Device Management MDM

Android Management sample policies

/
/
/
/
/
/
Android Management sample policies

As you probably already know, the possibilities of the Android Devices Management policies configuration are endless. Below you will find a repository of the most common configurations our users use to configure for their projects.

Kiosk Custom Launcher

Replaces the home screen with a launcher that locks down the device to the apps installed via the applications setting. Apps appear on a single page in alphabetical order.

  • Kiosk Custom Launcher Enabled = true
  • Kiosk Customization (optional): there are many options available that you can use to customize Custom Kiosk mode behaviour.

We always recommend to enable “Network Escape Hatch” (networkEscapeHatchEnabled: true) since the it prompts the user to temporarily connect to a network in order to refresh the device policy if a network connection can’t be made at boot time.

				
					{
  "config": {
    "applications": [...],
    "networkEscapeHatchEnabled": true,
    "kioskCustomization": {
      "deviceSettings": "SETTINGS_ACCESS_ALLOWED"
    }
  }
}
				
			

Single app kiosk mode

The app is automatically installed in kiosk mode: it’s set as the preferred home intent and whitelisted for lock task mode. Device setup won’t complete until the app is installed. After installation, users won’t be able to remove the app. You can only set this “Install Type” for one app per policy. When this is present in the policy, status bar will be automatically disabled.

  • App Configuration:
    • Install type: KIOSK
  • Policy configuration (optional)

Persistent Preferred Activities:

  • Receiver Activity: name of your receiver activity i.e.:com.applivery.kiosk.demo001/.AppliveryDeviceAdminReceiver
  • Categories: i.e.
    android.intent.category.LAUNCHER
    android.intent.category.HOME
    android.intent.category.DEFAULT
  • Actions: i.e.: android.intent.action.MAIN


We always recommend to enable “Network Escape Hatch” (networkEscapeHatchEnabled: true) since the it prompts the user to temporarily connect to a network in order to refresh the device policy if a network connection can’t be made at boot time.

				
					{
  "config":{
     "applications":[
      {
        "packageName":"com.applivery.kiosk.demo001",
        "installType":"KIOSK",
        "defaultPermissionPolicy":"GRANT",
        "permissionGrants":[
         {
           "permission":"android.permission.BIND_DEVICE_ADMIN",
           "policy":"GRANT"
         }
        ]
      }
     ],
     "persistentPreferredActivities":[
      {
        "receiverActivity":"com.applivery.kiosk.demo001/.AppliveryDeviceAdminReceiver",
        "actions":[
         "android.intent.action.MAIN"
        ],
        "categories":[
         "android.intent.category.LAUNCHER",
         "android.intent.category.HOME",
         "android.intent.category.DEFAULT"
        ]
      }
     ],
     "networkEscapeHatchEnabled":true
  }
}
				
			

Allow install from Unknown Sources

Sometimes you will need to allow your users to install Apps (.apk or .aab files) from 3rd parties or from your Private App Store in Applivery MAM. This is normally block by default in all policies so you will need to customize the following policy properties to make it possible:

  • Install Unknown Sources Allowed = true
  • Advanced Security Overwrites
    • Untrusted Apps Policy = ALLOW_INSTALL_DEVICE_WIDE
				
					{
  "config": {
    "applications": [...],
    "installUnknownSourcesAllowed": true,
    "advancedSecurityOverrides": {
      "untrustedAppsPolicy": "ALLOW_INSTALL_DEVICE_WIDE"
    }
  }
}
				
			

Network configuration

Sometimes you will need to remotely deploy network configuration, including WiFi and  others. This is something that can be done by using the “Open Network Configuration” property, that supports deploying multiple configurations at the same time using the ONC standard.

The most common properties are:

  • GUID: unique identifier for this network.
  • Name: friendly network name
  • Type: type of network. Allowed values are: VPN, WiFi, Tether, Ethernet, Cellular
  • Security: Security type. Allowed values are: WEP-PSK, WEP-8021X, WPA-PSK, WPA-EAP
  • AutoConnect: Indicating that the network should be connected to automatically when possible true or false
				
					{
  "NetworkConfigurations": [{
    "GUID": "a",
    "Name": "Example A",
    "Type": "WiFi",
    "WiFi": {
      "SSID": "Example A",
      "Security": "None",
      "AutoConnect": true
    }
  }, {
    "GUID": "b",
    "Name": "Example B",
    "Type": "WiFi",
    "WiFi": {
      "SSID": "Example B",
      "Security": "WEP-PSK",
      "Passphrase": "1234567890"
    }
  }, {
    "GUID": "c",
    "Name": "Example C",
    "Type": "WiFi",
    "WiFi": {
      "SSID": "Example C",
      "Security": "WPA-PSK",
      "Passphrase": "baseball"
    }
  }]
}
				
			

You can read more about Open Network Configuration spec here.

What are your feelings