Lockdown policy fields for Samsung Knox Workspace (3.0) Android Enterprise Managed Device with Work Profile mode
The lockdown options in this section apply to Android Enterprise Managed Device with Work Profile (COPE) mode for Samsung Knox version 3.0. These lockdowns allow you to set a variety of restrictions, such as allowing Google accounts to auto sync, providing content sharing, and sharing of calendar information outside a container. You must select the Enable Samsung Workspace restrictions check box to display the following fields.
The API s in the following table may require a Samsung Knox license. If you do not have a Samsung Knox license, these fields may not be supported.
Item | Description |
|
Default Policy Setting |
---|---|---|---|
Whitelisted Google Accounts |
Allows you to whitelist specific Google Accounts. To add an account, click the + button and type in the name of the Google account. To delete a Google account, select the account and then click the - button. |
|
None |
Allow camera |
Allows the camera on the phone to function. |
|
Disabled |
Allow content sharing |
Allows content sharing |
|
Disabled |
Allow email account creation |
Allows the device user to create an email account. |
|
Enabled |
Allow NFC |
Enable or disable NFC (Near-field Communication) data exchange when the device touches another device. |
|
Disabled |
Allow USB |
Enable or disable the USB protocol. |
|
Disabled |
Allow New Admin Install |
Enable or disable the installation of another administration app from all sources, unless the app install is performed by the administrator enforcing this policy. This policy can only be applied if there are no other administrators activated with the exception of Ivanti Mobile@Work clients. |
|
Disabled |
Allow Google Accounts Auto Sync |
Enable or disable the ability of Google accounts to sync automatically. This option does not block the Google Play Store from updating installed apps. |
|
Enable |
Enable Certificate Revocation Status (CRL) Check |
Enable or disable the Certificate Revocation List (CRL) check for revocation of the server-certificate chain during the SSL mutual authentication process. |
|
Disabled |
Allow sharing of calendar information outside container |
Enable or disable sharing of calendar information outside of the container. |
|
Disabled |
Allow developer options |
Enable or disable developer options. |
|
Enabled |
Allow factory reset |
Enable the user to initiate a factory reset of the device. |
|
Disabled |
Allow backup | Enable the user to initiate a backup. |
|
Enabled |
Allow crash report |
Enable Google crash reports. |
|
Enabled |
Allow Google Play |
Enable Google Play. |
|
Enabled |
Allow incoming MMS |
Enable incoming Multimedia Messaging Service (MMS). |
|
Enabled |
Allow incoming SMS |
Enable incoming Short Message Service (SMS). |
|
Enabled |
Make passwords visibility |
Enable the user to make passwords visible. |
|
Enabled |
Allow Date Time Change |
Enable the user to change the date and time. |
|
Enabled |