- Kaspersky Secure Mobility Management help
- What's new
- Working in Kaspersky Security Center Web Console
- About Kaspersky Secure Mobility Management
- Getting started
- Solution architecture
- Deployment scenarios
- Deploying a mobile device management solution in Kaspersky Security Center Web Console
- Deploying Kaspersky Security Center Linux and Kaspersky Security Center Web Console
- Deploying mobile management plug-ins
- Configuring Administration Server settings for connecting mobile devices
- Scenario: Configuring a connection gateway to connect mobile devices to Kaspersky Security Center Web Console
- Adding installation packages to Administration Server repository
- Adding a license key to the Administration Server repository
- Installing Network Agent Linux
- Configuring Kaspersky Security Center Linux Web Server settings
- Deploying an iOS device management system
- About iOS device operating modes
- About device management profiles
- Deploying Kaspersky Security for iOS
- Deploying a management system using the iOS MDM protocol
- Deploying iOS MDM Server
- Configuring an iOS MDM Server installation package
- Installing iOS MDM Server using a remote installation task
- Local installation of iOS MDM Server on a device via an installation package
- Updating iOS MDM Server using a remote installation task or locally
- Deleting iOS MDM Server using a remote uninstallation task
- Viewing the list of installed iOS MDM Servers and configuring their settings
- Configuring an iOS MDM Server certificate
- Configuring a reserve iOS MDM Server certificate
- Receiving or renewing an APNs certificate
- Installing an APNs certificate on iOS MDM Server
- Configuring access to Apple Push Notification service
- iOS MDM Server events
- Obtaining iOS MDM Server diagnostic data
- Deploying iOS MDM Server
- Deploying an Android device management system
- About Android device operating modes
- Using Firebase Cloud Messaging
- Deploying Kaspersky Endpoint Security for Android
- Permissions for Kaspersky Endpoint Security for Android
- Starting and stopping Kaspersky Endpoint Security for Android
- Activating Kaspersky Endpoint Security for Android
- Updating Kaspersky Endpoint Security for Android
- Removing Kaspersky Endpoint Security for Android
- Managing mobile devices in Kaspersky Security Center Web Console
- Creating administration groups
- Configuring policies
- Creating a policy
- Modifying a policy
- Copying a policy
- Moving a policy to another administration group
- Viewing the list of policies
- Viewing the policy distribution results
- Managing revisions to policies
- Restricting permissions to configure policies
- Configuring role-based access control
- Configuring policy profiles
- Deleting a policy
- Connecting mobile devices to Kaspersky Security Center Web Console
- Configuring synchronization settings
- Managing certificates of mobile devices
- Configuration and management
- Control
- Protection
- Configuring anti-malware protection on Android devices
- Protecting Android devices on the internet
- Protection of data on a stolen or lost device
- Configuring the device unlock password strength
- Configuring a virtual private network (VPN)
- Configuring Firewall on Android devices (only Samsung)
- Protecting Kaspersky Endpoint Security for Android against removal
- Detecting hacked devices
- Configuring a global HTTP proxy on iOS MDM devices
- Adding security certificates to iOS MDM devices
- Adding a SCEP profile to iOS MDM devices
- Restricting SD card usage (only Samsung)
- Management of mobile devices
- Managing Android devices
- Managing iOS MDM devices
- Adding a configuration profile
- Installing a configuration profile on a device
- Removing a configuration profile from a device
- Configuring managed apps
- Installing an app on a mobile device
- Removing an app from a device
- Configuring roaming on an iOS MDM mobile device
- Viewing information about an iOS MDM device
- Disconnecting an iOS MDM device from management
- Configuring kiosk mode for iOS MDM devices
- Management of mobile device settings
- Configuring connection to a Wi-Fi network
- Configuring email
- Configuring protection levels in Kaspersky Security Center
- Managing app configurations
- Managing app permissions
- Creating a report on installed mobile apps
- Installing root certificates on Android devices
- Configuring notifications for Kaspersky Endpoint Security for Android
- Connecting iOS MDM devices to AirPlay
- Connecting iOS MDM devices to AirPrint
- Configuring the Access Point Name (APN)
- Corporate container
- Adding an LDAP account
- Adding a contacts account
- Adding a calendar account
- Configuring a calendar subscription
- Configuring SSO
- Managing Web Clips
- Setting a wallpaper
- Adding fonts
- Working with commands for mobile devices
- Managing the app by using third-party EMM systems (Android only)
- Participating in Kaspersky Security Network
- Samsung Knox
- Using the Kaspersky Endpoint Security for Android app
- App features
- Main window at a glance
- Status bar icon
- Device scan
- Running a scheduled scan
- Changing the Protection mode
- Anti-malware database updates
- Scheduled database update
- Things to do if your device gets lost or stolen
- Web Protection
- Get Certificate
- Synchronizing with Kaspersky Security Center
- Activating the Kaspersky Endpoint Security for Android app without Kaspersky Security Center
- Installing the app on corporate devices
- Installing root certificates on the device
- Installing and using mail and VPN certificates on the device
- Enabling accessibility on Android 13 or later
- Updating the app
- Removing the app
- Applications with a briefcase icon
- Knox app
- Using the Kaspersky Security for iOS app
- Application licensing
- Comparison of solution features by management tool
- Contact Technical Support
- Sources of information about the application
- Glossary
- Activating the application
- Activation code
- Administration group
- Administration Server
- Administrator's workstation
- Anti-malware databases
- Apple Push Notification service (APNs) certificate
- Application management plug-in
- Basic control
- Basic protection
- Certificate Signing Request
- Compliance Control
- Corporate container
- Corporate device
- Device administrator
- Device management profile
- End User License Agreement
- Group task
- IMAP
- Installation package
- iOS MDM device
- iOS MDM profile
- iOS MDM Server
- Kaspersky categories
- Kaspersky Private Security Network (KPSN)
- Kaspersky Security Center Administrator
- Kaspersky Security Center Web Server
- Kaspersky Security Network (KSN)
- Kaspersky update servers
- Key file
- License
- License term
- Malware
- Manifest file
- Network Agent
- Personal device
- Phishing
- Policy
- POP3
- Proxy server
- Quarantine
- SSL
- Standalone installation package
- Subscription
- Supervised device
- Unlock code
- Virtual Administration Server
- Information about third-party code
- Trademark notices
Managing Google Chrome settings
The Google Chrome settings section lets you manage settings of Google Chrome installed in Android work profile or on devices managed via the Kaspersky Endpoint Security for Android app in device owner mode.
To open the Google Chrome settings section:
- In the console tree, in the Managed devices folder, select the administration group to which the Android devices belong.
- In the workspace of the group, select the Policies tab.
- Open the policy properties window by double-clicking any column.
Complete the following steps within 15 minutes. Otherwise, you may face an error when saving changes to the policy.
- In the policy Properties window, select the App configuration > Google Chrome settings section.
Manage content settings
On the Content tab of the Google Chrome settings section, you can specify the following content settings:
- Set default cookie settings
Default cookie settings.
If the check box is selected, one of the following options will be applied to all sites by default:
- Allow all sites to set local data (default)
- Do not allow any site to set local data
If the check box is cleared, the user's personal settings will be applied.
The setting is supported in Google Chrome version 30 or later.
This check box is selected by default.
There must be no conflicting URL patterns that you specify in the Allow cookies on these sites, Block cookies on these sites, and Allow cookies on these sites for one session only fields. If no URL is specified and the Set default cookies settings check box is selected, the option selected in the drop-down list will be applied to all sites.
- Allow cookies on these sites
A list of sites that are allowed to set cookies. You can also set URL patterns, for example: [*.]example.com.
The setting is supported in Google Chrome version 30 or later.
- Block cookies on these sites
A list of sites that are prohibited to set cookies. You can also set URL patterns, for example: [*.]example.com.
The setting is supported in Google Chrome version 30 or later.
- Allow cookies on these sites for one session only
A list of sites that are allowed to set cookies only for one session. You can also set URL patterns, for example: [*.]example.com.
The setting is supported in Google Chrome version 30 or later.
- Set default JavaScript settings
Default JavaScript settings.
If the check box is selected, one of the following options will be applied and the device user will not be able to change it:
- Allow all sites to run JavaScript (default)
- Do not allow any site to run JavaScript
If the check box is cleared, user personal settings will be applied.
The setting is supported in Google Chrome version 30 or later.
This check box is cleared by default.
If the Allow JavaScript on these sites and Block JavaScript on these sites settings are not specified and the Set default JavaScript settings check box is selected, the selected option will be applied to all sites.
- Allow JavaScript on these sites
A list of sites that are allowed to run JavaScript. You can also set URL patterns, for example: [*.]example.com.
The setting is supported in Google Chrome version 30 or later.
If the Allow JavaScript on these sites and Block JavaScript on these sites settings are not specified and the Set default JavaScript settings check box is selected, the selected option will be applied to all sites.
- Block JavaScript on these sites
A list of sites that are prohibited to run JavaScript. You can also set URL patterns, for example: [*.]example.com.
The setting is supported in Google Chrome version 30 or later.
If the Allow JavaScript on these sites and Block JavaScript on these sites settings are not specified and the Set default JavaScript settings check box is selected, the selected option will be applied to all sites.
- Set default pop-up settings (based on Google abusive pop-ups database)
Default pop-up setting.
If the check box is selected, one of the following options applies to pop-ups:
- Allow all sites to show pop-ups. Lets all sites open pop-up windows. This value is selected by default.
- Do not allow any site to show pop-ups. Prohibits all sites to open pop-up windows.
Only those pop-ups will be blocked that are included into the Google abusive pop-ups database.
If the check box is cleared, pop-ups are blocked, but a device user can change this behavior in Settings.
The setting is supported in Google Chrome version 33 or later.
The check box is cleared by default.
If the Allow pop-ups on these sites and Block pop-ups on these sites (based on Google abusive pop-ups database) settings are not specified and the Set default pop-up settings check box is selected, the selected option will be applied to all sites.
- Allow pop-ups on these sites
A list of sites that are allowed to show pop-ups. You can also set URL patterns, for example: [*.]example.com.
The setting is supported in Google Chrome version 34 or later.
If the Allow pop-ups on these sites and Block pop-ups on these sites settings are not specified and the Set default pop-up settings check box is selected, the selected option will be applied to all sites.
- Block pop-ups on these sites (based on Google abusive pop-ups database)
A list of sites that are prohibited to show pop-ups. You can also set URL patterns, for example: [*.]example.com.
Only those pop-ups will be blocked that are included into the Google abusive pop-ups database.
The setting is supported in Google Chrome version 34 or later.
If the Allow pop-ups on these sites and Block pop-ups on these sites settings are not specified and the Set default pop-up settings check box is selected, the selected option will be applied to all sites.
- Set user location tracking settings
The default geographic location settings.
If the check box is selected, one of the following options will be applied to all sites by default:
- Allow all sites to track location
- Do not allow any site to track location
- Ask whenever site wants to track location (default)
If the check box is cleared, user personal settings will be applied.
The setting is supported in Google Chrome version 30 or later.
This check box is cleared by default.
Manage proxy settings
On the Proxy tab of the Google Chrome settings section, you can specify the following proxy settings:
- Set proxy mode
Proxy settings for Google Chrome and ARC-apps.
If the check box is selected, one of the following options will be applied and the device user is prevented from changing proxy settings:
- Never use proxy. Prohibits use of proxies and all other proxy settings are ignored. This option is selected by default.
- Detect proxy settings automatically. Detects proxy settings automatically and all other options are ignored.
- Use PAC file. Uses the proxy PAC file specified in the PAC file URL field.
- Use fixed proxy servers. Uses the data specified in the Proxy server URL and Bypass list fields.
- Use system proxy settings. Uses the system proxy settings.
If the check box is cleared, user personal settings will be applied.
The setting is supported in Google Chrome version 30 or later.
This check box is selected by default.
- Proxy server URL
A URL of the proxy server.
The setting is supported in Google Chrome version 30 or later.
- PAC file URL
A URL to a proxy .PAC file.
The setting is supported in Google Chrome version 30 or later.
- Bypass list
A list of hosts for which the proxy will be bypassed.
The setting is supported in Google Chrome version 30 or later.
Manage search settings
On the Search tab of the Google Chrome settings section, you can specify the following search settings:
- Enable Touch to Search
Selecting or clearing this check box specifies whether the device user is allowed to use Touch to Search and turn the feature on or off.
The setting is supported in Google Chrome version 40 or later.
This check box is selected by default.
- Enable default search provider
Default search provider settings.
If the check box is selected, a default search provider is used when a user enters non-URL text in the address bar. The default search provider depends on search provider settings below this check box:
- If you leave search provider settings empty, the device user can choose the search provider in the browser settings.
- If you configure settings of the default search provider, this search provider is always used, and the device user can't choose the search provider in the browser.
This check box is selected by default, but the default search provider settings are not configured.
If you want to disable search in Google Chrome, we recommend that you leave the Enable default search provider check box selected and set the Search provider name parameter to the site of a non-search system. On some Google Chrome versions, there can be problems in Google Chrome operation if the check box is cleared.
The setting is supported in Google Chrome version 30 or later.
The default search provider parameters are:
- Search provider name
- Keyword
- Search URL
- Suggest URL
- Icon URL
- Encodings
- Alternate URLs
- Image URL
- New tab URL
- Parameters for search URL that uses POST
- Parameters for suggest URL that uses POST
- Parameters for image URL that uses POST
- Search provider name
The default search provider name.
The setting is supported in Google Chrome version 30 or later.
A keyword or shortcut used in the address bar to trigger the search for the search provider.
The setting is supported in Google Chrome version 30 or later.
- Search URL
The URL of the search engine used during default searches.
The setting is supported in Google Chrome version 30 or later.
The URL of the search engine to provide search suggestions.
The setting is supported in Google Chrome version 30 or later.
- Icon URL
The URL of the default search provider's favicon.
The setting is supported in Google Chrome version 30 or later.
- Encodings
Character encodings supported by the search provider. The supported encodings are:
- UTF-8
- UTF-16
- GB2312
- ISO-8859-1
The setting is supported in Google Chrome version 30 or later.
- Alternate URLs
A list of alternate URLs to retrieve search terms from the search engine.
The setting is supported in Google Chrome version 30 or later.
The URL of the search engine used for image search.
The setting is supported in Google Chrome version 30 or later.
- New tab URL
The URL of the search engine used to provide a New Tab page.
The setting is supported in Google Chrome version 30 or later.
- Parameters for search URL that uses POST
URL parameters when searching a URL with the POST method. The parameters are comma-separated key-value pairs. If a value is a template parameter, for example, '{searchTerms}', it is replaced with real search terms. For example:
q={searchTerms},ie=utf-8,oe=utf-8
The setting is supported in Google Chrome version 30 or later.
- Parameters for suggest URL that uses POST
URL parameters for search suggestions using the POST method. The parameters are comma-separated key-value pairs. If a value is a template parameter, for example, '{searchTerms}', it is replaced with real search terms. For example:
q={searchTerms},ie=utf-8,oe=utf-8
The setting is supported in Google Chrome version 30 or later.
- Parameters for image URL that uses POST
URL parameters for image search using the POST method. The parameters are comma-separated key-value pairs. If a value is a template parameter, for example, '{imageThumbnail}', it is replaced with the real image thumbnail. For example:
content={imageThumbnail},url={imageURL},sbisrc={SearchSource}
The setting is supported in Google Chrome version 30 or later.
Manage password settings
On the Passwords tab of the Google Chrome settings section, you can specify the following password settings:
- Enable saving passwords
Selecting or clearing the check box specifies whether Google Chrome will remember the passwords the device user enters and also offer them the next time the device user signs in.
The setting is supported in Google Chrome version 30 or later.
This check box is selected by default.
Manage page settings
On the Pages tab of the Google Chrome settings section, you can specify the following page settings:
- Enable alternate error pages
Selecting the check box specifies whether Google Chrome is allowed to use built-in error pages, such as "Page not found".
The setting is supported in Google Chrome version 30 or later.
This check box is selected by default.
- Enable AutoFill for addresses
Autofill settings for addresses.
If the check box is selected, the device user is allowed to manage AutoFill for addresses in the user interface.
If the check box is cleared, AutoFill never suggests or fills in address information, nor does it save additional address information that the device user submits while browsing the web.
The setting is supported in Google Chrome version 69 or later.
This check box is selected by default.
- Enable AutoFill for credit cards
Autofill settings for credit cards.
If the check box is selected, the device user is allowed to manage AutoFill suggestions for credit cards in the user interface.
If the check box is cleared, AutoFill never suggests or fills in credit card information, nor does it save additional credit card information that the device user might submit while browsing the web.
The setting is supported in Google Chrome version 63 or later.
This check box is selected by default.
Manage other settings
On the Other tab of the Google Chrome settings section, you can specify the following settings:
- Enable printing
Selecting or clearing this check box specifies whether the device user is allowed to print in Google Chrome.
The setting is supported in Google Chrome version 39 or later.
This check box is selected by default.
- Set Google Safe Browsing settings
Google Safe Browsing protection level.
If the check box is selected, the device user is allowed to manage the Google Safe Browsing settings in Google Chrome, as well as select the protection level. The protection levels are:
- Google Safe Browsing is never active. Disables Google Safe Browsing completely.
- Google Safe Browsing is active in standard mode. Makes Google Safe Browsing always enabled in standard protection mode. This option is selected by default.
- Google Safe Browsing is active in enhanced mode. Makes Google Safe Browsing always enabled in enhanced protection mode, but device user browsing experience data will be sent to Google.
If the check box is cleared, Google Safe Browsing will operate in standard protection mode and the device user is allowed to change Google Safe Browsing settings.
The setting is supported in Google Chrome version 87 or later.
This check box is selected by default.
- Disable saving browser history
Selecting or clearing this check box specifies whether browsing history is saved and tab syncing is on.
The setting is supported in Google Chrome version 30 or later.
This check box is cleared by default.
- Disable proceeding from Google Safe Browsing warning page
Selecting or clearing this check box specifies whether the device user is allowed to proceed to the flagged site on Google Safe Browsing warnings, such as malware and phishing. The restriction does not apply to issues related to SSL certificate, such as invalid or expired certificates.
The setting is supported in Google Chrome version 30 or later.
This check box is cleared by default.
- Enable network prediction
Selecting or clearing this check box specifies whether Google Chrome will predict such network actions as DNS prefetching, TCP and SSL preconnection and prerendering of webpages.
If the check box is cleared, network prediction is disabled, but the device user can enable it.
The setting is supported in Google Chrome version 38 or later.
This check box is cleared by default.
Selecting or clearing this check box specifies whether Google Search queries will be performed via Google SafeSearch.
The setting is supported in Google Chrome version 41 or later.
This check box is cleared by default.
- Set Restricted Mode for YouTube
Minimum required Restricted Mode level for YouTube.
If the check box is selected, a minimum required Restricted Mode level for YouTube is set and the device user cannot pick a less restricted mode. Restricted mode levels are:
- Do not enforce Restricted Mode. Specifies that Google Chrome does not force Restricted mode. However, external policies might still enforce Restricted mode. This option is selected by default.
- Enforce at least Moderate Restricted Mode. Lets a device user enable the Moderate and Strict Restricted mode on YouTube, but prohibits turning Restricted mode off.
If the check box is cleared, Google Chrome does not require use of Restricted mode for YouTube, but Restricted mode can be enforced by external rules, such as YouTube rules.
The setting is supported in Google Chrome version 55 or later.
This check box is selected by default.
- Set availability of Incognito mode
Availability of Incognito mode in Google Chrome.
If the check box is selected, the admin can specify whether the device user is allowed to open pages in Incognito mode by selecting one of the following options:
- Incognito mode is available (default)
- Incognito mode is disabled
If the check box is cleared, the device user cannot open pages in Incognito mode in Google Chrome.
The setting is supported in Google Chrome version 30 or later.
This check box is selected by default.
- Enable search suggestions
Selecting or clearing this check box specifies whether search suggestions are enabled in Google Chrome's address bar.
The setting is supported in Google Chrome version 30 or later.
This check box is selected by default.
- Set translation settings
Enabling translation functionality.
If the check box is selected, the administrator can set the following translation options:
- Always offer translation. Shows the integrated translation toolbar and a translate option on the right-click context menu. This option is selected by default.
- Never offer translation. Disables all built-in translation functionality.
If the check box is cleared, the user's personal settings will be applied.
The setting is supported in Google Chrome version 30 or later.
This check box is cleared by default.
- Enable bookmark editing
Selecting or clearing this check box specifies whether the device user is allowed to add, remove, or modify bookmarks.
The setting is supported in Google Chrome version 30 or later.
This check box is selected by default.
- Managed bookmarks
An admin-managed list of bookmarks. The list is a dictionary where the keys are the "name" and "url". In other words, the key holds a bookmark's name and target. You can also set up a subfolder with a "children" key, which also has a list of bookmarks.
By default, the folder name for managed bookmarks is "Managed bookmarks". You can change it by adding a new sub-dictionary. To do this, specify the "toplevel_name" key with the required folder name as its value.
If you enter an incomplete URL as a bookmark's target, Google Chrome will substitute it with a URL as if it was submitted through the address bar. For example, "kaspersky.com" becomes "https://www.kaspersky.com".
For example:
"ManagedBookmarks": [{
//Changes the default folder name
"toplevel_name": "My managed bookmarks folder"
},
{
//Adds a bookmark to the managed bookmarks folder
"name": "Kaspersky",
"url": "kaspersky.com"
},
{
"name": "Kaspersky products",
"children": [{
"name": "Kaspersky Endpoint Security",
"url": "kaspersky.com/enterprise-security/endpoint"
},
{
"name": "Kaspersky Security for Mail Server",
"url": "kaspersky.com/enterprise-security/mail-server-security"
}
]
}
]
The setting is supported in Google Chrome version 37 or later.
- Block access to these URLs
A list of forbidden URLs. You can also set URL patterns, for example: [*.]example.com.
The setting is supported in Google Chrome version 86 or later.
- Allow access to these URLs (exceptions to blocked URLs)
A list of URLs that are exceptions to the list specified in Block access to these URLs. You can also set URL patterns, for example: [*.]example.com.
The setting is supported in Google Chrome version 86 or later.
Minimum allowed SSL version.
If the check box is selected, Google Chrome will not use SSL and TLS older than the selected version. Available version are:
- TLS 1.0 (default)
- TLS 1.1
- TLS 1.2
If the check box is cleared, Google Chrome will report an error for TLS 1.0 and TLS 1.1 protocols, but the device user will be able to bypass it.
The setting is supported in Google Chrome version 66 or later.
This check box is cleared by default.