Jump to:navigation, search
Wiki

Android configuration applications

From Securepoint Wiki




























In dieser Seite werden die Variablen für unterschiedliche Sprachen definiert.
Diese Seite wird auf folgenden Seiten eingebunden











































































Applications|Applications






















Android profile configuration in the Applications menu item

Last adaptation to the version: 2.8.7

New:
notempty
This article refers to a Beta version

Access: portal.securepoint.cloud  Mobile Security Android Profile  Tab Applications


Applications

Applications
Caption Value Description
Applications  Add applications Adds apps to this profile notempty
Apps on EMM-managed devices are configured within the profiles!
Package name com.google.android.youtube Select application Package name of the application
Install type Pre install The way the installation is performed.
Pre install The app is installed automatically, but can be removed by the user.
Force install The app is installed automatically and cannot be deleted by the user.
Block The app is blocked and cannot be installed. If the app was installed using an old profile, it will be uninstalled.
Available The app is ready for installation.
Required for setup The app is installed automatically, cannot be deleted by the user, and prevents the device from being set up until the app is installed.
Kiosk The app is automatically installed in kiosk mode: it is set as the prefered home intention and set to white list for lock-task mode. The device setup will not be completed until after the app has been installed. After installation, users can only use this app, which starts automatically and can no longer be removed. You can only set this installType for one application per policy. If this is present in the policy, the status bar is automatically disabled.
Default permission policy Prompt The default policy for all permissions requested by the app. If set, overrides the default policy-level permission policy that applies to all apps. It does not override the global permission grant, which applies to all apps.
Nicht spezifiziert (Nur Apps mit Anmeldedatenanbieter-Richtlinie) Policy not specified. If no policy is specified for a permission at any level, 'Prompt' is used by default.
Prompt Prompts the user to grant an authorization.
Grant Grant authorization automatically
Deny Deny authorization automatically
Permissions  Add permission Grants explicit permission or denial for the app. These values override the default permission policy and global permission restrictions that apply to all apps.
Permission     The Android permission or group, for example android.permission.READ_CALENDAR or android.permission_group.CALENDAR.
Nicht spezifiziert (Nur Apps mit Anmeldedatenanbieter-Richtlinie) Policy not specified. If no policy is specified for a permission at any level, 'Prompt' is used by default.
Prompt Prompt the user to grant permission.
Grant Grant permission automatically
Deny Deny permission automatically
Policy Nicht spezifiziert (Nur Apps mit Anmeldedatenanbieter-Richtlinie) The policy for granting authorization.
If necessary, further authorizations must be granted or denied here.
Note: In the »Approval« field, only the authorizations that the respective app requires and is usually required for proper operation appear. It is recommended to grant necessary permissions in advance and to allow all other permissions only on request (prompt). The »deny« option should only be used for selected authorizations where it is clear that the desired function of the app is not affected by this.
Managed configuration
 Manage configuration Managed configuration applied to the app.
The format for the configuration depends on the ManagedProperty values supported by the app. Each field name in the managed configuration must match the key field of the managed property. The field value must be compatible with the ManagedProperty type.
notempty
New as of: 2.8.7
Die Verwaltete Konfiguration einer App lässt sich direkt manuell konfigurieren:
  • über  Feld hinzufügen ein neues leeres Feld erzeugen
     Manage configuration zuvor betätigen
  • dort die gewünschten ManagedProperty-Variable eintragen und den benötigten Typ auswählen
  • mit  Speichern die Einstellung abspeichern
  • Anschließend kann der gewünschte Wert eingetragen werden
notempty
Darüber lassen sich auch Benutzervariablen verwenden.
Managed Configuration Template
 Manage configuration template This field is ignored if the managed configuration is set.
Calls up a template from the app manufacturer in which various parameters can be transferred to the app, depending on what the manufacturer specifies. These can be fixed parameters and variables in email apps:
Example for Gmail app:
Email Address $emailaddress$ Variable
Hostname or Host m.google.com Fixed parameter
  • Example: Hostname of the mail server for Gmail accounts
    • Username $emailaddress$ Variable (for Gmail accounts the username is the email address.)
    With other accounts / apps the variable $username$ can be used here.
    notempty
    New as of: 2.8
    notempty
    For a correct function, in the tab General the button Profile is a template must be activated    and the users must be selected!


    In dieser Seite werden die Variablen für unterschiedliche Sprachen definiert.
    Diese Seite wird auf folgenden Seiten eingebunden






























    The values are taken from the user settings of the user to whom the respective device is assigned
    Variable name in profiles Description Example
    $username$
    alternative names:
    %device_user%
    %device_user_username%
    		Username jdoe
    $emailaddress$
    alternative name:
    %device_email%
    		Email address jdoe@ttt-point.de
    $firstname$
    alternative name:
    %device_user_firstname%
    		First name John
    $lastname$
    alternative name:
    %device_user_lastname%
    		Last name Doe
    $name$
    alternative name:
    %device_user_name%
    		First name and surname John Doe
    $variable1$
    alternative name:
    %variable1%
    		custom value jdoe/ttt-point.local
    $variable2$
    alternative name:
    %variable2%
    		custom value
    $variable3$
    alternative name:
    %variable3%
    		custom value
    $device_name$
    alternative name:
    %device_name%
    		Only for   iOS: The name assigned on the phone (see: Settings → General → Info → Name)
  • This variable can also be used in iOS profiles in the Shared device section
    		•  Cell phone from Markus Müller
    $device_alias$
    alternative name:
    %device_alias%
    		Only for   iOS: The alias assigned in the portal.
    If the alias is not assigned, the device_name is displayed.
  • This variable can also be used in iOS profiles in the Shared device section
    		•  Tablet Storage1
    Defining the values in the user administration in the portal under:  General  Users or for the device alias in the device tile.
    To avoid input errors, different variable names are possible for compatibility reasons.
    A distinction between Android and iOS is no longer necessary.
    Deactivated    Whether the app is disabled. When deactivated, the app data is still retained.
    Minimum version code 0 The minimum version of the app that will run on the device.
    If set, the device will attempt to update the app to at least this version code. If the app is not up to date, the device contains a non-compliance detail with the non-compliance reason APP_NOT_UPDATED. The app must already be published in Google Play with a version code equal or greater than this value. A maximum of 20 apps can set a minimum version code per policy.
    Delegate areas     The permissions selected here are delegated to the app by the Device Policy Controller.
    Nicht spezifiziert (Nur Apps mit Anmeldedatenanbieter-Richtlinie) No delegation area specified.
    Certificate installation Provides access to the installation and management of certificates.
    Managed configurations Provides access to the management of managed configurations.
    Block uninstall Gives access to blocking the uninstallation.
    Grant permission Provides access to the permission policy and permission status.
    Packet access Gives access to the packet access status.
    Enable system apps Grants access to activate system apps.
    Accessible Track IDs     List of track IDs of the app that an enterprise device can access. If the list contains multiple track IDs, devices get the latest version among all accessible tracks. If the list does not contain any track IDs, devices have access only to the production track of the app.
    Connected Work & Personal App Nicht spezifiziert (Nur Apps mit Anmeldedatenanbieter-Richtlinie) Controls whether the app can communicate with itself through a device's work and personal profiles with the user's permission.
    Nicht spezifiziert (Nur Apps mit Anmeldedatenanbieter-Richtlinie) Not allowed by default
    Not allowed Default. Prevents cross-profile communication of the app.
    Allowed Allows the app to communicate across profiles after receiving the user's consent.
    Anmeldedatenanbieter Login Provider - Use Default Policy Diese App kann (z.B. als Passwort-Manager) genutzt werden
    Login Provider - Use Default Policy The default login provider policy ( siehe unten) determines, whether this app can be used as the default login provider.
    This app is allowed to act as a login provider This app can function as a login provider regardless of global app settings.
    Play Store Mode Allow list Only apps that are configured here in the policy are available. Any app not included in this policy will be automatically uninstalled from the device.

    Blocklist means All apps in the Play Store are available, except for those configured here with Installation Type Block!

    Automatic App Updates Always The policy enforced on a device to automatically update apps depending on the network connection: Apps should also be updated on devices that rarely or never return to a wireless network. The volume of data usually has little effect with standard volume tariffs.
    Nicht spezifiziert (Nur Apps mit Anmeldedatenanbieter-Richtlinie) The auto-update policy is not set. Corresponds with the user selection.
    User selection The user can control the automatic updates.
    Never Apps are never updated automatically
    Via WLAN only Apps are only updated automatically via WLAN.
    Always Apps are updated automatically at any time. Data charges may apply.
    Disable installation of apps    notempty
    If activated   , no installations or Updates are possible. Also not via the portal!
    Disable uninstalling apps    The user should not be able to uninstall any apps.
    Global default authorization policy Not specified (prompt) The default authorization policy for runtime authorization requests.
    Not specified (prompt) Policy not specified. If no policy is specified for a permission at any level, 'Prompt' is used by default.
    Prompt Prompt the user to grant permission.
    Grant Grant authorization automatically
    Deny Deny correction automatically
    Global permission granting  Add permission Explicit permission or group grant or deny for all apps. These values override the Default permission policy.
    Permission     The Android permission or group, for example android.permission.READ_CALENDAR or android.permission_group.CALENDAR.
    Policy Nicht spezifiziert (Nur Apps mit Anmeldedatenanbieter-Richtlinie) The policy for granting authorization.
    Nicht spezifiziert (Nur Apps mit Anmeldedatenanbieter-Richtlinie) Policy not specified. If no policy is specified for a permission at any level, 'Prompt' is used by default.
    Prompt Prompt the user to grant permission.
    Grant Grant permission automatically
    Deny Deny permission automatically
    Anmeldedatenanbieter-Standardrichtlinie Not specified (Only apps with a login provider policy) This feature determines whether an app on Android 14 and above is allowed to function as a login provider for managing login credentials. If it is relevant for apps that handle authentication or login data, such as password managers or multi-factor authentication apps.
    Not specified (Only apps with a login provider policy) Not specified. Only apps that have explicitly defined a login provider policy.
    Nur Apps mit Anmeldedatenanbieter-Richtlinie Only apps that have specified a login provider policy.
    Only apps that have declared a login provider policy or OEM default login providers Only apps with a declared login provider policy or those pre-defined by the OEM as default login providers are allowed.
    Notes on using login providers
    Option Value Description
    Anmeldedatenanbieter Anmeldedatenanbieter Diese App kann (z.B. als Passwort-Manager) genutzt werden
    Anmeldedatenanbieter-Standardrichtlinie benutzen Auswahlmöglichkeit s.u.
    Anmeldedatenanbieter-Standardrichtlinie
    Nur wenn App nicht selbst als Anbieter fungiert!    		 Nicht spezifiziert (Nur Apps mit Anmeldedatenanbieter-Richtlinie) Die App kann nicht verwendet werden
    Nur Apps mit Anmeldedatenanbieter-Richtlinie Die App kann nicht verwendet werden
    Nur Apps mit Anmeldedatenanbieter-Richtlinie oder OEM-Standardanmeldedatenanbieter Sowohl die ausgewählte App als auch von Google als Anmeldedatenanbieter klassifizierte Apps können genutzt werden
    Retrieved from "https://wiki.securepoint.de/index.php?title=MS/deployment/profile/android/anwendungen&oldid=98256"