Create a policy using TinyMDM

How to create a policy from scratch?

For starters, please note that it is possible to create a policy even if no user were created beforehand but you won’t be able to apply it to any device: we recommend you to create users first (have a look here on how to add users one by one or import a list of users from a CSV file).

Go to the Policies tab and click on Create a policy. From here, you can manage users / device security settings / apps / OS upgrade / internet filtering / wifi configuration, etc.

create_policy

1. Users

group configuration

The first step is to add users to this policy by simply ticking the box next to their name, or next to the group if several users belong to the same group. To manage groups, click on the icon showing a group of users at the right of the group name: a popup will appear so you can change group names if needed.

2. Device security

In this section, you can:

  • Disable finger print and face recognition authentications
  • Set the password type (letter/numeric/special character password, pattern, PIN…), its minimum size and its timeout delay to force end-users updating it regularly. You can also set the number of times before an old password can be reused and set a maximum number of incorrect password entries before resetting the device. More info about security policy here.
device security

In a Work Profile setup, you will be able to enforce a security password to access the secure folder containing all business apps and data. Whenever the employee needs to access the Work Profile’s content, he will be prompted to enter a password compliant with his policy.

3. Apps management

In here you will find all your Enterprise approved apps (public, private and web ones). When an app is greyed out, it’s because it is approved business-wide but not in this policy. You can authorise / forbid an app in this particular policy by clicking on it.

To turn your device into a Kiosk, tick the checkbox Enable lock task mode. What is Kiosk mode?

app management

4. Internet filtering

TinyMDM’s web filtering technology helps you create a SAFE FOR WORK internet environment, no matter the browser used. From here you can choose between 4 levels of restriction:

  1. No restriction
  2. Anti-phishing/malware
  3. Safe for work: anti-phishing/malware + forbid inappropriate websites (drugs, porn, gambling, violence…)
  4. Whitelist only: authorise only a few websites

Alos, by clicking on the Visited sites tab, you have a list of the visited websites on the last 15 days.

internet_filtering

If you want to forbid some websites in particular, go to the Forbidden sites tab and enter its name (ex: www.facebook.com). You will have to choose between forbidding only www.thisurl.com or all website of this domain.

forbidden_websites

Please note that in a Work Profile setup this option won’t be available since device-wide controls are only available on fully managed devices.

5. WIFI settings

Choose to preconfigure favorite networks, disable Wi-Fi on some devices, forbid connections to unsecured networks, etc. Everything is designed to help you protect your sensitive data and save some time when using the devices. You can configure Wi-Fi on company-owned devices as well as BYOD devices used for work. This allows Wi-Fi networks to be automatically configured on these devices, without the end-users having to know or type the password.

  • First, go to the Wi-Fi Networks tab and click on either Configure a new wifi network or Configure a new EAP wifi nextwork
  • Enter the information of the network: its name (ssid) & password (for EAP Wi-Fi, more info will be needed, such as additional passwords or certificates)
  • All the Wi-Fi networks you add will be listed here, and you’ll be able to push them to the devices just by ticking the box next to them
wifi-settings

6. Connectivity management

From this section, you can:

  • Disable internet connection sharing
  • Disable Bluetooth
  • Disable NFC to beam out data from apps
  • Disable mobile data settings
  • Disable data roaming
  • Disable airplane mode

Please note that this option is not available in a Work Profile setup as device-wide controls are only accessible in a Fully Managed mode.

7. Certificate management

From this section, you can add a CA certificate to validate the identity of an entity (website, email address, company, etc.) and links it to cryptographic keys via the publication of an electronic document.

To be able to add push the CA certificate on the policy, you have to add it from the dedicated tab and then push it from the policy. Learn more

ca_certificate

8. VPN configuration

You can set a VPN application that will always be active on the devices of the policy. Learn more

ca_certificate

9. Device-wide controls

From this section, you can:

  • Select when Android OS will be updated: automatically, after midnight, or 30 days later
  • Prevent end users from adding their own Google account on the device
  • Allow installation of all Play Store applications of added google account
  • Prevent factory reset: when enabled, a temporary code will be displayed and the end user will need it to be able to reset his device. Learn more
  • Disable Google FRP or enable it and configure a Google recovery account. Learn more
  • Disable camera
  • Block access to location settings
  • Manage geolocation: per policy (enable or disable) / per device
  • Disable usb files access
  • Disable screen capture
  • Hide policy change message
  • Allow the device to start automatically when it is charging (Samsung)
  • Set a volume level
  • Modify device’s language and timezone

Please note that this option is not available in a Work Profile setup as device-wide controls are only accessible in a Fully Managed mode.

11. Screen settings

From this section, you can:

  • Remove swipe screen to unlock
  • Set a wallpaper
  • Show user and device identifiers on device wallpaper
  • Set a sleep mode delay
  • Set brightness level: default/adaptative/specific
  • Set up a maximum speed beyond which the device screen will not respond (display only)

Please note that this option is not available in a Work Profile setup as device-wide controls are only accessible in a Fully Managed mode.

12. Shared contacts and shared files

In the last two sections Shared Contacts and Shared files, you can add or remove contacts and files on all the devices within this policy in one click !

Learn more about Contacts sharing.
Learn more about Files sharing.

screen control