Jump to:navigation, search
Wiki























De.png
Fr.png


Managing profiles for iOS or Android devices in the Mobile Security Portal

Last adaptation to the version: 1.5.3.2 (07.2020)



New



Preamble

In a profile, permissions, restrictions, password requirements, e-mail settings and security settings are configured.

Several users or user groups (roles) can be assigned to a profile.
Many devices or device groups (devices designated by tags) can be assigned to a profile.
For a large number of devices and users it is recommended to map the assignment via groups.


Overview of profile management

Overview of profile management

In the profile overview new profiles can be created, existing ones can be edited and deleted. The view of the profiles can be displayed in the list or tile view. You can also view details of existing profiles, update the list of profiles, and publish profiles.


General Options

Filter displayed profiles
 Filter  Search
The search criteria can be filtered to specific areas:
all
Devices
Platform
tags
roles
used
User
Add profile
 Add profile
Creates a new profile. The settings in the profile vary depending on the operating system. See Edit iOS / Edit Android
Publish profile
  Publish profiles

The transmission may take a few minutes.

The changes to a profile must be published so that they can be transmitted to the devices.

Import profile
  Import profiles
Show details
Show details
List view / Grid view
List view / Grid view
/
Switch between lists and grid view.
Refresh
Refresh the display



Profile tile

Profile tile
Profile Options
edit
Export
Copy
Revoke
delete

The button at the top right of each profile tile provides the following options:

  Edit Editing the settings (see below)
  Export Exporting the settings
 Kopieren Copying the profile to the clipboard
  Revoke The profile is withdrawn, i.e. it is no longer available on the devices, but can be configured.
  Delete The profile is deleted.


Details displayed in the profile tile:

Updated Changes have been made to the profile that have not yet been published!

PARTIALLY INSTALLED The transfer of the profile could not be completed completely.

  Platform iOS, Android or Android Enterprise

  Roles Roles

  Users User

  Devices Devices

  Tags Tags

  Parts Restrictions | Security



Copy & paste of profiles

Click on the logo of the profile tile to mark it. In the general options, another field now appears under the filter mask:

Action for selected items  Please choose Execute the selected action with Ok
 Copy Copies one or more selected profiles to the clipboard.
 Delete Deletes one or more selected profiles
New button   Paste Inserts a copy of a profile from the clipboard.
This also works from one tenant / customer to another as long as they are assigned to the same reseller account.   AnyIdeas GmbH

iOS profile

General iOS

General
General Settings



Caption Values Description
Platform iOS Device OS.
When creating a new profile, Android Enterprise can also be selected here. tab and Functions differ depending on the selected operating system.
Name Name Profilname
Priority 5 The higher the number, the higher the priority. Is only used if a device is affected by multiple profiles.
Roles Add roles Klick-Box: The profile will be assigned to all devices of all users with these roles
Users Add users The profile will be assigned to all devices from these users
Devices Add devices The profile will be assigned to these devices
Tags Add tags The profile will be assigned to all devices with these Tags
Comment Comment Kommentar

  Save



Shared devices

Shared devices

Shared devices

Information that can be displayed on the login screen and lock screen.
Devices used by different people Shared device in Apple terminology can thus display accessible information for everyone (e.g. an inventory number).

caption: Default description:
Activate configuration    After setting this, you can set the shared device configuration. The Shared Device Configuration Payload allows you to specify optional text displayed on the login window and lock screen (i.e. a ”If Lost, Return To” message and Asset Tag Information). It is supported on iOS 9.3 and later.
Lockscreen footnote     Optional. A footnote displayed on the login window and lock screen.
Asset Tag Information     Optional. Asset tag information for the device, displayed on the login window and lock screen.

  Save



Network

Network
Network configurations


In this section, access profiles for WiFi networks can be configured and pushed to the device.

Add a network configuration with   Konfiguration hinzufügen


Caption Values Description
Name Name Name of the configuration
Type WiFi Configuration type (WiFi predefined)
SSID SSID The SSID of the network
Security Security Level
None no security
WEP-PSK insecure
WPA-PSK secure
Password Password The networks passphrases. Hidden with placeholders<.br> shows the password in plain text.
Hidden SSID    Specifies whether the SSID of the network is visible (button off) or hidden (button on).
Autoconnect    Enable to automatically connect the device to the network.


Finish the configuration with   Save



App-Lock

App-Lock

App-Lock

The app lock activates the guided mode which limits the device to a single app. In this state - also called kiosk mode - you can control which app functions are available.

Activate configuration  

Table-check.png

The last column (SO) indicates if this function is only available in supervised mode (supervised only) .

caption: Default description: (Supervised mode only) SOSO 
Identifier Default:    The bundle identifier of the application.
Options
Disable touch Default:    If true, the touch screen is disabled.
Gerätedrehung deaktivieren Default:   
Deaktivieren Sie die Lautstärketasten Default:   
Klingelschalter deaktivieren Default:   
Deaktivieren Sie de Sleep-Wake-Button Default:   
Deaktivieren Sie die automatische Sperre Default:   
Voice-Over aktivieren Default:   
Zoom aktivieren Default:   
Invertieren von Farben aktivieren Default:   
Assistive touch aktivieren Default:   
Sprachauswahl aktivieren Default:   
Mono-Audio aktivieren Default:   
User Enabled Options
Voice-Over Default:   
Zoom Default:   
Farben invertieren Default:   
Assistive touch Default:   


Finish the configuration with   Save


Restrictions

Restrictions
Restrictions

Configuration by clicking on Activate restrictions   

Numerous restrictions can be configured to control the behavior of a device.


   List of possible restrictions with default values and explanations

General restrictions
New Neu ab v1.5.3.2:

New Links aktiv, wenn Liste eingeblendet


Table-check.png

The last column (SO) indicates if this function is only available in supervised mode (supervised only) .

Restriction Default Explication (Supervised mode only) SOSO 
Restrict App Usage (supervised only). (supervised only) Default: Allow all apps
Do not allow specific apps
Do allow only specific apps
Konfiguriert, ob für Apps keine Einschränkung,
eine Blacklist oder
eine Whitelist verwendet wird.
Supervised mode only
Blacklisted Apps
Whitelisted Apps
Clickbox for selecting apps Depending on the selection in the line above: Blacklisted Apps / Whitelisted Apps
'Searches the entire app store for possible apps.
Supervised mode only
New Allow Account Modification Default:    If set to false, account modification is disabled. (Supervised only) Supervised mode only
Allow QuickPath Keyboard Default:    If set to false, disables QuickPath keyboard.
Allow Network access for Files Default:    If set to false, prevents connecting to network drives in the Files app.
Allow USB drive for Files Default:    If set to false, prevents connecting to any connected USB devices in the Files app.
Allow Find My Device Default:    If set to false, disables Find My Device in the Find My app.
Allow Find My Friends Default:    If set to false, disables Find My Friends in the Find My app.
Force WiFi on Default:    If set to true, prevents Wi-Fi from being turned off in Settings or Control Center, even by entering or leaving Airplane Mode. It does not prevent selecting which Wi-Fi network to use.
Allow App Removal Default:    Allows the user to remove apps (supervised only) Supervised mode only
Allow Trusting Enterprise Apps Default:    Allows the user to trust enterprise apps. (Apps that can be deployed without the iTunes App Store and don't need to be authorized by Apple)
Allow Explicit Content Default:    Allows the user to access explicit content. When activated, the SafeSearch function is switched off by search engines.
Allow Screenshots and Screen Recording Default:    Allows the user to take screenshots or screen recordings
Allow Remote Screen Observation Default:    Allows you to observe the screen in a classroom, for example. x
Allow use of iMessage Default:    Allow use of iMessage (Supervised mode only) Supervised mode only
Allow Bookstore Default:    If this value is set to false, the iBookstore will be disabled. (Supervised mode only). Supervised mode only
Allow Bookstore Erotica Default:    If set to false, the user will not be able to download media from the iBookstore that is tagged as erotica. (Supervised mode only). Supervised mode only
Allow Apple Music Default:    If set to false, Apple Music will be disabled in the Music app. x
Allow iTunes Radio Default:    If set to false, iTunes Radio will be disabled in the Music app.
Allow Shared Stream Default:    If set to false, the shared stream is disabled.
Allow Wallet While Locked Default:    If set to false, Wallet notifications will not be shown on the lock screen.
Allow UI Configuration Profile Installation Default:    If set to false, the user is prohibited from installing configuration profiles and certificates interactively. (Supervised mode only). Supervised mode only
Allow use of iTunes Default:    Allows the user to use iTunes
Allow use of News Default:    Allows the user to access and use News
Allow use of Safari Default:    Allows the user to use Safari
Allow Game Center Default:    Allows the Game Center (Supervised mode only). Supervised mode only
Allow Adding Game Center Friends Default:    Allows the user to add Friends on Game Center
Allow modifying Bluetooth settings Default:    Allow modifying Bluetooth settings
Allow Modifying Cellular Data Usage for Apps Settings Default:    Allows modifying cellular data usage for apps settings
Allow Modifying Device Name Default:    Allows the user to change device names.
Allow Modifying Wallpaper Default:    Allows you to change the background image. (Supervised mode only) Supervised mode only
Allow Configuring Restrictions Default:    Allows the user to configure restrictions. (Supervised mode only) Supervised mode only
Allow Automatic Sync While Roaming Default:    Allows automatic synchronization during roaming.
Allow iCloud Sync for Managed Apps Default:    Allows iCloud synchronization for managed apps.
Allow Enterprise Books Backup Default:    Allows Enterprise books to be backed up.
Allow Enterprise Books Notes and Highlights Sync Default:    Allows Enterprise Books to synchronize notes and highlights.
Allow In App Purchases Default:    Allows the user to make purchases within applications
Allow Multiplayer Gaming Default:    Allows Multiplayer Gaming
Allow voice dialing while device is locked Default:    Allows voice dialing while device is locked
Force Apple Watch Wrist Detection Default:    Forces Apple Watch Wrist Detection
Allow Pairing With Apple Watch Default:    Allows Pairing With Apple Watch
Allow Erase All Content and Settings Default:    If set to false, the user cannot choose the option "Erase All Content and Settings" in Settings → General → Reset (Supervised mode only) Supervised mode only
Allow Internet results in Spotlight Default:    If set to false, search results from the web will not be shown in Spotlight.
Allow iCloud Document Sync Default:    Allows document syncing with iCloud
Allow user to accept untrusted TLS certificates Default:    Allows user to accept untrusted TLS certificates
Allow Photo Stream Default:    Allows Photo Stream to be used on the device
Allow iCloud Photo Library Default:    Allows iCloud Photo Library to be used on the device
Allow iCloud Backup Default:    Allows backup using iCloud
Require iTunes password for all purchases Default:    Require the user's iTunes password to be entered for every purchase
Apps Ranking Number 1000Link= Ranking number for apps
Movies Ranking Number 1000Link= Ranking number for movies
TV Shows Ranking Number 1000Link= Ranking number for TV Shows
Region Code Germany Two-character code for the region used to specify ratings
Accept Cookies in Safari Never Accepting cookies
Does not accept cookies
From current website only (iOS 8) or visited sites (pre-iOS 8) Depending on iOS version:
from iOS 8: Only from current website
from iOS 8: Only from visited pages
From websites I visit Accepts cookies from all visited websites
Alwys Accepts all cookies
Allow AutoFill in Safari Default:    Allows autocomplete in Safari browser.
Allow JavaScript Default:    AllowS JavaScript in Safari
Allow Pop-ups Default:    AllowS Pop-ups in Safari
Enable Fraud Warning Default:    Enables fraud warning in Safari
Allow Predictive Keyboard Default:    Allows Predictive Keyboard (Supervised mode only) Supervised mode only
Allow Keyboard Shortcuts Default:    Allows Keyboard Shortcuts (Supervised mode only) Supervised mode only
Allow Auto Correction Default:    Allows Auto Correction (Supervised mode only) Supervised mode only
Allow Spell Check Default:    Allows Spell Check (Supervised mode only) Supervised mode only
Allow Define Default:    Allows Define(Supervised mode only) Supervised mode only
Enable allow open from unmanaged to managed Default:    Allows managed apps to access unmanaged documents.
Enable allow open from managed to unmanaged Default:    Allows unmanaged apps to access managed documents.
Treat AirDrop as Unmanaged Destination Default:    When activated, protected (managed) data is prevented from leaving the device unauthorized by Airdrop.
Allow Handoff Default:    If this value is set to "false", handoff is deactivated. Handoff allows you to continue an activity started on an iOS-device on another device.
Touch ID/Face ID zum Entsperren erlauben Default:    Allow Touch ID/Face ID to Unlock Device
Allow Modifying Notifications Settings Default:    Allows Modifying Notifications Settings
Allow incoming AirPlay requests Default:    Allows incoming AirPlay requests
Allow pairing with Remote app Default:    Allows pairing with Remote app
Allow dictation Default:    Allows dictation
Allow Camera Use Default:    Allows the user to use the camera
Video-Konferenz erlauben Default:    Allow Video Conferencing
Allow Siri Default:    Allows Siri
Allow Siri While Locked Default:    Allows Siri while device is locked
Allow Siri User Generated Content Default:    When false, prevents Siri from querying user-generated content from the web.
Enable Siri Profanity Filter Default:    Enables Siri Profanity Filter (Supervised mode only) Supervised mode only
Allow App Installation from Apple Configurator and iTunes Default:    Allow only a connected Mac host to install applications
Allow Automatic App Downloads Default:    Allows Automatic App Downloads (Supervised mode only)
New Force Delayed Software Updates Default:    If set to true, delays user visibility of Software Updates. (Supervised only) Supervised mode only
New Software Update Delay in days Default: 30Link= This restriction allows the admin to set how many days a software update on the device will be delayed. With this restriction in place, the user will not see a software update until the specified number of days after the software update release date. (Supervised only) Supervised mode only
Allow Automatic App Downloads Default:    Allow the user to install applications
Allow Modifying Passcode Default: Default:    The user is allowed to change the pass code. (Supervised mode only) Supervised mode only
Allow Modifying Touch ID/Face ID Default:    The user is allowed to change the Touch ID/Face ID. Supervised mode only
Allow diagnostic submission Default:    Send diagnostic and usage stats to Apple
Allow modifying diagnostics settings Default:    The user is allowed to change the diagnostic settings.



Classroom-App

The Classrom App is available free of charge in the App-Store and offers possibilities for use in school classes.
Important restrictions can be configured here.

Table-check.png
Restriction Default Explication (Supervised mode only) SOSO 
Remote-Bildschirmbeobachtung zulassen Default:   Wenn nicht erlaubt, wird die Remote-Bildschirmbeobachtung durch die Classroom-App deaktiviert. Wenn Screenshots deaktiviert sind, beobachtet die Classroom-App keine Remote-Bildschirme.
Erzwingen, dass Kursen automatisch beigetreten werden Default:   Wenn erzwungen, werden die Anfragen des Lehrers automatisch akzeptiert, ohne dass der Schüler dazu aufgefordert wird.
Erzwinge die Erlaubnis, Klassen zu verlassen Default:   Wenn erzwungen, muss ein Schüler, der über das Classroom in einen nicht verwalteten Kurs eingeschrieben ist, den Lehrer um Erlaubnis bitten, um den Kurs zu verlassen.
Erzwingen der App- und Gerätesperre Default:   Wenn erzwungen, kann der Lehrer Apps oder das Gerät sperren, ohne den Schüler dazu aufzufordern.
Bildschirmbeobachtung erzwingen Default:   Wenn erzwungen wird und eine Fernüberwachung des Bildschirms erlaubt ist, erteilt ein Schüler, der über die Classroom-App in einem verwalteten Kurs eingeschrieben ist, automatisch die Erlaubnis, den Bildschirm zu beobachten, ohne aufgefordert zu werden.


  Save






Passcode

Passcode
Settings Passcode

Configuration by clicking on Activate Passcode   


Operation Default Description
Require Passcode on Device    Enforces the use of a passcode before using the device
Set maximum number of failed attempts   

Number of passcode entry attempts allowed before all data on device will be erased

  
Maximum Number of Failed Attempts 11Link=

Set auto-lock   

  

The number of minutes for which the device can be idle (without being unlocked by the user) before it gets locked by the system

Automatic lock after 15Link= minutes

Set maximum passcode age   

  

The number of days for which the passcode can remain unchanged 730Link=
Restrict password complexity    Allows restricting password complexity
  
Allow Simple Value    Permits the use of repeating, ascending, and descending character sequences
Require Alphabetic Value    Require passcodes to contain at least one letter
Minimum Number of Complex Characters 0Link= Smallest number of non-alphanumeric characters allowed
Minimum Passcode Length 0Link= Smallest allowable number of characters in passcode
Use Passcode History    Allows defining the number of different passcodes required between the reuse of passcodes
  
Passcode History 1Link= Number of unique passcodes required between passcode reuse
Use grace period for device lock    Allows defining the maximum time in minutes to unlock the phone
  
Grace period for device lock -1Link= The maximum grace period, in minutes, to unlock the phone without entering a passcode.
The default value -1Link= pretends iOS does not apply a time limit.

  Save





Exchange ActiveSync

Exchange ActiveSync
Settings Exchange ActiveSync

It is possible to retrieve emails via https connections.

Configuration by clicking on Activate exchange   

Operation Default Description
Activate exchange    After setting this, you can set exchange policies
Exchange accounts  Add account Add exchange accounts
Account Name     The display name of the user (e.g. "John Appleseed"). You also can use following variables: %device_user_name%, %device_user_firstname%, %device_user_lastname%
Exchange ActiveSync Host Enter host Host name or IP address of the Exchange server.
Past Days of Mail to Sync Forever synchronization period
Use SSL    Send all communication through Secure Socket layer
Email Address Select Email Address The address of the account to be synchronized (e.g. "john@company.com").
New The entry %device_email% reads the email address from the user settings of the user to whom the device is assigned.
Domain\User Username Domain\user (e.g.: ttt-point.local\user ). The field must remain empty if the device is to ask.
New The entry %device_user%} reads the user names from the user settings of the user to whom the respective device is assigned.
Password Password The password for the account
Payload Certificate UUID Select certificate UUID of the certificate that is used for authentication.
Prevent Move    If set to true, messages may not be moved out of this email account into another account.
Prevent App Sheet    If set to true, this account will not be available for sending mail in third party applications
Allow Mail Drop    If set to true, this account is allowed to use Mail Drop.
S/MIME Enabled    If set to true, this account will support S/MIME
S/MIME Signing Enabled    If set to true, this account will enable message signing.
S/MIME Encryption Enabled    If set to true, this account will support message encryption.
S/MIME Enable Per-Message Switch    If set to true, enable the per-message encryption switch.
Disable Mail Recents Syncing    If set to true, this account is excluded from address Recents syncing.

  Save


Operation value:
Exchange ActiveSync Host outlook.office.de
Use SSL   
Email Address support.ttt-point.onmicrosoft.de
Domain\User support.ttt-point.onmicrosoft.de
Password The password for the account



Email

Email
Settings Email

Several mail accounts can be set up in the email settings.
These settings affect IMAP or POP3 accounts.
Settings for Exchange ActiveSync must be made in the corresponding tab!

Configuration by clicking on Activate Email   


Operation Default Description
Activate Email    After setting this, you can set Email configurations
Email accounts  Add account Add email accounts
Account Description Account Description The display name of the account (e.g. "Company Mail Account")
Account Name Account Name The display name of the user (e.g. "John Appleseed")
New The display name can be combined with the variable %device_user_name%. The variable reads from the user settings of the user to whom the respective device is assigned the fields first name and last name. e.g.: %device_user_name% | ttt-Point AGMartin Müller | ttt-Point AG
Email Address Email Address The address of the account (e.g. "john@company.com")
New The entry %device_email% reads the email address from the user settings of the user to whom the device is assigned.
Prevent Move    If set to true, messages may not be moved out of this email account into another account.
Disable Mail Recents Syncing    If set to true, this account is excluded from address Recents syncing.
Allow Mail Drop    If set to true, this account is allowed to use Mail Drop.
Prevent App Sheet    If set to true, this account will not be available for sending mail in third party applications
S/MIME Enabled    If set to true, this account will support S/MIME
S/MIME Signing Enabled    If set to true, this account will enable message signing.
S/MIME Encryption Enabled    If set to true, this account will support message encryption.
S/MIME Enable Per-Message Switch    If set to true, enable the per-message encryption switch.

Incoming mails
Operation Default Description
Mailserver Mailserver Hostname or IP Address
Port 993Link= Port number for incoming mail
Account Type IMAP

POP
The protocol for accessing the email account
Username Select user The username used to connect to the server for incoming mail
New The entry %device_user%} reads the user names from the user settings of the user to whom the respective device is assigned.
Path Prefix Path Prefix Path prefix for IMAP mail server
Incoming Mail Server Authentification authentication method The authentication method for the incoming mail server
None
Password
CrammD5
NTLM
HTTPMD5
Password Password The password for the incoming mail server
Use SSL    Send outgoing mail through Secure Socket Layer

Outgoing mails
Operation Default Description
Mail Server Mail Server Hostname or IP address for outgoing mail
Port 587Link= The port number for outgoing mail
Username Select user The username used to connect to the server for outgoing mail.
New The entry %device_user%} reads the user names from the user settings of the user to whom the respective device is assigned.
authentication type authentication method The authentication method for the outgoing mail server
Password
CrammD5
NTLM
HTTPMD5
Outgoing Password Same As Incoming    SMTP authentication uses the same password as POP/IMAP
  
Password Password The password for the outgoing mail server
Use SSL    end outgoing mail through Secure Socket Layer


  Save



Certificates

Certificates


Caption Values Description
Certificates Select certificates



Security iOS

Security
Settings Security









































Numerous settings are configured, that control the security of web applications.

Configuration by clicking on Activate security   


Aktion Default Beschreibung
Region Germany / EU Geographical assignment of the VPN endpoint
Protocol TCP Protocol used for VPN tunnel. TCP or UDP
Portfilter Type Filter network traffic based on network ports.
Open all ports are open
Closed Only port 80 (http) and 443 (https) are enabled.
Selection Port filter rule selection: Specify which port collections are open for network traffic:

























Port-Collection Port Protocol Application
Administrative Tools 21 TCP ftp
3389 TCP ms-rdp
23 TCP telnet
5900 TCP vnc
22 TCP ssh
5938 TCP/UDP teamviewer
Communication 3478-3481 UDP Skype
49152-65535 UDP
49152-65535 TCP
5222 TCP Google Push-Notifications
5223 UDP
5228 TCP
VOIP 5060 UDP SIP/RTP
7070-7089 UDP
VPN 1194 TCP OpenVPN
1194 UDP
500 UDP IPSec
4500 UDP & ESP
1701 UDP L2TP
Mail 25 TCP smtp
587 TCP
465 TCP smtps
110 TCP pop3
995 TCP
143 TCP imap
993 TCP
SSL interception Default Defines whether or not to intercept SSL traffic. The default value is to intercept traffic based on content filter response.
Content-Filter-Whitelist Add entries Click box: Web pages that are to be added to a whitelist. Possible entries: Contentfilter
Content-Filter-Blacklist Add entries Click box: Websites that are to be added to a blacklist.
Disable for SSIDs Add SSIDs Enter WLAN SSIDs for which the security features shall be disabled.
Disable for IP addresses Add IPs IP addresses or networks can be entered for which the security functions are to be deactivated, i.e. the individual host 192.0.2.192/32 or the entire subnet 192.0.2.0/24. For address blocks with less than three digits, a dot must be entered or navigated within the mask using the cursor keys.
Allow Suspend Always-On-VPN    Allows the user to temporary disable the VPN-Connection. If not activated manually, the VPN will resume at a time chosen by the user.

Appconfiguration
Allow other VPN profiles    Allows adding other VPN profiles in addition to the security profile


  Save



Android Profile

  • Android devices from version 10 (Q) are exclusively administered with Android Enterprise Profiles.
  • General android

    General
    Settings general

    In addition to the name and the platform, the assignment to groups, users or devices can also be configured in the general settings.

    Caption Values Description
    Platform ANDROID Device OS.
    When creating a new profile, iOS can also be selected here. tab and Functions differ depending on the selected operating system.
    Name Name Profilname
    Priority 5 The higher the number, the higher the priority. Is only used if a device is affected by multiple profiles.
    Roles Add roles Klick-Box: The profile will be assigned to all devices of all users with these roles
    Users Add users The profile will be assigned to all devices from these users
    Devices Add devices The profile will be assigned to these devices
    Tags Add tags The profile will be assigned to all devices with these Tags
    Comment Comment Kommentar

      Save



    Networks Android

    Network
    Network configurations

    In this section, access profiles for WiFi networks can be configured and pushed to the device.

    Add a network configuration with   Konfiguration hinzufügen


    Caption Values Description
    Name Name Name of the configuration
    Type WiFi Configuration type (WiFi predefined)
    SSID SSID The SSID of the network
    Security
    no security None
    insecure WEP-PSK
    secure WPA-PSK
    Security Level
    no security
    insecure
    secure
    Password Password The networks passphrases. Hidden with placeholders<.br> shows the password in plain text.
    Hidden SSID    Specifies whether the SSID of the network is visible (button off) or hidden (button on).
    Autoconnect    Enable to automatically connect the device to the network.


    Finish the configuration with   Save



    Restrictions Android

    Restrictions
    Settings Restrictions

    Configuration by clicking on Activate restrictions   

    Restriction Default Explication
    Enable Camera Restrictions    After setting this, no applications will be able to access any cameras on the device.
    Enable Storage Encryption    This profile controls encryption of the secure (application data) storage area. Data written to other storage areas may or may not be encrypted, and this profile does not require or control the encryption of any other storage areas. Important Note: On some devices, it is possible to encrypt storage without requiring the user to create a device PIN or Password. In this case, the storage is encrypted, but the encryption key may not be fully secured. For maximum security, the administrator should also require a password.

    Due to Google requirements, it is no longer possible to switch off Bluetooth and WLAN connections!   Save



    Passcode Android

    Passcode
    Settings Passcode

    Configuration by clicking on Activate Passcode   

    Operation Default Description
    Minimum password length No password requiredLink= Attention Attention The current password remains until the user sets a new one. The change therefore does not take effect immediately. (Values from 4 to 30 are possible)
    Password Quality Unspecified After setting this, the user will not be able to enter a new password that is not at least as restrictive as what has been set.   Attention   Note that the current password will remain until the user has set a new one, so the change does not take place immediately. Quality constants are ordered so that higher values are more restrictive; thus the highest requested quality constant (between the profile set here, the user's preference, and any other considerations) is the one that is in effect.
    SomethingLink=
    NumericLink=
    Numeric Complex
    AlphabeticLink=
    AlphanumericLink=
    ComplexLink=
    Maximum Failed Passwords For Wipe    Setting this to a value greater than zero enables a built-in profile that will perform a device wipe after too many incorrect device-unlock passwords have been entered.

      Save


    Security Android

    Security
    Settings Security









































    Numerous settings are configured, that control the security of web applications.

    Configuration by clicking on Activate security   


    Aktion Default Beschreibung
    Region Germany / EU Geographical assignment of the VPN endpoint
    Protocol TCP Protocol used for VPN tunnel. TCP or UDP
    Portfilter Type Filter network traffic based on network ports.
    Open all ports are open
    Closed Only port 80 (http) and 443 (https) are enabled.
    Selection Port filter rule selection: Specify which port collections are open for network traffic:

























    Port-Collection Port Protocol Application
    Administrative Tools 21 TCP ftp
    3389 TCP ms-rdp
    23 TCP telnet
    5900 TCP vnc
    22 TCP ssh
    5938 TCP/UDP teamviewer
    Communication 3478-3481 UDP Skype
    49152-65535 UDP
    49152-65535 TCP
    5222 TCP Google Push-Notifications
    5223 UDP
    5228 TCP
    VOIP 5060 UDP SIP/RTP
    7070-7089 UDP
    VPN 1194 TCP OpenVPN
    1194 UDP
    500 UDP IPSec
    4500 UDP & ESP
    1701 UDP L2TP
    Mail 25 TCP smtp
    587 TCP
    465 TCP smtps
    110 TCP pop3
    995 TCP
    143 TCP imap
    993 TCP
    SSL interception Default Defines whether or not to intercept SSL traffic. The default value is to intercept traffic based on content filter response.
    Content-Filter-Whitelist Add entries Click box: Web pages that are to be added to a whitelist. Possible entries: Contentfilter
    Content-Filter-Blacklist Add entries Click box: Websites that are to be added to a blacklist.
    Disable for SSIDs Add SSIDs Enter WLAN SSIDs for which the security features shall be disabled.
    Disable for IP addresses Add IPs IP addresses or networks can be entered for which the security functions are to be deactivated, i.e. the individual host 192.0.2.192/32 or the entire subnet 192.0.2.0/24. For address blocks with less than three digits, a dot must be entered or navigated within the mask using the cursor keys.
    Allow Suspend Always-On-VPN    Allows the user to temporary disable the VPN-Connection. If not activated manually, the VPN will resume at a time chosen by the user.

    Appconfiguration
    Allow other VPN profiles    Allows adding other VPN profiles in addition to the security profile


      Save