Security Settings for Android Corporate Devices
MobiLock actively partners with OEM's and integrates their SDK's so as to provide additional security settings. Since these are dependent on OEM partnerships and SDK's, these settings are independent of Device Profile and are controlled from a separate section.
Currently MobiLock supports these additional settings on Samsung Knox capable devices, selected Sony and LG Devices. Also some of these settings can be used on EMM devices, that is the devices enrolled via afw#mobilock where MobiLock client application has the Device Owner privileges.
Before You Begin
- Sign In to MobiLock Dashboard
- Depending upon your fleet of device's, enroll a Samsung, Sony or LG device or enroll a device using afw#mobilock.
Managing Secure Settings
- Navigate to Enterprise > Secure Settings
- If you have enrolled any of the supported devices or enrolled a device via afw#mobilock, then you would see those devices listed here. Unless a compatible device is enrolled, you cannot set any of the Global settings.
- On this page you can either set GLOBAL SETTINGS or Settings at a device level. The settings at a device level take precedence over the global settings.
- Select at-least one device and then clicking on the GLOBAL SETTINGS button or the settings icon will show the settings dialog which is divided into 4 sections. The table below explains the various options available,
|Allow users to do Factory Reset*||Security||Choose if the user's are allowed to factory reset the device. On Samsung, Sony and LG, if disabled then it prevents the user's from factory resetting the device by using the ROM recovery method. For normal EMM devices, blocks the Factory Reset option in System Settings.|
|Allow users to boot device in Safe Mode*||Security||Choose if the user's can use the power-off key and boot into safe mode.|
|Allow users to power off the device||Security||Choose if the users are allowed to use the power-off button and switch off the device.|
|Allow users to enable/disable the airplane mode||Security||Choose if the users's can control the Airplane mode from the power-off menu or from system settings.|
|Disable Guest Mode||Security|
|Allow unknown sources*||Security||Choose if the user's are allowed to install android applications from third party apps or directly by downloading apk's.|
|Allow App Uninstallation and Clear App Data||Security||Choose if the user's can uninstall and/or clear the application data of installed applications.|
Note: Disabling this prevents the installations of Play for Work Apps as well. This is a limitation of Android EMM API for now.
|Allow users to use Home Key||Hardware Keys||Choose if the user's can use the Home button on the Android devices.|
|Allow users to use Back Key.||Hardware Keys||Choose if the user's can use the Back button on the Android devices.|
|Allow users to use the app switch key.||Hardware Keys||This setting can be used to block the Recent Key altogether. |
Note that even if this allowed, user's cannot use the key to switch apps. If you want to allow them to switch apps, then please enable the MobiLock's Notification Centre in Device Profile.
|Allow Multi Window||Quick Settings||Choose if user's can use the multi-window feature on some phones/tablets.|
Note that this does not control the latest Split window functionality. There is no API currently that blocks the Split window feature.
|Allow MTP access||USB Settings||Choose if the user can access the media on the device via MTP protocol when connected with a device via USB cable.|
|Allow users to connect via USB cable||USB Settings||Choose if the users can connect the device via USB cable and access the USB storage and other options.|
|Allow USB Debugging mode||USB Settings||Choose if the users can use the USB Debugging feature when connected to a USB cable.|
Note that enabling this does not enable the option, it just allows the user's to enable it from System settings.
|System Update Policy*||OS Update Settings||Select a policy for Android OS Updates. The default is None. You choose between the following options,|
a. Postpone: The OS Upgrade will be postponed by 30 days.
b. Automatic Install Update: The OS Upgrade will be automatically installed.
c. Install within Maintenance Window: Choose a install window within which the OS update can be installed.
Note: This feature does not control the Firmware/OEM patches or updates. This ONLY controls the Android OS updates.
Note: Once this feature is enabled, the user's cannot manually upgrade the OS. The OS Upgrade option in Device Profile will not be usable.