Category filter
How to use pre-configured policy template in Hexnode UEM for easy policy deployment
Hexnode UEM Policy Template is a set of pre-configured policies that you can use to create new policies and associate them to required target devices. Apart from the default policy templates, you can also create new templates in the Hexnode portal.
To associate a policy template to a target device, you have to first copy it to My Policies. You can either use the copied template directly, or you can modify the template policy to attach it to the devices. With Hexnode, you can create more than one policy using the same policy template. So, to create multiple policies with the same configuration, you just have to create one template and make its copy.
Hexnode’s Pre-defined Policy Templates include:
- Android Website kiosk
- BitLocker Security Policy
- BYOD Policy for Corporate Data Containerization
- Expense Management Policy
- HIPAA Compliance Policy
- iOS Single App Kiosk Policy
- Location Policy
- Samsung Knox Policy
- Standard DLP Policy
Note:
Instead of creating large number of same policies by individually configuring each, you can create a policy template in Hexnode with the required configurations. And this single template can be reproduced to policies as many times as required.
Pre-configured templates in Hexnode:
Android Website kiosk
A pre-configured policy template to lockdown Android devices to a couple of web apps in multi-app kiosk mode.
Template name: Android Website Kiosk
Description: Lock down Android devices to a handful of websites.
Template Configuration:
Kiosk Lockdown > Android Kiosk Lockdown > Multi App: Amazon feedback & Amazon affiliates.
BitLocker Security Policy
A policy that is pre-configured to provide the basic industrial standard BitLocker encryption along with Windows password security.
Template name: BitLocker Security Policy
Description: Enable BitLocker encryption for industry-standard security.
Template Configuration:
- Windows > Password
- Windows > Security > BitLocker
| Password settings | Configuration |
|---|---|
| Allow simple value | Disabled |
| Password type | Users can choose |
| Minimum Password length | 8 |
| Minimum complex characters | Digits only |
| Minimum passcode age (in days) | 0 |
| Auto-Lock (in minutes) | 0 |
| Passcode history | 0 |
| Failed attempt before wipe | 0 |
| BitLocker Settings | Configuration |
|---|---|
| Prompt to encrypt storage card | Enabled |
| Prompt for device encryption | Enabled |
| Configure encryption method for disk drives | Select default value |
| Configure authentication when computer starts up | Enable |
| Allow BitLocker without a Trusted Platform Module (TPM) | Select default value |
| Authenticate with TPM startup key | Disallow |
| Authenticate with TPM startup pin | Disallow |
| Authenticate with TPM startup key and PIN | Disallow |
| Enable TPM during startup | Disallow |
| Minimum length for BitLocker startup PIN | 6 |
| Configure pre-boot recovery message | Show default recovery message and URL |
| Configure recovery options for system drives | Disabled |
| Configure recovery options for fixed drives | Disabled |
| Fixed drives require encryption | Enabled |
| Removable drives require encryption | Enabled |
BYOD Policy for Corporate Data Containerization
A policy template to protect the corporate data in any iOS and Android BYOD device.
Template name: BYOD Policy for Corporate Data Containerization
Description: A common policy for iOS & Android devices to safeguard the corporate data in Managed apps and Work containers.
Template Configuration:
- iOS > Restrictions
- iOS > Advanced Restrictions
- iOS > Security > Business Container
- Android > Advanced Restrictions
| Restrictions | Configuration | |
|---|---|---|
| Allow Device Functionality | Camera | Enabled |
| FaceTime | Enabled | |
| Screen capture | Enabled | |
| Touch ID | Enabled | |
| Siri | Enabled | |
| Allow Siri while device is locked | Enabled | |
| Voice dialing | Enabled | |
| Automatic sync while roaming | Enabled | |
| Allow Application Settings | Show App Store on the device | Enabled |
| iTunes Store | Enabled | |
| Force user to enter iTunes store password for each purchase | Enabled | |
| In-app purchases | Enabled | |
| Trust enterprise app | Enabled | |
| Users can modify enterprise app trust | Enabled | |
| Backup enterprise-deployed iBooks | Enabled | |
| Sync managed app data with iCloud | Disabled | |
| YouTube | Enabled | |
| Safari | Enabled | |
| Autofill | Enabled | |
| Fraud warning | Disabled | |
| JavaScript | Enabled | |
| Block pop-ups | Enabled | |
| Accept cookies | Always | |
| Access Passbook when the device is locked | Disabled | |
| Add friends in Game Center | Enabled | |
| Allow iCloud Settings | Backup | Enabled |
| Sync documents | Enabled | |
| Photo Stream (Disallowing might cause data loss) | Enabled | |
| Share photo streams | Enabled | |
| iCloud photo library | Enabled | |
| Sync enterprise book metadata across devices | Enabled | |
| Allow Security and Privacy Settings | Lock screen notifications | Enabled |
| Today View on lock screen | Enabled | |
| Control Center on lock screen | Enabled | |
| Over the air PKI updates | Enabled | |
| Limit ad tracking | Disabled | |
| Send diagnostic data to Apple | Enabled | |
| Accept untrusted TLS certificate | Enabled | |
| Force encrypted backup | Disabled | |
| Show notification on Apple Watch if worn | Disabled | |
| Allow Explicit Content | Explicit music, podcasts and iTunes U services | Enabled |
| iBooks store erotica | Disabled | |
| Rating region | United States | |
| Content rating | ||
| Movies | Allow All Movies | |
| TV Shows | Allow All TV Shows | |
| Apps | Allow All Apps | |
| Restrictions | Configuration | |
|---|---|---|
| Allow Device Functionality | AirDrop | Enabled |
| Apps can modify cellular data usage | Enabled | |
| Add or remove Touch ID/Face ID | Enabled | |
| iMessage | Enabled | |
| Game Center | Enabled | |
| Multiplayer gaming | Enabled | |
| Pair with iTunes | Enabled | |
| Install configuration profile | Enabled | |
| Definition lookup | Enabled | |
| Predictive keyboard | Enabled | |
| Auto-correct words | Enabled | |
| Suggest words on misspellings | Enabled | |
| Keyboard shortcuts | Enabled | |
| Pair with Apple Watch | Enabled | |
| Modify diagnostic data submission settings | Enabled | |
| Modify Bluetooth settings | Enabled | |
| Use voice to type | Enabled | |
| Connect to MDM-configured Wi-Fi networks only | Disabled | |
| Users can modify Personal Hotspot settings | Enabled | |
| Create VPN configuration | Enabled | |
| AirPrint | Enabled | |
| Connect with iBeacon | Enabled | |
| Store AirPrint credentials in Keychain | Enabled | |
| Use trusted certificates for secure printing | Disabled | |
| Allow App Settings | Install app from App Store | Enabled |
| Remove apps | Enabled | |
| Remove system apps | Enabled | |
| iBooks store | Enabled | |
| Apple Music | Enabled | |
| iTunes Radio | Enabled | |
| News | Enabled | |
| Podcasts | Enabled | |
| Download all purchased apps automatically | Enabled | |
| Allow Security and Privacy Settings | Activation Lock | Disabled |
| Modify an account | Enabled | |
| Erase content and settings | Enabled | |
| Siri can access user-generated content | Enabled | |
| Modify Find My Friends | Enabled | |
| Use profanity filter | Disabled | |
| Show web results using Spotlight Search | Enabled | |
| Modify Restrictions/Screen Time | Enabled | |
| Modify passcode | Enabled | |
| Modify device name | Enabled | |
| Modify wallpaper | Enabled | |
| Users can turn notifications on/off | Enabled | |
| Force Automatic Date and Time | Disabled | |
| Autofill Passwords | Enabled | |
| Request passwords from nearby devices | Enabled | |
| Share passwords via Airdrop Passwords feature | Enabled | |
| Settings | Configuration |
|---|---|
| Open documents from managed apps in unmanaged apps | Disabled |
| Open documents from unmanaged apps in managed apps | Disabled |
| Managed apps can write to Unmanaged Contact Accounts | Disabled |
| Unmanaged apps can read from Managed Contact Accounts | Disabled |
| Block Sharing Managed Document using AirDrop | Disabled |
| Restrictions | Configuration | |
|---|---|---|
| Allow device functionality | Microphone | Enabled |
| Screen capture | Disabled | |
| Clipboard | Enabled | |
| Copy contents between normal and work profiles | Enabled | |
| Share via other apps | Enabled | |
| Users can adjust volume | Enabled | |
| Make a call | Enabled | |
| Display Settings | Hide System bars | Disabled |
| Hide Status Bar | Disabled | |
| Hide Navigation Bar | Disabled | |
| Split-screen mode | Enabled | |
| Display dialogs/windows | Enabled | |
| Allow Connectivity Options | NFC | Enabled |
| Android Beam | Enabled | |
| Beam from the device | Enabled | |
| Transfer data via Bluetooth | Enabled | |
| Configure Bluetooth | Enabled | |
| Configure cell broadcast | Enabled | |
| Configure cellular network | Enabled | |
| Users can reset network settings | Enabled | |
| Configure Wi-Fi | Enabled | |
| Configure hotspot and tethering | Enabled | |
| Security Options | Minimum Wi-Fi Security Level | Open |
| Allow Sync Settings | Sync data in background | Enabled |
| Sync data with Google account | Enabled | |
| Allow Account Settings | SMS | Enabled |
| Receive messages | Enabled | |
| Send messages | Enabled | |
| Modify Accounts/Users | Enabled | |
| Add Users | Enabled | |
| Remove Users | Enabled | |
| Configure user credentials | Enabled | |
| Allow Settings | Developer mode | Enabled |
| USB debugging | Enabled | |
| Modify settings | Enabled | |
| Power saving mode | Enabled | |
| Users can enable location sharing | Enabled | |
| Factory reset | Enabled | |
| Read any connected physical external media | Enabled | |
| Update date and time automatically | Enabled | |
| Set time zone automatically | Enabled | |
| Disable screen lock if the screen was turned off | Disabled | |
| Configure VPN | Enabled | |
| Allow App Settings | Install apps | Enabled |
| Uninstall apps | Enabled | |
| Control apps | Enabled | |
| Google Play Store | Enabled | |
| Verify apps before install | Disabled | |
| Install apps from unknown sources | Disabled | |
| App Runtime Permissions | Default permissions | |
| Parent profile app linking | Enabled | |
| Factory Reset Protection (Google Account Verification) | Default | |
Expense Management Policy
An Android policy to set data and Wi-Fi restrictions and notifications to have control over expenses.
Template name: Expense Management Policy
Description: Data/Wi-Fi usage warning & restrictions for an arbitrary monthly limit.
Template Configuration:
Android > Mobile Data Management
Data Usage Restrictions:
| Restriction | Configuration |
|---|---|
| Enable data usage tracking | Enabled |
| Enable network & data usage restrictions | Enabled |
| Network Restrictions | No Restrictions |
| Data Usage Notifications | Notify both User and Admin, Monthly when Mobile data exceeds 0.5 GB |
| Data Usage Restrictions | Restrict and notify all, Monthly when Mobile Data exceeds 1 GB |
| Reset Data Tracking | Daily at 18:30 (UTC +00:00) GMT Standard Time, Monthly on day 1 of each month |
HIPAA Compliance Policy
A policy with iOS and Android passcode and restriction along with Mac and Windows encryption configurations to set standards of confidentiality and integrity to protect ePHI.
Template name: HIPAA Compliance Policy
Description: Workstation and Device Security policies to protect ePHI.
Template Configuration:
- iOS > Passcode
- iOS > Advanced Restrictions
- iOS > Security > Business Container
- Android > Advanced Restrictions
- Windows > Security > BitLocker
- macOS > Security > FileVault
| Policy | Configuration |
|---|---|
| Allow simple value | Disabled |
| Require alpha numeric value | Enabled |
| Minimum Passcode Length | 8 |
| Minimum complex characters | 1 |
| Minimum passcode age in days (0-730 days) | 30 |
| Auto Lock | 1 Minute |
| Passcode History (1-50 passcodes) | 5 |
| Grace period for device lock | Immediately |
| Failed attempts (After the specified number of failed attempts, the device data will be wiped automatically) | 10 |
| Restrictions | Configuration | |
|---|---|---|
| Allow Device Functionality | AirDrop | Enabled |
| Apps can modify cellular data usage | Enabled | |
| Add or remove Touch ID/Face ID | Enabled | |
| iMessage | Enabled | |
| Game Center | Enabled | |
| Multiplayer gaming | Enabled | |
| Pair with iTunes | Enabled | |
| Install configuration profile | Enabled | |
| Definition lookup | Enabled | |
| Predictive keyboard | Enabled | |
| Auto-correct words | Enabled | |
| Suggest words on misspellings | Enabled | |
| Keyboard shortcuts | Enabled | |
| Pair with Apple Watch | Enabled | |
| Modify diagnostic data submission settings | Enabled | |
| Modify Bluetooth settings | Enabled | |
| Use voice to type | Enabled | |
| Connect to MDM-configured Wi-Fi networks only | Disabled | |
| Users can modify Personal Hotspot settings | Enabled | |
| Create VPN configuration | Enabled | |
| AirPrint | Enabled | |
| Connect with iBeacon | Enabled | |
| Store AirPrint credentials in Keychain | Enabled | |
| Use trusted certificates for secure printing | Disabled | |
| Allow App Settings | Install app from App Store | Enabled |
| Remove apps | Enabled | |
| Remove system apps | Enabled | |
| iBooks store | Enabled | |
| Apple Music | Enabled | |
| iTunes Radio | Enabled | |
| News | Enabled | |
| Podcasts | Enabled | |
| Download all purchased apps automatically | Enabled | |
| Allow Security and Privacy Settings | Activation Lock | Disabled |
| Modify an account | Enabled | |
| Erase content and settings | Enabled | |
| Siri can access user-generated content | Enabled | |
| Modify Find My Friends | Enabled | |
| Use profanity filter | Disabled | |
| Show web results using Spotlight Search | Enabled | |
| Modify Restrictions/Screen Time | Enabled | |
| Modify passcode | Enabled | |
| Modify device name | Enabled | |
| Modify wallpaper | Enabled | |
| Users can turn notifications on/off | Enabled | |
| Force Automatic Date and Time | Disabled | |
| Autofill Passwords | Enabled | |
| Request passwords from nearby devices | Enabled | |
| Share passwords via Airdrop Passwords feature | Enabled | |
| Settings | Configuration |
|---|---|
| Open documents from managed apps in unmanaged apps | Enabled |
| Open documents from unmanaged apps in managed apps | Enabled |
| Managed apps can write to Unmanaged Contact Accounts | Disabled |
| Unmanaged apps can read from Managed Contact Accounts | Disabled |
| Block Sharing Managed Document using AirDrop | Disabled |
| Restrictions | Configuration | |
|---|---|---|
| Allow device functionality | Microphone | Enabled |
| Screen capture | Enabled | |
| Clipboard | Enabled | |
| Copy contents between normal and work profiles | Disabled | |
| Share via other apps | Enabled | |
| Users can adjust volume | Enabled | |
| Make a call | Enabled | |
| Display Settings | Hide System bars | Disabled |
| Hide Status Bar | Disabled | |
| Hide Navigation Bar | Disabled | |
| Split-screen mode | Enabled | |
| Display dialogs/windows | Enabled | |
| Allow Connectivity Options | NFC | Enabled |
| Android Beam | Enabled | |
| Beam from the device | Enabled | |
| Transfer data via Bluetooth | Enabled | |
| Configure Bluetooth | Enabled | |
| Configure cell broadcast | Enabled | |
| Configure cellular network | Enabled | |
| Users can reset network settings | Enabled | |
| Configure Wi-Fi | Enabled | |
| Configure hotspot and tethering | Enabled | |
| Security Options | Minimum Wi-Fi Security Level | Open |
| Allow Sync Settings | Sync data in background | Enabled |
| Sync data with Google account | Enabled | |
| Allow Account Settings | SMS | Enabled |
| Receive messages | Enabled | |
| Send messages | Enabled | |
| Modify Accounts/Users | Enabled | |
| Add Users | Enabled | |
| Remove Users | Enabled | |
| Configure user credentials | Enabled | |
| Allow Settings | Developer mode | Disabled |
| USB debugging | Disabled | |
| Modify settings | Enabled | |
| Power saving mode | Enabled | |
| Users can enable location sharing | Enabled | |
| Factory reset | Enabled | |
| Read any connected physical external media | Enabled | |
| Update date and time automatically | Enabled | |
| Set time zone automatically | Enabled | |
| Disable screen lock if the screen was turned off | Disabled | |
| Configure VPN | Enabled | |
| Allow App Settings | Install apps | Enabled |
| Uninstall apps | Enabled | |
| Control apps | Enabled | |
| Google Play Store | Enabled | |
| Verify apps before install | Disabled | |
| Install apps from unknown sources | Disabled | |
| App Runtime Permissions | Default permissions | |
| Parent profile app linking | Enabled | |
| Factory Reset Protection (Google Account Verification) | Default | |
| BitLocker Settings | Configuration |
|---|---|
| Prompt to encrypt storage card | Enabled |
| Prompt for device encryption | Enabled |
| Configure encryption method for disk drives | Select default value |
| Configure authentication when computer starts up | Select default value |
| Minimum length for BitLocker startup PIN | 6 |
| Configure pre-boot recovery message | Select default value |
| Configure recovery options for system drives | Disabled |
| Configure recovery options for fixed drives | Disabled |
| Fixed drives require encryption | Enabled |
| Removable drives require encryption | Enabled |
| Policy Settings | Configuration |
|---|---|
| Enable FileVault | Enabled |
| Encrypt using | Institutional and Personal Recovery Key |
| Encryption certificate | HexnodeMDM FileVault Certificate |
| Show Personal Recovery Key to user | Enabled |
| Skip enabling FileVault at user login | Disabled |
iOS Single App Kiosk Policy
A preconfigured policy to restrict an iOS device to a single app in kiosk mode.
Template name: iOS Single App Kiosk Policy
Description: Lock down iOS devices to a single app
Template Configuration:
Kiosk Lockdown > iOS Kiosk Lockdown > Single App
Uber Technologies Inc. is added as the app in single app kiosk.
| Feature | Configuration | |
|---|---|---|
| Advanced Kiosk Settings | Disable touch | Disabled |
| Disable device screen rotation | Disabled | |
| Disable volume buttons | Disabled | |
| Disable ringer switch | Enabled | |
| Disable sleep wake button | Disabled | |
| Disable auto lock | Disabled | |
| Enable VoiceOver | Disabled | |
| Enable Zoom | Disabled | |
| Enable invert colors | Disabled | |
| Enable AssistiveTouch | Disabled | |
| Enable speak selection | Disabled | |
| User Enabled Options | VoiceOver | Enabled |
| Zoom | Enabled | |
| Invert colors | Disabled | |
| AssistiveTouch | Disabled | |
Location Policy
A pre-configured location tracking policy that tracks the devices’ location in specific time intervals.
Template name: Location Policy
Description: Enable Location Tracking on target devices.
Template Configuration:
General Settings > Location Tracking
| Policy | Description |
|---|---|
| Enable Location Tracking | Enabled |
| Location Update Interval | 1 Hrs |
Samsung Knox Policy
A policy template for Samsung Knox device security.
Template name: Samsung Knox Policy
Description: With advanced restrictions exclusively available for Samsung devices.
Template Configuration:
- Android > Password > Device Password
- Android > Advanced Restrictions
| Password Settings | Configuration |
|---|---|
| Password Requirement | Alphanumeric |
| Minimum Passcode Length | 8 |
| Password age (in days) | _ |
| Auto-lock after | _ |
| Password History (1-50 passcodes) | _ |
| Failed attempts (After the specified number of failed attempts, the device data will be wiped automatically) | _ |
| Restrictions | Configuration | |
|---|---|---|
| Allow device functionality | Microphone | Enabled |
| Screen capture | Disabled | |
| Clipboard | Disabled | |
| Copy contents between normal and work profiles | Disabled | |
| Share via other apps | Disabled | |
| Users can adjust volume | Enabled | |
| Make a call | Enabled | |
| Display Settings | Hide System bars | Disabled |
| Hide Status Bar | Disabled | |
| Hide Navigation Bar | Disabled | |
| Split-screen mode | Enabled | |
| Display dialogs/windows | Enabled | |
| Allow Connectivity Options | NFC | Enabled |
| Android Beam | Enabled | |
| Beam from the device | Enabled | |
| Transfer data via Bluetooth | Enabled | |
| Configure Bluetooth | Enabled | |
| Configure cell broadcast | Enabled | |
| Configure cellular network | Enabled | |
| Users can reset network settings | Enabled | |
| Configure Wi-Fi | Enabled | |
| Configure hotspot and tethering | Enabled | |
| Security Options | Minimum Wi-Fi Security Level | Open |
| Allow Sync Settings | Sync data in background | Enabled |
| Sync data with Google account | Enabled | |
| Allow Account Settings | SMS | Enabled |
| Receive messages | Enabled | |
| Send messages | Enabled | |
| Modify Accounts/Users | Enabled | |
| Add Users | Enabled | |
| Remove Users | Enabled | |
| Configure user credentials | Enabled | |
| Allow Settings | Developer mode | Disabled |
| USB debugging | Disabled | |
| Modify settings | Enabled | |
| Power saving mode | Enabled | |
| Users can enable location sharing | Enabled | |
| Factory reset | Enabled | |
| Read any connected physical external media | Enabled | |
| Update date and time automatically | Enabled | |
| Set time zone automatically | Enabled | |
| Disable screen lock if the screen was turned off | Disabled | |
| Configure VPN | Enabled | |
| Allow App Settings | Install apps | Enabled |
| Uninstall apps | Enabled | |
| Control apps | Enabled | |
| Google Play Store | Enabled | |
| Verify apps before install | Disabled | |
| Install apps from unknown sources | Disabled | |
| App Runtime Permissions | Default permissions | |
| Parent profile app linking | Enabled | |
| Factory Reset Protection (Google Account Verification) | Default | |
Standard DLP Policy
A standard data loss prevention policy for iOS, Android, Windows, and macOS devices.
Template name: Standard DLP Policy
Description: Standard Data Loss Prevention policies for optimal security.
Template Configuration:
- iOS > Passcode
- iOS > Advanced Restrictions
- Android > Advanced Restrictions
- Windows > Security > BitLocker
- macOS > Security > FileVault
| Policy | Configuration |
|---|---|
| Allow simple value | Disabled |
| Require alpha numeric value | Enabled |
| Minimum Passcode Length | 8 |
| Minimum complex characters | 1 |
| Minimum passcode age in days (0-730 days) | 30 |
| Auto Lock | 1 Minute |
| Passcode History (1-50 passcodes) | 5 |
| Grace period for device lock | Immediately |
| Failed attempts (After the specified number of failed attempts, the device data will be wiped automatically) | 10 |
| Restrictions | Configuration | |
|---|---|---|
| Allow Device Functionality | AirDrop | Enabled |
| Apps can modify cellular data usage | Enabled | |
| Add or remove Touch ID/Face ID | Enabled | |
| iMessage | Enabled | |
| Game Center | Enabled | |
| Multiplayer gaming | Enabled | |
| Pair with iTunes | Enabled | |
| Install configuration profile | Enabled | |
| Definition lookup | Enabled | |
| Predictive keyboard | Enabled | |
| Auto-correct words | Enabled | |
| Suggest words on misspellings | Enabled | |
| Keyboard shortcuts | Enabled | |
| Pair with Apple Watch | Enabled | |
| Modify diagnostic data submission settings | Enabled | |
| Modify Bluetooth settings | Enabled | |
| Use voice to type | Enabled | |
| Connect to MDM-configured Wi-Fi networks only | Disabled | |
| Users can modify Personal Hotspot settings | Enabled | |
| Create VPN configuration | Enabled | |
| AirPrint | Enabled | |
| Connect with iBeacon | Enabled | |
| Store AirPrint credentials in Keychain | Enabled | |
| Use trusted certificates for secure printing | Disabled | |
| Allow App Settings | Install app from App Store | Enabled |
| Remove apps | Enabled | |
| Remove system apps | Enabled | |
| iBooks store | Enabled | |
| Apple Music | Enabled | |
| iTunes Radio | Enabled | |
| News | Enabled | |
| Podcasts | Enabled | |
| Download all purchased apps automatically | Enabled | |
| Allow Security and Privacy Settings | Activation Lock | Disabled |
| Modify an account | Enabled | |
| Erase content and settings | Enabled | |
| Siri can access user-generated content | Enabled | |
| Modify Find My Friends | Enabled | |
| Use profanity filter | Disabled | |
| Show web results using Spotlight Search | Enabled | |
| Modify Restrictions/Screen Time | Enabled | |
| Modify passcode | Enabled | |
| Modify device name | Enabled | |
| Modify wallpaper | Enabled | |
| Users can turn notifications on/off | Enabled | |
| Force Automatic Date and Time | Disabled | |
| Autofill Passwords | Enabled | |
| Request passwords from nearby devices | Enabled | |
| Share passwords via Airdrop Passwords feature | Enabled | |
| Restrictions | Configuration | |
|---|---|---|
| Allow device functionality | Microphone | Enabled |
| Screen capture | Enabled | |
| Clipboard | Enabled | |
| Copy contents between normal and work profiles | Disabled | |
| Share via other apps | Enabled | |
| Users can adjust volume | Enabled | |
| Make a call | Enabled | |
| Display Settings | Hide System bars | Disabled |
| Hide Status Bar | Disabled | |
| Hide Navigation Bar | Disabled | |
| Split-screen mode | Enabled | |
| Display dialogs/windows | Enabled | |
| Allow Connectivity Options | NFC | Enabled |
| Android Beam | Enabled | |
| Beam from the device | Enabled | |
| Transfer data via Bluetooth | Enabled | |
| Configure Bluetooth | Enabled | |
| Configure cell broadcast | Enabled | |
| Configure cellular network | Enabled | |
| Users can reset network settings | Enabled | |
| Configure Wi-Fi | Enabled | |
| Configure hotspot and tethering | Enabled | |
| Security Options | Minimum Wi-Fi Security Level | Open |
| Allow Sync Settings | Sync data in background | Enabled |
| Sync data with Google account | Enabled | |
| Allow Account Settings | SMS | Enabled |
| Receive messages | Enabled | |
| Send messages | Enabled | |
| Modify Accounts/Users | Enabled | |
| Add Users | Enabled | |
| Remove Users | Enabled | |
| Configure user credentials | Enabled | |
| Allow Settings | Developer mode | Disabled |
| USB debugging | Disabled | |
| Modify settings | Enabled | |
| Power saving mode | Enabled | |
| Users can enable location sharing | Enabled | |
| Factory reset | Enabled | |
| Read any connected physical external media | Enabled | |
| Update date and time automatically | Enabled | |
| Set time zone automatically | Enabled | |
| Disable screen lock if the screen was turned off | Disabled | |
| Configure VPN | Enabled | |
| Allow App Settings | Install apps | Enabled |
| Uninstall apps | Enabled | |
| Control apps | Enabled | |
| Google Play Store | Enabled | |
| Verify apps before install | Disabled | |
| Install apps from unknown sources | Disabled | |
| App Runtime Permissions | Default permissions | |
| Parent profile app linking | Enabled | |
| Factory Reset Protection (Google Account Verification) | Default | |
| BitLocker Settings | Configuration |
|---|---|
| Prompt to encrypt storage card | Enabled |
| Prompt for device encryption | Enabled |
| Configure encryption method for disk drives | Select default value |
| Configure authentication when computer starts up | Select default value |
| Minimum length for BitLocker startup PIN | 6 |
| Configure pre-boot recovery message | Show default recovery message and URL |
| Configure recovery options for system drives | Disabled |
| Configure recovery options for fixed drives | Disabled |
| Fixed drives require encryption | Enabled |
| Removable drives require encryption | Enabled |
| Policy Settings | Configuration |
|---|---|
| Enable FileVault | Enabled |
| Encrypt using | Institutional and Personal Recovery Key |
| Encryption certificate | HexnodeMDM FileVault Certificate |
| Show Personal Recovery Key to user | Enabled |
| Skip enabling FileVault at user login | Disabled |
To create a policy from the template,
To create a policy from the template, you can either copy the template to My Policies, or else you can choose the template directly while creating a new policy.
To choose the template directly while creating a policy,
- In the Hexnode portal, go to Policies.
- Click on New Policy and select the template that you want to use.
- Go to Policy Targets > +Add Devices > choose the devices to which the policy has to be associated.
- Click on Ok > Save.
To copy the template to My Policies,
- In the Hexnode portal, go to Policies > Templates.
- Select the template that you want to copy and click on Manage.
- Click on Copy to My Policies.
- Go to Policy Targets > +Add Devices > choose the devices to which the policy has to be associated.
- Click on Ok > Save.
Apart from devices, you can also associate the policy to Device Groups, Users, User Groups and Domains.
Need more help?
