Policy Details

Print Friendly, PDF & Email

To know the types and details of the policies, navigate to the Edit Policies tab, which includes all policies. The policies are also differentiated into different sections for better understanding such as: Password, Policy for Device Application, Policy for App Stores, Policy for Downloaded Apps, Policy for ADO enabled devices, and Policy for KNOX supported devices.

Policy for ADO enabled devices, and Policy for KNOX supported devices.

Sections Description
All This section shows all the policies available in Seqrite mSuite. Shows all the policy options available in the Seqrite mSuite console. Options include Password, Device, Device Applications, and App Security. You can choose any of the policies listed here. The All policies section includes the Inherit From option to inherit a policy from the drop-down list of already created policies.

Select this option to inherit the policy from earlier created policies.

(1) Click the Select All option on the right side of the Edit Details tab if you want to select all the policies. It includes all the policies related to Password, Devices, Device Applications, and App Security. To know more about these policies, see Password Policy, Device policy, Device Application policy, App Security policy, ADO Security, and KNOX Security.

(2) Inherit From: Allows to inherit the password policy from already created policies. While creating a new policy, you can select the Inherit From list to inherit the policies from already created policies.

Password Shows all the policies related to the password criteria. You can turn on the policies as per your requirement.
Policy for Device Applications Lists the policies related to the device. You can turn on the policies as per your requirement.
Policy for App Stores This policy lists the policies related to the device applications. You can turn on the policies as per your requirement.
Policy for Downloaded Apps This policy defines more about security of the downloaded apps. You can turn on the following policy as per your requirement.
Policy for ADO enabled devices The ADO policy is applicable to those devices where Seqrite mSuite Agent is the device owner.

(1) All the ADO policies are superscripted with “D” for easy identification.

(2) This policy is applicable to the devices where the Seqrite mSuite Agent is the device owner. Also, check on the Seqrite mSuite console the specific OS versions of the devices to which this policy can be applied.

Policy for KNOX supported devices The KNOX policies are applicable to the Samsung KNOX-supported devices. (1) All the KNOX policies are superscripted with “K” for easy identification.

Seqrite mSuite supports the following policies:

Requires Password

This policy applies a screen lock and sets the password on the device. Different password types are Low, Medium, and High. After applying this policy on the device, the user has to set the password as per the type of the password suggested. If the user has not applied this policy, the device will be shown as the Non-compliant device.

The following are the three values of the password:

  • Low: A less secure option. You can set the Pattern, Pin, or Password for the device screen lock.
  • Medium: A secure option. You can set the Pin or Password for the device screen lock.
  • High: The most secure option. You can set only the Password for the device screen lock.

Password Minimum Length

To set the length of the password, turn on the Password Minimum Length policy. This policy is dependent on the Requires Password policy. After applying this policy on the device, the user must set the password as per the recommended password length.

  • If the password type is Low, then the password length must be in between 4 to 16.
  • If the password type is Medium, then the password length must be in between 6 to 16 alphanumeric letters.
  • If the password type is High, then the password length must be in between 8 to 16 letters. The user has to set the password with at least one character, one numeric, and one special character.

Note: The user must apply settings as per the policy. Otherwise, the device will be shown as non-compliant device.

Password Age

To set the age limit of the password, turn on the Age policy. You can apply an age limit till a specific period. This policy is dependent on the Requires Password policy. After applying this policy on the device, the user has to set the age of the password. The age of the password can be 15 Days, 30 Days, 45 Days, and 90 Days. After the specified time expires, the user should reset the password. Otherwise, the device will be shown as a non-compliant device.

Device Autolock

To lock the device automatically after a preset idle time, turn on the Autolock policy. This policy dependents on the Requires Password policy. After applying this policy on the device, if the device screen remains idle for the selected time, then the device will be automatically locked. The time can be 15 Sec, 30 Sec, 1 Min, 2 Min, 5 Min, 10 Min, and 30 Min.

Password History

To maintain a history of old passwords and to restrict the user from using the old passwords, turn on the Password History policy. After applying this policy, the device saves the selected number of old passwords given in the list. The values given in the list are 2, 3, 4, and 5. This policy is applicable only on iOS devices.

Block Voice Dialing from Lock Screen

To block voice dialing, turn on the Block Voice Dialing on Lock Screen policy. After applying this policy on the device, the user will not be able to use voice dialing when the device is locked with a password. This policy is dependent on the Require Password policy. This policy is applicable only to the Supervised iOS devices.

Block USB Connection

To block the device from connecting to other devices through USB, turn on the Block USB Connection policy. After applying this policy on the device, the user will not be able to connect to any device through USB. If the user tries to connect to any device through USB, then the device will be locked and the device password will get reset.

If this policy is applied to the KNOX devices, the device user would not be able to detect or transfer the data through USB connection.

Note:

  • This policy is dependent on the Require Password policy.
  • This policy may or may not be applicable to some of the devices.
  • For ADO devices, this policy is applicable only when the device OS version is 6 or later.
  • This policy is applicable to the non-ADO devices with OS 6 and earlier versions.
  • For Android 10 and above, the password policy will be applied only if ADO is enabled. Ensure that ADO is enabled before you apply the password policy.

Block Safe Mode

To restrict the access of Safe Mode on the selected device, turn on the Block Safe Mode policy. This policy is dependent on the Requires Password policy. After applying this policy on the device, the user device will be blocked and asked to set the password as per the password policy. After setting the password, the user will not be able to access the Safe Mode. The access to Safe Mode will be permanently blocked. If you do not want to block the Safe Mode access for a specified user, then revoke the policy for that user.

If this policy is applied to the KNOX devices then, those device users will not be able to access the Safe Mode.

Note:

  • To apply this policy, it is mandatory that the Requires Password type must be set to Medium or High.
  • For ADO devices, this policy is applicable only when the device OS version is 6 or later.
  • For non-ADO devices, this policy is applicable only when the device OS version is 6 or earlier versions.
  • This policy may or may not be applicable to some of the devices.

Block Camera

To block the use of camera, turn on the Block Camera policy. After applying this policy on the device, the user cannot use the camera on the device. If the user tries to launch the device camera, the Seqrite mSuite will automatically close it.

Note:

  • For Android 10 and above, the camera can be blocked only if ADO is enabled. Ensure that ADO is enabled before you apply the Block Camera policy.

Block Face Time

To block the use of Face Time app on iOS devices, you can enable this policy. It dependents on Block Camera policy.

Block Factory Reset from Device Setting

This policy disables the Factory Reset option on the device. Thus, the device user cannot factory reset the device. The Restrict Factory Reset policy is applicable only to the devices where Seqrite mSuite Agent is the Device Owner or to the Samsung KNOX supported devices or to the Supervised iOS devices.

Note: This policy is applicable to non-ADO Android devices with OS 6 or earlier versions.

Block Bluetooth

To block the usage of the Bluetooth, turn on the Block Bluetooth policy. After applying this policy on the device, the user cannot switch on the Bluetooth mode on the device. If the user tries to use Bluetooth on the device, then the Seqrite mSuite will automatically close it for security. The Block Bluetooth policy is applicable to the KNOX devices and also to the Android ADO devices where Seqrite mSuite Agent is the device owner.

Block Configuring Bluetooth

The Blok Configuring Bluetooth policy can be enabled only when the Block Bluetooth policy is turned off. To restrict the user from configuring the Bluetooth on the device, turn on the Restrict Bluetooth Configuration policy.

If this policy is applied, the user cannot pair with new Bluetooth devices, but can connect with already paired devices.

This policy is applicable to KNOX devices as well as to the ADO devices where Seqrite mSuite Agent is the device owner.

Block Wi-Fi

To block the usage of Wi-Fi, turn on the Block Wi-Fi policy. After applying this policy on the device, the user cannot switch on the Wi-Fi. If the user tries to use the Wi-Fi on the device, Seqrite mSuite will automatically close it.

Block Open Wi-Fi

To prevent the user from connecting to the available open Wi-Fi networks, turn on the Block Open Wi-Fi policy. After applying this policy on the device, the user will not be able to connect to any open Wi-Fi network.

Block Mobile Hotspot

To block the usage of the Mobile Hotspot, turn on the Block Mobile Hotspot policy. After applying this policy on the device, the user cannot switch on the mobile Hotspot. If the user tries to use the mobile Hotspot on the device, Seqrite mSuite will automatically close it.

Note: This policy is applicable only to the Samsung devices that support KNOX.

Block NFC

To block the usage of NFC, turn on the Block NFC policy. If this policy is applied on the device, the NFC option gets disabled.

Note: This policy is applicable only to the Samsung devices that support KNOX.

Block Mobile Data while Roaming

To restrict the user from accessing the mobile data while roaming, turn on Block Mobile Data while Roaming policy. When this policy is applied on the device, the user cannot turn on their mobile data in roaming.

Note: This policy is applicable to KNOX devices and the devices where Seqrite mSuite Agent is the device owner and the device OS version is 7(Nougat) or later.

Block Auto-Sync while Roaming

After applying this policy on the device, the user cannot auto-sync the mobile data in roaming. The auto-sync option will be disabled for the user if this policy is applied. You can apply this policy to the Android as well as Supervised iOS devices.

Block Outgoing Call in Roaming

To block the voice roaming or outgoing calls when the user is in roaming, turn on the Block Outgoing Call in Roaming policy. After applying this policy on the device, the user cannot make outgoing calls or voice roaming during roaming. If the user tries to use the Voice Roaming or Outgoing calls on the device while roaming, then Seqrite mSuite will not allow the user to make the calls.

Note: This policy is applicable only to the Android devices.

Location Service (GPS)

This policy helps to enable or disable the location services option on the device. You can apply this policy as follows:

  • Always ON: To allow the device user to use the location services continuously, select this option.
  • Always OFF: To completely block the device user from using the location services, select this option.

Note:

  • This policy is applicable to the Android devices.
  • This policy is applicable to both ADO and KNOX supported devices.

Sync Frequency

To set the frequency of the reports from the server, turn on the Sync Frequency policy. After applying this policy on the device, the device will send the reports (scan /non-compliance reports) to the server at the selected intervals. The frequency intervals are 4 hours, 8 hours, 16 hours, 24 hours, and 48 hours. If the user turns off this policy, then the server will send reports only in 24 hours.

Note: This policy is applicable only to the Android devices.

Block Certificate

To block the unwanted downloads of certificates on the device from the untrusted websites, turn on the Block Certificate policy. This policy is device specific as follows:

  • iOS device: In iOS devices, this policy blocks untrusted TLS certificate.

Block Screen Capture

To block screen capturing on the device, turn on the Block Screen Capture policy. If this policy is applied on the device, the user cannot capture any screenshots.

Note:

  • This policy is applicable only to the ADO and KNOX supported devices.
  • This policy is not applicable to the non-ADO devices with OS 6 and earlier versions.

Block Text Copy and Paste

To block the copy and paste of the text on the device, turn on the Block Text Copy and Paste policy. After applying this policy on the device, the user will not be able to copy and paste the text on the device.

Note: This policy is applicable only to the Android devices. However, this policy would not work on Android 10 and above.

Block iTunes App

To hide the iTunes app on the Supervised iOS devices, turn on the Block iTunes App policy. After applying this policy on the device, the user will not be able to view/access the iTunes app on the device.

Block App Store

To hide the app store on the Supervised iOS devices, turn on the Block App Store policy. The app store will be blocked, and the user will not be able to view/access anything from the App store for iOS devices.

Set Google Account

To configure a Google account on the user’s Android device, turn on the Set Google Account policy. After applying this policy, the user must configure the Google account manually on the device. If the user does not configure the Google account, the device will go in non-compliance mode.

Block Primary Microphone

To block the primary microphone on the user’s Android device, turn on the Block Primary Microphone policy. After applying this policy, the user will not be able to use the microphone on the device.
Note:

  • This policy is applicable to the ADO and KNOX supported devices.
  • This policy is not supported by Lenovo devices.

Block Siri

To block Siri application on the iOS device, turn on the Block Siri policy. After applying this policy on the device, the user will not be able to delegate any request or action to Siri. You can select the available options to block Siri: Always and When Locked.

  • Always: With this option, Siri will be entirely blocked on the users’ device.
  • When Locked: With this option, Siri will be blocked only when the device is locked.

Device Time-out

This policy is to ensure that the device remains connected to the server when the device is not communicating with the server for the specified number of days, then the device will be in the non-compliance mode. Select the number of days from the available options; 1, 2, 3, 5, and 7 days. After you select the days, the device will remain disconnected for the specific duration and after that, the device will go into the non-compliance mode. This policy is applicable to the Android and iOS devices.

Set Auto Time Zone

To set automatic date, time, and time zone on the user Android device, turn on the Set Auto Time Zone policy. After applying this policy, if the user sets the time and date or time zone manually, then the device will go into the non-compliance mode.

  • If this policy is applied to the devices with KNOX operating system, the device user would be restricted from editing or updating the time zone or date and time on the device.
  • If this policy is applied to the ADO devices where Seqrite mSuite Agent is the device owner, the device user would be able to turn it off, but within 30 seconds the auto time zone is turned on automatically by Seqrite mSuite Agents.

Block Profile Switch

At times, the user may have multiple user profile on a single device and can easily switch between the profiles. To restrict the user from switching to different user profiles, turn on the Restrict Profile Switch policy.

Note: This policy is applicable to the ADO and KNOX supported devices.

Device Accessibility Service & App Usage

With this policy, the user is forced (Strict) or notified (Notify) to apply the accessibility and app usage services within the defined time. The user can be forced or notified to apply the services within the set number of days, hours, minutes, or seconds.

Block Accounts Modification

To restrict user from modifying any user profile, turn on the Block Accounts Modification policy. When this policy is applied on the device, the user will not be able to make any changes to the user profile. This policy is applicable to those devices where Seqrite mSuite Agent is the device owner or Supervised iOS devices or Knox supported devices.

Block USB Debug Mode

To restrict the user from accessing the debug mode when the device is connected to the system, turn on the Block USB Debug Mode policy. If this policy is applied, the user will not be able to use the USB Debug Mode on the device.

Note: This policy is applicable to both, the KNOX Samsung devices and ADO supported devices where the Seqrite mSuite Agent is the device owner.

Block App Control

To restrict the user from installing or uninstalling the apps from their device, turn on the Block App Control policy.

Note: This policy is applicable to the ADO supported devices where the Seqrite mSuite agent is the device owner.

Block Adding New User Profile

To restrict the user from creating new user profile, turn on the Block Adding New User Profile policy. This policy is applicable to all ADO enabled devices.

Block deletion of user profile

To restrict the user from deleting any user profile, turn on the Block deletion of user profile policy. If this policy is applied on the device and the user tries to delete the user profile, the device will go in non-compliance mode.

Note: This policy is applicable to both, the KNOX Samsung devices and ADO supported devices where the Seqrite mSuite Agent is the device owner.

Block Configuring Mobile Data Setting

To restrict the user from configuring the mobile data on the device, turn on the Block Configuring Mobile Data Setting policy. This policy is applicable to the ADO enabled devices where Seqrite mSuite Agent is the device owner.

Block Outgoing Calls

To restrict the user from making any outgoing call, turn on the Block Outgoing Calls policy.

Note: This policy is applicable to both, Samsung KNOX and the ADO supported devices where the Seqrite mSuite Agent is the device owner.

Block Mounting Physical Media

To restrict the user from mounting any physical media on the device, turn on the Block Mounting Physical Media policy.

Note: This policy is applicable to the Samsung KNOX supported devices.

Wi-Fi On in Sleep Mode

To keep the Wi-Fi on even in sleep mode, turn on the Wi-Fi On in Sleep Mode policy. If this policy is applied, the user cannot change the Wi-Fi settings and it will be kept on in sleep mode. To do more customization with this policy, following options are available:

  • Always: Select this option to access Wi-Fi continuously.
  • Never: Select this option to completely block the Wi-Fi usage.
  • Only When Plugged In: Select this option to allow Wi-Fi only when the device is plugged in to the charger.

Note: This policy is applicable to both, Samsung KNOX and the ADO supported devices where the Seqrite mSuite Agent is the device owner.

Block Notification Area

To restrict the device user from viewing any notifications and block the notification area on the device, turn on the Block Notification Area policy.

Note: This policy is applicable to both, ADO and KNOX supported devices. For ADO devices, it is applicable where the Seqrite mSuite Agent is the device owner and OS of the device is Marshmallow (6.0) or later.

Block Cellular Data

To restrict the apps and services, on user device, from using cellular data to connect to the Internet, turn on the Block Cellular Data policy. When this policy is applied, the device user cannot access Internet using Cellular Data.

Note: This policy is applicable to the Samsung KNOX supported devices.

Block Mock Location

Mock Locations allow the device users to show the fake location of their device with the help of GPS and network operator. To restrict device user to create the mock location of their device, turn on the Block Mock Location policy.

Note: This policy is applicable to the Samsung KNOX supported devices.

Block Outgoing MMS and SMS

To restrict the incoming or outgoing MMS and SMS on the user device, turn on the Block Outgoing MMS and SMS policy.

Block Airplane Mode

Airplane Mode disconnects call and SMSs and, in some devices, it also disables Wi-Fi and Bluetooth. Thus, to restrict the device user from accessing Airplane Mode on the device turn on the Block Airplane Mode policy.

Note: This policy is applicable to the Samsung KNOX supported devices.

Block Notification on Lock Screen

When this policy is applied, the user will not be able to view the earlier notifications or today’s events when device screen is locked. This policy is applicably only to the Supervised iOS devices.

Block Control Center on Lock Screen
To block the control center on the locked screen, turn on this policy. When this policy is applied, the device user will not be able to view the control center if the device screen is locked. You can apply this policy only to the Supervised iOS devices.

Block Safari

To hide the Safari app on the user device, mSuite Admin can turn on the Block Safari policy.

Block App Uninstallation

To restrict the Seqrite mSuite Agent uninstallation by any unauthorized user, turn on this policy. This policy is applicable only to the iOS Supervised devices.

Block iMessage

With this policy you can block the iMessages on Supervised iOS devices. The user will not be able to view any iMessages.

Block Apple Books

To block the Apple books on the supervised iOS devices, turn on the Block Apple Books policy. The user will not be able to access any Apple books on the device.

Block In-app Purchase

To restrict the user from making any in-app purchase from the device, turn on the Block in-app Purchase policy. The device user will not be able to perform any in-app purchase from the device. This policy is applicable only to the supervised iOS devices.

Block Backup to iCloud

To restrict the user from automatically placing the device backup on iCloud, turn on the Block Backup to iCloud policy. This policy will put restriction on iCloud functionality. You can apply this policy only to the Supervised iOS devices.

Note: Policies superscripted with “D” and “K” alphabets are applicable only to the ADO enabled and KNOX-supported devices. Such policies are not applicable to non-ADO and non-KNOX devices.

History

The History tab on the Policy Details page allows you to view the history of the created policies. You can also view the history of all the versions of the created policies.

To view the history of a policy, follow these steps:

  1. Log on to the Seqrite mSuite console and click Profiles > Policies > Edit icon > History.

The policy history list is displayed with the information about the version, created on, created by and action on the policy. The available action item is View (eye-shaped icon). This action helps you to view the entire details of the policy.

Clicking the View icon will navigate you to the Policy History page. The Policy History page shows Versions list, the policy created date, created by, comments and all the policy details.

Was this page helpful?

Leave a Comment