Profiles For Android Devices, Endpoint Manager, Security Manager

Profiles for Android Devices

Android profiles let you configure a device's network access rights, security restrictions, scan schedule and other settings.

Process in brief:

Click 'Configuration Templates' > 'Profiles'

Click 'Create' > 'Create Android Profile'

Type a name and description for your profile then click the 'Create' button. The profile now appears in 'Configuration Templates' > 'Profiles'.

New profiles have only one section - 'General'. Click 'Add Profile Section' to add settings for various security and management features. Each section you add will appear as a new tab.

Once you have fully configured your profile you can apply it to devices, device groups, users and user groups.

You can make any profile a 'Default' profile by selecting the 'General' tab then clicking the 'Edit' button.

This part of the guide explains the processes above in more detail, and includes in-depth descriptions of the settings available for each profile section.

Create an Android profile

Click 'Configuration Templates' > 'Profiles'

Click the 'Create' button > 'Create Android Profile':

Enter a name and description for the profile

Click the 'Create' button

The Android profile is created and the 'General Settings' section is displayed. The new profile is not a 'Default Profile' by default.

A 'default' profile is one that is applied automatically to any device which matches its operating system. You can have multiple 'default' profiles per operating system.

Click the 'Make Default' button if you want this profile to be a default.

Alternatively, click the 'Edit' button on the right of the 'General' settings screen and enable 'Is Default'.

Click 'Save'

Tip: You can set any profile as default profile in the 'Profiles' screen. See Edit Configuration Profiles for more details.

The next step is to add profile sections.

Each profile section contains a range of settings for a specific security or management feature.

For example, there are profile sections for 'Browser Restrictions', 'Antivirus Settings', 'Network Restrictions', 'VPN' and so on.

You can add as many different sections as you want when building your device profile.

To get started:

Click 'Add Profile Section'

Select the security component that you want to include in the profile:

Note: Many Android profile settings have small information boxes next to them which indicate the OS and/or device required for the setting to work correctly.

For example, the following box indicates that the setting supports KNOX 2.0+ (Samsung For Enterprises) devices and tablets only.

The settings screen for the selected component is shown. After saving, it is available as a link at the top.

The following sections explain more about each of the sections:

Antivirus

Bluetooth Restrictions

Browser Restrictions

Certificate

Active Sync

Kiosk

Native App Restrictions

Network Restrictions

Passcode

Restrictions

Wi-Fi

Other Restrictions
Updates

Configure Antivirus settings

Click 'Antivirus Settings' in the 'Add Profile Section' drop-down

Antivirus Settings - Table of Parameters
Form Element	Type	Description
AV scanning exclusion list	Text Field	Lets you add trusted apps. Trusted apps are excluded from real-time, on-demand and scheduled antivirus scans run on the devices. You can add apps installed from the Google Play Store and apps installed through the EM App store. Enter the bundle identifier of the app that you want to exclude from antivirus scanning. For more details on getting the bundle identifier for an app, see explanation given below this table. Click the variables button to insert dynamic values. See Create and manage Custom Variables for more details on variables. Click to add more 'AV scanning exclusions list' fields. Click the to remove an item from the 'AV scanning exclusion list ' field.
Automatically terminate malware process	Checkbox	If enabled, any malware found is stopped from running. From this point it might be ignored (allowed to remain on the device) or uninstalled, depending on the settings in Android client antivirus settings. To view these settings, click: 'Settings' > 'Portal Set-Up' > 'Client Settings' > 'Android' > 'Antivirus'
Schedule scan	Checkbox	Select if you want to automate the process of antivirus scanning. Select the checkbox beside the day(s) that you want the scheduled scan to run.

Click the 'Save' button.

The settings are saved and shown under the 'Antivirus Settings' tab. You can edit settings or remove the 'Antivirus Settings' section from the profile at anytime. See 'Edit Configuration Profiles' for more details.

Obtain Bundle/Package Identifier

The bundle identifier is a string that identifies the .apk package used to installing the app.

For Google Play Apps:

The bundle identifier can be found at the end of the app's Google Play download URL.

For example, 'com.comodo.batterysaver' is the Comodo Battery Saver app id in the URL

https://play.google.com/store/apps/details?id=com.comodo.batterysaver

For Enterprise Apps installed through EM App Store:

The bundle identifier can be viewed from the App Details screen of the App.

Click 'App Store' from the left and choose Android

Click on the app from the list displayed at the right

The bundle identifier is displayed in the 'Bundle ID' field.

Configure Bluetooth Restrictions settings

The feature is supported for Samsung for Enterprise (SAFE) devices only.

Click 'Bluetooth Restrictions' from the 'Add Profile Section' drop-down

Bluetooth Restrictions Settings - Table of Parameters
Form Element	Type	Description
Allow Device discovery via Bluetooth	Checkbox	Allows discovery of other devices via Bluetooth.
Allow Bluetooth Pairing	Checkbox	Allows users' devices to pair with other their devices via Bluetooth.
Allow Headset	Checkbox	Allows the use of bluetooth headsets connected with the device
Allow Hands Free	Checkbox	Allows to use the device with Bluetooth headsets and hands-free kits
Allow A2DP	Checkbox	Allows the transmission of stereo audio from the device to a set of Bluetooth headphones or stereo system.
Allow Outgoing Calls	Checkbox	Allows users to make calls using Bluetooth enabled devices (eg. hands-free devices)
Allow Bluetooth Tethering	Checkbox	Allows users to enable/disable Bluetooth tethering option.
Allow connection to Desktop or Laptop via Bluetooth	Checkbox	Allow users to enable/disable Bluetooth connection with Desktop or Laptop.
Allow data transfer	Checkbox	Allows data transfer between devices via Bluetooth.

Click the 'Save' button.

The settings are saved and shown under the 'Bluetooth Restrictions' tab. You can edit the settings or remove the section from the profile at anytime. See 'Edit Configuration Profiles' for more details.

Configure Browser Restrictions settings

The feature is supported for Samsung for Enterprise (SAFE) devices only.

Click 'Browser Restrictions' from the 'Add Profile Section' drop-down

The 'Browser Restrictions' settings screen will be displayed.

Browser Restrictions Settings - Table of Parameters
Form Element	Type	Description
Allow Pop-ups	Checkbox	Pop-ups in browsers will be allowed in the user devices.
Allow Javascript	Checkbox	Java scripts will be allowed on user devices.
Accept Cookies	Checkbox	Users will be allowed to modify Cookies settings on their devices.
Remember Form Data for later use	Checkbox	Users will be allowed to use Auto Fill settings on their devices.
Show Fraud Warning Settings	Checkbox	Users will be allowed to view Fraud Warning Settings on their devices.

Click the 'Save' button.

The settings are saved and shown under the 'Browser Restrictions' tab. You can edit the settings or remove the section from the profile at anytime. See 'Edit Configuration Profiles' for more details.

Configure Certificate settings

The 'Certificate' settings section is used to upload certificates and will act as a repository from which certificates can be selected for use in other areas like 'Wi-Fi, 'Exchange Active Sync' and 'VPN'.

Click 'Certificate' from the 'Add Profile Section' drop-down

The 'Certificate' settings screen will be displayed.

Certificate Settings - Table of Parameters
Form Element	Type	Description
Name	Text Field	Enter the label of the certificate. Click the variables button for more details on variables. See Create and Manage Custom Variables for more details on variables.
Description	Text Field	Enter an appropriate description for the certificate.
Data	Browse button	Browse to the location of the stored certificate and select the certificate. Note: Only certificate files with extensions 'pub', 'crt' or 'key' can be uploaded.

Click the 'Save' button.

The certificate will be added to the certificate store.

Click 'Add Certificate' and repeat the process to add more certificates.

Click on the name of the certificate to view the certificate key and edit the name

You can add any number of certificates to the profile and remove certificates at anytime. See 'Edit Configuration Profiles' for more details.

Configure Email settings

Note: The feature is supported for Samsung for Enterprise (SAFE) devices only. This area allows administrators to configure email settings on devices.

Click 'Email' from the 'Add Profile Section' drop-down

Email Settings - Table of Parameters
Form Element	Type	Description
Configure for Type*	Drop-down	Choose the protocol for incoming mail server from IMAP and POP.
Email address*	Text Field	Enter the email address of the user at the incoming mail server If the profile is for a single user. Click the variables button to insert dynamic values if the profile is for several users. The email address of the users to whom the profile is associated are automatically added to the profile while rolling out the same to the devices. See Create and Manage Custom Variables for more details on variables.
Account Display Name	Text Field	Enter a label to identify the user's email account at the incoming mail server, if the profile is for a single user. Click the variables button to insert dynamic values if the profile is for several users. See Create and Manage Custom Variables for more details on variables. The email address of the users to whom the profile is associated are automatically added to the profile while rolling out the same to the devices.
Set as Default Account	Checkbox	The email account is set as default for the users.
Mail Server Host Name (for Incoming Mail) *	Text Field	Enter the host name or IP address of the incoming mail server, if the profile is for a single user. Click the variables button to insert dynamic values if the profile is for several users. See Create and Manage Custom Variables for more details on variables.
Mail Server Port Number (for Incoming Mail) *	Text Field	Enter the server port number used for incoming mail service for a single user. For POP3, it is usually 110 and if SSL is enabled it is 995. For IMAP, it is usually 143 and if SSL is enabled it is 993. Click the variables button to insert dynamic values if the profile is for several users. See Create and Manage Custom Variables for more details on variables.
Login (for Incoming Mail)*	Text Field	Enter the username for the email account of the user at the incoming mail server if the profile is for a single user. Click the variables button to insert dynamic values if the profile is for several users. See Create and Manage Custom Variables for more details on variables. The email usernames of the users to whom the profile is associated are automatically added to the profile while rolling out to the devices.
Password (for Incoming Mail)*	Text Field	Enter the password for the email account of the user at the incoming mail server if the profile is for a single user. Click the variables button to insert dynamic values if the profile is for several users. See Create and Manage Custom Variables for more details on variables. The email passwords of the users to whom the profile is associated are automatically added to the profile while rolling out to the devices.
Use SSL Incoming	Checkbox	Communication between incoming mail server and devices is encrypted using SSL (Secure Socket Layer Protocol).
Accept All Certificates (for Incoming Mail)	Checkbox	The device automatically accepts all SSL certificates from the incoming mails.
Accept TLS Certificates (for Incoming Mail)	Checkbox	The device automatically accepts all secure certificates for TLS (Transport Secure Layer Protocol) from the incoming mails.
Mail Server Host Name (for Outgoing mail)*	Text box	Enter the host name or IP address of the outgoing (SMTP) mail server for a single user. Click the variables button to insert dynamic values if the profile is for several users. See Create and Manage Custom Variables for more details on variables.
Mail Server Port Number (for Outgoing Mail) *	Text box	Enter the server port number used for outgoing (SMTP) mail service, if the profile is for single user. If no port number is specified then ports 25, 587 and 465 are used in the given order. Click the variables button to insert dynamic values if the profile is for several users. See Create and Manage Custom Variables for more details on variables.
Login (for outgoing Mail)*	Text Field	Enter the username for the email account of the user at the outgoing (SMTP) mail server if the profile is for a single user. Click the variables button to insert dynamic values if the profile is for several users. See Create and Manage Custom Variables for more details on variables. The email usernames of the users to whom the profile is associated are automatically added to the profile while rolling out to the devices.
Password (for outgoing Mail)*	Text Field	Enter the password for the email account of the user at the outgoing (SMTP) mail server if the profile is for a single user. Click the variables button to insert dynamic values if the profile is for several users. See Create and Manage Custom Variables for more details on variables. The email passwords of the users to whom the profile is associated are automatically added to the profile while rolling out to the devices.
Use SSL (for Outgoing Mail)	Checkbox	Communication between outgoing mail server and devices is encrypted using SSL.
Accept All Certificates (for Outgoing Mail)	Checkbox	The device automatically accepts all SSL certificates from outgoing mails.
Accept TLS Certificates (for Outgoing Mail)	Checkbox	The device automatically accepts all secure certificates for TLS (Transport Secure Layer Protocol) from outgoing mails.
Sender Name	Text Field	Enter the name that should appear in the 'From' field of the sent emails from the device if the profile is for a single user. Click the variables button to insert dynamic values if the profile is for several users. See Create and Manage Custom Variables for more details on variables.
Set Signature	Text Field	Enter the signature and other details that appears at the end of the mails sent from the device. Click the variables button to insert dynamic values if the profile is for several users. See Create and Manage Custom Variables for more details on variables.
Prevent Moving Mail to other Accounts	Checkbox	The user cannot move sent or received mails to another account.
Always Vibrate on New Email Notification	Checkbox	The device vibrates in addition to sound alert when a new email is received.
Vibrate on New Email Notification if device is silent	Checkbox	The device vibrates when a new email is received, when the device is in silent mode.

Click the 'Save' button.

The settings are saved and shown under the 'Email' tab. You can edit the settings or remove the section from the profile at anytime. See 'Edit Configuration Profiles' for more details.

Configure ActiveSync settings

ActiveSync settings allows you to configure user access to Exchange Server mail accounts.

Note: Please make sure users are not blocked from using the email client on their devices in Native App Restriction.

Click 'ActiveSync Settings' from the 'Add Profile Section' drop-down

The 'ActiveSync Settings' screen will be displayed.

ActiveSync Settings - Table of Parameters
Form Element	Type	Description
Email Address *	Text Field	Click the 'Variables' button and click beside '%u.mail' from the User Variables' list. The email address of the users to whom the profile is associated are automatically filled. For more details on variables, see Create and Manage Custom Variables.
User Name *	Text Field	Click the 'Variables' button and click beside '%u.login' from the User Variables' list. The username of the users to whom the profile is associated will be automatically filled. For more details on variables, see Create and Manage Custom Variables.
Domain *	Text Field	Enter the domain name in the field. Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables.
Server Address *	Text Field	Enter the server address of the ActiveSync. Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables.
Password *	Text Field	Leave the field blank. The user need to enter the password while configuring the email account for the first time. After it is validated, the users can access the email account without entering the password.
Account Display Name	Text Field	Enter a label to identify the user's email account at the exchange server. Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables.
Email Signature	Text Field	Enter the signature and other details that appears at the end of the mails sent from the device. Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables.
Maximum Email Size	Comodo Box	The maximum size of email that the user can download from the server. Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables.
Sync Emails	Drop-down	Choose the period for which the emails are to be kept synchronized between the device and the exchange server from the recent past, from the drop-down.
Sync Calendar	Drop-down	Select the period for which the calendar events are to be synchronized between the device and the exchange server, from the drop-down.
Use SSL	Checkbox	Communication between the device and the exchange server is encrypted using SSL (Secure Socket Layer Protocol).
As default account	Checkbox	The email address is used as default for sending out emails.
Accept all certificates	Checkbox	The device automatically accepts all SSL certificates.
Can sync contacts	Checkbox	Allows synchronization of user contacts between device and exchange server.
Can sync calendar	Checkbox	Allows synchronization user created calendar events between the device and the exchange server.
Can sync tasks	Checkbox	Allows synchronization of user scheduled tasks between the device and the exchange server.
Manual roaming sync	Checkbox	The user can use the sync feature manually while away from the home network.

Fields with * are mandatory.

Click the 'Save' button.

The settings are saved and shown under the 'ActiveSync Settings' tab. You can edit the settings or remove the section from the profile at anytime. See 'Edit Configuration Profiles' for more details.

Configure Kiosk settings

Note: This feature is only supported by Samsung for Enterprise (SAFE) devices.

Background: Kiosk mode is a feature intended to help administrators lock-down mobile devices by limiting the applications that are able to run on a device. 'Locking' a device to particular applications can prevent users from opening other applications or straying into important device configuration areas. You can also block aspects of the OS should you wish. An example is a retail or school environment where only certain apps should be used on the device.

Click 'Kiosk' from the 'Add Profile Section' drop-down

Kiosk Settings - Table of Parameters
Form Element	Type	Description
Kiosk Mode Type	Drop-down	The two Kiosk modes are: Default mode - Run multiple apps in Kiosk mode. Users will not be able to run non-kiosk applications. Kiosk mode can only be exited by entering the admin bypass password. Single App mode - Users can only run the single application that you specify. Users will not be able to run non-kiosk applications. Kiosk mode can only be exited if the admin disables it in the EM console. Restrictions on access to other device functions, such as task manager and the status bar, can also be configured for either mode.
If 'Single App' is selected as Kiosk Mode Type:
Enter ID of Kiosk Apps	Text Field	Enter the Package ID of the app that will run in Kiosk mode. Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables. See Obtain Bundle/Package Identifier for more details on Package ID.
If 'Default mode' is selected as Kiosk Mode Type:
Enter ID of Kiosk Apps	Text Field	Enter the ID of the apps that will run in Kiosk mode. Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables. See Obtain Bundle/Package Identifier for more details on Package ID. Click to add more 'App IDs. Click the button to remove an item from the list.
Block Multi-Window Mode	Checkbox	Users cannot open multiple windows.
Block Task Manager	Checkbox	Users cannot access task manager screen.
Hide Navigation Bar	Checkbox	The navigation bar is not shown on the devices.
Hide System Bar	Checkbox	The system bar is not shown on the devices.
SMS/MMS blocking	Checkbox	All SMSs and MMSs to the device are blocked.
Block Keys	Drop-down	This feature lets you selectively block touch keys and icons available on device screen. For example, if you do not want the device owners to use 'Caps Lock' key you can block it. Click in the 'Block Keys' field: Scroll down to view the full list and select the key. Repeat the process to add more keys to the blocked keys list.
The following features are visible if 'Default mode' is selected as Kiosk Mode Type:
Show messenger App	Checkbox	Allows the messenger app on the device.
Show email App	Checkbox	Allows the email app on the device.
Show dialer App	Checkbox	Allows the phone dialer app on the device.
Show admin bypass button	Checkbox	Adds the 'Admin bypass' button to the device screen. The user can tap the button and enter the password to exit from the Kiosk mode.
Admin bypass password	Text Field	Enter the password required to exit the Kiosk mode. Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables.

Click the 'Save' button.

The settings are saved and shown under the 'Kiosk' tab. You can edit the settings or remove the section from the profile at anytime. See 'Edit Configuration Profiles' for more details.

Configure Native App Restriction settings

Native applications are those applications that come with the device operating system. Examples include the email and gallery apps. Admins can restrict users from accessing these native applications if required.

Note - Native app restrictions are only available on Samsung devices which support KNOX 1.0 +

Click 'Add Profile Section' > 'Native App Restrictions'

Native Application Restrictions Settings - Table of Parameters
Form Element	Type	Description
Allow Gmail	Checkbox	Users can the access Gmail app.
Allow Email	Checkbox	Users can the access the default email app.
Allow Browser	Checkbox	Users can access the default Android browser on their devices.
Allow Gallery	Checkbox	Users can access Gallery on their devices.
Allow Settings	Checkbox	Users can change their device settings.
Allow Google Play	Checkbox	Users can access Google Play on their mobile devices.
Allow YouTube App	Checkbox	Users can access the YouTube app.
Allow Google Maps & Navigation	Checkbox	Users can access Google Maps and Navigation app on their devices.
Allow Google and Voice Search	Checkbox	Users can use Google and Voice Search services.
Allow Chrome Browser	Checkbox	Users can use Google Chrome services to search
Allow Galaxy Store	Checkbox	Users can access Galaxy store

Click the 'Save' button.

The settings are saved and shown under the 'Native App Restriction' tab. You can edit the settings or remove the section from the profile at anytime. See 'Edit Configuration Profiles' for more details.

Configure Network Restriction settings

The feature is supported for Samsung for Enterprise (SAFE) devices only.

Click 'Network Restrictions' from the 'Add Profile Section' drop-down

Network Restrictions Settings - Table of Parameters
Form Element	Type	Description
Allow Emergency Calls only	Checkbox	Allows users to make only emergency calls.
Allow Voice Roaming	Checkbox	Allows users to make/receive voice call during roaming.
Allow Sync during Roaming	Checkbox	Allows the use of Sync feature while roaming.
Allow Data Roaming	Checkbox	Allows users to enable 'Data Roaming' option on their devices to access data services during roaming.
Allow USB Tethering	Checkbox	Allows users to enable 'USB Tethering' option for sharing their data connection through USB tethering.
Allow Wi-Fi access point settings editing	Checkbox	Allows users to edit the Wi-Fi access point settings to create a Wi-Fi hotspot for sharing their data connection.
Allow user to add Wi-Fi networks	Checkbox	Allows users to add Wi-Fi networks.
Wi-Fi Network Minimum Security Level	Drop-down	Select the minimum security level required for the user to access the Wi-Fi network. The options available are: Open WEP WPA 802.1x EAP (LEAP) 802.1x EAP (FAST) 802.1x EAP (PEAP) 802.1x EAP (TTLS) 802.1x EAP (TLS)
Allow SMS	Drop-down	Allows text messages as per the option selected: All - Allows both incoming and outgoing text messages. Incoming SMS only - Allows incoming text messages only. Outgoing SMS only - Allows outgoing text messages only. None - Both incoming and outgoing text messages are blocked.
Allow MMS	Drop-down	Allows multimedia messages as per the option selected: All - Allows both incoming and outgoing multimedia messages. Incoming SMS only - Allows incoming multimedia messages only. Outgoing SMS only - Allows outgoing multimedia messages only. None - Both incoming and outgoing multimedia messages are blocked.
Blacklisted SSIDs	Text Field	Specify the name (SSID) of the wireless network that should be blacklisted. Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables. Click the button to add more 'Whitelisted SSID' fields. Click the minus button beside an SSID to remove it from the list.

Click the 'Save' button.

The settings are saved and shown under the 'Network Restrictions' tab. You can edit the settings or remove the section from the profile at anytime. Refer to the section 'Edit Configuration Profiles' for more details.

Configure Passcode settings

Click 'Passcode' from the 'Add Profile Section' drop-down

The Passcode settings screens will be displayed.

Passcode Settings - Table of Parameters
Form Element	Type	Description
Passcode Type	Drop-down	Select the type of passcode from the drop-down that the user should configure for unlocking screen lock. The options available are: No passcode enforcement Only letters Letters and numbers Only numbers Letters, numbers and a special symbol Requires some kind of password
Minimum Passcode Length	Drop-down	Select the minimum number of passcode characters that can be configured by the user. (4-16 characters).
Maximum Idle Time	Drop-down	Select the maximum time period that can be set as idle time out period for device screen lock, from the drop-down.
Maximum Failed Attempts for Wipe	Drop-down	Select the maximum number of allowed unsuccessful login attempts for device wipe (4-16). Set the value as '0' for unlimited. If the number of failed attempts crosses this value, the data in the device will be automatically wiped off. This is useful to prevent the data from the device being stolen, if somebody, other than the user, tries to login to the device by entering guessed passcodes.
Maximum Failed Attempts for Sneak Peek	Drop-down	Select the maximum number of allowed unsuccessful login attempts for 'Sneak Peek' feature (4-16). Set the value as '0' for unlimited. The 'Sneak Peek' feature makes the device take a photograph with the front-facing camera if the wrong passcode is entered a certain number of times - hopefully getting a picture of the person holding a lost/stolen device. Photographs are forwarded to the EM server. The photograph(s) sent by the device can be viewed from the 'Device Details' interface that can be accessed by clicking 'Devices' > 'Device List' > the device name > 'Sneak Peek' tab. See View Sneak Peak Pictures for more details. Note: If the device does not have a front camera, the rear camera will capture a photograph and forward to the EM server.
Maximum Passcode Age (days)	Text Field	Enter the maximum period in days for which a passcode can be valid. After the number of days specified in this field, the passcode will expire. The user needs to change the passcode before the current one expires.
Passcode History Requirements	Text Field	Set how many unique, new passcodes must be created before the user can re-use an old password. This feature is available for Android 3.0 and later versions only.

Click the 'Save' button.

The settings are saved and shown under the 'Passcode' tab. You can edit the settings or remove the section from the profile at any time. See 'Edit Configuration Profiles' for more details.

Configure Restrictions settings

Click 'Restrictions' from the 'Add Profile Section' drop-down

Restrictions Settings - Table of Parameters
Form Element	Type	Description
Allow Turn-off background Sync (Not supported on Android version 5.* and higher)	Checkbox	Select this to allow users to disable background synchronization setting on their devices.
Allow Turn-off background Sync	Checkbox	Select this to allow users to disable background synchronization setting on their devices.
Allow Bluetooth	Checkbox	Select this to allow users to enable/disable Bluetooth on their devices.
Allow Camera	Checkbox	Select this to allow users to use the camera
Disable Storage Encryption	Checkbox	Select this to enable users to use device without turning on the storage encryption feature. This feature is available for Android 3.0 and later versions only.
Allow to run Apps installed from unknown sources	Checkbox	Select this to allow users to run installed applications that were download from unknown sources.
Cellular Connection Control	Radio Buttons	Choose whether or not to allow the device to connect to the internet through a cellular network (2G/3G/4G): Cellular Connection on - Maintains the data connection through cellular network enabled, irrespective of user settings under 'Settings' > 'Wireless and Network settings' in the device. Cellular Connection off - Maintains the data connection through cellular network disabled, irrespective of user settings under 'Settings' > 'Wireless and Network settings' in the device. User Choice - The connection is enabled or disabled as per the user's setting under 'Settings' > 'Wireless and Network settings' in the device.
WiFi Connection Control	Radio Buttons	Choose whether or not to allow the device to connect to WiFi networks and hotspots from the options. WiFi Connection on - Always maintains the WiFi connection enabled, irrespective of user's setting under 'Settings' > 'Wireless and Network settings' in the device. WiFi Connection off - Always maintains the WiFi connection disabled, irrespective of user's setting under 'Settings' > 'Wireless and Network settings' in the device. User Choice - The connection is enabled or disabled as per the user's setting under 'Settings' > 'Wireless and Network settings' in the device.

Click the 'Save' button.

The settings are saved and shown under the 'Restrictions' tab. You can edit the settings or remove the section from the profile at anytime. See 'Edit Configuration Profiles' for more details.

Configure VPN settings

Note: The feature is supported for only Samsung for Enterprise (SAFE) devices.

Click 'VPN' from the 'Add Profile Section' drop-down

Form Element	Description
Configure for type	Choose the VPN connection type from drop-down. The options available are: L2TP PPTP L2TP/IPSec PSK IPSec, XAuth PSK IPSec XAuth RSA.
VPN Connection Name	Enter a label for the connection. This is shown on the device. Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables.
Host name of the VPN Server	Enter the IP address or host name of the VPN server. Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables.
Username / Password	Enter the login credentials for the device to connect to the VPN server. Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables.
DNS Search Domains	Enter the IP address or hostname of the DNS server that devices will use for searching domain names. Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables.
For L2TP
Enable L2TP Secret	If enabled, the pre-shared L2TP should be entered in the next field L2TP Secret.
L2TP Secret	If L2TP Secret is enabled, then the pre-shared key should be entered here by the user or selected from 'Variables'.
For PPTP
Enable Encryption	If selected, the connection is encrypted between the devices and the VPN server.
For L2TP/IPSec PSK
Enable L2TP Secret	If enabled, the pre-shared L2TP should be entered in the next field L2TP Secret.
L2TP Secret	If L2TP Secret is enabled, then the pre-shared key should be entered here by the user or selected from 'Variables'
IPSec Pre-Shared Key	If IP Sec Identifier is enabled, then the pre-shared key should be entered here by the user or selected from 'Variables'
For IPSec Xauth PSK
IP Sec Identifier	Enter the IPSec identifier in the field. Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables.
IPSec Pre-Shared Key	If IP Sec Identifier is enabled, then the pre-shared key should be entered here by the user or selected from 'Variables'.
Use for persistent connect	Forcibly maintains the VPN connection always at the enabled state, irrespective of user's settings through 'Settings' > 'Wireless and Networks' in the device. In order to enable this feature, the following conditions are to be satisfied: The profile should have been created already and rolled out to the devices. Hence the administrator will be able to enable this feature after rolling out the profile and then by editing the profile. See Edit Configuration Profiles for more details Suits to all VPN connections types, except PPTP The VPN server and the DNS server should have been specified by their IP addresses in IPv4.

Click the 'Save' button after entering or selecting the parameters.

The VPN settings is added to the profile.

Click 'Add VPN' and repeat the process to add more VPN connections

Click the name of a connection to view and edit its settings

You can add any number of VPN connection settings to the profile at anytime. See 'Edit Configuration Profiles' for more details.

Configure Wi-Fi settings

Click 'Wi-Fi' from the 'Add Profile Section' drop-down

Wi-Fi Settings - Table of Parameters
Form Element	Type	Description
SSID*	Text Field	Enter the Service Set Identifier (SSID), the name of the wireless network that a device should connect to. Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables.
Hidden SSID	Checkbox	If enabled, users will be able to access the hidden wireless network too. Users must know the hidden SSID details and the required credentials.
Wi-Fi Configuration Type	Drop-down	Select the type of encryption used by the wireless network from the drop-down. The options available are: Open WEP WPA / WPA2 - PSK EAP 802 The settings for each type is explained in the next table Wi-Fi configuration type settings.

Fields marked * are mandatory.

Wi-Fi Configuration Type settings

Wi-Fi Configuration Type Settings - Table of Parameters
Security Configuration Type	Description
Open	No password is required for accessing the Wi-Fi network by the user.
WEP	Encryption Key - Enter the password to access the Wi-Fi network. Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables.
WPA / WPA2 - PSK	Encryption Key - Enter the password to access the Wi-Fi network. Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables.
EAP 802	1. EAP Authentication Protocol - Select the EAP authentication protocol from the drop-down. Applicable for Samsung for Enterprise devices SAFE 1.0 + version. PEAP TLS TTLS 2. Phase 2 Authentication Protocol - Select the Phase 2 authentication protocol from the drop-down. Applicable for Samsung for Enterprise devices SAFE 1.0 + version. None PAP MSCHAP MSCHAPV2 GTC 3. Certificate - Select the user certificate from the drop-down or upload it using the 'Add New' button. 4. CA Certificate - Select the CA certificate from the drop-down or upload it using the 'Add New' button. 5. Authentication Username - Enter the username for Wi-Fi authentication. Applicable for Samsung for Enterprise devices SAFE 1.0 + version. 6. Authentication Password - Enter the password for Wi-Fi authentication. Applicable for Samsung for Enterprise devices SAFE 1.0 + version. 7. Authentication Domain - Enter the details for RADIUS Server authentication. Applicable for Samsung for Enterprise devices SAFE 1.0 + version. 8. Anonymous Identity - Enter the username that can be used for anonymous access. Applicable for Samsung for Enterprise devices SAFE 1.0 + version. 9. Encryption Key - Enter the encryption key to access the Wi-Fi network. Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables.

Click the 'Save' button after entering or selecting the parameters.

The 'Wi-Fi' network settings' is saved to the profile.

Click 'Add Wi-Fi' and repeat the process to add more Wi-Fi networks.

Click the SSID of the network to view and edit its settings.

You can add or remove Wi-Fi networks at any time. See 'Edit Configuration Profiles' for more details.

Configure 'Other Restrictions' settings

The feature is supported for Samsung for Enterprise (SAFE) devices only.

Click 'Other Restrictions' from the 'Add Profile Section' drop-down

Other Restrictions Settings - Table of Parameters
Form Element	Type	Description
Allow USB	Checkbox	Allows users to establish connections via USB ports.
Use Network Time	Checkbox	Allows users to enable/disable network provided values in Date & Time settings.
Allow Microphone	Checkbox	Allows users to use microphone. If this is disabled, users can use microphone for receiving and making calls only.
Allow Near Field Communication (NFC)	Checkbox	Allows devices to establish connection via NFC.
Use GPS satellites for Location Detection	Checkbox	Allows users to enable/disable GPS system for location detection.
Use Wireless Networks / Google's Location Service for Location Detection	Checkbox	Allows users to enable /disable Wireless Networks / Google's Location Service for location detection
Allow Mock Locations	Checkbox	Allows users to enable/disable 'Mock Location' in developer mode settings.
Allow SD Card	Checkbox	Users can use SD card on their devices.
Allow SD Card Write	Checkbox	Users can store data on the SD card.
Allow Screen Capture	Checkbox	Users can take screenshot of the device screen.
Allow Clipboard	Checkbox	Users will be allowed to use clipboard memory.
Backup my data	Checkbox	Users will be allowed to take a backup of data in their devices.
Visible Passwords	Checkbox	Allows users to enable/disable show password feature.
Allow USB Debugging	Checkbox	Allows users to enable/disable 'USB Debugging' option in developer mode settings.
Allow Google Crash Report	Checkbox	Crash reports will be sent to Google.
Allow Factory Reset	Checkbox	Allows users to reset the device to factory settings.
Allow OTA Upgrade	Checkbox	Allows devices to receive Over-the-air (OTA) upgrade for software updates.

Click the 'Save' button.

The settings are saved and shown under 'Other Restrictions' tab. You can edit the settings or remove the section from the profile at anytime. See 'Edit Configuration Profiles' for more details.

Configure Update Settings

The updates section of a Android profile lets you configure when managed devices should check for new version updates.

Click 'Updates' from the 'Add Profile Section' drop-down

The Updates settings screens will be displayed.

Allow agent to show new version availability pop-up - Forces the endpoint to check the new version update pop-up. Deselect if you want to disable auto-updates.(Default = Enabled)
Update Check Period - Choose how often the agent should check for updates. (Default = 1 hour, Maximum = 1 day)

The available options are:

Choice of every one hour to 1 day.You can increase the update check period by moving the blue coloured dot icon.
The agent checks for a new version update within the selected period.

Click the 'Save' button.
The settings are saved and shown under 'Updates' tab. You can edit the settings or remove the section from the profile at anytime. See 'Edit Configuration Profiles' for more details.

Endpoint Manager

Endpoint Manager Administrator Guide 7.2

English

Profiles for Android Devices