Back to top
Home / Knox Platform for Enterprise / Knox Service Plugin / Configure advanced policies /

Application management policies

Last updated November 21st, 2023

As part of your mobile application management strategy, you can employ app management policies to control the installation, access, and permissions of apps in the work profile. You can push these policies to an unlimited number of apps in your EMM.

Knox Service Plugin offers the following policies to configure and manage inside a device’s work profile:

  • Set the Enable application management controls to True to enable the following application management settings. If set to False, these management settings will not be configurable.

    • Refer to the Battery optimization allowlist to enter a list of application package names <string> to include in the allow list for battery optimization exemption.

    • Use the Notifications allowlist to stop applications from displaying notifications on the console status bar. All application notifications are blocked except those specified in the allow list. Enter values as a comma separated list, for example, com.xyz, or com.abc, etc. You can also use a wildcard (com.abc*) for multiple applications.

    • Refer to the Install app from personal to work profile setting to install an existing application <string> from the default personal space to the work profile without deice user intervention. Provide a comma separated list of package names if specifying more than one application.

    • Set the following Allow USB devices for application configuration controls to set application configuration access for USB supported devices. Set the following options for USB devices:

      • Provide the Application Name <string> for the package name you would like to allow for USB configuration.

      • Refer to the USB Devices Configuration setting to define the following values allowed USB device access for configuration updates:

        • Set the hex value Product ID <string> for the USB devices allowed application updates.

        • Set the hex value Vendor ID <string> for the USB devices allowed application updates.

    • Use the Application Allowlist by Pkg Name control to allow applications intended for installation on the PO. Specified third party applications not part of the device system image will be allowed when included in a comma separated list. Include a wildcard (com.abc*) for multiple apps. When a currently installed app matches a package name <string> in both the allow and block list, then the allow list has precedence and the package is installed.

    • Use the Application Blocklist by Pkg Name control to block applications <string> by package name and prevent them from being installed on the PO. Specified third party application names not part of the device system image will be blocked when included in a comma separated list. Include a wildcard (com.abc*) for multiple apps. If the package is already installed, the API does not impact the existing package installation.

    • Refer to the Application Allowlist by Signature used control to allow third-party applications intended for installation on the PO based on the application’s signature. Enter values as a comma-separated list. Include a wildcard (com.abc*) for multiple apps. When a currently installed app matches a package signature <string> in both the allow and block list, then the allow list has precedence and the package is installed.

    • Use the Application Blocklist by Signature used control to block applications by signature <string> and prevent them from being installed on the PO. Specified third party application signatures not part of the device system image will be blocked when included in a comma separated list. Include a wildcard (com.abc*) for multiple apps. If the package is already installed, the API does not impact the existing package installation.

    • Refer to the Disable application without user interaction control to disable specific applications <string> without device user interaction. A disabled application is not uninstalled, but it cannot be launched by the device user. The API does not affect the application state. Enter values as a comma separated list, for example, com.xyz, or com.abc, etc.

    • Refer to the Force Stop Blocklist control to prevent the user from stopping specified applications <string>. Stop actions include a force stop in Settings app, stopping through third-party applications, stopping any background process, and stopping any process from the application. Enter the values as a comma separated list. Include a wildcard (com.abc*) for multiple apps in the block list.

    • Refer to the Widget Allowed List and Widget Blocked List to either allow or block a set of widgets. If an allowlist is implemented, all other widgets not matching the list are blocked. Contrarily, if a blocklist is implemented, only the widgets from the list are blocked and any existing widgets are removed. If a widget package name exists in both allow and block lists, it is set to be allowed. Minimum OS version required for this feature is Android 11.

    • Refer to Package Name for Auto-Launch to set an application auto launch after installation. Additionally, specify a component name along with the application package name to launch a specific screen. If no component name is displayed, launcher screen of the application is displayed.

Is this page helpful?