable this setting and the Set minimum strength at the same time. If you do so, this setting will apply to any assigned devices that are running Android 12 and higher, while Set minimum strength will apply to any devices running Android 8 to 11. Only available if Screen lock policies is turned on. Values
|
Android 12 and higher |
Set minimum strength |
Enforces the minimum strength for the device's lock. Each strength level uses a lock type with minimum strength requirements. For PINs and passwords, you can further define the minimum length and complexity requirements across multiple parameters. The device user must set a lock that meets or exceeds the minimum strength. The password strength increases in the following descending order of the available values, with Weak Biometric being the weakest, and Complex being the strongest. You can enable this setting and the Set minimum complexity at the same time. If you do so, this setting will apply to any assigned devices that are running Android 8 to 11, while Set minimum complexity will apply to any devices running Android 12 and higher. Only available if Screen lock policies is turned on. Values
Depending on the value selected above, you must also set the parameters of the password strength:
|
Android 8 to 11 |
Screen lock expiration (days) |
Specifies how long the lock will remain active before the device user must change it. Only available if Set minimum complexity is turned on, or Set minimum strength is set to Pattern, Numeric, Numeric Complex, Alphabetic, Alphanumeric, or Complex. ValuesEnter the number of days, between 1 and 365. Default is 30. You can also set:
|
Android 8 and higher |
Unlock attempt limit |
Specifies how many times how many times someone can fail to unlock the device in a row before the device takes action to protect itself. Only available if Set minimum complexity is turned on, or Set minimum strength is set to Pattern, Numeric, Numeric Complex, Alphabetic, Alphanumeric, or Complex. ValuesEnter the number of failed unlock attempts are tolerated, between 1 and 10. Default is 1. You can also set:
|
Android 8 and higher |
Screen lock timer (hours) |
If the lock complexity is low or its strength is weak, specifies how long after the device is unlocked that it relocks. ValuesEnter the number of hours, between 1 and 72. Default is 1. |
Android 8 and higher |
Screen lock history |
Specifies the minimum number of new locks that must be registered before a user can reuse a previous lock. ValuesEnter the minimum number of locks, between 1 and 10. Default is 1. |
Android 8 and higher |
Screen lock compliance violation |
Specifies what happens if the device user sets a lock that violates the minimum complexity or strength requirements. Values
|
Android 8 and higher |
Maximum screen timeout allowed |
Specifies the longest duration that the device user can set for automatic screen timeout and lock. Values
|
Android 8 and higher |
Setting | Description | Supported system |
---|---|---|
Location settings |
Controls the services that track the device's physical location. Values
|
Android 8 and higher |
App restrictions
Setting | Description | Supported system |
---|---|---|
App installation |
Allows the device user to install apps. Values
|
Android 8 and higher |
App uninstallation |
Allows the device user to uninstall apps. Values
|
Android 8 and higher |
Untrusted app sources |
Allows the device user to install Android apps from untrusted sources. This setting doesn't apply to apps on Google Play. Values
|
Android 8 and higher |
Hide apps |
Specifies a list of apps to uninstall from the device and prevent the user from installing. If you or the user have already installed an app to the device, once you hide it, it automatically uninstalls. ValuesSelect one or more apps from the app library. |
Android 8 and higher |
System app reactivation |
Specifies a list of pre-installed system apps to reactivate. Apps specified in the Hide apps list take precedence over this list. ValuesSelect one or more apps from the known list of system apps. |
Android 8 and higher |
Kiosk
Configures the device as a kiosk. As of Knox Manage 23.12, you can only configure single-app kiosks, and the app can only be Knox Browser.
Only one kiosk configuration is allowed in a profile.
Setting | Description |
---|---|
Kiosk package name |
Specifies the single app to offer in the kiosk experience. ValuesEnter the package name. As of Knox Manage 23.12, this value is fixed at com.sds.emm.singleweb — Knox Browser — and can't be changed. |
Default URL |
Specifies the home page of the Kiosk Browser. ValuesEnter a fully-formed URL. You can insert lookup codes for string substitution. |
Basic settings |
Controls settings related to core kiosk behavior. Values
|
Utility settings |
Controls settings related to OS behavior in the kiosk. Values
|
On this page
Is this page helpful?