- 09 Aug 2024
- 6 Minutes to read
- Print
- PDF
Policies and Restrictions under COPE
- Updated on 09 Aug 2024
- 6 Minutes to read
- Print
- PDF
In a COPE profile, the enterprise is able to control certain device-wide polices and enforce some restrictions on the personal side, such as turning off the camera etc. The data and info on the work container created on the company-owned devices will be fully controlled by the IT admin of the organization.
This document describes the policies and restrictions offered under the Scalefusion Dashboard that can be applied to COPE devices.
Steps
For a work profile on corporate-owned devices, you need to create a BYOD profile with COPE configurations. To do so,
- Sign In to Scalefusion Dashboard and navigate to Device Profiles & Policies ➞ Device Profiles.
- Click on Create New Profile in the upper right corner or edit an existing BYO profile.
- Under the Android tab, select the Personal (BYOD) option. Enter a name for your new Profile and click SUBMIT to see the profile creator window.
- Here, click on WPCO/COPE on the left menu and click on Create Configuration.
- The policies can be defined under the following heads:
- Device Usages
- Installation Policy
- Security Settings
- Update Settings
- General Settings
These are described below:
Device Usages
Policy | Description |
Configure Personal Usage Schedule | Configure the timeframe for which you can use the personal profile on WPCO/COPE devices. Following are the options. Choose any one:
|
Configure the maximum number of work-off days | Configure the maximum number of days for which the work profile can be disabled. The minimum number of days for which it can be disabled is 0. Once the Work profile is manually disabled on the device, you have to enable it manually after said number of days. If you do not enable it after a set number of days, the personal side will automatically get disabled. It will be enabled only after the work profile is enabled. |
Installation Policy
From here, you can configure the application installation policy to allow or block selected applications' installation on devices. Select one from the following options:
- No Application Policy: No restrictions to the installation of apps
- Only Allow selected: Only the selected applications will be allowed to be installed, and all other applications will be blocked from installing.
- Block selected: All applications except the selected applications will be allowed to install.
The applications are listed, and you can search apps by app name and package. If an application is not listed, it can be added. To do so,
- Click on the Add Application button.
- A dialog will be opened for entering the application name and the package name.
- Enter the details and click on the Add button.
- This will add and list the application to the Apps list. Enable or disable the toggle to allow or block the app as per policy requirements.
Security Settings
Communication Settings
Setting | Description | Default |
Allow Outgoing Phone Calls | Normally disabling the Phone app will achieve this. However, there might be some apps that might attempt to make phone calls. This option lets you completely disable outgoing calls. | On |
Allow Send/Receive SMS | Normally disabling the default messaging app will achieve this. However, there might be some apps that can send SMS discreetly. This option lets you completely block the SMS. | On |
Allow Bluetooth | Allows a user to connect to a Bluetooth device. The user is allowed to enable/disable Bluetooth | Off |
Allow Bluetooth Sharing | Allows a user to send files via Bluetooth. Outgoing Bluetooth sharing is enabled. | Off |
Allow Data Roaming | The user is allowed to use cellular data while roaming. | On |
Network & Security Settings
Setting | Description | Default |
Allow Mobile Network Changes | Allows users to change mobile network settings if they have access to the Settings app. | On |
Allow Tethering From All Sources | Allow users to enable Tethering via USB or Bluetooth. | On |
Allow WiFi Changes | Allow users to modify/change the Wi-Fi network from System Settings if they have access to it. This may cause them to lose connectivity, and hence it is suggested that you allow them to use Scalefusion's Wi-Fi connection options as a fallback. | On |
Allow Screen Capture | Allows users to capture the screenshots. | On |
Allow Camera | The user is allowed to use the Camera | On |
Allow the User to enable/disable airplane mode | The user is permitted to enable/disable the airplane mode on the device | On |
Allow User to enable/disable Location | If enabled, the user is allowed to enable/disable location This will work when Force GPS is always On and is enabled under global location settings. | Off |
Allow Location Sharing | If enabled, users are allowed to share locations. This will work when Enable/disable location tracking is disabled under global location settings. | Off |
Allow Unmute Microphone | The user is allowed to unmute the microphone and control the volume | On |
Device Management
Setting | Description | Default |
Allow users to boot devices in safe mode | The user can boot devices in safe mode by using the power-off key. | On |
USB Device Management
Setting | Description | Default |
Allow MTP access | The user can access the media on the device via MTP protocol when connected to a device via a USB cable. | On |
Allow user to connect the device via USB Access | The users can connect the device via a USB cable and access the USB storage and other options. | On |
Allow user to connect USB in debuggable mode | If enabled, users can use the USB Debugging feature when connected to a USB cable. | Off |
- On AMAPI devices (enrolled with Android Device Manager) enrolled as COPE, both the following settings will work only if any one of them is toggled on:
- Allow users to boot devices in safe mode
- Allow user to connect USB in debuggable mode.
- If both are turned off, then both settings will be disabled on the device.
Update Settings
From here, you can configure a policy for installing Android OS Updates and control the installation of updates on your managed Android devices. The policies are as follows:
System Update Policy Settings
- None: No policy applies to OS Updates
- Postpone: Postpones the installation of updates by 30 days
- Automatic Install Update: The updates are automatically installed
- Install within the maintenance window: Specify the start time and end time, and the updates will get installed during that timeframe.
Enable Freeze Period
A freeze period is specified to freeze the system updates for a certain timeframe. During the freeze period, all incoming system updates, including security patches, are blocked and do not get installed on the device. When a device is outside the freeze period, normal update behavior applies.
To configure the freeze period:
- Toggle on the setting Enable Freeze Period in OS Update Settings
- Enter a name in the text field.
- Select Start Date and End Date.
- If you want to add another freeze period, click on the button Add Freeze Period. This will open up a new row for configuring the next freeze window.
- To delete a freeze period, click on the delete icon next to each specified freeze period.
Important Points on Freeze period:
- The freeze period can be enabled only if the system update policy is not set to None.
- The maximum freeze window allowed is 90 days; that is, the end date selection should be 90 days from the start date.
- There can be multiple freeze windows. The minimum gap between two freeze windows should be at least 60 days.
- The freeze period will repeat every year until it is deleted.
General Settings
Timezone Settings
Settings | Description |
Configure Automatic Network Time & Timezone | You can configure the time & timezone to be picked up by the device. There are three options to choose from:
|
Choose Timezone configuration | Enforce a default timezone for the devices from a list of previously created TimeZone configurations [Device Profile & Policies → All configurations → Android Utilities → Timezone Configurations] |
Display Settings
Settings | Description |
Screen Time out Settings | With this setting, you can specify a duration of inactivity, after which the screen will go to sleep. On the device, users will be able to see and select the options up to the specified duration. The duration can be selected from the drop-down:
|