Previously, we looked at creating a policy for your device type. Now let's take a look at the policies available by default in WSO2 IoT Server that can be used to identified a set of policies to help manage mobile devices such as Android, iOS, and Windows.
These policies are available by default on WSO2 IoT Server. For more information how to add a policy on mobile devices, see Adding a Mobile Device Management Policy.
The policies available for mobile device management are listed below:
Localtabgroup |
---|
Localtab |
---|
title | Policies for Android devices |
---|
| Panel |
---|
borderColor | #11375B |
---|
bgColor | #ffffff |
---|
borderWidth | 1 |
---|
| Policies for Android devicesThe mobile device management administrator can add a new policy to a preferred device type, such as BYOD, or COPE. The following policies are available for the Android platform. Policy | Description |
---|
Passcode policy | Define a password policy for the devices. |
---|
Restrictions | Allow or disallow users from using the following features on Android devices: |
---|
Encrypt storage | Encrypt data on the device, when the device is locked and make it readable when the passcode is entered. |
---|
Wi-Fi | Ability to configure the Wi-Fi access on a device. WSO2 IoT Server provides advanced Wi-Fi configuration settings, as shown below:
- You are able to configure the Wi-Fi settings for the
WEP , WPA/WPS 2PSK and 802.1 EAP security types. - The
802.1 EAP security type works only for Android 4.3 and above. - WSO2 IoT Server supports the following EAP methods:
PEAP , TLS , TTLS , PWD , SIM , and AKA . - If you want to provide the identity of the user that access the Wi-Fi through their Android device, you can provide
[user] as the value for Identity and it will provide the username used by the user to enroll their Android device with WSO2 IoT Server. This setting is only applicable for the following EAP methods: PEAP , TLS , TTLS , and PWD . |
---|
VPN | Ability to specify the VPN and per app VPN settings. |
---|
Work-Profile Configurations | Ability separate the personal and work related data on your device via the managed profile feature. |
---|
Application restrictions | Ability blacklist and whitelist applications on the Android platform. Let's take a look at how it works: Blacklist applications Prevents you from using the applications defined in the policy. For Android operation systems before Lollipop, when a blacklisted application is clicked a screen is displayed to prevent you from using the app. For the Lollipop Android operating systems and after, the blacklisted apps will be hidden. Blacklisting can be used on both BYOD and COPE devices. Whitelisting applications Allows you to only install the applications defined in the policy. This feature requires another application, i.e., WSO2 IoT Server System app, that is signed by the device firmware owner. Therefore, generally, it will be available for COPE devices but if you are able to get the WSO2 IoT Server system application signed via a firmware signing key, then you are able to use it for BYOD devices too. Info |
---|
In addition to the above, you are able to enable application restrictions via the restrictions policy. The restrictions policy has two settings to restrict application installation and uninstallation. For this, the WSO2 IoT Server application needs to have device owner privileges or the device needs to have the WSO2 IoT Server System app installed. |
|
---|
|
|
Localtab |
---|
title | Policies for iOS devices |
---|
| Panel |
---|
borderColor | #11375B |
---|
bgColor | #ffffff |
---|
borderWidth | 1 |
---|
| Policies for iOS devicesThe mobile device management administrator is able to restrict operations on Windows devices by adding a new policy. The following policies are available for the iOS platform. Policies | Description |
---|
Passcode policy | Define a password policy for the devices. |
---|
Restrictions Anchor |
---|
| ios-restrictions |
---|
| ios-restrictions |
---|
|
| Restricts the usage of the camera and other functions. You are able to allow or disallow users from using the following features on the device: - Restrict users from installing applications on the device.
- Prohibit users from adding friends to the Game Center.
- Restrict users from removing applications from the device.
- Restrict users from using Siri.
- Prevent Siri from querying user-generated content from the web.
Prevent users from using Siri when the device is locked. Availability: iOS 5.1 and later. - Restrict users from using the camera. If this operation is not allowed the camera icon will be removed from the home screen.
Prevent users from backing up the device data to iCloud. Availability: iOS 5.0 and later. Disable documents and key-value syncing to iCloud. Availability: iOS 5.0 and later. Disable Cloud keychain synchronization. Availability: Only in iOS 7.0 and later. Prevent the device from automatically submitting diagnostic reports to Apple. Availability: Only in iOS 6.0 and later. - Hide explicit music or video content purchased from the iTunes Store. Explicit content is marked by content providers, such as record labels, when sold through the iTunes Store.
Prevent the Touch ID from unlocking a device. Availability: iOS 7 and later. - Disable the global background fetch activity when an iOS phone is on roaming.
- Prohibit in-app purchasing.
Prevent the Control Center from appearing on the Lock screen. Availability: iOS 7 and later. Disable host pairing with the exception of the supervision host. If no supervision host certificate has been configured, all pairing is disabled. Host pairing lets the administrator control which devices an iOS 7 device can pair with. Availability: Only in iOS 7.0 and later. Disable the 'Today view' in the Notification Center of the lock screen. Availability: Only in iOS 7.0 and later. - Prohibit multiplayer gaming.
Allow managed apps and the accounts to only open in other managed apps and accounts. Availability: Only in iOS 7.0 and later. Allow unmanaged apps and the accounts will only open in other unmanaged apps and accounts. Availability: Only in iOS 7.0 and later. Disable over-the-air PKI updates. Setting this restriction does not disable CRL and OCSP checks. Availability: Only in iOS 7.0 and later. Disable Passbook notifications. Availability: Only in iOS 7.0 and later. Disable Photo Streams. Availability: Only in iOS 7.0 and later. - Disable the Safari web browser application and remove the icon from the Home screen. This also prevents users from opening web clips.
- Disable Safari auto-fill.
- Enable the Safari fraud warning.
- Prevent Safari from executing JavaScript.
- Prevent Safari from creating pop-up tabs.
- Restrict users from saving a screenshot of the display.
Disable shared Photo Stream. Availability: iOS 6.0 and later. - Disable video conferencing.
- Disable voice dialing.
Disable the YouTube application and remove its icon from the home screen. Users will not be able to preview, purchase, or download content too. Availability: iOS 7.0 and later. - Force the use of the profanity filter assistant.
- Encrypt all backups.
Force user to enter their iTunes password for each transaction. Availability: iOS 5.0 and later. Limit ad tracking. Availability: iOS 7.0 and later. Force all devices receiving AirPlay requests from the user's device to use a pairing password. Availability: iOS 7.1 and later. Force all devices sending AirPlay requests to the user's device to use a pairing password. - Prevent the managed applications from using cloud sync.
- Disable Activity Continuation.
- Prevents the backing up of enterprise books.
- Prevents the syncing of notes and highlights in the enterprise books.
- Allow the user to modify the touch ID.
- Determine the conditions under which the device will accept cookies. The conditions are as follows:
- Never
- From visited sites only
- Always
Force users to unlock their Apple Watch with a passcode once the watch has been removed from their wrist. Availability: iOS 8.3 and later. Restrict access to apps based on the rating given for age. The ratings given are as follows: - Don't allow apps
- 4+
- 9+
- 12+
- 17+
- Allow all apps
Restrict access to movies based on movie ratings. The ratings given are as follows: - Don't allow movies
- G
- PG
- PG-13
- R
- NC-17
- Allow all movies
- Rate operations based on the region.
Restrict access to TV shows based on the ratings given. The ratings given are as follows: - Don't allow TV shows
- TV-Y
- TV-Y7
- TV-G
- TV-PG
- TV-14
- TV-MA
- All all TV shows
Allow the apps to be identified by the bundle IDs listed in the array to autonomously enter Single App Mode. Availability: iOS 7.0 and later.
|
---|
Wifi | Configure the Wi-Fi access on a device. |
---|
Email | Configure settings for connecting to your POP or IMAP email accounts. |
---|
AirPlay | Configure settings for connecting to AirPlay destinations. |
---|
LDAP | Configure settings for connecting to LDAP servers. |
---|
Calendar | Configure settings for connecting to CalDAV servers. |
---|
Calendar Subscription | Configure settings for calendar subscriptions. |
---|
APN | Specify Access Point Names ( APN ). |
---|
Cellular Network | Specify Cellular Network Settings on an iOS device |
---|
VPN | Specify the VPN and per app VPN settings. |
---|
|
|
Localtab |
---|
title | Policies for Windows Devices |
---|
| Panel |
---|
borderColor | #11375B |
---|
bgColor | #ffffff |
---|
borderWidth | 1 |
---|
| Policies for Windows devicesThe mobile device management administrator is able to restrict operations on Windows devices by adding a new policy. The following policies are available for the Windows platform. Policies | Description |
---|
Passcode policy | Define a password policy for the devices. |
---|
Restrictions | Restricts the usage of the camera and other functions. Windows only support device restrictions on the camera. |
---|
Encrypt storage | Encrypt data on the device, when the device is locked and make it readable when the passcode is entered. |
---|
|
|
|