General Policies
Seqrite Enterprise Mobility Management has general policies to restrict the change of the configuration of mobile devices and avoid the uninstallation or installation of applications on the devices. For no reason could the user deactivate the device’s GPS, since from the console we would have the exact location of the device. Likewise, there are policies which prevent the user from deactivating or activating some mobile device functionalities.
Security Policies
Seqrite Enterprise Mobility Management has the ability to configure security policies to block mobile device hardware or specific functionalities, such as on/off buttons, volume controls, GPS, camera.
It also applies security policies to mobile applications, as well as browsing web pages, configuring accounts, activating and deactivating applications and the most beneficial thing is to deactivate or activate the functionalities of the applications.
To know the types and details of the policies, navigate to the Edit Policy tab, which includes all policies. The policies are also differentiated into different sections for better understanding such as: Password, Policy for Device, Policy for App Stores, Policy for Downloaded Apps, Policy for ADO enabled devices, and Policy for KNOX supported devices.
Policy for ADO enabled devices, and Policy for KNOX supported devices.
| Sections | Description |
|---|---|
| All | This section shows all the policies available in Seqrite Enterprise Mobility Management. Shows all the policy options available in the Seqrite Enterprise Mobility Management console. Options include Password, Policy for Device, Policy for App Stores, Policy for Downloaded Apps, Policy for ADO enabled devices, and Policy for KNOX supported devices. You can choose any of the policies listed here.
(1) Click the Select All option on the right side of the Edit Details tab if you want to select all the policies. |
| Password | Shows all the policies related to the password criteria. You can turn on the policies as per your requirement. |
| Policy for Device Applications | Lists the policies related to the device. You can turn on the policies as per your requirement. |
| Policy for App Stores | This policy lists the policies related to the device applications. You can turn on the policies as per your requirement. |
| Policy for Downloaded Apps | This policy defines more about security of the downloaded apps. You can turn on the following policy as per your requirement. |
| Policy for ADO enabled devices | The ADO policy is applicable to those devices where Seqrite Enterprise Mobility Management Agent is the device owner.
(1) All the ADO policies are superscripted with “D” for easy identification. (2) This policy is applicable to the devices where the Seqrite Enterprise Mobility Management Agent is the device owner. Also, check on the Seqrite Enterprise Mobility Management console the specific OS versions of the devices to which this policy can be applied. |
| Policy for KNOX supported devices | The KNOX policies are applicable to the Samsung KNOX-supported devices. (1) All the KNOX policies are superscripted with “K” for easy identification. |
Password Policies
Seqrite Enterprise Mobility Management requires an initial password for mobile device protection. For security reasons, the password can be changed remotely. According to the criteria of the Seqrite Enterprise Mobility Management console administrator, the password can be low, medium or high; as well as the length of the password will depend on the criteria taken.
Seqrite Enterprise Mobility Management supports the following policies:
Requires Password
This policy applies a screen lock and sets the password on the device. Different password types are Low, Medium, and High. After applying this policy on the device, the user has to set the password as per the type of the password suggested. If the user has not applied this policy, the device will be shown as the Non-compliant device.
The following are the three values of the password:
- Low: A less secure option. You can set the Pattern, Pin, or Password for the device screen lock.
- Medium: A secure option. You can set the Pin or Password for the device screen lock.
- High: The most secure option. You can set only the Password for the device screen lock.
Password Minimum Length
To set the length of the password, turn on the Password Minimum Length policy. This policy is dependent on the Requires Password policy. After applying this policy on the device, the user must set the password as per the recommended password length.
- If the password type is Low, then the password length must be in between 4 to 16.
- If the password type is Medium, then the password length must be in between 6 to 16 alphanumeric letters.
- If the password type is High, then the password length must be in between 8 to 16 letters. The user has to set the password with at least one character, one numeric, and one special character.
Note: The user must apply settings as per the policy. Otherwise, the device will be shown as non-compliant device.
Password Age
To set the age limit of the password, turn on the Age policy. You can apply an age limit till a specific period. This policy is dependent on the Requires Password policy. After applying this policy on the device, the user has to set the age of the password. The age of the password can be 15 Days, 30 Days, 45 Days, and 90 Days. After the specified time expires, the user should reset the password. Otherwise, the device will be shown as a non-compliant device.
Device Autolock
To lock the device automatically after a preset idle time, turn on the Autolock policy. This policy dependents on the Requires Password policy. After applying this policy on the device, if the device screen remains idle for the selected time, then the device will be automatically locked. The time can be 1 Min, 2 Min, 5 Min, 10 Min and 15 Min.
Password History
To maintain a history of old passwords and to restrict the user from using the old passwords, turn on the Password History policy. After applying this policy, the device saves the selected number of old passwords given in the list. The values given in the list are 2, 3, 4, and 5. This policy is applicable only on iOS devices.
Block Voice Dialing from Lock Screen
To block voice dialing, turn on the Block Voice Dialing on Lock Screen policy. After applying this policy on the device, the user will not be able to use voice dialing when the device is locked with a password. This policy is dependent on the Require Password policy. This policy is applicable only to the Supervised iOS devices.
Block USB Connection
Seqrite Enterprise Mobility Management policy prevents the device from connecting to other devices via USB. The user will not be able to connect to any device through USB, if the user tries to connect to any device through this option, the device is blocked. Therefore this option prevents the transfer of information.
If this policy is applied to the KNOX devices, the device user would not be able to detect or transfer the data through USB connection.
Note:
- This policy is dependent on the Require Password policy.
- This policy may or may not be applicable to some of the devices.
- For ADO devices, this policy is applicable only when the device OS version is 6 or later.
- This policy is applicable to the non-ADO devices with OS 6 and earlier versions.
Block Safe Mode
To restrict the access of Safe Mode on the selected device, turn on the Block Safe Mode policy. This policy is dependent on the Requires Password policy. After applying this policy on the device, the user device will be blocked and asked to set the password as per the password policy. After setting the password, the user will not be able to access the Safe Mode. The access to Safe Mode will be permanently blocked. If you do not want to block the Safe Mode access for a specified user, then revoke the policy for that user.
If this policy is applied to the KNOX devices then, those device users will not be able to access the Safe Mode.
Note:
- To apply this policy, it is mandatory that the Requires Password type must be set to Medium or High.
- For ADO devices, this policy is applicable only when the device OS version is 6 or later.
- For non-ADO devices, this policy is applicable only when the device OS version is 6 or earlier versions.
- This policy may or may not be applicable to some of the devices.
Block Camera
To block the use of camera, turn on the Block Camera policy. After applying this policy on the device, the user cannot use the camera on the device. If the user tries to launch the device camera, the Seqrite Enterprise Mobility Management will automatically close it.
Block Face Time
To block the use of Face Time app on iOS devices, you can enable this policy. It dependents on Block Camera policy.
Block Bluetooth
To block the usage of the Bluetooth, turn on the Block Bluetooth policy. After applying this policy on the device, the user cannot switch on the Bluetooth mode on the device. If the user tries to use Bluetooth on the device, then the Seqrite Enterprise Mobility Management will automatically close it for security. The Block Bluetooth policy is applicable to the KNOX devices and also to the Android ADO devices where Seqrite Enterprise Mobility Management Agent is the device owner.
Block Configuring Bluetooth
The Blok Configuring Bluetooth policy can be enabled only when the Block Bluetooth policy is turned off. To restrict the user from configuring the Bluetooth on the device, turn on the Restrict Bluetooth Configuration policy.
If this policy is applied, the user cannot pair with new Bluetooth devices, but can connect with already paired devices.
This policy is applicable to KNOX devices as well as to the ADO devices where Seqrite Enterprise Mobility Management Agent is the device owner.
Block Wi-Fi
To block the usage of Wi-Fi, turn on the Block Wi-Fi policy. After applying this policy on the device, the user cannot switch on the Wi-Fi. If the user tries to use the Wi-Fi on the device, Seqrite Enterprise Mobility Management will automatically close it.
Note: The policy works for ADO devices when there is a SIM card in the device. Also, the policy works for normal enrollment when there is a SIM card in the device, and the OS is below 10.
Block Open Wi-Fi
To prevent the user from connecting to the available open Wi-Fi networks, turn on the Block Open Wi-Fi policy. After applying this policy on the device, the user will not be able to connect to any open Wi-Fi network.
Block Mobile Hotspot
To block the usage of the Mobile Hotspot, turn on the Block Mobile Hotspot policy. After applying this policy on the device, the user cannot switch on the mobile Hotspot. If the user tries to use the mobile Hotspot on the device, Seqrite Enterprise Mobility Management will automatically close it.
Note: This policy is applicable only to the Samsung devices that support KNOX.
Block NFC
To block the usage of NFC, turn on the Block NFC policy. If this policy is applied on the device, the NFC option gets disabled.
Note: This policy is applicable only to the Samsung devices that support KNOX.
GPS Location Service security policy
In the event of loss or theft, the policies of Seqrite Enterprise Mobility Management GPS record the location of the mobile device, providing information on the last location of the device if the device was turned off or the real-time location if the device is on with a Internet connection. Likewise, send a message to the administrator for any unauthorized changes to the device’s hardware. Finally the equipment is blocked remotely.
This policy helps to enable or disable the location services option on the device. You can apply this policy as follows:
- Always ON: To allow the device user to use the location services continuously, select this option.
- Always OFF: To completely block the device user from using the location services, select this option.
Note:
- This policy is applicable to the Android devices.
- This policy is applicable to both ADO and KNOX supported devices.
Sync Frequency
To set the frequency of the reports from the server, turn on the Sync Frequency policy. After applying this policy on the device, the device will send the reports (scan /non-compliance reports) to the server at the selected intervals. The frequency intervals are 4 hours, 8 hours, 16 hours, 24 hours, and 48 hours. If the user turns off this policy, then the server will send reports only in 24 hours.
Note: This policy is applicable only to the Android devices.
Block Certificate
To block the unwanted downloads of certificates on the device from the untrusted websites, turn on the Block Certificate policy. This policy is device specific as follows:
- iOS device: In iOS devices, this policy blocks untrusted TLS certificate.
Block Screen Capture
To block screen capturing on the device, turn on the Block Screen Capture policy. If this policy is applied on the device, the user cannot capture any screenshots.
Note:
- This policy is applicable only to the ADO and KNOX supported devices.
- This policy is not applicable to the non-ADO devices with OS 6 and earlier versions.
Block Copy and Paste action for text
To block the copy and paste of the text on the device, turn on the Block Text Copy and Paste policy. After applying this policy on the device, the user will not be able to copy and paste the text on the device.
Note: This policy is applicable only to the Android devices.
Block iTunes App
To hide the iTunes app on the Supervised iOS devices, turn on the Block iTunes App policy. After applying this policy on the device, the user will not be able to view/access the iTunes app on the device.
Block App Store
To hide the app store on the Supervised iOS devices, turn on the Block App Store policy. The app store will be blocked, and the user will not be able to view/access anything from the App store for iOS devices.
Set Google Account
To configure a Google account on the user’s Android device, turn on the Set Google Account policy. After applying this policy, the user must configure the Google account manually on the device. If the user does not configure the Google account, the device will go in non-compliance mode.
Block Primary Microphone
To block the primary microphone on the user’s Android device, turn on the Block Primary Microphone policy. After applying this policy, the user will not be able to use the microphone on the device.
Note:
- This policy is applicable to the ADO and KNOX supported devices.
- This policy is not supported by Lenovo devices.
Block Siri
To block Siri application on the iOS device, turn on the Block Siri policy. After applying this policy on the device, the user will not be able to delegate any request or action to Siri. You can select the available options to block Siri: Always and When Locked.
- Always: With this option, Siri will be entirely blocked on the users’ device.
- When Locked: With this option, Siri will be blocked only when the device is locked.
Inactive Time-out
This policy is to ensure that the device remains connected to the server when the device is not communicating with the server for the specified number of days, then the device will be in the non-compliance mode. Select the number of days from the available options; 1, 2, 3, 5, and 7 days. After you select the days, the device will remain disconnected for the specific duration and after that, the device will go into the non-compliance mode. This policy is applicable to the Android and iOS devices.
Set Auto Time Zone
To set automatic date, time, and time zone on the user Android device, turn on the Set Auto Time Zone policy. After applying this policy, if the user sets the time and date or time zone manually, then the device will go into the non-compliance mode.
- If this policy is applied to the devices with KNOX operating system, the device user would be restricted from editing or updating the time zone or date and time on the device.
- If this policy is applied to the ADO devices where Seqrite Enterprise Mobility Management Agent is the device owner, the device user would be able to turn it off, but within 30 seconds the auto time zone is turned on automatically by Seqrite Enterprise Mobility Management Agents.
Block Profile Switch
At times, the user may have multiple user profile on a single device and can easily switch between the profiles. To restrict the user from switching to different user profiles, turn on the Restrict Profile Switch policy.
Note: This policy is applicable to the ADO and KNOX supported devices.
Device Accessibility Service & App Usage
With this policy, the user is forced (Strict) or notified (Notify) to apply the accessibility and app usage services within the defined time. The user can be forced or notified to apply the services within the set number of days, hours, minutes, or seconds.
Block Accounts Modification
To restrict user from modifying any user profile, turn on the Block Accounts Modification policy. When this policy is applied on the device, the user will not be able to make any changes to the user profile. This policy is applicable to those devices where Seqrite Enterprise Mobility Management Agent is the device owner or Supervised iOS devices or Knox supported devices.
Block App Control
To restrict the user from installing or uninstalling the apps from their device, turn on the Block App Control policy.
Note: This policy is applicable to the ADO supported devices where the Seqrite Enterprise Mobility Management agent is the device owner.
Block Adding New User Profile
To restrict the user from creating new user profile, turn on the Block Adding New User Profile policy. This policy is applicable to all ADO and KNOX enabled devices.
Block deleting of user profile
To restrict the user from deleting any user profile, turn on the Block deletion of user profile policy. If this policy is applied on the device and the user tries to delete the user profile, the device will go in non-compliance mode.
Note: This policy is applicable to both, the KNOX Samsung devices and ADO supported devices where the Seqrite Enterprise Mobility Management Agent is the device owner.
Block Configuring Mobile Data Setting
To restrict the user from configuring the mobile data on the device, turn on the Block Configuring Mobile Data Setting policy. This policy is applicable to the ADO enabled devices where Seqrite Enterprise Mobility Management Agent is the device owner.
Block Outgoing Calls
To restrict the user from making any outgoing call, turn on the Block Outgoing Calls policy.
Note: This policy is applicable to both, Samsung KNOX and the ADO supported devices where the Seqrite Enterprise Mobility Management Agent is the device owner.
Block Mounting of Physical Media
To restrict the user from mounting any physical media on the device, turn on the Block Mounting Physical Media policy.
Note: This policy is applicable to the Samsung KNOX supported devices.
Wi-Fi On in Sleep Mode
To keep the Wi-Fi on even in sleep mode, turn on the Wi-Fi On in Sleep Mode policy. If this policy is applied, the user cannot change the Wi-Fi settings and it will be kept on in sleep mode. To do more customization with this policy, following options are available:
- Always: Select this option to access Wi-Fi continuously.
- Never: Select this option to completely block the Wi-Fi usage.
- Only When Plugged In: Select this option to allow Wi-Fi only when the device is plugged in to the charger.
Note: This policy is applicable to both, Samsung KNOX and the ADO supported devices where the Seqrite Enterprise Mobility Management Agent is the device owner.
Block Notification Area
To restrict the device user from viewing any notifications and block the notification area on the device, turn on the Block Notification Area policy.
Note: This policy is applicable to both, ADO and KNOX supported devices. For ADO devices, it is applicable where the Seqrite Enterprise Mobility Management Agent is the device owner and OS of the device is Marshmallow (6.0) or later.
Block Cellular Data
To restrict the apps and services, on user device, from using cellular data to connect to the Internet, turn on the Block Cellular Data policy. When this policy is applied, the device user cannot access Internet using Cellular Data.
Note: This policy is applicable to the Samsung KNOX supported devices.
Block Mock Location
Mock Locations allow the device users to show the fake location of their device with the help of GPS and network operator. To restrict device user to create the mock location of their device, turn on the Block Mock Location policy.
Note: This policy is applicable to the Samsung KNOX supported devices.
Block Outgoing MMS and SMS
To restrict the incoming or outgoing MMS and SMS on the user device, turn on the Block Outgoing MMS and SMS policy.
Block Airplane Mode
Airplane Mode disconnects call and SMSs and, in some devices, it also disables Wi-Fi and Bluetooth. Thus, to restrict the device user from accessing Airplane Mode on the device turn on the Block Airplane Mode policy.
Note: This policy is applicable to the Samsung KNOX supported devices.
Block Notification on Lock Screen
When this policy is applied, the user will not be able to view the earlier notifications or today’s events when device screen is locked. This policy is applicably only to the Supervised iOS devices.
Block Control Center on Lock Screen
To block the control center on the locked screen, turn on this policy. When this policy is applied, the device user will not be able to view the control center if the device screen is locked. You can apply this policy only to the Supervised iOS devices.
Block Safari
To hide the Safari app on the user device, Admin can turn on the Block Safari policy.
Block App Uninstallation
To restrict the Seqrite Enterprise Mobility Management Agent uninstallation by any unauthorized user, turn on this policy. This policy is applicable only to the iOS Supervised devices.
Block iMessage
With this policy you can block the iMessages on Supervised iOS devices. The user will not be able to view any iMessages.
Block Apple Books
To block the Apple books on the supervised iOS devices, turn on the Block Apple Books policy. The user will not be able to access any Apple books on the device.
Block In-app Purchase
To restrict the user from making any in-app purchase from the device, turn on the Block in-app Purchase policy. The device user will not be able to perform any in-app purchase from the device. This policy is applicable only to the supervised iOS devices.
Block Backup to iCloud
To restrict the user from automatically placing the device backup on iCloud, turn on the Block Backup to iCloud policy. This policy will put restriction on iCloud functionality. You can apply this policy only to the Supervised iOS devices.
Note: Policies superscripted with “D” and “K” alphabets are applicable only to the ADO enabled and KNOX-supported devices. Such policies are not applicable to non-ADO and non-KNOX devices.