The help for this version of the solution is no longer updated, so it may contain outdated information. For up-to-date information about the solution refer to the Kaspersky Secure Mobility Management 4.1 Help.
What's new
Version 2.0
In this release, we added some features to the plug-in of MMC-based Administration Console for managing Android devices via Kaspersky Endpoint Security for Android app.
New features for device owner mode:
The Kaspersky Endpoint Security for Android app now supports device owner mode on Android 5 and 6. You should configure these devices via ADB and install the app.
You can now specify a preferred network used to download the app on device when generating a QR code for app installation in the Administration Console. It can be any Wi-Fi network selected on the device, a pre-configured Wi-Fi network, or mobile network.
We added new restrictions for Android operating system features to policy settings. These restrictions include:
Adding and removing Google accounts.
Adding and removing users.
Keyguard features (camera, notifications, and trust agents).
Changing date, time, and language.
Adjusting the volume and brightness.
Changing the wallpaper.
Airplane mode.
Resetting network settings.
Use of cellular data while roaming.
New features for Android work profile:
Settings for the work profile password (for example, password requirements, the password age, the number of incorrect password enter attempts, or the use of biometric unlock methods).
Restrictions for data access and sharing (for example, data sharing between work profile apps and personal profile apps, or screen sharing and recording).
Restrictions to add and remove accounts in the work profile.
Restrictions to access work profile contacts.
Restriction to display notifications from work profile apps when the screen is locked.
Restriction to use the camera for work profile apps.
Settings to grant runtime permissions for work profile apps.
Adding widgets of work profile apps to the device home screen.
Locking the work profile via Compliance Control rules and specifying a one-time passcode to unlock it.
New features for Compliance Control:
New conditions to check whether the device SIM card has been replaced or removed and whether an additional SIM card has been inserted.
New action to lock the work profile.
Ability to set 0 minutes for the time period in which a user should fix the non-compliance.
New features for Web Protection:
You can specify an option to check full URLs when opening websites in Custom Tabs.
You can block websites from a certain list.
You can import websites to be blocked or to be allowed from a .txt file that contains website URLs or regular expressions.
You can remove multiple websites from the list using the CTRL+A, CTRL+left-click, and SHIFT+left-click hotkeys.
New features for certificates:
Ability to automatically reissue certificates obtained using SCEP to the device before the expiration date.
Ability to install root certificates on personal devices and in the work profile.
Other improvements:
For Samsung KNOX devices, we added options to configure restrictions for SD card usage.
For device owner mode (Android 10 or later) and the work profile (Android 10-11), the Administration Console now displays the IMEI as the device ID and in device details.
This release also includes the following new features in the plug-in of MMC-based Administration Console for managing iOS MDM devices:
New features for Compliance Control:
The following new conditions were added:
Check for the device type and model.
Check whether the device is roaming.
Check whether the device password is set.
Check whether the amount of free space on the device becomes less than the specified threshold.
Check whether the device is encrypted.
Check whether the device SIM card has been replaced or removed.
Check for how long ago the device has been last synchronized with Administration Server.
The following new actions were added:
Update the operating system (for supervised devices).
Change Bluetooth settings (for supervised devices).
Reset to factory settings.
Delete managed apps by their bundle IDs.
Delete configuration profiles of the specified type.
Change roaming settings.
For the Send email message to user action, you can edit the default message subject and body.
Events about the Compliance Control operation are sent to the Administration Console.
You can set up Per App VPN for the following system apps:
Email
Contacts
Calendar
New commands for Lost Mode on supervised iOS MDM devices were added:
Enable Lost Mode
Locate device
Play sound
Disable Lost Mode
You can get a bypass code for the Activation Lock on supervised iOS devices.
Version 1.0
In this release, we added a wide range of features to plug-ins for MMC-based Administration Console to set up control over corporate mobile devices.
The following features were added to the plug-in for managing Android devices via Kaspersky Endpoint Security for Android app:
The Kaspersky Endpoint Security for Android app now supports devices that operate in device owner mode. You can generate a QR code for app installation in device owner mode that allows you to configure different device settings.
Features for Android devices in device owner mode:
Restrictions of Android operating system features. These restrictions include:
Device features (reset to factory settings, screen capture, calls and SMS messages, and so on).
Apps (the use of different apps, app installation settings, and so on).
Storage (mounting external media, file transfer over USB, and so on).
Network (Wi-Fi and mobile networks, VPN settings, and so on).
Location Services (the use of location and changing location settings).
Management of Google Chrome settings.
Kiosk mode (with a single app or set of apps).
Management of Exchange ActiveSync settings for Gmail.
Connection to a NDES/SCEP server.
Installation of root certificates on devices.
Silent installation of required apps and uninstallation of blocked apps defined in App Control rules.
Option to delete apps blocked by App Control.
Features to configure screen unlock passwords for Android devices:
You can specify different password requirements.
You can manage the use of biometric unlock methods.
You can specify the password lifetime and history length.
You can specify the unlock password in the Administration Console and force the change on the device.
New options for Samsung KNOX devices:
Option to prohibit developer mode.
Option to prohibit sending crash reports to Google.
New features to configure Wi-Fi networks:
Support for the 802.1.x EAP security protocol and ability to configure its protection settings (such as the EAP method).
You can specify the list of allowed Wi-Fi networks to connect automatically and hide other networks from the user device.
New options to delete all data on a lost or stolen Android device after failed attempts to enter the unlock password.
Adding web clips to devices.
This release also includes the following new features in the plug-in for managing iOS MDM devices:
The new Compliance Control component that lets you monitor iOS MDM devices for compliance with corporate security requirements and take various actions.
You can manage apps on iOS MDM devices based on lists of allowed and prohibited apps.
New commands are added:
Reset password
Schedule operating system update
Set Bluetooth state
New features to configure VPN connections:
Support for the IKEv2 protocol.
You can set up activating the VPN connection for selected website domains in Safari.
New option to force the use of a password on a device.
New options to manage operating system features on supervised devices: