Kaspersky Secure Mobility Management
2.0
English

The help for this version of the solution is no longer updated, so it may contain outdated information. For up-to-date information about the solution refer to the Kaspersky Secure Mobility Management 4.1 Help.

What's new

Version 2.0

In this release, we added some features to the plug-in of MMC-based Administration Console for managing Android devices via Kaspersky Endpoint Security for Android app.

  • New features for device owner mode:
    • The Kaspersky Endpoint Security for Android app now supports device owner mode on Android 5 and 6. You should configure these devices via ADB and install the app.
    • You can now specify a preferred network used to download the app on device when generating a QR code for app installation in the Administration Console. It can be any Wi-Fi network selected on the device, a pre-configured Wi-Fi network, or mobile network.
    • We added new restrictions for Android operating system features to policy settings. These restrictions include:
      • Adding and removing Google accounts.
      • Adding and removing users.
      • Keyguard features (camera, notifications, and trust agents).
      • Changing date, time, and language.
      • Adjusting the volume and brightness.
      • Changing the wallpaper.
      • Airplane mode.
      • Resetting network settings.
      • Use of cellular data while roaming.
  • New features for Android work profile:
    • Settings for the work profile password (for example, password requirements, the password age, the number of incorrect password enter attempts, or the use of biometric unlock methods).
    • Restrictions for data access and sharing (for example, data sharing between work profile apps and personal profile apps, or screen sharing and recording).
    • Restrictions to add and remove accounts in the work profile.
    • Restrictions to access work profile contacts.
    • Restriction to display notifications from work profile apps when the screen is locked.
    • Restriction to use the camera for work profile apps.
    • Settings to grant runtime permissions for work profile apps.
    • Adding widgets of work profile apps to the device home screen.
    • Locking the work profile via Compliance Control rules and specifying a one-time passcode to unlock it.
  • New features for Compliance Control:
    • New conditions to check whether the device SIM card has been replaced or removed and whether an additional SIM card has been inserted.
    • New action to lock the work profile.
    • Ability to set 0 minutes for the time period in which a user should fix the non-compliance.
  • New features for Web Protection:
    • You can specify an option to check full URLs when opening websites in Custom Tabs.
    • You can block websites from a certain list.
    • You can import websites to be blocked or to be allowed from a .txt file that contains website URLs or regular expressions.
    • You can remove multiple websites from the list using the CTRL+A, CTRL+left-click, and SHIFT+left-click hotkeys.
  • New features for certificates:
    • Ability to automatically reissue certificates obtained using SCEP to the device before the expiration date.
    • Ability to install root certificates on personal devices and in the work profile.
  • Other improvements:
    • For Samsung KNOX devices, we added options to configure restrictions for SD card usage.
    • For device owner mode (Android 10 or later) and the work profile (Android 10-11), the Administration Console now displays the IMEI as the device ID and in device details.

This release also includes the following new features in the plug-in of MMC-based Administration Console for managing iOS MDM devices:

  • New features for Compliance Control:
    • The following new conditions were added:
      • Check for the device type and model.
      • Check whether the device is roaming.
      • Check whether the device password is set.
      • Check whether the amount of free space on the device becomes less than the specified threshold.
      • Check whether the device is encrypted.
      • Check whether the device SIM card has been replaced or removed.
      • Check for how long ago the device has been last synchronized with Administration Server.
    • The following new actions were added:
      • Update the operating system (for supervised devices).
      • Change Bluetooth settings (for supervised devices).
      • Reset to factory settings.
      • Delete managed apps by their bundle IDs.
      • Delete configuration profiles of the specified type.
      • Change roaming settings.
    • For the Send email message to user action, you can edit the default message subject and body.
    • Events about the Compliance Control operation are sent to the Administration Console.
  • You can set up Per App VPN for the following system apps:
    • Email
    • Contacts
    • Calendar
  • New commands for Lost Mode on supervised iOS MDM devices were added:
    • Enable Lost Mode
    • Locate device
    • Play sound
    • Disable Lost Mode
  • You can get a bypass code for the Activation Lock on supervised iOS devices.

Version 1.0

In this release, we added a wide range of features to plug-ins for MMC-based Administration Console to set up control over corporate mobile devices.

The following features were added to the plug-in for managing Android devices via Kaspersky Endpoint Security for Android app:

  • The Kaspersky Endpoint Security for Android app now supports devices that operate in device owner mode. You can generate a QR code for app installation in device owner mode that allows you to configure different device settings.
  • Features for Android devices in device owner mode:
    • Restrictions of Android operating system features. These restrictions include:
      • Device features (reset to factory settings, screen capture, calls and SMS messages, and so on).
      • Apps (the use of different apps, app installation settings, and so on).
      • Storage (mounting external media, file transfer over USB, and so on).
      • Network (Wi-Fi and mobile networks, VPN settings, and so on).
      • Location Services (the use of location and changing location settings).
    • Management of Google Chrome settings.
    • Kiosk mode (with a single app or set of apps).
    • Management of Exchange ActiveSync settings for Gmail.
    • Connection to a NDES/SCEP server.
    • Installation of root certificates on devices.
    • Silent installation of required apps and uninstallation of blocked apps defined in App Control rules.
    • Option to delete apps blocked by App Control.
  • Features to configure screen unlock passwords for Android devices:
    • You can specify different password requirements.
    • You can manage the use of biometric unlock methods.
    • You can specify the password lifetime and history length.
    • You can specify the unlock password in the Administration Console and force the change on the device.
  • New options for Samsung KNOX devices:
    • Option to prohibit developer mode.
    • Option to prohibit sending crash reports to Google.
  • New features to configure Wi-Fi networks:
    • Support for the 802.1.x EAP security protocol and ability to configure its protection settings (such as the EAP method).
    • You can specify the list of allowed Wi-Fi networks to connect automatically and hide other networks from the user device.
  • New options to delete all data on a lost or stolen Android device after failed attempts to enter the unlock password.
  • Adding web clips to devices.

This release also includes the following new features in the plug-in for managing iOS MDM devices:

  • The new Compliance Control component that lets you monitor iOS MDM devices for compliance with corporate security requirements and take various actions.
  • You can manage apps on iOS MDM devices based on lists of allowed and prohibited apps.
  • New commands are added:
    • Reset password
    • Schedule operating system update
    • Set Bluetooth state
  • New features to configure VPN connections:
    • Support for the IKEv2 protocol.
    • You can set up activating the VPN connection for selected website domains in Safari.
  • New option to force the use of a password on a device.
  • New options to manage operating system features on supervised devices:
    • Delay software updates.
    • Manage access to USB devices.
    • Manage Wi-Fi, VPN, and Personal Hotspot settings.
    • Manage the use of NFC.
Article ID: 180199, Last review: Dec 27, 2024
Page top