Android Enterprise policies
Last updated June 17th, 2026
This section describes the Android Enterprise policies and settings you can configure for the new console.
Settings with theicon beside them are Samsung Knox specific settings that only apply to Samsung devices.
Device
System settings
| Setting | Description | Supported system |
|---|---|---|
| Use Camera |
Allows the device user and apps to operate the camera. Values
|
Android 12 and higher Fully managed Work profile Work profile on company-owned device |
| Screen capture permission |
Allows the device user and apps to take screenshots. Values
|
Android 12 and higher Fully managed Work profile Work profile on company-owned device |
| Factory reset |
Allows the device user to factory reset the device. Values
|
Android 12 and higher Fully managed |
| Developer mode |
Allows the device user to toggle developer mode. Values
|
Android 12 and higher Fully managed |
| > Use mock location for testing |
Allows using a mock location for development or test purposes. |
Android 12 and higher Fully managed |
| > Set limit for background processes |
Allows limiting background processes on the device. |
Android 12 and higher Fully managed |
| > Close apps if user signs out of device |
Allows closing all apps when the device user signs out of the device |
Android 12 and higher Fully managed |
| Safe mode |
Allows use of the Safe Mode on the device. |
Android 12 and higher Fully managed |
| Install system updates |
Determines the schedule for firmware updates on the device. Values
Additionally, you can schedule one or more freeze periods, which are stretches of time where the device won't apply any firmware updates, on top of whichever update setting you select. These periods will recur every year. You can configure as many freeze periods as you need.
Click ADD ANOTHER PERIOD to schedule an additional freeze period. |
Android 12 and higher Fully managed |
| > Set time range |
Specifies start time and end time to install updates. |
Android 12 and higher Fully managed |
| > Set dates to block updates |
Specifies dates on which to block installation of updates. |
Android 12 and higher Fully managed |
| Back up data on cloud |
Allows backup of device data. Values
|
Android 12 and higher Fully managed |
| Set date and time |
Allows the device user to adjust the clock and current date. Values
|
Android 12 and higher Fully managed |
| Change brightness setting |
Allows the device user to change the screen brightness setting. Values
|
Android 12 and higher Fully managed |
| Android Easter egg game |
Allows the device user to run the Android Easter egg game on the device. Values
|
Android 12 and higher Fully managed |
| Change language |
Allows the device user to change the language. Values
|
Android 12 and higher Fully managed |
| Always on display |
Allows the always on display feature that displays information on the lock screen. Values
|
Android 12 and higher Fully managed |
| Set user certificates |
Allows the device user to set a certificate. Values
|
Android 12 and higher Fully managed Work profile Work profile on company-owned device |
| Expand status bar |
Allows the device user to expand the status bar. Values
|
Android 12 and higher Fully managed |
| Power off |
Allows the device user to power off the device. If this policy is disallowed, the use cannot turn off the device and cannot perform factory reset. The device command from an administrator for factory reset is also blocked. |
Android 12 and higher Fully managed |
| Copy and paste clipboard per profile |
Allows the device user to copy and paste with the clipboard between the personal and work areas. Values
|
Android 12 and higher Work profile Work profile on company-owned device |
| Set a maximum period for profile turned off |
Specifies a time period during which the device user is allowed to turn off the work profile. Set a period in days (three to 30 days) or hours (72 to 720 hours). |
Android 12 and higher Work profile Work profile on company-owned device |
Wallpaper
| Policy | Description | Supported system |
| Change wallpaper |
Allows both the device user and apps to change the wallpaper. Values
|
Android 12 and higher Fully managed |
| Set custom wallpaper |
Applies a custom wallpaper on the device. Values
|
Android 12 and higher Fully managed |
| > Home screen |
Specifies a custom wallpaper to apply to the home screen. Only available if the Set custom wallpaper policy is set for both the home and lock screens. Values
|
Android 12 and higher Fully managed |
| > Lock screen |
Specifies a custom wallpaper to apply to the lock screen. Only available if the Set custom wallpaper policy is set for both the home and lock screens. Values
|
Android 12 and higher Fully managed |
| > Wallpaper file |
Specifies a custom wallpaper to apply to the home or lock screen. Only available if the Set custom wallpaper policy is set for home screen or lock screen. Values
|
Android 12 and higher Fully managed |
Notification
| Policy | Description | Supported system |
|---|---|---|
| Show notifications on device |
Allows display of notification messages on the device. Values
|
Android 12 and higher Fully managed |
| Show error notification after app crash |
Allows the display of notifications related to app crashes. Values
|
Android 12 and higher Fully managed |
| Show message for blocked settings |
Allows display of custom messages on the device. A default message is displayed if you don't set a custom message. Values
|
Android 12 and higher Fully managed |
| Show custom message on lock screen |
Allows the display of notification messages on the device's lock screen. Values
|
Android 12 and higher Fully managed |
| Set a message for profile wipe | Sets a custom message to warn the device user when you're wiping the data on the Work profile. Enter a message up to 1000 characters long. |
Android 12 and higher Work profile Work profile on company-owned device |
Hardware controls
| Setting | Description | Supported system |
|---|---|---|
| Use Microphone |
Allows the use of the device's microphone. Values
|
Android 1 (SDK1) and higher |
| > Record with Microphone |
Allows recording with the microphone. Values
|
Samsung device (Knox1 and higher) |
| Adjust Volume |
Allows the adjustment of volume Values
|
Android 12 and higher Fully managed |
| Block use of certain hardware keys |
Select at least one of the hardware keys below. Values
|
Android 12 and higher Fully managed |
Call and message
| Setting | Description | Supported system |
| Make voice calls on non-Samsung devices |
Allows the use of voice calls on non-Samsung devices. Values
|
Android 12 and higher Fully managed |
| Send text messages on non-Samsung devices |
Allows users to send text messages on non-Samsung devices. Values
|
Android 12 and higher Fully managed |
| Emergency alerts |
Allows devices to receive emergency alerts from carriers. Values
|
Android 12 and higher Fully managed |
Contact
| Setting | Description | Supported system |
|---|---|---|
| Upload contact list |
Allows you to upload contact lists using a downloadable template. Select BULK UPLOAD. On the page that opens, you can download a Microsoft Excel template or upload your contact list. |
Android 12 and higher Work profile Work profile on company-owned device |
Custom Animation
Refer to Request a QMG for instructions on how to create and request an animation file. This policy takes effect after reboot.
| Policy | Description | Supported system |
| Boot animation |
Configures an animation to play when the device boots up. |
Android 12 and higher Fully managed |
| > Animation file |
Upload the animation file to play while the device boots. |
|
| > Loop file |
Upload the loop file to play while the device boots. |
|
| > Sound file |
Upload the sound file to play while the device boots. |
|
| Shutdown animation |
Configures an animation to play when the device shuts down. |
Android 12 and higher Fully managed |
| > Animation file |
Upload the animation file to play while the device shuts down. |
|
| > Sound file |
Upload the sound file to play while the device shuts down. |
Security
Security settings
| Policy | Description | Supported system |
|---|---|---|
| Take action if OS is compromised |
Select a measure to take when a compromised OS is detected. Values
|
Android 12 and higher Fully managed |
| Factory reset protection |
Enables factory reset protection. When this security measure is enabled, if the device undergoes a factory reset it can't be reactivated without the previous user's Google Account. Values
To enable factory reset protection:
As this account email and password might be shared with support providers, do not use your Google Account associated with Android Enterprise.
If factory reset protection is configured to allow specific accounts, you may be required to verify those accounts by entering them on screen upon factory-resetting the device. This requirement depends on the device management type and the factory reset method you used:
|
Android 12 and higher Work profile Work profile on company-owned device |
| > Google users |
Email address and User ID of the Google Account that will protect the devices that use this profile. |
Android 12 and higher Fully managed |
| Set encryption for device storage |
Specifies the encryption of the device's internal storage or the external SD card. ValuesSelect the storage to encrypt.
|
Android 8 to 10 Fully managed |
| Multi-factor authentication |
Enables multifactor authentication (2FA) that unlocks a device only after two authentication methods are provided, including one lock screen method, such as PIN, password, or pattern, and fingerprint, and one biometric input, such as fingerprint or facial recognition. |
Android 12 and higher Fully managed |
| Factory reset protection |
Enables factory reset protection, meaning that if the device undergoes a factory reset it can't be reactivated without the previous user's Google Account. Values
To enable factory reset protection:
As the Google account ID might be shared with support providers, do not use your Google Account associated with Android Enterprise.
If factory reset protection is configured to allow specific accounts, you may be required to verify those accounts by entering them on screen upon factory-resetting the device. This requirement depends on the device management type and the factory reset method you used:
|
Android 12 and higher Work profile on company-owned device |
Lock screen
| Setting | Description | Supported system |
|---|---|---|
| Screen lock policies |
Sets the type of lock screen allowed on a device. Values
|
Android 12 and higher Fully managed Work profile Work profile on company-owned device |
| > Set default password |
Sets the default password users must use to unlock their devices. Only available if the Screen lock policies is set to Set Default Lock Screen. ValuesEnter a password between 4 and 10 characters. Only alphanumeric characters are allowed. |
Android 12 and higher Fully managed |
| Set minimum complexity |
Enforces the minimum complexity for the device's lock. There are three complexity levels, each pre-defined by the Android API. The device user must set a lock that meets or exceeds the minimum level. You can enable this setting and the Set minimum strength at the same time. If you do so, this setting will apply to any assigned devices that are running Android 12 and higher, while Set minimum strength will apply to any devices running Android 8 to 11. Only available if the Screen lock policies is set to Set Custom Lock Screen. Values
|
Android 12 and higher Fully managed |
| Set minimum strength |
Enforces the minimum strength for the device's lock. Each strength level uses a lock type with minimum strength requirements. For PINs and passwords, you can further define the minimum length and complexity requirements across multiple parameters. The device user must set a lock that meets or exceeds the minimum strength. The password strength increases in the following descending order of the available values, with Weak Biometric being the weakest, and Complex being the strongest. You can enable this setting and the Set minimum complexity at the same time. If you do so, this setting will apply to any assigned devices that are running Android 8 to 11, while Set minimum complexity will apply to any devices running Android 12 and higher. Only available if the Screen lock policies is set to Set Custom Lock Screen. Values
Depending on the value selected above, you must also set the parameters of the password strength:
|
Android 8 to 11 Fully managed |
| Set days before user must reset password |
Specifies how long the lock will remain active before the device user must change it. Only available if Set minimum complexity is turned on, or Set minimum strength is set to Pattern, Numeric, Numeric Complex, Alphabetic, Alphanumeric, or Complex. ValuesEnter the number of days, between 1 and 365. Default is 30. You can also set:
|
Android 12 and higher Fully managed |
| Limit wrong unlock attempts |
Specifies how many times someone can fail to unlock the device in a row before the device takes action to protect itself. Only available if Set minimum complexity is turned on, or Set minimum strength is set to Pattern, Numeric, Numeric Complex, Alphabetic, Alphanumeric, or Complex. ValuesEnter the number of failed unlock attempts are tolerated, between 1 and 10. Default is 1. You can also set:
|
Android 12 and higher Fully managed |
| Lock devices after a set number of hours |
If the lock complexity is low or its strength is weak, specifies how long after the device is unlocked that it relocks. ValuesEnter the number of hours, between 1 and 72. Default is 1. |
Android 12 and higher Fully managed |
| Screen lock history |
Specifies the minimum number of new locks that must be registered before a user can reuse a previous lock. ValuesEnter the minimum number of locks, between 1 and 10. Default is 1. |
Android 12 and higher Fully managed |
| Screen lock compliance violation |
Specifies what happens if the device user sets a lock that violates the minimum complexity or strength requirements. Values
|
Android 12 and higher Fully managed |
| Block certain actions if screen is locked |
Choose which features to block when the screen is locked. Values
|
Android 12 and higher Fully managed Work profile Work profile on company-owned device |
| Screen lock time changes by device user |
Specify whether to allow a device user to control the screen lock time setting. Values
|
Android 12 and higher Fully managed |
| Set maximum screen timeout allowed |
Specifies the longest duration that the device user can set for automatic screen timeout and lock. Values
|
Android 12 and higher Fully managed Work profile Work profile on company-owned device |
| Setting | Description | Supported system |
|---|---|---|
| Description |
Enter a description for the certificate. |
Android 12 and higher Fully managed Work profile Work profile on company-owned device |
| Select location to install certificate |
Specify where the certificate should be installed. Values
|
Android 12 and higher Fully managed Work profile Work profile on company-owned device |
| Select certificates to use |
Specify what category of certificate you want to use. Values
|
Android 12 and higher Fully managed Work profile Work profile on company-owned device |
| Allow certain apps to use certificates |
Add apps to grant them silent privileged access to use the certificate while running. Values Click SELECT APPS > select an app > CONFIRM. |
Android 12 and higher Fully managed Work profile Work profile on company-owned device |
Connectivity
Connection settings
| Setting | Description | Supported system |
|---|---|---|
| Share internet connection using tethering |
Allows tethering. Values
|
Android 12 and higher Fully managed |
| Transfer files through USB |
Allows the device user to transfer files between the device and other devices through USB. Charging through the USB connector isn't affected. Values
|
Android 12 and higher Fully managed |
| Use external SD card |
Allows the device user to mount storage media connected through the SD card slot. Values
|
Android 12 and higher Fully managed |
| Use Bluetooth |
Controls Bluetooth availability. Values
|
Android 12 and higher Fully managed |
| > Desktop connection |
Allows a PC to connect with the user's device using Bluetooth. Values
|
Android 12 and higher Fully managed |
| > Search mode |
Allows the device to search for Bluetooth devices.. Values
|
Android 12 and higher Fully managed |
| Send and receive files through Bluetooth |
Allows Bluetooth sharing. Values
|
Android 12 and higher Fully managed |
| Control Bluetooth settings |
Allows device users to control Bluetooth settings on their device. Values
|
Android 12 and higher Fully managed |
| Use Wi-Fi |
Controls Wi-Fi availability. Values
|
Android 12 and higher Fully managed |
| > Wi-Fi direct |
Controls the use of Wi-Fi Direct connection for Samsung devices. Values
|
Android 12 and higher Fully managed |
| Turn on airplane mode |
Allows the use of airplane mode. Values
|
Android 12 and higher Fully managed |
| Use VPN |
Allows the use of VPN on a device. Values
|
Android 12 and higher Fully managed |
| Always on VPN |
Allows the selected VPN app to always run on the device. To ensure the policy can't be modified by the device user, set the Use VPN policy to Don't allow. |
Android 12 and higher Fully managed |
| Use printer |
Allows the device to send print commands to connected printers. Values
|
Android 12 and higher Fully managed |
| Reset mobile data usage |
Allows device users to reset network usage. Values
|
Android 12 and higher Fully managed |
| Configure mobile network settings |
Allows device users to configure the mobile network settings. Values
|
Android 12 and higher Fully managed |
| Transfer data using NFC |
Allows transfer of data using NFC. Values
|
Android 12 and higher Fully managed |
| Data connection control during roaming |
Allows a cellular data connection while using roaming service. Values
|
Android 12 and higher Fully managed |
| 5G network slicing |
Enables 5G network slicing, which lets you allocate a single 5G connection as multiple distinct virtual connections. Values
This policy has been verified for standalone mode (SA) for 5G slicing. The carrier must support 5G slicing by enterprises. |
Android 12 and higher Fully managed |
| Wi-Fi setting |
Allows the user to change the Wi-Fi settings. |
Android 12 and higher Fully managed |
| Wi-Fi (SSID) |
Creates a SSID allowlist and blocklist. Values
|
Android 12 and higher Fully managed |
| Phone Book Access Profile (PBAP) via bluetooth |
Allows the device user to share contacts to the connected device using Bluetooth. Before you use this policy, set the Send and receive files through Bluetooth policy to Allow. |
Work profile Work profile on company-owned device |
| USB Debugging |
Allows the device user to enable USB debugging. |
Work profile Work profile on company-owned device |
Wi-Fi
Sets up a Wi-Fi policy on the device, which are preset Wi-Fi configurations that contain an SSID, password, security type, proxy, and connection behavior of a network or access point.
Each unique SSID requires a separate policy. Click ADD WI-FI POLICY to add configure additional networks or access points. You can add or edit up to 10 policies.
| Setting | Description | Supported system |
|---|---|---|
| Policy name |
Determines the name of the policy. ValuesEnter a unique name for the policy. The name must:
|
Android 12 and higher Fully managed Work profile Work profile on company-owned device |
| Network name (SSID) |
Determines the name of the policy. ValuesEnter a name. So that Knox Manage can correctly process and store the name, it must:
|
Android 12 and higher Fully managed Work profile Work profile on company-owned device |
| Description |
Specifies a description for the policy that is displayed on the Knox Manage console. ValuesEnter a description up to 1,000 characters long. |
Android 12 and higher Fully managed Work profile Work profile on company-owned device |
| Security type |
The security protocol of the Wi-Fi network. This value must match the actual security protocol that the network uses. Values
|
Android 12 and higher Fully managed Work profile Work profile on company-owned device |
| Password |
The password of the Wi-Fi network. This value must match the actual password that the network uses. Only available if Security type is set to WPA/WPA2-PSK. ValuesEnter the password. So that Knox Manage can correctly process and store the password, it must:
|
Android 12 and higher Fully managed Work profile Work profile on company-owned device |
| Proxy configuration |
The Wi-Fi network's proxy. This value must match the actual proxy settings that the network uses. Values
|
Android 12 and higher Fully managed Work profile Work profile on company-owned device |
| Additional settings |
Assigns extra settings that control how the device interacts with the Wi-Fi network. Values
|
Android 12 and higher Fully managed Work profile Work profile on company-owned device |
| Setting | Description | Supported system |
|---|---|---|
| Description |
Specifies the description of the APN policy. |
Android 12 and higher Fully managed |
| Access point name |
Specifies the name of the APN policy. Each configuration name must be unique. |
Android 12 and higher Fully managed |
| Access point type |
Specifies which connection services to allow for this APN policy. Values
|
Android 12 and higher Fully managed |
| Mobile country code (MCC) |
Specifies the MCC of the APN. ValuesEnter a 3-digit MCC. Click INSERT LOOKUP to browse and select available lookup items to include in the MCC. |
Android 12 and higher Fully managed |
| Mobile Network Code (MNC) |
Specifies the carrier's MNC for the APN. ValuesEnter a 2 or 3-digit MNC. Click INSERT LOOKUP to browse and select available lookup items to include in the MNC. |
Android 12 and higher Fully managed |
| MMS Server (MMSC) |
Specifies the address of the carrier's MMS server. ValuesEnter a URL. |
Android 12 and higher Fully managed |
| MMS Proxy Server |
Specifies the address of the carrier's MMS proxy server. ValuesEnter an IP or domain. |
Android 12 and higher Fully managed |
| MMS Proxy Server Port |
Specifies the port of the carrier's MMS proxy server. ValuesEnter a port. |
Android 12 and higher Fully managed |
| Proxy Server |
Specifies the address of the carrier's WAN proxy server. ValuesEnter a URL. |
Android 12 and higher Fully managed |
| Proxy Server Port |
Specifies the port of the carrier's WAN proxy server. ValuesEnter a port. |
Android 12 and higher Fully managed |
| Access Point Username |
Specifies the account username to use when connecting to the APN. ValuesEnter a username. By default, the field contains the ${UserName} lookup item, which substitutes for the username associated with the device in Knox Manage. |
Android 12 and higher Fully managed |
| Access Point Password |
Specifies the account password to use when connecting to the APN. ValuesEnter a password. |
Android 12 and higher Fully managed |
| APN Authentication Method |
Specifies the protocol to use when authenticating with the APN. Values
|
Android 12 and higher Fully managed |
| APN Protocol |
Specifies the communications protocol to use when connecting to the APN. Values
|
Android 12 and higher Fully managed |
| APN Roaming Protocol |
Specifies the communications protocol to use when connecting to the APN while the device is roaming. Values
|
Android 12 and higher Fully managed |
| Mobile virtual network operator Type |
Specifies the type of identifier used by the APN's mobile virtual network operator (MVNO). Values
|
Android 12 and higher Fully managed |
| Bearer |
Specifies which wireless broadcast standards can be used when connecting to the APN. Values
|
Android 12 and higher Fully managed |
| Delete APN |
Allows a device user to delete APN settings. Values
|
Android 12 and higher Fully managed |
Location
Location settings
| Setting | Description | Supported system |
|---|---|---|
| Location settings |
Controls the services that track the device's physical location. Values
|
Android 12 and higher Fully managed Work profile Work profile on company-owned device |
| Allow collection of location data |
Specifies if collection of data requires user consent. Values
|
Android 12 and higher Fully managed Work profile Work profile on company-owned device |
| > Set collection time |
Specifies the time period after which location data must be collected. Values
|
Android 12 and higher Fully managed Work profile Work profile on company-owned device |
App
App controls
| Setting | Description | Supported system |
|---|---|---|
| App installation from other sources |
Allows the device user to install Android apps from untrusted sources. This setting doesn't apply to apps on Google Play. Values
|
Android 12 and higher Fully managed Work profile Work profile on company-owned device |
| Hide apps |
Specifies a list of apps that can't be installed on the device. If an app is already installed, it's automatically uninstalled from the device once hidden. ValuesSelect one or more apps from the app library. |
Android 12 and higher Fully managed Work profile Work profile on company-owned device |
| Control apps from settings |
Determines if device users can modify app settings. Values
|
Android 12 and higher Fully managed Work profile Work profile on company-owned device |
| App uninstallation |
Allows the device user to uninstall apps. Values
|
Android 12 and higher Fully managed Work profile Work profile on company-owned device |
| App installation |
Allows the device user to install apps. Values
|
Android 12 and higher Fully managed Work profile Work profile on company-owned device |
| Runtime permissions for all apps |
Specify whether to allow the setting of app runtime permissions in all areas. The admin can grant or deny app runtime permissions without a user's intervention. Values
For work profile devices running Android 12 and higher, even if the app permissions are set to Grant, functions such as camera, location, microphone, and body sensor are not allowed for privacy. |
Android 12 and higher Fully managed Work profile Work profile on company-owned device |
| Skip app tutorials |
Allows device users to skip the tutorials available for apps. Values
|
Android 12 and higher Fully managed Work profile Work profile on company-owned device |
| Delegated scopes for apps |
Specify apps with delegation scope enabled. Each configuration targets an app with a profile in the Knox Manage tenant and assigns scopes to it. You can only manage one delegation configuration per app. Click Set App Delegation, then select an app and click NEXT. On the App delegation scope page, select one or more of the below delegation scopes:
Once you select your delegation scopes, click either SET DELEGATION SCOPE or CONFIRM AND SET ANOTHER to confirm the configuration and set another one. |
Android 12 and higher Fully managed Work profile Work profile on company-owned device |
| Activate certain pre-installed system apps | Activates select system apps to display on the device. Apps can't be activated if they are members of the app installation blocklist. |
Android 12 and higher Work profile Work profile on company-owned device |
App allowlist and blocklist
| Setting | Description | Supported system |
|---|---|---|
| Block certain apps from running | Blocks specific apps from running on the device. |
Android 12 and higher Fully managed Work profile Work profile on company-owned device |
| Block certain apps from being uninstalled | Prevent specific apps from being uninstalled. |
Android 12 and higher Fully managed Work profile Work profile on company-owned device |
| Block certain apps from using mobile data | Specifies a list of apps that can't use mobile data. |
Android 12 and higher Fully managed Work profile Work profile on company-owned device |
| Block components from running in certain apps |
Blocks a component, such as an activity, receiver, service, or provider, from running on a selected app. See the Android developer guide to learn more about components. Select an app or apps, then enter components to block on it. |
Android 12 and higher Fully managed Work profile Work profile on company-owned device |
| Allow work and personal apps connection |
Specify whether selected apps can communicate with themselves across the work profile and personal profile, subject to user consent. |
Android 12 and higher Work profile Work profile on company-owned device |
Google Play
| Setting | Description | Supported system |
|---|---|---|
| Check devices through Play Integrity | Enable periodic device checks with Play Integrity. |
Android 12 and higher Fully managed Work profile Work profile on company-owned device |
| > Set time period between checks | Set an interval at which to assess the devices. Values 1-365 (default: 1) |
Android 12 and higher Fully managed |
| > Take action if device fails check during enrollment |
Specify measures to take if integrity check fails during enrollment.
|
Android 12 and higher Fully managed |
| > Take action if device fails check after enrollment |
Specify measures to take if integrity check fails after enrollment.
|
Android 12 and higher Fully managed |
| App verification using Google Play Protect |
Allows app verification using Google Play Protect. Values
|
Android 12 and higher Fully managed Work profile Work profile on company-owned device |
Browser
Knox Browser settings
| Policy | Description | Supported system |
|---|---|---|
| Homepage URL | Sets the home page of the Knox Browser app. If set, the user can't change the home page. This is a required value for deploying the Knox Browser. |
Android 12 and higher Fully managed Work profile Work profile on company-owned device |
| Automatic app updates |
Determines whether the Knox Browser app automatically updates. If enabled, the browser also updates when the profile is pushed to the device. Values
|
Android 12 and higher Fully managed Work profile Work profile on company-owned device |
| Add URLs to allowlist or blocklist |
Specify whether the Knox Browser restricts access to URLs as an allowlist or blocklist. Values
|
Android 12 and higher Fully managed Work profile Work profile on company-owned device |
| > URLs | Enter the list of restricted URLs. This list is an allowlist or a blocklist depending on the value for Add URLs to allowlist or blocklist. |
Android 12 and higher Fully managed |
| Hide URL address bar |
Hides the address bar. Values
|
Android 12 and higher Fully managed Work profile Work profile on company-owned device |
| Web intents |
Enables URLs with web intents, which, when opened, can download and launch apps on Android. Knox Browser supports intent schemes like the following:
Values
|
Android 12 and higher Fully managed Work profile Work profile on company-owned device |
| Download files |
Enables file downloads on Knox Browser. Values
|
Android 12 and higher Fully managed Work profile Work profile on company-owned device |
| Screen capture |
Allows the device user to take screenshots of web pages on Knox Browser. Values
|
Android 12 and higher Fully managed Work profile Work profile on company-owned device |
| Add bookmarks | Defines a collection of bookmarks to push to Knox Browser. |
Android 12 and higher Fully managed Work profile Work profile on company-owned device |
| Upload files |
Allows the device user to upload files to web pages on Knox Browser. Values
|
Android 12 and higher Fully managed Work profile Work profile on company-owned device |
| Store cookies |
Allows cookies in the Android browser. If cookies are not allowed, you can't access websites that authenticate users with cookies. Values
|
Android 12 and higher Fully managed Work profile Work profile on company-owned device |
| Copy text |
Allows the device user to copy text from web pages viewed on Knox Browser. Values
|
Android 12 and higher Fully managed Work profile Work profile on company-owned device |
| Text scaling |
Forces changing the text size on web pages on Knox Browser. Values
If this value is unset, then the text size defaults to 100%, and the device user can change it. |
Android 12 and higher Fully managed Work profile Work profile on company-owned device |
| > Ratio | Specifies the scale of the text size on Knox Browser. To set the scale, adjust the slider. The slider has a range of 50–200% (100% default) and moves in 5% increments. |
Android 12 and higher Fully managed |
| Force page zoom |
Forces changing the zoom level of web pages on Knox Browser. Values
|
Android 12 and higher Fully managed Work profile Work profile on company-owned device |
| > Default ratio | Specifies the zoom level of web pages on Knox Browser. Only available if the Force page zoom policy is set to Allow. To set the scale, adjust the slider. The slider has a range of 100–200% (100% default) and moves in 5% increments. |
Android 12 and higher Fully managed |
Common browser settings
| Policy | Description | Supported system |
|---|---|---|
| Auto-completion in browser |
Allows auto-completion of information that you enter on websites in the Android browser. Values
|
Android 12 and higher Fully managed Work profile Work profile on company-owned device |
Shortcut
Sets a shortcut policy to manage the addresses you bookmark for users. Shortcuts display on the home screen of the device.
Click ADD SHORTCUT POLICY to add a policy. You can add or edit up to 20 policies.
| Policy | Description | Supported system |
|---|---|---|
| Description | Specifies the description of the shortcut policy. |
Android 12 and higher Fully managed |
| Shortcut image | Sets a shortcut icon to be created on devices. |
Android 12 and higher Fully managed |
| Shortcut name | Specifies the title of the shortcut. |
Android 12 and higher Fully managed |
| Shortcut URL | Specifies a website address to go to when a user selects the shortcut. |
Android 12 and higher Fully managed |
Kiosk
Kiosk settings
Configures the device as a kiosk. Kiosks are dedicated, embedded, or stationary devices that enterprises install on-premises to perform as public terminals, boards, displays, or signage. Only one kiosk configuration is allowed in a profile.
To learn more about kiosks, see Kiosk types.
Any kiosks that you create in the original console can’t be edited or pushed to devices in the new console. However, any kiosks that you create in the new console, can be pushed, copied, and edited in the original console on the Kiosk page.
| Setting | Description | Supported system |
|---|---|---|
| Kiosk mode |
Sets the kiosk mode for devices. Values
|
Android 12 and higher Fully managed |
| Default URL |
Specifies the home page of the Kiosk Browser (web mode only). ValuesEnter a fully-formed URL. You can insert lookup codes for string substitution. |
Android 12 and higher Fully managed |
| Basic settings |
Controls settings related to core kiosk behavior. Available settings may depend on the kiosk mode set. Values
|
Android 12 and higher Fully managed |
| Apps outside kiosk | Allows adding apps from outside the kiosk (multi-app and single-app mode only). |
Multi-app mode — fully managed: Android 12 and higher Single-app mode — fully managed Samsung devices: Android 12 and higher Single-app mode — fully managed non-Samsung devices: Android 12 and higher |
| Utility settings |
Controls settings related to OS behavior in the kiosk. Values
|
Android 12 and higher Fully managed |
| Settings menu preferences |
Allow users to access the following settings while in kiosk mode (multi-app and single-app mode only). Values
|
Multi-app mode — fully managed: Android 12 and higher Single-app mode — fully managed Samsung devices: Android 12 and higher Single-app mode — fully managed non-Samsung devices: Android 12 and higher |
| Advanced settings |
Allows control of advanced settings while in kiosk mode. Values
|
Multi-app mode — fully managed: Android 12 and higher Single-app mode — fully managed Samsung devices: Android 12 and higher Single-app mode — fully managed non-Samsung devices: Android 12 and higher Web mode — fully managed: Android 12 and higher |
User and profile
User and account
| Setting | Description | Supported system |
|---|---|---|
| Add or delete account |
Allows device users to add or delete accounts. Values
|
Android 12 and higher Fully managed Work profile Work profile on company-owned device |
| > Account type allowlist and blocklist |
Specifies a list of apps to allow or block on devices. Values
|
Android 12 and higher Fully managed |
| >> Account types |
Specifies the account types to allow or block on devices. ValuesEnter account types |
Android 12 and higher Fully managed |
| >> Select accounts to allow in Google Play |
Specifies the accounts to allow on devices. Values
|
Android 12 and higher Fully managed |
| >>> Accounts |
Specifies the accounts to allow when you select Allow Managed Google Play and selected accounts option in the Select accounts to allow in Google Play setting. ValuesEnter account types |
Android 12 and higher Fully managed |
| User deletion |
Specifies if deletion of users is allowed. Values
|
Android 12 and higher Fully managed |
Google account
Configures Google accounts that automatically populate on devices when device users sign in to Google services.
| Setting | Description | Supported system |
|---|---|---|
| Description | Specifies the description of the policy. |
Android 12 and higher Fully managed Work profile Work profile on company-owned device |
| Google account | Enter an account, or click INSERT LOOKUP to browse and select available lookup items. |
Android 12 and higher Fully managed Work profile Work profile on company-owned device |
Knox Service Plugin
Allows you to configure various policies through Knox Service Plugin.
The Knox Service Plugin (KSP) is Samsung’s OEMConfig-based solution that enables IT administrators to use a wide range of Knox management features on their EMM consoles as soon as they are available on the market.
Some policies overlap between Knox Service Plugin and Android Enterprise profiles. Regardless of priority rules, if you set the same policy in both profiles, Knox Manage may be unable to determine which instance of the policy to apply and choose one arbitrarily. To prevent ambiguity, set each policy in only one profile.
These policies require the Knox Service Plugin app from Google Play. You must meet the following requirements to use the Knox Service Plugin with your managed devices:
- A device enrolled with Android Enterprise.
- A valid Knox Platform for Enterprise license for the device. For more information about Knox licenses, see Knox Platform for Enterprise licenses.
Knox Manage supports a multi-profile structure for Android Enterprise, iOS, Windows, and macOS. If you assign multiple profiles with Knox Service Plugin policies to your devices, only the highest-priority profile’s policies is applied.
For more information on Knox Service Plugin policies, see advanced examples and policy descriptions.
On this page
Is this page helpful?