Configuring Modern Android Enterprise MDM policy settings
Mobile Device Management (MDM) policy settings for Modern Android Enterprise devices.
MaaS360 offers granular policy settings in the Modern Android Enterprise Settings. The policy settings are reorganized and logically grouped based on functions.
For instance, Device Security, App Security, and Data Security have separate sections in Modern Android Enterprise Settings. In contrast, in the Classic Android Enterprise settings, the same sections are consolidated under the Security section.
- Passcode
Enforcement Actions On Passcode Policy (Google): Configure enforcement actions to specify what happens when the device fails to comply with the preceding policy. If not set, enforcement action will be set to block immediately and wipe after ten days.
The following actions are taken when device goes out of compliance:- Block After Days: Block the work profile after configured days.Important: If it is set to 0, block the work profile immediately.
- Wipe After Days: Allow the work profile after configured days.
For other passcode settings, see Passcode
- Block After Days: Block the work profile after configured days.
- Device Restrictions
- Network Restrictions
- Location Restrictions
- Developer Restrictions
- Device Management Settings
- Timer Settings
- Device Security: Device security settings provide device, app, data, and
backup and restore settings for an Android device.
The following enforcement actions are applicable for Allow Input Methods Restriction Level and Allow Accessibility Services Restriction Level policies
Enforcement Actions (Google)- Block After Days: Block the work profile after configured days.Important: If it is set to 0, block the work profile immediately.
- Wipe After Days: Allow the work profile after configured days.
For more information about device security fields, see Device Security. - Block After Days: Block the work profile after configured days.
- App Security
- Work Profile-specific settings
- ActiveSync
- Wi-Fi
- VPN
- Certificates
- System Update
- Global Proxy Settings
- Compliance Settings: Enforcement actions when a device or work profile
fails to comply with Device Management, Device Security, and App Security Policy.
Policy setting Description Supported devices Defined inactivity time limit before device is out of compliance (1 - 1440 minutes) The number of minutes a device can remain inactive until an enforcement action is applied. Android 7.0 Action when out of compliance The actions that are taken on the device when the device is out of compliance: - Selective Wipe: The profiles that are configured on the device are removed.
- Lock Device: The device is locked.
- Wipe Device: All the data on the device is erased.
Android 7.0 Mark device as noncompliant if MaaS360 app does not have location permission If you don't select Always Allow for location permissions for the MaaS360 app, the device becomes noncompliant. Android 7.0+ (PO & DO) Block personal apps when out of compliance Block personal apps when out of compliance Android 11+ (WPCO)
Configuring policy settings for Modern Android Enterprise device
Use to configure specific settings in an Android MDM policy for Modern Android Enterprise devices.
- Log in to the MaaS360 Portal.
- From the MaaS360 Portal home page, go to
- On the Policies page, click View in the policy name
to view the policy details. Note: You can create a new MDM Policy or use an existing MDM Policy. For more information about creating new policy, see Creating a security policy in the IBM MaaS360 Portal.
- On the Policy Details page, select Modern Android Enterprise
Settings and then click Edit to modify the policy based on your requirements.Note: Select the individual sections based on your requirement and configure the policy settings.
- Click Next.
- View the affected devices in the Devices in scope and click Next.
- Review the policy changes and click Publish to publish the policy to selected devices.
Assigning the policy
- From the MaaS360 Portal home page, go to Devices > Inventory and select the device.
- Select your device and click .
- Select your MDM policy from Android Policy list.
- Click Submit. Policy is assigned to the device.