1. Can a passcode policy forced on the mobile device be revoked by the user?
A passcode policy forced on the device via Hexnode MDM cannot be revoked by the user. Once a passcode policy is applied on the device, the options to remove the same are disabled on the managed device. The password can only be removed by unmanaging the device.
2. What is the difference between Idle Timeout before lock and Grace Period for device lock?
Idle timeout/ Auto lock is the amount of time before the device screen turns off. Grace period for device lock is the time limit before a device can be unlocked without a passcode.
3. Can OS updates be restricted on managed iOS devices?
No, Apple does not allow MDM solutions to restrict OS updates on managed iOS devices.
4. Can the user be restricted from changing the date and time settings on iOS devices?
The users can be restricted from changing the date and time settings on the iOS devices by enabling the Force Automatic Date and Time restriction under Policies > iOS > Advanced Restrictions. This restriction is applicable only for devices running iOS 12 and later. Another possible way is to set the device in single app kiosk mode thus locking the device to a specific app and allowing only those functionalities that are enabled via the Hexnode console.
5. How to prevent users from accessing the Settings on the devices?
- For iOS devices, the individual settings can be restricted by disabling it under Policies > New Policy > iOS > Restrictions/ Advanced Restrictions.
- For Android devices, the users can be prevented from modifying the device settings by disabling Modify Settings restriction under Policies > New Policy > Android > Advanced Restrictions > Allow Settings. This restriction is supported only on Samsung Knox enabled devices.
- In case of Android Enterprise-enabled devices, the Settings app can be blocked by blacklisting the same via policy.
6. Can we use Hexnode MDM to distribute contacts to iOS devices?
Distributing and syncing contacts can be accomplished on managed iOS devices via CardDAV.
7. Can MDM be used to pre-configure essential settings such as Wi-Fi and email over-the-air without any user intervention?
Yes, policies for Wi-Fi, email and other settings can be pre-configured across multiple Hexnode-supported platforms on the MDM server and later on associated to devices or device groups. The pre-configured policies will be automatically associated to the devices as they are added to the device group.
8. How can the phone/call app be added to Android devices in kiosk mode?
The phone/call app can be added to Android devices in kiosk mode by whitelisting both the phone app and contacts app via policy. Android devices makes use of different package names for these apps which are device specific so make sure to whitelist the appropriate apps. For example, com.samsung.android.incallui, com.samsung.android.contacts, com.android.contacts, com.android.dialer, com.android.incallui, etc.
9. What is the behavior of Restriction policy in iOS devices?
The restriction policy applied to a device ensures device security and protection against vulnerable attacks. When multiple policies are applied on the device, the most restrictive one gains higher priority. For example, two policies- one to Disable Camera and the other to Enable Camera- are applied on the same device. In such a case, the most restrictive policy will be applied on the device which is “Disable Camera”.
Similarly, if two policies are pushed to the same device, for eg:- one to turn Wi-Fi ON & restrict camera usage, and the other to turn Wi-Fi OFF & allow camera usage, the effective of both the policies will be analyzed and applied to the device thus disabling Camera and Wi-Fi.