Android Device Policies | Entgra Iot Server

Android Device Policies

Add a Policy

Prerequisites

  1. Click Add Policies (https://{IP}:{port}/devicemgt/policy/add)

  1. Click Android from in the DEVICE TYPES.

  1. Create your policy. In this tutorial, let’s create a passcode policy. After defining the settings, click CONTINUE.

    A profile in the context of Entgra IoT Server refers to a collection of policies. For example, in this use case you are only creating one policy that is the passcode policy. If you want to, you can add an restrictions policy too. All these policies will be bundled as a profile and then pushed to the devices.

  2. Select the policy type.

There are two types of policies.

  • General Policy: General policy is applied to the device by default.
  • Corrective Policy: Corrective policy is applied to the device when the general policy is violated. When the general policy is not violated the correctiv policy is disabled.

If you wish to apply a corrective policy with a general policy;

First apply a corrective policy by selecting the policy type as the corrective policy.

Then apply a general policy by selecting the policy type as the general policy.

Select the corrective policy to be applied when this general policy is violated.

  1. Click CONTINUE.

  2. Define the user groups that the passcode policy needs to be assigned to:

    Select Set user role(s) or Set user(s) option and then select the users/roles from the item list. Let us select Set user roles and then select ANY here.

  Select the Select Groups option and then select the groups from the item 
  list.

  1. Click CONTINUE.

  2. Define the policy name and the description of the policy.

  1. Click SAVE AND PUBLISH to save and publish the configured profile as an active policy to the database.

    If you save the configured profile, it will be in the Inactive state and will not be applied to any devices. If you save and publish the configured profile of policies, it will be in Active state.

  2. To publish the policy to the existing devices, click APPLY CHANGES TO DEVICES from the policy management page.

View a Policy

1.Go to the Device Management portal and click View Policies. (https://{IP}:{port}/devicemgt/devicemgt/policies

Publish a Policy

  1. Click View under POLICIES to get the list of the available policies.
  1. Click Select to select the policy or policies that are not in the published state but need to be published now.
  1. Click Publish.

Unpublish a Policy

  1. Go to the Device Management Portal and click View policies. (https://{IP}:{port}/devicemgt/devicemgt/policies
  1. Click Select to select the policy or policies that are in the Published state and need to be Unpublished now.
  1. Click Unpublish.
  1. Click YES to confirm that you want to unpublish the selected policy.
  1. Now your policy is unpublished and is in Inactive/Updated state. Therefore, the policy will now not be applied on the devices that are enrolled with the Entgra IoT Server.

Verify the Policy Enforced on a Device

  1. Click View under DEVICES.
  1. Click on your device to view the device details. Click Policy Compliance.

  2. You will see the policy that is currently applied to your device.

Manage the Policy Priority Order

You can change the priority order of the policies and make sure the policy that you want is applied on devices that register with Entgra IoT Server.

  1. Click View under POLICIES to get the list of the available policies.
  1. Click POLICY PRIORITY.
  1. Manage the policy priority: Drag and drop the policies to prioritize the policies accordingly. Manage the policy priority order by defining the order using the edit box.

  2. Click SAVE NEW PRIORITY ORDER to save the changes.

  3. Click APPLY CHANGES to push the changes to the existing devices.

Updating a Policy

  1. Click View under POLICIES to get the list of the available policies.
  1. On the policy that you wish to edit, click Edit.
  1. Edit the Policy:

    a. Edit the current profile and click CONTINUE.
    b. Edit assignment groups and click CONTINUE.
    c. Optionally, edit the policy name and description.

Click SAVE to save the configured profile or click SAVE AND PUBLISH to save and publish the configured profile as an Active policy to the database.

Description of Available Policies for Android Devices

Policy Description
Passcode Policy Enforce a configured passcode policy on Android devices. Once this profile is applied, the device owners won't be able to modify the password settings on their devices.
Restrictions Restrict predefined settings on Android devices. Once this profile is applied, the device owners won't be able to modify the configured settings on their devices.
Encryption Settings Encrypt data on an Android device when the device is locked and make it readable when the device is unlocked. Once this profile is applied, the device owners won't be able to modify the configured settings on their devices.
Wi-Fi Settings Configure the Wi-Fi settings on Android devices. Once this profile is applied, the device owners won't be able to modify the configured settings on their devices.
Global Proxy Settings This configurations can be used to set a network-independent global HTTP proxy on an Android device. Once this configuration profile is installed on a device, all the network traffic will be routed through the proxy server.
Virtual Private Network These configurations can be used to define settings for connecting to your POP or IMAP email accounts. Once this configuration profile is installed on an iOS device, corresponding users will not be able to modify these settings on their devices .
Certificate Install Settings Restrict predefined settings on Android devices. Once this profile is applied, the device owners won't be able to modify the configured settings on their devices.
Work-Profile Configurations Configure these settings to manage the applications in the work profile.
COSU Profile Configuration This policy can be used to configure the profile of COSU Devices.
Application Restriction Settings Blacklist or whitelist mobile application for Android devices.
Runtime Permission Policy (COSU / Work Profile) This configuration can be used to set a runtime permission policy to an Android Device.
System Update Policy (COSU) Configure the settings to install system updates on single-purpose or COSU devices.
Enrollment Application Install Enforce applications to be installed during Android device enrollment.