Contents
Managing profiles for iOS or Android devices in the Mobile Security Portal
Last adaptation to the version: 1.5.3.2 (07.2020)
- New
Preamble
In a profile, permissions, restrictions, password requirements, e-mail settings and security settings are configured.
Several users or user groups (roles) can be assigned to a profile.
Many devices or device groups (devices designated by tags) can be assigned to a profile.
For a large number of devices and users it is recommended to map the assignment via groups.
Overview of profile management
In the profile overview new profiles can be created, existing ones can be edited and deleted. The view of the profiles can be displayed in the list or tile view. You can also view details of existing profiles, update the list of profiles, and publish profiles.
General Options
Filter displayed profiles |
The search criteria can be filtered to specific areas: all Devices Platform tags roles used User |
Add profileAdd profile |
Creates a new profile. The settings in the profile vary depending on the operating system. See Edit iOS / Edit Android |
Publish profilePublish profiles |
The transmission may take a few minutes. The changes to a profile must be published so that they can be transmitted to the devices. |
Import profileImport profiles |
Show details |
Show details |
List view / Grid view |
List view / Grid view/ |
Switch between lists and grid view. |
Refresh |
Refresh the display |
Profile tile
The button at the top right of each profile tile provides the following options:
Edit | Editing the settings (see below) |
Export | Exporting the settings |
Kopieren | Copying the profile to the clipboard |
Revoke | The profile is withdrawn, i.e. it is no longer available on the devices, but can be configured. |
Delete | The profile is deleted. |
Details displayed in the profile tile:
Updated Changes have been made to the profile that have not yet been published!
PARTIALLY INSTALLED The transfer of the profile could not be completed completely.
Platform iOS, Android or Android Enterprise
Roles Roles
Users User
Devices Devices
Tags Tags
Parts Restrictions | Security
Copy & paste of profiles
Click on the logo of the profile tile to mark it. In the general options, another field now appears under the filter mask:
Action for selected items | Execute the selected action with Ok | |||
Copies one or more selected profiles to the clipboard. | ||||
Deletes one or more selected profiles | ||||
New button | Paste | Inserts a copy of a profile from the clipboard.
|
iOS profile
General iOS
Caption | Values | Description |
---|---|---|
Platform | iOS | Device OS. When creating a new profile, Android Enterprise can also be selected here. tab and Functions differ depending on the selected operating system. |
Name | Name | Profilname |
Priority | 5 | The higher the number, the higher the priority. Is only used if a device is affected by multiple profiles. |
Roles | Add roles | Klick-Box: The profile will be assigned to all devices of all users with these roles |
Users | Add users | The profile will be assigned to all devices from these users |
Devices | Add devices | The profile will be assigned to these devices |
Tags | Add tags | The profile will be assigned to all devices with these Tags |
Comment | Comment | Kommentar |
Save
Information that can be displayed on the login screen and lock screen.
Devices used by different people Shared device in Apple terminology can thus display accessible information for everyone (e.g. an inventory number).
caption: | Default | description: |
---|---|---|
Activate configuration | After setting this, you can set the shared device configuration. The Shared Device Configuration Payload allows you to specify optional text displayed on the login window and lock screen (i.e. a ”If Lost, Return To” message and Asset Tag Information). It is supported on iOS 9.3 and later. | |
Lockscreen footnote | Optional. A footnote displayed on the login window and lock screen. | |
Asset Tag Information | Optional. Asset tag information for the device, displayed on the login window and lock screen. |
Save
Network
In this section, access profiles for WiFi networks can be configured and pushed to the device.
Add a network configuration with Konfiguration hinzufügen
Caption | Values | Description |
---|---|---|
Name | Name | Name of the configuration |
Type | WiFi | Configuration type (WiFi predefined) |
SSID | SSID | The SSID of the network |
Security | Security Level | |
None | no security | |
WEP-PSK | insecure | |
WPA-PSK | secure | |
Password | Password | The networks passphrases. Hidden with placeholders<.br> shows the password in plain text. |
Hidden SSID | Specifies whether the SSID of the network is visible (button off) or hidden (button on). | |
Autoconnect | Enable to automatically connect the device to the network. |
Finish the configuration with Save
App-Lock
The app lock activates the guided mode which limits the device to a single app. In this state - also called kiosk mode - you can control which app functions are available.
Activate configuration

The last column (SO) indicates if this function is only available in supervised mode (supervised only) .
caption: | Default | description: | |
---|---|---|---|
Identifier | The bundle identifier of the application. | ||
Options | |||
Disable touch | If true, the touch screen is disabled. | ||
Gerätedrehung deaktivieren | |||
Deaktivieren Sie die Lautstärketasten | |||
Klingelschalter deaktivieren | |||
Deaktivieren Sie de Sleep-Wake-Button | |||
Deaktivieren Sie die automatische Sperre | |||
Voice-Over aktivieren | |||
Zoom aktivieren | |||
Invertieren von Farben aktivieren | |||
Assistive touch aktivieren | |||
Sprachauswahl aktivieren | |||
Mono-Audio aktivieren | |||
User Enabled Options | |||
Voice-Over | |||
Zoom | |||
Farben invertieren | |||
Assistive touch |
Finish the configuration with Save
Restrictions
Configuration by clicking on Activate restrictions
Numerous restrictions can be configured to control the behavior of a device.
List of possible restrictions with default values and explanations
General restrictions
- Neu ab v1.5.3.2:

The last column (SO) indicates if this function is only available in supervised mode (supervised only) .
Restriction | Default | Explication | |
---|---|---|---|
Restrict App Usage (supervised only). | Allow all apps Do not allow specific apps Do allow only specific apps |
Konfiguriert, ob für Apps keine Einschränkung, eine Blacklist oder eine Whitelist verwendet wird. |
✓ |
|
Clickbox for selecting apps | Depending on the selection in the line above: Blacklisted Apps / Whitelisted Apps 'Searches the entire app store for possible apps. |
✓ |
Allow Account Modification | If set to false, account modification is disabled. (Supervised only) | ✓ | |
Allow QuickPath Keyboard | If set to false, disables QuickPath keyboard. | ||
Allow Network access for Files | If set to false, prevents connecting to network drives in the Files app. | ||
Allow USB drive for Files | If set to false, prevents connecting to any connected USB devices in the Files app. | ||
Allow Find My Device | If set to false, disables Find My Device in the Find My app. | ||
Allow Find My Friends | If set to false, disables Find My Friends in the Find My app. | ||
Force WiFi on | If set to true, prevents Wi-Fi from being turned off in Settings or Control Center, even by entering or leaving Airplane Mode. It does not prevent selecting which Wi-Fi network to use. | ||
Allow App Removal | Allows the user to remove apps | ✓ | |
Allow Trusting Enterprise Apps | Allows the user to trust enterprise apps. (Apps that can be deployed without the iTunes App Store and don't need to be authorized by Apple) | ||
Allow Explicit Content | Allows the user to access explicit content. When activated, the SafeSearch function is switched off by search engines. | ||
Allow Screenshots and Screen Recording | Allows the user to take screenshots or screen recordings | ||
Allow Remote Screen Observation | Allows you to observe the screen in a classroom, for example. | x | |
Allow use of iMessage | Allow use of iMessage (Supervised mode only) | ✓ | |
Allow Bookstore | If this value is set to false, the iBookstore will be disabled. (Supervised mode only). | ✓ | |
Allow Bookstore Erotica | If set to false, the user will not be able to download media from the iBookstore that is tagged as erotica. (Supervised mode only). | ✓ | |
Allow Apple Music | If set to false, Apple Music will be disabled in the Music app. | x | |
Allow iTunes Radio | If set to false, iTunes Radio will be disabled in the Music app. | ||
Allow Shared Stream | If set to false, the shared stream is disabled. | ||
Allow Wallet While Locked | If set to false, Wallet notifications will not be shown on the lock screen. | ||
Allow UI Configuration Profile Installation | If set to false, the user is prohibited from installing configuration profiles and certificates interactively. (Supervised mode only). | ✓ | |
Allow use of iTunes | Allows the user to use iTunes | ||
Allow use of News | Allows the user to access and use News | ||
Allow use of Safari | Allows the user to use Safari | ||
Allow Game Center | Allows the Game Center (Supervised mode only). | ✓ | |
Allow Adding Game Center Friends | Allows the user to add Friends on Game Center | ||
Allow modifying Bluetooth settings | Allow modifying Bluetooth settings | ||
Allow Modifying Cellular Data Usage for Apps Settings | Allows modifying cellular data usage for apps settings | ||
Allow Modifying Device Name | Allows the user to change device names. | ||
Allow Modifying Wallpaper | Allows you to change the background image. (Supervised mode only) | ✓ | |
Allow Configuring Restrictions | Allows the user to configure restrictions. (Supervised mode only) | ✓ | |
Allow Automatic Sync While Roaming | Allows automatic synchronization during roaming. | ||
Allow iCloud Sync for Managed Apps | Allows iCloud synchronization for managed apps. | ||
Allow Enterprise Books Backup | Allows Enterprise books to be backed up. | ||
Allow Enterprise Books Notes and Highlights Sync | Allows Enterprise Books to synchronize notes and highlights. | ||
Allow In App Purchases | Allows the user to make purchases within applications | ||
Allow Multiplayer Gaming | Allows Multiplayer Gaming | ||
Allow voice dialing while device is locked | Allows voice dialing while device is locked | ||
Force Apple Watch Wrist Detection | Forces Apple Watch Wrist Detection | ||
Allow Pairing With Apple Watch | Allows Pairing With Apple Watch | ||
Allow Erase All Content and Settings | If set to false, the user cannot choose the option "Erase All Content and Settings" in Settings → General → Reset (Supervised mode only) | ✓ | |
Allow Internet results in Spotlight | If set to false, search results from the web will not be shown in Spotlight. | ||
Allow iCloud Document Sync | Allows document syncing with iCloud | ||
Allow user to accept untrusted TLS certificates | Allows user to accept untrusted TLS certificates | ||
Allow Photo Stream | Allows Photo Stream to be used on the device | ||
Allow iCloud Photo Library | Allows iCloud Photo Library to be used on the device | ||
Allow iCloud Backup | Allows backup using iCloud | ||
Require iTunes password for all purchases | Require the user's iTunes password to be entered for every purchase | ||
Apps Ranking Number | 1000![]() |
Ranking number for apps | |
Movies Ranking Number | 1000![]() |
Ranking number for movies | |
TV Shows Ranking Number | 1000![]() |
Ranking number for TV Shows | |
Region Code | Germany | Two-character code for the region used to specify ratings | |
Accept Cookies in Safari | Never | Accepting cookies Does not accept cookies |
|
From current website only (iOS 8) or visited sites (pre-iOS 8) | Depending on iOS version: from iOS 8: Only from current website from iOS 8: Only from visited pages |
||
From websites I visit | Accepts cookies from all visited websites | ||
Alwys | Accepts all cookies | ||
Allow AutoFill in Safari | Allows autocomplete in Safari browser. | ||
Allow JavaScript | AllowS JavaScript in Safari | ||
Allow Pop-ups | AllowS Pop-ups in Safari | ||
Enable Fraud Warning | Enables fraud warning in Safari | ||
Allow Predictive Keyboard | Allows Predictive Keyboard (Supervised mode only) | ✓ | |
Allow Keyboard Shortcuts | Allows Keyboard Shortcuts (Supervised mode only) | ✓ | |
Allow Auto Correction | Allows Auto Correction (Supervised mode only) | ✓ | |
Allow Spell Check | Allows Spell Check (Supervised mode only) | ✓ | |
Allow Define | Allows Define(Supervised mode only) | ✓ | |
Enable allow open from unmanaged to managed | Allows managed apps to access unmanaged documents. | ||
Enable allow open from managed to unmanaged | Allows unmanaged apps to access managed documents. | ||
Treat AirDrop as Unmanaged Destination | When activated, protected (managed) data is prevented from leaving the device unauthorized by Airdrop. | ||
Allow Handoff | If this value is set to "false", handoff is deactivated. Handoff allows you to continue an activity started on an iOS-device on another device. | ||
Touch ID/Face ID zum Entsperren erlauben | Allow Touch ID/Face ID to Unlock Device | ||
Allow Modifying Notifications Settings | Allows Modifying Notifications Settings | ||
Allow incoming AirPlay requests | Allows incoming AirPlay requests | ||
Allow pairing with Remote app | Allows pairing with Remote app | ||
Allow dictation | Allows dictation | ||
Allow Camera Use | Allows the user to use the camera | ||
Video-Konferenz erlauben | Allow Video Conferencing | ||
Allow Siri | Allows Siri | ||
Allow Siri While Locked | Allows Siri while device is locked | ||
Allow Siri User Generated Content | When false, prevents Siri from querying user-generated content from the web. | ||
Enable Siri Profanity Filter | Enables Siri Profanity Filter (Supervised mode only) | ✓ | |
Allow App Installation from Apple Configurator and iTunes | Allow only a connected Mac host to install applications | ||
Allow Automatic App Downloads | Allows Automatic App Downloads (Supervised mode only) | ||
Force Delayed Software Updates | If set to true, delays user visibility of Software Updates. (Supervised only) | ✓ | |
Software Update Delay in days | 30![]() |
This restriction allows the admin to set how many days a software update on the device will be delayed. With this restriction in place, the user will not see a software update until the specified number of days after the software update release date. (Supervised only) | ✓ |
Allow Automatic App Downloads | Allow the user to install applications | ||
Allow Modifying Passcode | The user is allowed to change the pass code. (Supervised mode only) | ✓ | |
Allow Modifying Touch ID/Face ID | The user is allowed to change the Touch ID/Face ID. | ✓ | |
Allow diagnostic submission | Send diagnostic and usage stats to Apple | ||
Allow modifying diagnostics settings | The user is allowed to change the diagnostic settings. |
Classroom-App
The Classrom App is available free of charge in the App-Store and offers possibilities for use in school classes.
Important restrictions can be configured here.

Restriction | Default | Explication | |
---|---|---|---|
Remote-Bildschirmbeobachtung zulassen | Wenn nicht erlaubt, wird die Remote-Bildschirmbeobachtung durch die Classroom-App deaktiviert. Wenn Screenshots deaktiviert sind, beobachtet die Classroom-App keine Remote-Bildschirme. | ||
Erzwingen, dass Kursen automatisch beigetreten werden | Wenn erzwungen, werden die Anfragen des Lehrers automatisch akzeptiert, ohne dass der Schüler dazu aufgefordert wird. | ||
Erzwinge die Erlaubnis, Klassen zu verlassen | Wenn erzwungen, muss ein Schüler, der über das Classroom in einen nicht verwalteten Kurs eingeschrieben ist, den Lehrer um Erlaubnis bitten, um den Kurs zu verlassen. | ||
Erzwingen der App- und Gerätesperre | Wenn erzwungen, kann der Lehrer Apps oder das Gerät sperren, ohne den Schüler dazu aufzufordern. | ||
Bildschirmbeobachtung erzwingen | Wenn erzwungen wird und eine Fernüberwachung des Bildschirms erlaubt ist, erteilt ein Schüler, der über die Classroom-App in einem verwalteten Kurs eingeschrieben ist, automatisch die Erlaubnis, den Bildschirm zu beobachten, ohne aufgefordert zu werden. |
Save
Passcode
Configuration by clicking on Activate Passcode
Save
Exchange ActiveSync
It is possible to retrieve emails via https connections.
Configuration by clicking on Activate exchange
Operation | Default | Description |
---|---|---|
Activate exchange | After setting this, you can set exchange policies | |
Exchange accounts | Add account | Add exchange accounts |
Account Name | The display name of the user (e.g. "John Appleseed"). You also can use following variables: %device_user_name%, %device_user_firstname%, %device_user_lastname% | |
Exchange ActiveSync Host | Enter host | Host name or IP address of the Exchange server. |
Past Days of Mail to Sync | Forever | synchronization period |
Use SSL | Send all communication through Secure Socket layer | |
Email Address | Select Email Address | The address of the account to be synchronized (e.g. "john@company.com"). The entry %device_email% reads the email address from the user settings of the user to whom the device is assigned. |
Domain\User | Username | Domain\user (e.g.: ttt-point.local\user ). The field must remain empty if the device is to ask. The entry %device_user%} reads the user names from the user settings of the user to whom the respective device is assigned. |
Password | Password | The password for the account |
Payload Certificate UUID | Select certificate | UUID of the certificate that is used for authentication. |
Prevent Move | If set to true, messages may not be moved out of this email account into another account. | |
Prevent App Sheet | If set to true, this account will not be available for sending mail in third party applications | |
Allow Mail Drop | If set to true, this account is allowed to use Mail Drop. | |
S/MIME Enabled | If set to true, this account will support S/MIME | |
S/MIME Signing Enabled | If set to true, this account will enable message signing. | |
S/MIME Encryption Enabled | If set to true, this account will support message encryption. | |
S/MIME Enable Per-Message Switch | If set to true, enable the per-message encryption switch. | |
Disable Mail Recents Syncing | If set to true, this account is excluded from address Recents syncing. |
Save
Operation | value: |
---|---|
Exchange ActiveSync Host | outlook.office.de |
Use SSL | |
Email Address | support.ttt-point.onmicrosoft.de |
Domain\User | support.ttt-point.onmicrosoft.de |
Password | The password for the account |
Several mail accounts can be set up in the email settings.
These settings affect IMAP or POP3 accounts.
Settings for Exchange ActiveSync must be made in the corresponding tab!
Configuration by clicking on Activate Email
Operation | Default | Description | ||||
---|---|---|---|---|---|---|
Activate Email | After setting this, you can set Email configurations | |||||
Email accounts | Add account | Add email accounts | ||||
Account Description | Account Description | The display name of the account (e.g. "Company Mail Account") | ||||
Account Name | Account Name | The display name of the user (e.g. "John Appleseed") The display name can be combined with the variable %device_user_name%. The variable reads from the user settings of the user to whom the respective device is assigned the fields first name and last name. e.g.: %device_user_name% | ttt-Point AG → Martin Müller | ttt-Point AG | ||||
Email Address | Email Address | The address of the account (e.g. "john@company.com") The entry %device_email% reads the email address from the user settings of the user to whom the device is assigned. | ||||
Prevent Move | If set to true, messages may not be moved out of this email account into another account. | |||||
Disable Mail Recents Syncing | If set to true, this account is excluded from address Recents syncing. | |||||
Allow Mail Drop | If set to true, this account is allowed to use Mail Drop. | |||||
Prevent App Sheet | If set to true, this account will not be available for sending mail in third party applications | |||||
S/MIME Enabled | If set to true, this account will support S/MIME | |||||
S/MIME Signing Enabled | If set to true, this account will enable message signing. | |||||
S/MIME Encryption Enabled | If set to true, this account will support message encryption. | |||||
S/MIME Enable Per-Message Switch | If set to true, enable the per-message encryption switch. | |||||
Incoming mails | ||||||
Operation | Default | Description | ||||
Mailserver | Mailserver | Hostname or IP Address | ||||
Port | 993![]() |
Port number for incoming mail | ||||
Account Type | IMAP |
The protocol for accessing the email account | ||||
Username | Select user | The username used to connect to the server for incoming mail The entry %device_user%} reads the user names from the user settings of the user to whom the respective device is assigned. | ||||
Path Prefix | Path Prefix | Path prefix for IMAP mail server | ||||
Incoming Mail Server Authentification | authentication method | The authentication method for the incoming mail server None Password CrammD5 NTLM HTTPMD5 | ||||
Password | Password | The password for the incoming mail server | ||||
Use SSL | Send outgoing mail through Secure Socket Layer | |||||
Outgoing mails | ||||||
Operation | Default | Description | ||||
Mail Server | Mail Server | Hostname or IP address for outgoing mail | ||||
Port | 587![]() |
The port number for outgoing mail | ||||
Username | Select user | The username used to connect to the server for outgoing mail. The entry %device_user%} reads the user names from the user settings of the user to whom the respective device is assigned. | ||||
authentication type | authentication method | The authentication method for the outgoing mail server Password CrammD5 NTLM HTTPMD5 | ||||
Outgoing Password Same As Incoming | SMTP authentication uses the same password as POP/IMAP
| |||||
Use SSL | end outgoing mail through Secure Socket Layer |
Save
Certificates
Caption | Values | Description |
---|---|---|
Certificates | Select certificates |
Security iOS
Numerous settings are configured, that control the security of web applications.
Configuration by clicking on Activate security
Aktion | Default | Beschreibung | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Region | Germany / EU | Geographical assignment of the VPN endpoint | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Protocol | TCP | Protocol used for VPN tunnel. TCP or UDP | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Portfilter Type | Filter network traffic based on network ports. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Open | all ports are open | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Closed | Only port 80 (http) and 443 (https) are enabled. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Selection | Port filter rule selection: Specify which port collections are open for network traffic:
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL interception | Default | Defines whether or not to intercept SSL traffic. The default value is to intercept traffic based on content filter response. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Content-Filter-Whitelist | Add entries | Click box: Web pages that are to be added to a whitelist. Possible entries: Contentfilter | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Content-Filter-Blacklist | Add entries | Click box: Websites that are to be added to a blacklist. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Disable for SSIDs | Add SSIDs | Enter WLAN SSIDs for which the security features shall be disabled. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Disable for IP addresses | Add IPs | IP addresses or networks can be entered for which the security functions are to be deactivated, i.e. the individual host 192.0.2.192/32 or the entire subnet 192.0.2.0/24. For address blocks with less than three digits, a dot must be entered or navigated within the mask using the cursor keys. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Allow Suspend Always-On-VPN | Allows the user to temporary disable the VPN-Connection. If not activated manually, the VPN will resume at a time chosen by the user. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Appconfiguration | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Allow other VPN profiles | Allows adding other VPN profiles in addition to the security profile |
Save
Android Profile
General android
In addition to the name and the platform, the assignment to groups, users or devices can also be configured in the general settings.
Caption | Values | Description |
---|---|---|
Platform | ANDROID | Device OS. When creating a new profile, iOS can also be selected here. tab and Functions differ depending on the selected operating system. |
Name | Name | Profilname |
Priority | 5 | The higher the number, the higher the priority. Is only used if a device is affected by multiple profiles. |
Roles | Add roles | Klick-Box: The profile will be assigned to all devices of all users with these roles |
Users | Add users | The profile will be assigned to all devices from these users |
Devices | Add devices | The profile will be assigned to these devices |
Tags | Add tags | The profile will be assigned to all devices with these Tags |
Comment | Comment | Kommentar |
Save
Networks Android
In this section, access profiles for WiFi networks can be configured and pushed to the device.
Add a network configuration with Konfiguration hinzufügen
Caption | Values | Description |
---|---|---|
Name | Name | Name of the configuration |
Type | WiFi | Configuration type (WiFi predefined) |
SSID | SSID | The SSID of the network |
Security | None WEP-PSK WPA-PSK |
Security Level |
Password | Password | The networks passphrases. Hidden with placeholders<.br> shows the password in plain text. |
Hidden SSID | Specifies whether the SSID of the network is visible (button off) or hidden (button on). | |
Autoconnect | Enable to automatically connect the device to the network. |
Finish the configuration with Save
Restrictions Android
Configuration by clicking on Activate restrictions
Restriction | Default | Explication |
---|---|---|
Enable Camera Restrictions | After setting this, no applications will be able to access any cameras on the device. | |
Enable Storage Encryption | This profile controls encryption of the secure (application data) storage area. Data written to other storage areas may or may not be encrypted, and this profile does not require or control the encryption of any other storage areas. Important Note: On some devices, it is possible to encrypt storage without requiring the user to create a device PIN or Password. In this case, the storage is encrypted, but the encryption key may not be fully secured. For maximum security, the administrator should also require a password. |
Due to Google requirements, it is no longer possible to switch off Bluetooth and WLAN connections! Save
Passcode Android
Configuration by clicking on Activate Passcode
Operation | Default | Description |
---|---|---|
Minimum password length | No password required![]() |
Attention Attention The current password remains until the user sets a new one. The change therefore does not take effect immediately. (Values from 4 to 30 are possible) |
Password Quality | Unspecified | After setting this, the user will not be able to enter a new password that is not at least as restrictive as what has been set. Attention Note that the current password will remain until the user has set a new one, so the change does not take place immediately. Quality constants are ordered so that higher values are more restrictive; thus the highest requested quality constant (between the profile set here, the user's preference, and any other considerations) is the one that is in effect. Something ![]() Numeric ![]() Numeric Complex Alphabetic ![]() Alphanumeric ![]() Complex ![]() |
Maximum Failed Passwords For Wipe | Setting this to a value greater than zero enables a built-in profile that will perform a device wipe after too many incorrect device-unlock passwords have been entered. |
Save
Security Android
Numerous settings are configured, that control the security of web applications.
Configuration by clicking on Activate security
Aktion | Default | Beschreibung | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Region | Germany / EU | Geographical assignment of the VPN endpoint | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Protocol | TCP | Protocol used for VPN tunnel. TCP or UDP | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Portfilter Type | Filter network traffic based on network ports. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Open | all ports are open | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Closed | Only port 80 (http) and 443 (https) are enabled. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Selection | Port filter rule selection: Specify which port collections are open for network traffic:
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL interception | Default | Defines whether or not to intercept SSL traffic. The default value is to intercept traffic based on content filter response. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Content-Filter-Whitelist | Add entries | Click box: Web pages that are to be added to a whitelist. Possible entries: Contentfilter | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Content-Filter-Blacklist | Add entries | Click box: Websites that are to be added to a blacklist. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Disable for SSIDs | Add SSIDs | Enter WLAN SSIDs for which the security features shall be disabled. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Disable for IP addresses | Add IPs | IP addresses or networks can be entered for which the security functions are to be deactivated, i.e. the individual host 192.0.2.192/32 or the entire subnet 192.0.2.0/24. For address blocks with less than three digits, a dot must be entered or navigated within the mask using the cursor keys. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Allow Suspend Always-On-VPN | Allows the user to temporary disable the VPN-Connection. If not activated manually, the VPN will resume at a time chosen by the user. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Appconfiguration | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Allow other VPN profiles | Allows adding other VPN profiles in addition to the security profile |
Save