- Kaspersky Security for Mobile Help
- What's new
- Comparison of application features depending on the management tools
- Distribution kit
- Working in Kaspersky Security Center Web Console and Kaspersky Security Center Cloud Console
- About mobile device management in Kaspersky Security Center Web Console and Cloud Console
- Key features of mobile device management in Kaspersky Security Center Web Console and Cloud Console
- About the Kaspersky Endpoint Security for Android app
- About the Kaspersky Security for iOS app
- About the Kaspersky Security for Mobile (Devices) plug-in
- About the Kaspersky Security for Mobile (Policies) plug-in
- Hardware and software requirements
- Known issues and considerations
- Deploying a mobile device management solution in Kaspersky Security Center Web Console or Cloud Console
- Managing mobile devices in Kaspersky Security Center Web Console and Cloud Console
- Managing group policies
- Defining policy settings
- Configuring anti-virus protection
- Defining device unlock settings
- Configuring protection of stolen or lost device data
- Configuring app control
- Configuring compliance control of mobile devices with corporate security requirements
- Configuring user access to websites
- Configuring feature restrictions
- Protecting Kaspersky Endpoint Security for Android against removal
- Configuring synchronization of mobile devices with Kaspersky Security Center
- Kaspersky Security Network
- Exchanging information with Google Analytics for Firebase, SafetyNet Attestation, Firebase Performance Monitoring, and Crashlytics
- Configuring notifications on mobile devices
- Detecting device hacks
- Defining licensing settings
- Configuring events
- Configuring events about the installation, update, and removal of apps on users' devices
- Network load
- About mobile device management in Kaspersky Security Center Web Console and Cloud Console
- Working in MMC-based Administration Console
- Key use cases
- About Kaspersky Security for Mobile
- Key features of mobile device management in MMC-based Administration Console
- About Kaspersky Endpoint Security for Android app
- About Kaspersky Device Management for iOS
- About the Kaspersky Endpoint Security for Android Administration Plug-in
- About the Kaspersky Device Management for iOS Administration Plug-in
- Hardware and software requirements
- Known issues and considerations
- Deployment
- Solution architecture
- Common integrated solution deployment scenarios
- Preparing the Administration Console for deployment of the integrated solution
- Configuring Administration Server settings for connection of mobile devices
- Configuring a connection gateway to connect mobile devices to Kaspersky Security Center Administration Server
- Displaying the Mobile Device Management folder in the Administration Console
- Creating an administration group
- Creating a rule for device automatic allocating to administration groups
- Creating a mobile certificate
- Installing Kaspersky Endpoint Security for Android
- Activating the Kaspersky Endpoint Security for Android app
- Installing an iOS MDM profile
- Installing administration plug-ins
- Updating a previous version of the application
- Removal of Kaspersky Endpoint Security for Android
- Configuration and Management
- Getting Started
- Protection
- Configuring anti-virus protection on Android devices
- Protecting Android devices on the internet
- Protection of stolen or lost device data
- Configuring device unlock password strength
- Configuring a virtual private network (VPN)
- Configuring Firewall on Android devices (only Samsung)
- Protecting Kaspersky Endpoint Security for Android against removal
- Detecting device hacks (root)
- Configuring a global HTTP proxy on iOS MDM devices
- Adding security certificates to iOS MDM devices
- Adding a SCEP profile to iOS MDM devices
- Control
- Configuring restrictions
- Configuring user access to websites
- Compliance control of Android devices with corporate security requirements
- Compliance control of iOS MDM devices with corporate security requirements
- App control
- Installation and uninstallation of apps on a group of iOS MDM devices
- Software inventory on Android devices
- Configuring the display of Android devices in Kaspersky Security Center
- Management
- Configuring connection to a Wi-Fi network
- Configuring email
- Installing root certificates on Android devices
- Managing third-party mobile apps
- Configuring notifications for Kaspersky Endpoint Security for Android
- Connecting iOS MDM devices to AirPlay
- Connecting iOS MDM devices to AirPrint
- Configuring the Access Point Name (APN)
- Configuring the Android work profile
- Adding an LDAP account
- Adding a calendar account
- Adding a contacts account
- Configuring calendar subscription
- Adding web clips
- Adding fonts
- Device owner mode
- Commands for mobile devices
- Managing the app using third-party EMM systems (Android only)
- Network load
- Participating in Kaspersky Security Network
- Data provision to third-party services
- Global acceptance of additional Statements
- Samsung KNOX
- Appendices
- Using the Kaspersky Endpoint Security for Android app
- App features
- Main window at a glance
- Status bar icon
- Device scan
- Running a scheduled scan
- Changing the Protection mode
- Anti-virus database updates
- Scheduled database update
- Things to do if your device gets lost or stolen
- Web Protection
- Get Certificate
- Synchronizing with Kaspersky Security Center
- Activating the Kaspersky Endpoint Security for Android app without Kaspersky Security Center
- Installing the app in device owner mode
- Enabling accessibility on Android 13 or later
- Updating the app
- Removing the app
- Applications with a briefcase icon
- KNOX app
- Using the Kaspersky Security for iOS app
- Application licensing
- Contact Technical Support
- Sources of information about the application
- Glossary
- Activating the application
- Activation code
- Administration group
- Administration Server
- Administrator's workstation
- Android work profile
- Anti-virus databases
- Apple Push Notification service (APNs) certificate
- Application management plug-in
- Certificate Signing Request
- Compliance control
- Device administrator
- End User License Agreement
- Group task
- IMAP
- Installation package
- iOS MDM device
- iOS MDM profile
- iOS MDM Server
- Kaspersky categories
- Kaspersky Private Security Network (KPSN)
- Kaspersky Security Center Administrator
- Kaspersky Security Center Web Server
- Kaspersky Security Network (KSN)
- Kaspersky update servers
- Key file
- License
- License term
- Manifest file
- Phishing
- Policy
- POP3
- Provisioning profile
- Proxy server
- Quarantine
- SSL
- Standalone installation package
- Subscription
- Supervised device
- Unlock code
- Virus
- Information about third-party code
- Trademark notices
The help for this version of the solution is no longer updated, so it may contain outdated information. For up-to-date information about the solution refer to the Kaspersky Secure Mobility Management 4.1 Help.
Configuring a strong unlock password for an Android device
To keep an Android device secure, you need to configure the use of a password for which the user is prompted when the device comes out of sleep mode.
You can impose restrictions on the user's activity on the device if the unlock password is weak (for example, lock the device). You can impose restrictions using the Compliance Control component. To do this, in the scan rule settings, you must select the Unlock password is not compliant with security requirements criterion.
On certain Samsung devices running Android 7.0 or later, when the user attempts to configure unsupported methods for unlocking the device (for example, a graphical password), the device may be locked if the following conditions are met: Kaspersky Endpoint Security for Android removal protection is enabled and screen unlock password strength requirements are set. To unlock the device, you must send a special command to the device.
To configure the use of an unlock password:
- In the console tree, in the Managed devices folder, select the administration group to which the Android devices belong.
- In the workspace of the group, select the Policies tab.
- Open the policy properties window by double-clicking any column.
- In the policy Properties window, select the Device Management section.
- If you want the app to check whether an unlock password has been set, select the Require to set screen unlock password check box in the Screen lock section.
If the application detects that no system password has been set on the device, it prompts the user to set it. The password is set according to the parameters defined by the administrator.
- Specify the following options, if required:
- Minimum number of characters
The minimum number of characters in the user password. Possible values: 4 to 16 characters.
The user's password is 4 characters long by default.
On devices running Android 10.0 or later, Kaspersky Endpoint Security resolves the password strength requirements into one of the system values: medium or high.
The values for devices running Android 10.0 or later are determined by the following rules:
- If the password length required is 1 to 4 symbols, then the app prompts the user to set a medium-strength password. It must be either numeric (PIN) with no repeating or ordered (e.g. 1234) sequences, or alphabetic/ alphanumeric. The PIN or password must be at least 4 characters long.
- If the password length required is 5 or more symbols, then the app prompts the user to set a high-strength password. It must be either numeric (PIN) with no repeating or ordered sequences, or alphabetic/ alphanumeric (password). The PIN must be at least 8 digits long; the password must be at least 6 characters long.
- Minimum unlock password requirements (for device owner mode, Android 12 or earlier)
Specifies minimum unlock password requirements. These requirements apply only to new user passwords. The following values are available:
- Numeric
The user can set a password that includes numbers or set any stronger password (for instance, alphabetic or alphanumeric).
This option is selected by default.
- Alphabetic
The user can set a password that includes letters (or other non-number symbols) or set any stronger password (for instance, alphanumeric).
- Alphanumeric
The user can set a password that includes both numbers and letters (or other non-number symbols) or set any stronger complex password.
- Any
The user can set any password.
- Complex
The user must set a complex password according to the specified password properties:
- Minimum number of letters
- Minimum number of digits
- Minimum number of special symbols
- Minimum number of uppercase letters
- Minimum number of lowercase letters
- Minimum number of non-letter characters
- Complex numeric
The user can set a password that includes numbers with no repetitions (e.g. 4444) and no ordered sequences (e.g. 1234, 4321, 2468) or set any stronger complex password.
- Weak biometric
The user can use biometric unlock methods or set a stronger complex password.
This option applies only to devices running Android 12 or later in device owner mode.
- Numeric
- Password lifetime, in days
Specifies the number of days before the password expires. Applying a new value will set the current password lifetime to the new value.
The default value is 0. This means that the password won't expire.
- Number of days to notify before password expires (for device owner mode)
Specifies the number of days to notify the user before the password expires.
The default value is 0. This means that the user won't be notified about password expiration.
This option applies only to devices operating in device owner mode.
- Password history length
Specifies the maximum number of previous user passwords that can't be used as a new password.
The default value is 0. This means that the new user password can match any previous password except the current one.
- Period of inactivity before device locks, in seconds
Specifies the period of inactivity before the device locks. After this period, the device will lock.
The default value is 0. This means that the device won't lock after a certain period.
- Period for unlocking without password, in minutes (for device owner mode, Android 8.0+)
Specifies the period for unlocking the device without a password. During this period, the user can use biometric methods to unlock the screen. After this period, the user can unlock the screen only with a password.
The default value is 0. This means that the user won't be forced to unlock the device with a password after a certain period.
This option applies only to devices running Android 8 or later in device owner mode.
- Allow biometric unlock methods (Android 9+)
If the check box is selected, the use of biometric unlock methods on the mobile device is allowed.
If the check box is cleared, Kaspersky Endpoint Security for Android blocks the use of biometric methods to unlock the screen. The user can unlock the screen only with a password.
This check box is selected by default.
This setting applies only to devices running Android 9 or later.
- Allow use of fingerprints
The use of fingerprints to unlock the screen. This check box does not restrict the use of a fingerprint scanner when signing in to apps or confirming purchases.
On devices running Android 10.0 or later, the use of fingerprints to unlock the screen can be managed for work profiles only.
If the check box is selected, the use of fingerprints on the mobile device is allowed. If the unlock password does not comply with corporate security requirements, the user cannot use a fingerprint scanner to unlock the screen.
If the check box is cleared, Kaspersky Endpoint Security for Android blocks the use of fingerprints to unlock the screen. The user can unlock the screen only with a password. In the Android settings, the option to use fingerprints will be unavailable (Android Settings > Security > Screen lock > Fingerprints).
This check box is available only if the Allow biometric unlock methods (Android 9+) check box is selected.
This check box is selected by default.
- Allow face scanning (Android 9+)
If the check box is selected, the use of face scanning on the mobile device is allowed.
If the check box is cleared, Kaspersky Endpoint Security for Android blocks the use of face scanning to unlock the screen.
This check box is available only if the Allow biometric unlock methods (Android 9+) check box is selected.
This check box is selected by default.
This setting applies only to devices running Android 9 or later.
- Allow iris scanning (Android 9+)
If the check box is selected, the use of iris scanning on the mobile device is allowed.
If the check box is cleared, Kaspersky Endpoint Security for Android blocks the use of iris scanning to unlock the screen.
This check box is available only if the Allow biometric unlock methods (Android 9+) check box is selected.
This check box is selected by default.
This setting applies only to devices running Android 9 or later.
- Force use of password at startup
If the check box is selected, the user is not required to enter the password when the device starts up.
Once this option is applied, it cannot be reverted without resetting the device to factory defaults.
If the check box is cleared, the startup requirements remain unchanged.
This check box is cleared by default.
- Unlock password
This option lets you set the password on the user device.
On devices running Android 11 or later, this option applies only if the device is in device owner mode.
Once you save the policy, this option applies to the device by sending a command with the specified password. The input is cleared and the specified password is not saved in Administration Console.
- If the device is not protected with the password or is running Android 10 or earlier, Kaspersky Endpoint Security for Android sets the password immediately.
- If the device is running Android 11 or later, Kaspersky Endpoint Security for Android prompts the user to apply the new password.
If you leave this option empty, no changes are applied to the device.
- Minimum number of characters
- Click the Apply button to save the changes you have made.
Mobile device settings are configured after the next device synchronization with the Kaspersky Security Center.