Based on the security level selected while creating the Mobile Device Control Policy, the settings that are predefined by ZENworks can be viewed or edited by performing the steps elaborated in this section. The Mobile Device Control policy settings can be configured for iOS, Android, and ActiveSync devices. However, these settings vary based on the platform. Also, you can configure these settings for a personal or a corporate owned device.
In ZENworks Control Center, navigate to the Policies section.
Click the Mobile Device Control policy for which the content needs to be configured.
Click the Details tab and edit the settings.
Corporate/Personal: The settings in the Corporate column are applied to devices whose ownership is defined as Corporate. The settings in the Personal column are applied to devices whose ownership is defined as Personal. The settings use the following values:
Yes: Enables the setting.
No: Disables the setting.
Inherit: Inherits the setting value from other Mobile Device Control policies assigned higher in the policy hierarchy. For example, if you assign this policy to a device, the setting value is inherited from any Mobile Device Control policy assigned to groups and folders of which the device is a member. If there is no value to inherit, then ZENworks does not set the restriction.
Not Set (--): Indicates that a value is not set by ZENworks.
Apple: The settings that can be enabled or disabled for iOS devices are as follows:
|
Tab |
Settings |
Description |
|---|---|---|
|
Device |
Allow Camera |
Determines whether to enable or disable the device camera. If set to No, the camera icon is removed from the device. |
|
Allow FaceTime |
Determines whether to enable or disable FaceTime. This setting is enabled if the Allow Camera setting is configured as Yes or Inherit. |
|
Allow global background fetch while roaming |
Determines whether the latest app data should be fetched from the network for apps running in the background, while the device is roaming. |
|
Allow Handoff |
Determines whether a user is allowed to resume an existing task or is allowed to access content from any device which is logged into the same iCloud account. |
|
Allow Siri |
Determines whether Apple’s voice assistant should be enabled. |
|
Allow Siri while device is locked |
Determines whether the user can access Siri while the device is locked. This setting is enabled if the Allow Siri setting is set to Yes or Inherit. Also, this option is ignored if a passcode is not set on the device. |
|
Allow automatic updates to certificate trust settings |
Determines whether automatic updates to certificate trust settings should be enabled. |
|
|
Allow documents from managed sources in unmanaged destinations |
Determines whether a document can be opened in an unmanaged app or account if the document was created or downloaded from a managed app or account. |
|
|
Allow documents from unmanaged sources in managed destinations |
Determines whether a document can be opened in a managed app or account if the document was created or downloaded from an unmanaged app or account. |
|
|
Allow screenshots |
Determines whether the user can capture images of the device’s display screen. |
|
|
Allow sending diagnostic and usage data to Apple |
Determines whether automatic submission of diagnostic and usage reports to Apple should be enabled. |
|
|
Allow users to accept untrusted TLS certificate |
Determines whether the user can accept Transport Layer Security (TLS) certificates that cannot be verified. |
|
|
Force encrypted backup |
Determines whether the device backup process should be encrypted. |
|
|
Force limited ad tracking |
Determines whether advertisers’ tracking of a user’s activities across apps should be limited. If set to Yes, then ad tracking is not eliminated but reduced to some extent. |
|
|
Request passcode for incoming AirPlay requests |
Determines whether a pairing passcode restriction should be enforced for all incoming AirPlay requests coming from another device to a managed device. |
|
|
Request passcode for outgoing AirPlay requests |
Determines whether a pairing passcode restriction should be enforced for all outgoing AirPlay requests sent from a managed device to another device |
|
|
Treat Airdrop as unmanaged destination |
Determines whether Airdrop should be considered as an unmanaged drop target. If set to Yes, then the user will be unable to share managed data through Airdrop. |
|
|
Apps |
Allow enterprise app trust |
Determines whether the user is allowed to install or use enterprise apps that are not distributed by ZENworks. |
|
Allow backup of enterprise books |
Determines whether the user can back up books distributed by the organization to iCloud or iTunes. |
|
|
Allow in-app purchase |
Determines whether the user can make in-app purchases. |
|
|
Allow managed apps to store data in iCloud |
Determines whether managed app data should sync with iCloud. |
|
|
Allow notes and highlights sync for enterprise books |
Determines whether metadata, which includes notes and highlights of books that are distributed by the user’s organization, should be synced with iCloud. |
|
|
Apple Watch |
Force Apple Watch wrist detection |
Determines whether an Apple Watch should display the time and the latest alerts when the user’s wrist is raised. |
|
iTunes |
Require iTunes Store password for each purchases |
Determines whether or not the user needs to enter the password for each purchase on the iTunes Store. |
|
iCloud |
Allow My Photo Stream |
Determines whether a copy of any photo taken on the managed iOS device should be synced with the user’s other iOS devices. |
|
Allow iCloud Keychain |
Determines whether Keychain data such as accounts, passwords, and credit card information, should be synced with iCloud. |
|
Allow iCloud Photo Library |
Determines whether photos on iCloud can be accessed on the managed device. |
|
Allow iCloud Photo Sharing |
Determines whether the user can publish and share photos with other iOS users through the iCloud website. Default value is Yes. |
|
Allow iCloud backup |
Determines whether data can be backed up or restored on iCloud. |
|
Safari |
Allow use of Safari |
Determines whether the user is allowed to use the Safari web browser on the device. If set to No, then the Safari icon is removed from the Home screen of the device. |
|
Accept cookies |
Determines the cookie policy that should be enabled in the Safari web browser. The accepted values are:
The default value is to allow cookies from all websites, third parties, and advertisers. |
|
Allow pop-ups |
Determines whether pop-ups should be blocked in the Safari web browser. This setting is enabled, if Allow use of Safari is configured as Yes or Inherit. |
|
Enable AutoFill |
Determines whether Safari should remember the data entered by users on web entry forms. This setting is enabled, if Allow use of Safari is configured as Yes or Inherit. |
|
|
Enable JavaScript |
Determines whether JavaScript should be enabled in the Safari web browser. This setting is enabled, if Allow use of Safari is configured as Yes or Inherit. |
|
Force fraud warning |
Determines whether Safari should warn users about refraining from visiting websites that are fraudulent. This setting is enabled, if Allow use of Safari is configured as Yes or Inherit. |
|
|
Lock Screen |
Allow passbook notifications in Lock screen |
Determines whether notifications on the passbook app can be displayed on the lock screen. The passbook app allows users to store their coupons, tickets, and so on. |
|
Allow voice dialing while device is locked |
Determines whether voice dialing should be enabled while the device is locked. |
|
|
Show Control Center in Lock screen |
Determines whether Control Center can be accessed from the Lock screen. The Control Center gives the user quick access to the apps and controls on the device. |
|
|
Show Notification Center in Lock screen |
Determines whether Notification Center can be accessed from the Lock screen. |
|
|
Show Today View in Lock screen |
Determines whether the Today View in Notification Center should be displayed on Lock screen. |
|
|
Media Content |
Allow Bookstore Erotica |
Determines the user is permitted to download media that is tagged as erotica from the iBooks store. |
|
Ratings Region |
Determines the region that needs to be selected to populate the allowed ratings for media content defined for that region. |
|
|
Apps |
Determines the maximum allowed rating for apps. These values are populated based on the selected Ratings Region. If a rating is enabled, items that do not conform to the rating restrictions cannot be downloaded or installed on the device. |
|
|
Movies |
Determines the maximum allowed rating for movies. The values in this field are populated based on the selected Ratings Region. If a rating is enabled, items that do not conform to the rating restrictions cannot be downloaded on the device. |
|
|
TV Shows |
Determines the maximum allowed rating for TV shows. The values in this field are populated based on the selected Ratings Region. If a rating is enabled, items that do not conform to the rating restrictions cannot be downloaded on the device. |
|
|
Security |
Allow Touch ID to unlock device |
Determines whether the user can unlock the device by using fingerprint. |
Android: The settings that can be enabled or disabled for Android devices are as follows:
|
Settings |
Description |
|---|---|
|
Allow Camera |
Determines whether the device camera should be enabled. If set to No, the camera is disabled and a warning message is displayed if the user tries to access it. |
ActiveSync: These settings can be applied on devices that are enrolled as:
ActiveSync Only devices
Fully Managed devices, that is, iOS and ActiveSync (iOS MDM + ActiveSync) or Android and ActiveSync (Android App + ActiveSync).
If a setting is applicable for both Android and ActiveSync, or iOS and Activesync, then the stricter setting of the two is applied. For example: the mode in which a device is enrolled is iOS MDM + ActiveSync. If Allow Camera is enabled as a part of the iOS settings and if Allow Camera is disabled as a part of the ActiveSync settings, then the camera icon is removed from the device, as disabling of the camera is a strict setting.
|
Settings |
Description |
|---|---|
|
Allow Bluetooth |
Determines whether bluetooth connections are allowed to and from the device. You also have the option of allowing only a hands free configuration on the device. |
|
Allow Browser |
Determines whether the user is allowed to use the default web browser on the device. |
|
Allow Camera |
Determines whether the device camera should be enabled. |
|
Allow Infrared |
Determines whether infrared connections are allowed to and from the device. |
|
Allow Text Messaging |
Determines whether the user can send or receive text messages on the device. |
|
Allow Storage Card |
Determines whether the device can access a removable storage card. |
Click Apply.
Click Publish to display the Publish Option page. In this page you can publish the modified policy as a new version of the same policy or as a new policy.