Cortado MDM – Manual

Android Enterprise policies

77 views November 26, 2018 September 23, 2019 0

Depending on whether you want to manage a work profile on an Android device or the entire device itself, there are a range of different policies available.

  • Select Android Enterprise Policies as the policy that you want to add.

General policies

The policies in the General (upper arrow in illus.) tab apply to both work profiles and fully managed devices.

  • First enter a name for the policy in the field below as well as an optional descrip­tion. The policy name can’t be changed later.
  • Now, select the desired option(s), in the example, the checkbox Camera has been disabled (lower arrow in illus.).
configure policy

configure policy

  • Assign the new policy to an user (see sections Assigning policies).
  • The outcome in the example: The camera app in the work profile has been disabled and is grayed out.
work profile with deactivated camera

work profile with deactivated camera

Note! Detailed information about the Policies Basic Integrity failure action and CTS Profile Match failure action policies listed under SafetyNet can be found under Additional Settings in the section Configuring Android Enterprise.

Policies for Fully Managed Devices

Creating a policy (example)

There are a multitude of policies available for fully managed devices.

  • Open the Fully Managed Devices tab (arrow in illus.).
  • First enter a name for the policy in the field below as well as an optional descrip­tion. The policy name can’t be changed later.
  • Now, select the desired option(s).
  • In the example, users are denied the right to install apps (lower arrow in the illus.).
set up policie for a fully managed device

set up policie for a fully managed device

Set up kiosk mode

You can supply your users with Android devices that operate in so-called kiosk mode. Devices operating in this mode can then, for example, offer only one single app. This app is then always open (left illus.). However, multiple apps can also be assigned (right illus.). How to provide users with one or more app(s) for kiosk mode is explained in the section Add and manage Android apps.

The user can only access these app(s). System apps pre-installed by the manufacturer such as Phone, Settings, Play Store, Contacts, Downloads etc. are not displayed.

Note! System apps cannot yet be made available for kiosk mode.

Example for an app (Word) in kiosk mode (left), example for several apps (right)

Example for an app (Word) in kiosk mode (left), example for several apps (right)

Note! In kiosk mode only VPP apps with the Mandatory checkbox are displayed.

  • If you wish to place devices in kiosk mode, enable the Kiosk Mode checkbox in the Fully Managed Device tab (arrow in illus.).
enable kiosk mode

enable kiosk mode

The following options are also available:

  • Cortado MDM app: when the checkbox is enabled, the Cortado MDM app is available to users.
  • System info: when the checkbox is enabled, system information such as the date, time and battery state (ect.) are available to users.
displayed system info (left), hidden system info (right)

displayed system info (left), hidden system info (right)

  • Lock screen: when the checkbox is enabled, the lock screen is activated. A precondition is that the device has already been provided with a passcode for unlocking. You can override the kiosk mode policy if you desire and set a passcode for the device.
  • Global menu: when the checkbox is enabled, the Shut Down and Restart buttons are available to the users.
  • Home button: when the checkbox is enabled, the Home button is available to the users. The Home button can be used to open the app overview (left illus.). Provided multiple apps have been assigned to the device.
  • Recent apps: when the checkbox is enabled, the button for the most recently used apps is available to users.
  • Notification bar: when the checkbox is enabled, the notification bar is displayed.
available main menu (left), available notification list (right)

available main menu (left), available notification list (right)

  • Kiosk mode recovery token: By entering this token on the device, kiosk mode can be exited temporarily (right illus.). The code is generated automatically. However, you can also use your own code. This can contain the following symbols, Aa-Zz, 0-9 and must be exactly 6 digits long.

Note! To open the device recovery, the user must tap several times on the button below left in the illustration on the left (arrow in illus.).

Device in kiosk mode (left), enter code for device setting (right)

Device in kiosk mode (left), enter code for device setting (right)

Note! For some Android models this policy only works after a restart of the device.

Password

In the Password tab you can specify the policies for the device password or the password for the work profile. The users will then be automatically requested to define a compliant password/PIN for access to the device(s).

configure password policies (example)

configure password policies (example)

Was this helpful?