Category Filter

Hexnode Policy management – General FAQs

1. Can a user revoke the passcode policy forced on the mobile device through an MDM?

A passcode policy forced on the device via Hexnode MDM cannot be revoked by the user. Once a passcode policy is applied on the device, the options to remove the same are disabled on the managed device. The password can only be removed by unmanaging the device.

2. What is the Grace period for lock and Idle timeout before device lock?

Idle timeout/ Auto lock is the amount of time before the device screen turns off. Grace period for device lock is the time limit before a device can be unlocked without a passcode.

3. Can you restrict a user from changing the date and time settings on an iOS device using an MDM?

The users can be restricted from changing the date and time settings on the iOS devices by enabling the Force Automatic Date and Time restriction under Policies > iOS > Advanced Restrictions. This restriction is applicable only for devices running iOS 12 and later. Another possible way is to set the device in single app kiosk mode thus locking the device to a specific app and allowing only those functionalities that are enabled via the Hexnode console.

4. How can you restrict Settings app on a managed device?

  • For iOS devices, the individual settings can be restricted by disabling it under Policies > New Policy > iOS > Restrictions/ Advanced Restrictions.
  • For Android devices, the users can be prevented from modifying the device settings by disabling Modify Settings restriction under Policies > New Policy > Android > Advanced Restrictions > Allow Settings. This restriction is supported only on Samsung Knox enabled devices.
  • In case of Android Enterprise-enabled devices, the Settings app can be blocked by blacklisting the same via policy.

5. How can you distribute contacts to an iOS device using Hexnode MDM?

Distributing and syncing contacts can be accomplished on managed iOS devices via CardDAV.

6. How to remotely pre-configure Wi-Fi, email and other such settings using an MDM?

Yes, policies for Wi-Fi, email and other settings can be pre-configured across multiple Hexnode-supported platforms on the MDM server and later on associated to devices or device groups. The pre-configured policies will be automatically associated to the devices as they are added to the device group.

7. How to put phone/call app in kiosk mode using Hexnode?

The phone/call app can be added to Android devices in kiosk mode by whitelisting both the phone app and contacts app via policy. Android devices makes use of different package names for these apps which are device specific so make sure to whitelist the appropriate apps. For example, com.samsung.android.incallui, com.samsung.android.contacts, com.android.contacts, com.android.dialer, com.android.incallui, etc.

8. How does Restrictions policy work on an iOS device?

The restriction policy applied to a device ensures device security and protection against vulnerable attacks. When multiple policies are applied on the device, the most restrictive one gains higher priority. For example, two policies- one to Disable Camera and the other to Enable Camera- are applied on the same device. In such a case, the most restrictive policy will be applied on the device which is “Disable Camera”.

Similarly, if two policies are pushed to the same device, for eg:- one to turn Wi-Fi ON & restrict camera usage, and the other to turn Wi-Fi OFF & allow camera usage, the effective of both the policies will be analyzed and applied to the device thus disabling Camera and Wi-Fi.