| Note: |
|---|
| You need to configure normal policies before configuring AMA policies. |
AMA Policies
| Sections | Description |
|---|---|
| All | Lists all the AMA policies available in Seqrite Enterprise Mobility Management (mSuite). |
| Password Policy | Lists the policies related to the password criteria. You can turn on the policies as per your requirement. |
| Device Functionality | Lists the device policies that can be controlled using AMA API for functions such as camera, audio, call, SMS, and other settings. |
| Device Location | Lists the policies related to the device location. |
| Device Network | Lists the policies related to device connectivity. |
| Keyguard Management | Lists the policies related to keyguard. |
| Device Sync & Storage | Lists the policies related to storage, debugging, and file transfer. |
Password type
This policy applies a screen lock and sets the password on the device. Different password types are specified. After applying this policy on the device, the user has to set the password as per the type of the applied password policy. If the device user does not apply the policy applied by the admin, the device will be shown as a non-compliant device.
The following are the available password policy options that you can set for the device user:
- PIN/Password: Set password with numbers for PIN or a combination of numbers, letters, and symbols.
- Alphabetic: Set password with at least one letter and a combination of numbers, letters, and symbols.
- Alphanumeric: Set password with at least one number and a combination of numbers, letters, and symbols.
- Custom: Set password as configured in the policy.
| Note: |
|---|
| Each time the admin changes the password type from a lower to a higher security level, the device user gets a notification and the apps are disabled until the user sets a new password that meets the conditions of the applied policy. Device users can access only Google, Phone, and Play store apps. Refer to the images. |
Password Minimum Length
To set the length of the password, turn on the Password Minimum Length policy. This policy is dependent on the Password type policy. After applying this policy on the device, the user must set the password as per the recommended password length.
- If the password type is PIN/Password, then the password length must be in between 4 to 16.
- If the password type is Alphabetic, then the password length must be in between 8 to 16.
- If the password type is Alphanumeric, then the password length must be in between 8 to 16.
- If the password type is Custom, then the password length must be in between 8 to 16.
| Note: |
|---|
| The user must apply settings as per the applied policy. Otherwise, the device will be shown as a Non-compliant device. |
Minimum Letters
This policy is enforced only for Custom type password and specifies the minimum number of letters in the password.
Minimum Lower Case Letters
This policy is enforced only for Custom type password and specifies the minimum number of lower-case letters in the password.
Minimum Upper Case Letters
This policy is enforced only for Custom type password and specifies the minimum number of upper-case letters in the password.
Minimum Non-Letter Characters
This policy is enforced only for Custom type password and specifies the minimum number of non-letter characters (numbers or symbols) in the password.
Minimum Symbols
This policy is enforced only for Custom type password and specifies the minimum number of symbols in the password.
Minimum Numeric Characters
This policy is enforced only for Custom type password and specifies the minimum number of numerical digits in the password.
Password Age
To set the expiry age for the password, turn on the Password Age policy and then select the expiry age for the password such as 15 Days, 30 Days, 45 Days, and 90 Days.
This policy is dependent on the Password type policy. After the specified time expires, the user must reset a new password. Otherwise, the device will be shown as a non-compliant device.
Minimum Time To Lock
To lock the device automatically after a preset idle time, turn on the Minimum Time To Lock policy.
This policy is dependent on the Password type policy. After applying this policy on the device, if the device screen remains idle for the selected time, the device will be automatically locked. The time can be set to 1 min, 2 mins, 5 mins, 10 mins, and 15 mins.
Password History
To maintain a history of old passwords and to restrict the user from using the old passwords, turn on the Password History policy.
After applying this policy, the device saves the selected number of old passwords given in the list. You can save up to ten old passwords. The user will not be able to set a password that is already saved in the history. A value of 0 indicates that there is no restriction.
Camera Access
To allow or restrict camera usage, turn on the Camera Access policy and select the appropriate option as required.
- If the camera access is set to User Choice, then the user can access the camera.
- If the camera access is set to Disabled, then the camera access is blocked for the user.
- If the camera access is set to Enforced, then the user can access the camera.
Block Volume Button
To disable the volume adjustment done by the user, turn on the Block Volume Button policy.
Microphone Access
To allow or restrict microphone usage, turn on the Microphone Access policy and select the appropriate option as required.
- If the option is set to User Choice, then the user can mute or unmute the microphone.
- If the option is set to Disabled, then the user cannot unmute the microphone.
- If the option is set to Enforced, then user can unmute the microphone.
Block User Profile Icon
To restrict the user from changing the profile icon, turn on the Block User Profile Icon policy.
Block Wallpaper
To restrict the user from changing the wallpaper, turn on the Block Wallpaper policy.
Block Feature Access on Lock
To restrict the user from applying the keyguard features, turn on the Block Feature Access on Lock policy and select the appropriate options as required from the list.
Keep Screen On while Charging
To keep the device display on, during charging, turn on the Keep Screen On while Charging policy and select any one or all options from the list. The device display remains on during charging by the selected modes.
- If the option is set to AC, then the device display is on during charging by AC adapter.
- If the option is set to USB, then the device display is on during charging by USB port.
- If the option is set to Wireless, then the device display is on during by charging in wireless mode.
Block Creating Window
To block creation of windows other than app windows, turn on the Block Creating Window policy.
Block Factory Reset
To restrict the user from resetting the device to factory settings, turn on the Block Factory Reset policy.
Factory Reset Protection Admin Mail
To restrict the user from using any email account other than the admin, after factory reset, turn on the Factory Reset Protection Admin mail policy.
| Note: |
|---|
| Factory Reset Protection Admin Mail policy will not apply if the admin runs Wipe or Uninstall Device Management options from the Device Details page. The device then becomes a normal device without AMA enrolment. |
Block Outgoing call
To restrict the user from making outgoing calls, turn on the Block Outgoing call policy.
Block Outgoing SMS
To restrict the user from sending SMS, turn on the Block Outgoing SMS policy.
Block Mount physical media
To restrict the user from using physical media, turn on the Block Mount physical media policy.
Unknown sources installation
To control the installation from unknown sources, turn on the Unknown sources installation policy and select the required option.
- If the option is set to Disallow untrusted app installation, then installation from unknown sources is restricted.
- If the option is set to Allow untrusted app installation, then installation from unknown sources is allowed on the device.
Block Developer Options
To restrict the user access to the developer settings, turn on the Block Developer Options policy.
Block Location Sharing
To restrict sharing of the device location, turn on the Block Location Sharing policy.
Location Service (GPS)
To control the tracking of the device, turn on the Location Service (GPS) policy and select the required option.
- If the option is set to User Choice, then the location sharing depends on the user’s selection.
- If the option is set to Enforced, then the device location sharing is always enabled.
- If the option is set to Disabled, then the device location cannot be shared.
Block Bluetooth
To restrict the use of Bluetooth on the device, turn on the Block Bluetooth policy.
Block Network Reset
To restrict the user from resetting the network, turn on the Block Network Reset policy.
Block Screen Capture
To restrict the user from taking screenshot on the device, turn on the Block Screen Capture policy.
Block Mobile Network Config
To restrict the user from changing network configuration settings, turn on the Block Mobile Network Config policy.
Block Config of Cell Broadcast
To disable wireless emergency alerts, turn on the Block Config of Cell Broadcast policy.
Block Wi-Fi Settings
To restrict the user from changing Wi-Fi configuration settings, turn on the Block Wi-Fi Settings policy.
Play Protect App Verification
To control the app verification process, turn on the Play Protect App Verification policy and select from the following required option.
- If the option is set to Allows the user to choose whether to enable app verification, then user can opt for app verification.
- If the option is set to Force-enables app verification, then the app verification is mandatory.
Block Auto Date & Time
To control the user from changing the date and time of the device, turn on the Block Auto Date & Time policy and select the required option.
- If the option is set to Auto date, time and time zone are left to the user’s choice, then the user can change the date and time on the device.
- If the option is set to Enforce auto date, time and time zone on the device, then network timings are set on the device and user cannot change the date and time.
Block Tethering config
To control the use of the device as a Wi-Fi hotspot, turn on the Block Tethering config policy.
Block USB File Transfer
To restrict the file transfer from the device, turn on the Block USB File Transfer policy.
System Update Type
To control update install behaviour, turn on the System Update Type policy. The following options are available:
- Automatic: Set this option to automatically install updates as soon as they are available.
- Windowed: Set this option to install updates in the maintenance window.
- Postpone: Select this option to postpone automatic installation of updates by 30 days.
System Update Window Start Minutes
If the System Update Type is selected as Windowed, turn on the System Update Window Start Minutes policy and then set the start timings for the maintenance window between 0 and 1439 minutes after midnight.
System Update Window End Minutes
If the System Update Type is selected as Windowed, turn on the System Update Window End Minutes policy and then set the end timings for the maintenance window between 0 and 1439 minutes after midnight. If the specified time for the window is smaller than 30 minutes, then the time is automatically extended to 30 minutes beyond the start time.
Block Usage of Non-Compliance Devices After (days)
To block the devices automatically that do not comply with the policies after the specified days, turn on Block Usage of Non-Compliance Devices After (days) policy.
Wipe Non-Compliance Devices After (days)
To wipe the data on the non-compliant devices after the specified days, turn on the Wipe Non-Compliance Devices After (days) policy.
Block Accounts Modification
To restrict Google account additions to the device, turn on Block Accounts Modification . If enabled, the user cannot add another Google account to Play Store.