Policies

When you add an Application on devices, you need to specify an application control policy. Policies control the data that Applications can access on devices. You can create custom policies or change the default settings of the standard application control policies.

From the App Management section, click Policies from the left panel. The Policies page appears with a list of the policies. The list view displays a list of all the policies along with their State and Statuses. You can search the policies based on each column and also sort on each column.

The Policies list view displays the following columns:

Columns                                          Description
Policy Name	Displays the unique identification name of the policy.
Last Modified On	Displays the date on which the policy was last updated.
State	Displays the current state of the policy for example, Active or Draft.
Owner	Displays the administrator user name.
Status	Displays the current status of the policy for example, Published or Unpublished.

You can perform following activities from this page:

• Creating a New Policy
• Applying Policies
• Searching for Policies
• Updating a Policy
• Deleting a Policy

Creating a New Policy

When a new app is registered, the administrator must decide if it should be protected by a policy. Click +New Policy button on Policies main screen to open New Policy screen.

  The New Policy screen includes following sections:

• App Basics
• App Usage
• Network
• Storage
• Phone Features

App Basics

The app basics section refers to adding a title and description to the new policy. To add app basics, follow these steps:

1. Policy Name: Enter a unique name for the new app policy. The policy name should not include \ / : * ? " < > | , special characters.If the entered policy name already exists, the system displays the error message.
2. Description: Enter a description for the new app policy. The description should accurately describe the features and functionality of your policy.

App Usage

The App Usage section allows you to configure an app usage policy. To add details, follow these steps:

1. App Lockout: Based on your requirement, select the option as Yes or No.If App Lockout is set to Yes, the app shall be locked out for the targeted users. If App Lockout is set to No, the users shall be able to launch the app. This is the default choice. The feature enables the admin to ensure that the app cannot be launched anymore, irrespective of the expiry time limit. This is typically used as a temporary measure or as a means of creating an exception for a user who belongs to a targeted Group and so on.
2. Geofence Rule: By default, this option is set to Allow. You can change it to Restrict.
   1. Select the required Geofence rule from the drop-down list. The Add button appears. Click the Add button to  add the Geofence rule. The selected Geofence rule appears in a list view.
      
      

      

   2. Click the Remove button to remove the selected Geofence rule.
      
      

      Geofence programs enable an administrator to set up triggers so when a device crosses a geofence and enters or exits the borders demarcated by the administrator, an SMS or an email alert is sent. For example, geofence enables a mobile device to setup the places that matter most to you and interact at those locations. Once a user enters into your geofence configuration, you can communicate based on defined policies.

      Note: When the device is offline, User can access the app by mocking device's GPS location.

3. Time Fence Rule: Select the required Time Fence rule from the drop-down list. By default, it is set to Allow. You can change it to Restrict.

   Time fences enable you to establish policies for prioritizing activities. Time fences are points in time where you can define how a defined policy rule is applied to an app deployed on a device.

   When a time fence policy is pushed to registered device, the policy will be fetched based on server time and time zone configured in Device Settings page. Policy reflection is not dependent on device time and time zone as long as the device is online.

   Note: If the device is offline mode, user can access the app by changing the device time.
   
   When the device is offline, the device cannot communicate with the EMM server and therefore must rely on device time to implement time related rules. Therefore there is a possibility for the User to manipulate device time to bypass some of the rules.

4. Idle Timeout: Set the idle timeout for the device in minutes.

   Idle Time out means that, if the application does not use the connection to the device for scheduled time period, then connection is closed automatically.

5. Expire Enterprise Store Session: Select this if you want the enterprise store session to expire after the ldle timeout time. This feature is applicable only for Android devices.
6. Expiration Date: This is the date on which app policy is no longer valid or in effect.To set the expiration date for the app policy, Click in the text field to open the Calendar window.

   

   Select the date. Select the required Time – Zone through the slider.Click Done to continue.The date and time appears in the text field.

   

   
   When an app expiry policy is pushed toregistered device, the policy will be fetched based on server time and time zone selected in Device Settings page. Policy reflection is not dependent on device time and time zone as long as the device is online.
   
   

   Note: If the device is offline mode, user can access the app by changing the device time.
   
   When the device is offline, the device cannot communicate with the EMM server and therefore must rely on device time to implement time related rules. Therefore there is a possibility for the User to manipulate device time to bypass some of the rules.

7. Allow Copy, Cut, Paste: Select the Yes option to allow the Cut, Copy, and Paste options with in the app. Select the No option to not allow Cut, Copy, and Paste options.
8. Allow App Camera Access: Select Yes to enable App Camera to capture movies and still images. Select the No option to deny the access.
9. Allow Document Sharing: Select Yes to enable sharing of documents with multiple people. Select the No option to deny the access.
10. Allow Screen Capture: Configure to Yes to enable screen capturing on the app. This is applicable only for Android devices.
11. Device Policy: Select the device restriction policy from the available policy list.

Network

This section enables an administrator to define the policy to support network access at the functional level. The declared policy set is enforced by the app. To configure the network, follow these steps:

1. Allow Offline Access: By default this option is set to No.
   
   You can modify it to Yes to give device users access to Enterprise Apps installed from their devices when the devices are offline.
   
   

   Enterprise apps installed on devices can be accessed online or offline based on the policy assigned to the app and target. When a device is offline, a user can only launch apps through enterprise store – My Apps.

2. Allow Network Access: Select the Yes option to Allow Network Access or the No option to restrict the Network Access.
3. Force HTTPS: Select the Yes option to enable Force HTTPS. Select the No option to disable Force HTTPS.

   Force HTTPS option forces every user request to access the device via HTTPS.

4. Domains Restriction: By default Domain Restriction, option is set to Allow all except below.You can modify it to Restrict all except below. Enter the domains you wish to restrict into the text box.
5. WiFi SSID Access: By default WiFi SSID Access is set to Allow all except below.You can change it to Restrict all except below. Enter the SSID details you wish to restrict into the text box.

Storage

The Storage section enables you to configure secure data storage on your device. To configure data storage, follow these steps:

1. Allow External Storage Read: By default, this is set to Yes. This is supported only for Android and Windows devices.
2. Allow External Storage Write: By default, this is set to Yes. This is supported only for Android and .appx apps on Windows devices.
3. Encrypt App Data Storage: Select the Yes option to enable data encryption and select the No option to deny it. Encrypt App SQLite Data Storage is not applicable to Windows devices.

   Encrypted Data Storage lets you store your files in the encrypted container to check any unauthorized access to vital information.

   Important: As part of wrapping, SQLite is replaced with SQLCipher. SQLCipher is used for database encryption. There is a subtle difference between SQLCipher and SQLite. In your app, if string data (i.e. base64 string for image) is stored in blob column then it works for SQLite and not SQLCipher. Please ensure that string data is stored in column with ‘TEXT’ data type and binary data is stored in column with ‘BLOB' data type.

   Important:  Kony Management provides SQLCipher where native libraries (.so files) are built with ARM 32-bit and X86 architectures. Kony Management does not provide SQLCipher libraries built for 64-bit ARM architectures. A child app which contains 64-bit arm libraries will not work after wrapped with Kony Management. The child app should not contain any 64-bit arm libraries for it work properly in Kony Management environment.

   Important: Kony Management uses SQLCipher version 3.5.7. If you use a higher version of SQLCipher than 3.5.7 and build your app, while wrapping, Kony Management will downgrade the SQLCIpher version to 3.5.7.
   

Phone Features

This is to allow this particular feature to be used by the App or not. The list is to whom an SMS, Email or Phone can be made. To set the phone features, follow these steps:

1. SMS App Usage: By default SMS App Usage option is set to Restrict All Except Below. You can modify it to Allow All Except Below. Enter the phone numbers that you wish to restrict or allow.
2. Email Usage: By default Email Usage option is set to Restrict All Except Below.You can modify it to Allow All Except Below. Enter the email IDs that you wish to restrict or allow.
3. Phone Usage: By default Phone Usage option is set to Restrict All Except Below. You can modify to Allow All Except Below. Enter the phone numbers that you wish to restrict or allow.
4. Click the Save and Submit button to save the details. The new policy appears in the list view
5. Click the Save and Continue button to Save the details and stay on the same page to update other details.

   Click the Cancel button to close the window.

Supported actions for Webview in App Policy

For apps where app policy restrictions are applied, if the apps allow webview within the app, then not all app policy restrictions are applicable for the webview. See the image below for applicable restrictions.

Applying Policies

Policies are applied when they are targeted to Users. Targeting can happen while creating an app, editing an app, upgrading an app, or adding a new platform.

Policies are applied for an app to a particular target (User/Group) that makes them very personalized. When policies are applied to Groups, a priority must also be assigned. Policies assigned to Users have the highest priority.

Searching for Policies

You can search a policy through search filters based on all grid columns. You can apply a single or a combination of search filters to define the search criteria and get the refined outcome.

1. To search a policy, follow these steps:
   1. Policy Name: Enter partial or a complete policy name in the Search Policies text field.
   2. Submitted: Enter the date on which the device policy was submitted in the Submitted Date text field.
   3. State: Select the desired option from the drop-down list, for example, Active or Draft.
   4. Owner: Enter partial or the complete name of the administrator in the text field.
   5. Status: Select the desired option as All Statuses, Unpublished or Published.
2. According to your search filters criteria, the list view is updated with respective policy details. By default, the list view displays ten policies according to Display settings, which you can modify through Display dropdown list. You can also scroll the list view through Previous and the Next buttons.

Updating a Policy

You may need to update a policy detail for specific reasons, for example, you may need to update a policy name or its description.

Click the Policy Name. Edit Policy page appears.

All the fields in the policy can be updated. There are no restrictions. Once a policy is updated, it must be published again to come into effect, else the older policy continues to be effective.

Note: When EMM 2.0 is upgraded to EMM 2.1, all App Policies might require administrators to take ownership of the same (even those created by the same admin)

Deleting a Policy

If a policy has been deprecated, or no longer required, you can delete it.

1. Select the policy through check box next to it in the list view. This action activates the Delete button.
2. Click the Delete button. In the warning message (Delete Policy(s) that appears, click Yes to continue.

3. In the success message that appears, click OK to continue.

   The policy is no longer displayed in the list view. Only unpublished policies can be deleted.

 

Copyright © 2018 Kony, Inc. All rights reserved.