For starters, please note that it is possible to create a policy even if no user were created beforehand but you won’t be able to apply it to any device: we recommend you to create users first (have a look here on how to add users one by one or import a list of users from a CSV file).

>> TO CREATE A POLICY FROM SCRATCH:

Go to the Policies tab and click on Create a policy. From here, you can manage users / device security settings / apps / OS upgrade / internet filtering / wifi configuration, etc.

create_policy

1. EMM USERS

group configuration

The first step is to add users to this policy by simply ticking the box next to their name, or next to the group if several users belong to the same group. To manage groups, click on the icon showing a group of users at the right of the group name: a popup will appear so you can change group names if needed.

2. DEVICE SECURITY

Set the password type (letter/numeric/special character password, pattern, PIN…), its minimum size and its timeout delay to force end-users updating it regularly. More info about security policy here.

device security challenge

In a Work Profile setup, you will be able to enforce a security password to access the secure folder containing all business apps and data. Whenever the employee needs to access the Work Profile’s content, he will be prompted to enter a password compliant with his policy.

3. APPS MANAGEMENT

app management

In here you will find all your Enterprise approved apps (public, private and web ones). When an app is greyed out, it’s because it is approved business-wide but not in this policy. You can authorise / forbid an app in this particular policy by clicking on it.

To turn your device into a Kiosk, tick the checkbox Enable lock task mode. What is Kiosk mode?

4. DEVICE WIDE CONTROL

From this section, you can:

  • Select when Android OS will be updated: automatically, after midnight, or 30 days later
  • Prevent end users from adding their own Google account on the device
  • Disallow apps from unknown sources
  • Prevent reset factory: when enabled, a temporary code will be displayed and the end user will need it to be able to reset his device.
  • Disable Google FRP.

Please note that this option is not available in a Work Profile setup as device-wide controls are only accessible in a Fully Managed mode.

5. INTERNET FILTERING

internet_filtering

TinyMDM’s web filtering technology helps you create a SAFE FOR WORK internet environment, no matter the browser used. From here you can choose between 4 levels of restriction:

  1. No restriction
  2. Anti-phishing/malware
  3. Safe for work: anti-phishing/malware + forbid inappropriate websites (drugs, porn, gambling, violence…)
  4. Whitelist only: authorise only a few websites

If you want to forbid some websites in particular, go to the Forbidden sites tab and enter its name (ex: www.facebook.com). You will have to choose between forbidding only www.thisurl.com or all website of this domain.

forbidden_websites

Please note that in a Work Profile setup this option won’t be available since device-wide controls are only available on fully managed devices.

6. WIFI CONFIGURATION

Choose to disable Wi-Fi from the devices, forbid connections to unsecure networks, preconfigure favorite networks… Everything is designed to help you protect your sensitive data and save some time.

internet_filtering

Please note that in a Work Profile setup this option won’t be available since device-wide controls are only available on fully managed devices.