Policies and Restrictions under COPE
In a COPE profile, the enterprise is able to control certain device wide polices, enforce some restrictions on the personal side such as turn off the camera etc. The data and info on the work container created on the company-owned devices will be fully controlled by the IT admin of the organization.
This document describes the policies and restrictions offered under Scalefusion Dashboard that can be applied on COPE devices.
For work profile on corporate owned devices, you need to create a BYOD profile with COPE configurations. To do so,
- Sign In to Scalefusion Dashboard and navigate to Device Profiles & Policies ➞ Device Profiles.
- Click on Create New Profile in the upper right corner or edit an existing BYO profile.
- Under the Android tab, select Personal (BYOD) option. Enter a name for your new Profile and click SUBMIT, to see the profile creator window.
- Here, click on WPCO/COPE on the left menu and click on Create Configuration.
- The policies can be defined under following heads:
- Device Usages
- Installation Policy
- Security Settings
- Update Settings
- General Settings
These are described below:
Configure Personal Usage Schedule
Configure the timeframe for which you can use the personal profile on WPCO/COPE devices. Following are the options. Choose any one:
Configure the maximum number of work off days
Configure the maximum number of days for which the work profile can be disabled. The minimum no. of days for which it can be disabled is, 0.
Once Work profile is manually disabled on the device, you have to enable it manually after said number of days. If you do not enable after set no. of days, the personal side will automatically get disabled. It will be enabled only after the work profile is enabled.
From here you can configure application installation policy to allow or block selected applications' installation on devices. Select one from the following options:
- No Application Policy: No restrictions to installation of apps
- Only Allow selected: Only the selected applications will be allowed to be installed and all other applications will be blocked from installing.
- Block selected: All applications except the selected applications will be allowed to install.
The applications are listed and you can search apps by app name, package. If an application is not listed, it can be added. To do so,
- Click on Add Application button.
- A dialog will be opened for entering the application name and the package name.
- Enter the details and click on Add button.
- This will add and list the application to the Apps list. Enable or disable the toggle to allow or block the app as per policy requirement.
Allow Outgoing Phone Calls
Normally disabling the Phone app will achieve this, however there might be some apps that might attempt to make phone calls. This option lets you completely disable outgoing calls.
Allow Send/Receive SMS
Normally disabling the default messaging app will achieve this, however there might be some apps that can send SMS discreetly. This option lets you completely block the SMS.
Allows a user to connect to a Bluetooth device. User is allowed to enable/disable bluetooth
Allow Bluetooth Sharing
Allows a user to send files via Bluetooth. Outgoing bluetooth sharing is enabled.
Allow Data Roaming
The user is allowed to use cellular data while on roaming.
Network & Security Settings
Allow Mobile Network Changes
Allows user to change mobile network settings if they have access to Settings app.
Allow Tethering From All Sources
Allow users to enable Tethering via USB or Bluetooth.
Allow WiFi Changes
Allow users to modify/change Wifi network from System Settings if they have access to.
This may cause them to lose connectivity and hence it is suggested that you allow them to use Scalefusion's Wifi connection options as a fallback.
Allow Screen Capture
Allows users to capture the screenshots.
The user is allowed to use the Camera
Allow User to enable/disable airplane mode
The user is permitted to enable/disable the airplane mode on device
Allow User to enable/disable Location
If enabled, the user is allowed to enable/disable location
This will work when Force GPS always On is enabled under global location settings.
Allow Location Sharing
If enabled, users are allowed to share locations.
This will work when Enable/disable location tracking is disabled under global location settings.
Allow Unmute Microphone
The user is allowed to unmute microphone and control the volume
Allow user to boot devices in safe mode
The user can boot devices in safe mode by using the power-off key.
USB Device Management
Allow MTP access
The user can access the media on the device via MTP protocol when connected with a device via USB cable.
Allow user to connect device via USB Access
The users can connect the device via USB cable and access the USB storage and other options.
Allow user to connect USB in debuggable mode
If enabled, users can use the USB Debugging feature when connected to a USB cable.
From here you can configure a policy for installing Android OS Updates and control the installation of updates on your managed Android devices. The policies are as follows:
System Update Policy Settings
- None: No policy applies for OS Updates
- Postpone: Postpones the installation of updates by 30 days
- Automatic Install Update: The updates are automatically installed
- Install within maintenance window: Specify the start time and end time and the updates will get installed during that timeframe.
Enable Freeze Period
Freeze period is specified to freeze the system updates for a certain timeframe. During the freeze period, all incoming system updates including security patches are blocked and do not get installed on the device. When a device is outside the freeze period, normal update behavior applies.
To configure freeze period:
- Toggle on the setting Enable Freeze Period, in OS Update Settings
- Enter name in the text field.
- Select Start Date and End Date.
- If you want to add another freeze period, click on the button Add Freeze Period. This will open up a new row for configuring the next freeze window.
- To delete a freeze period, click on the delete icon next to each specified freeze period.
Important Points on Freeze period:
- Freeze period can be enabled only if system update policy is not set to None.
- Maximum freeze window allowed is for 90 days, that is, the end date selection should be 90 days from start date.
- There can be multiple freeze windows. The minimum gap between two freeze windows should be at least 60 days.
- Freeze period will repeat every year until it is deleted.
Configure Automatic Network Time & Timezone
You can configure the time & timezone to be picked up by the device. There are three options to choose from:
Choose Timezone configuration
Enforce a default timezone for the devices from a list of previously created TimeZone configuration [Device Profile & Policies → All configurations → Android Utilities → Timezone Configurations]
Screen Time out Settings
With this setting you can specify a duration of inactivity after which the screen will go to sleep. On the device, users will be able to see and select the options up to the specified duration. The duration can be selected from the drop-down: