Policies and Restrictions under COPE
  • 09 Aug 2024
  • 6 Minutes to read
  • PDF

Policies and Restrictions under COPE

  • PDF

Article summary

In a COPE profile, the enterprise is able to control certain device-wide polices and enforce some restrictions on the personal side, such as turning off the camera etc. The data and info on the work container created on the company-owned devices will be fully controlled by the IT admin of the organization.

This document describes the policies and restrictions offered under the Scalefusion Dashboard that can be applied to COPE devices.

Steps

For a work profile on corporate-owned devices, you need to create a BYOD profile with COPE configurations. To do so,

  1. Sign In to Scalefusion Dashboard and navigate to Device Profiles & PoliciesDevice Profiles.
  2. Click on Create New Profile in the upper right corner or edit an existing BYO profile.
  3. Under the Android tab, select the Personal (BYOD) option. Enter a name for your new Profile and click SUBMIT to see the profile creator window.
  4. Here, click on WPCO/COPE on the left menu and click on Create Configuration.
  5. The policies can be defined under the following heads:
    1. Device Usages
    2. Installation Policy
    3. Security Settings
    4. Update Settings
    5. General Settings

These are described below:

Device Usages

PolicyDescription
Configure Personal Usage Schedule

Configure the timeframe for which you can use the personal profile on WPCO/COPE devices. Following are the options. Choose any one:

  • Allow Always: Personal usage is allowed all the time, and the user is able to access personal side apps.
  • Disallow Always: Personal usage is never allowed, and the user is not allowed to access personal side apps except a few apps like phone, Play Store, and messages.
  • Disallow during the configured timeframe: Personal usage will not be allowed during the set time and frequency. During the remaining time, personal apps will be enabled.

Configure the maximum number of work-off daysConfigure the maximum number of days for which the work profile can be disabled. The minimum number of days for which it can be disabled is 0.
Once the Work profile is manually disabled on the device, you have to enable it manually after said number of days. If you do not enable it after a set number of days, the personal side will automatically get disabled. It will be enabled only after the work profile is enabled.

Installation Policy

From here, you can configure the application installation policy to allow or block selected applications' installation on devices. Select one from the following options:

  • No Application Policy: No restrictions to the installation of apps
  • Only Allow selected: Only the selected applications will be allowed to be installed, and all other applications will be blocked from installing.
  • Block selected: All applications except the selected applications will be allowed to install.

The applications are listed, and you can search apps by app name and package. If an application is not listed, it can be added. To do so,

  1. Click on the Add Application button.
  2. A dialog will be opened for entering the application name and the package name.
  3. Enter the details and click on the Add button.
  4. This will add and list the application to the Apps list. Enable or disable the toggle to allow or block the app as per policy requirements.

Security Settings

Communication Settings

SettingDescriptionDefault
Allow Outgoing Phone CallsNormally disabling the Phone app will achieve this. However, there might be some apps that might attempt to make phone calls. This option lets you completely disable outgoing calls.On
Allow Send/Receive SMSNormally disabling the default messaging app will achieve this. However, there might be some apps that can send SMS discreetly. This option lets you completely block the SMS.On
Allow BluetoothAllows a user to connect to a Bluetooth device. The user is allowed to enable/disable BluetoothOff
Allow Bluetooth SharingAllows a user to send files via Bluetooth. Outgoing Bluetooth sharing is enabled.Off
Allow Data RoamingThe user is allowed to use cellular data while roaming.On

Network & Security Settings

SettingDescriptionDefault
Allow Mobile Network ChangesAllows users to change mobile network settings if they have access to the Settings app.On
Allow Tethering From All SourcesAllow users to enable Tethering via USB or Bluetooth.On
Allow WiFi ChangesAllow users to modify/change the Wi-Fi network from System Settings if they have access to it.

This may cause them to lose connectivity, and hence it is suggested that you allow them to use Scalefusion's Wi-Fi connection options as a fallback.
On
Allow Screen CaptureAllows users to capture the screenshots.On
Allow CameraThe user is allowed to use the CameraOn
Allow the User to enable/disable airplane modeThe user is permitted to enable/disable the airplane mode on the deviceOn
Allow User to enable/disable LocationIf enabled, the user is allowed to enable/disable location
This will work when Force GPS is always On and is enabled under global location settings.
Off
Allow Location SharingIf enabled, users are allowed to share locations.
This will work when Enable/disable location tracking is disabled under global location settings.
Off
Allow Unmute MicrophoneThe user is allowed to unmute the microphone and control the volumeOn

Device Management

SettingDescriptionDefault
Allow users to boot devices in safe modeThe user can boot devices in safe mode by using the power-off key.On

USB Device Management

SettingDescriptionDefault
Allow MTP accessThe user can access the media on the device via MTP protocol when connected to a device via a USB cable.On
Allow user to connect the device via USB AccessThe users can connect the device via a USB cable and access the USB storage and other options.On
Allow user to connect USB in debuggable modeIf enabled, users can use the USB Debugging feature when connected to a USB cable.Off

  1. On AMAPI devices (enrolled with Android Device Manager) enrolled as COPE, both the following settings will work only if any one of them is toggled on: 
    1. Allow users to boot devices in safe mode  
    2. Allow user to connect USB in debuggable mode.
  2. If both are turned off, then both settings will be disabled on the device. 


Update Settings

From here, you can configure a policy for installing Android OS Updates and control the installation of updates on your managed Android devices. The policies are as follows:

System Update Policy Settings

  • None: No policy applies to OS Updates
  • Postpone: Postpones the installation of updates by 30 days
  • Automatic Install Update: The updates are automatically installed
  • Install within the maintenance window: Specify the start time and end time, and the updates will get installed during that timeframe.

Enable Freeze Period

A freeze period is specified to freeze the system updates for a certain timeframe. During the freeze period, all incoming system updates, including security patches, are blocked and do not get installed on the device. When a device is outside the freeze period, normal update behavior applies.

If the freeze period is enabled, the freeze window overrides the existing system update policy settings. When the freeze period ends, the updates work according to the system updates policy.

To configure the freeze period:

  1. Toggle on the setting Enable Freeze Period in OS Update Settings
  2. Enter a name in the text field.
  3. Select Start Date and End Date.
  4. If you want to add another freeze period, click on the button Add Freeze Period. This will open up a new row for configuring the next freeze window.
  5. To delete a freeze period, click on the delete icon next to each specified freeze period.

Important Points on Freeze period:

  • The freeze period can be enabled only if the system update policy is not set to None.
  • The maximum freeze window allowed is 90 days; that is, the end date selection should be 90 days from the start date.
  • There can be multiple freeze windows. The minimum gap between two freeze windows should be at least 60 days.
  • The freeze period will repeat every year until it is deleted.

General Settings

Timezone Settings

SettingsDescription
Configure Automatic Network Time & Timezone

You can configure the time & timezone to be picked up by the device. There are three options to choose from:

  • Enable Forces the device to use network time only, if available. If this is enabled, the rest of the timezone settings cannot be configured.
  • Disable: Disables the network-based time
  • Allow Users: Users get the option to toggle this setting to on or off.
Choose Timezone configurationEnforce a default timezone for the devices from a list of previously created TimeZone configurations [Device Profile & Policies → All configurations → Android Utilities → Timezone Configurations]

Display Settings

SettingsDescription
Screen Time out Settings

With this setting, you can specify a duration of inactivity, after which the screen will go to sleep. On the device, users will be able to see and select the options up to the specified duration. The duration can be selected from the drop-down:

  • 15 seconds
  • 30 seconds
  • 1 minute
  • 2 minutes
  • 5 minutes
  • 10 minutes
  • 30 minutes
  • None

Was this article helpful?