The help for this version of the solution is no longer updated, so it may contain outdated information. For up-to-date information about the solution refer to the Kaspersky Secure Mobility Management 4.1 Help.

Defining policy settings

This section describes how to define the settings of Kaspersky Security Center policies for managing mobile devices.

You can define policy settings either when creating or modifying a policy.

The help for this version of the solution is no longer updated, so it may contain outdated information. For up-to-date information about the solution refer to the Kaspersky Secure Mobility Management 4.1 Help.

Configuring anti-malware protection

You can define these policy settings only for Android devices.

For the timely detection of threats, viruses, and other malicious applications, you should configure real-time protection and autorun of malware scans.

Kaspersky Endpoint Security for Android detects the following types of objects:

• Viruses, worms, Trojans, and malicious tools
• Adware
• Apps that can be exploited by criminals to harm your device or personal data

Due to technical limitations, Kaspersky Endpoint Security for Android cannot scan files with a size of 2 GB or more. During a scan, the app skips large files and does not notify you that such files were skipped.

The help for this version of the solution is no longer updated, so it may contain outdated information. For up-to-date information about the solution refer to the Kaspersky Secure Mobility Management 4.1 Help.

Configuring real-time protection

You can define these policy settings only for Android devices.

To configure real-time protection:

1. Open the policy properties window:
   • In the main window of Kaspersky Security Center Web Console or Cloud Console, select Devices > Policies & profiles. In the list of group policies that opens, click the name of the policy that you want to configure.
   • In the main window of Kaspersky Security Center Web Console or Cloud Console, select Devices > Mobile > Devices. Click the mobile device that falls under the policy that you want to configure, and then select the policy on the Active policies and policy profiles tab.
2. In the policy properties window, select Application settings > Essential protection.
3. In the Anti-Malware section, configure the mobile device file system protection:
   • To enable real-time protection of the mobile device against threats, select the Enable real-time anti-malware protection check box.
   • Specify the level of protection:
     • If you want Kaspersky Endpoint Security for Android to scan only new apps and files from the Downloads folder, select Scan only new apps.
     • To enable extended protection of the mobile device against threats, select Scan all apps and monitor actions with files.

       Kaspersky Endpoint Security for Android will scan all files that the user opens, modifies, moves, copies, installs, or saves on the device, as well as newly installed mobile apps.

       On devices running Android 8.0 or later, Kaspersky Endpoint Security for Android scans files that the user modifies, moves, installs, and saves, as well as copies of files. Kaspersky Endpoint Security for Android does not scan files when they are opened, or source files when they are copied.

   • To enable additional scanning of new apps before they are started for the first time on the user's device by using the Kaspersky Security Network cloud service, select the Additional protection by Kaspersky Security Network check box.
   • To block adware and apps that can be exploited by criminals to harm the device or user data, select the Detect adware, autodialers, and apps that may be used by cybercriminals to cause harm to the user's device and data check box.
4. In the Anti-Malware settings section, select the action to be performed on threat detection:
   • Delete and save a backup copy of file in quarantine

     Detected objects will be automatically deleted. The user is not required to take any additional actions. Prior to deleting an object, Kaspersky Endpoint Security for Android will create a backup copy of file and save it in quarantine.

   • Delete

     Detected objects will be automatically deleted. The user is not required to take any additional actions. Prior to deleting an object, Kaspersky Endpoint Security for Android will display a temporary notification about the detection of the object.

   • Skip

     If the detected objects have been skipped, Kaspersky Endpoint Security for Android warns the user about problems in device protection. For each skipped threat, the app provides actions that the user can perform to eliminate the threat. The list of skipped objects may change, for example, if a malicious file was deleted or moved. To receive an up-to-date list of threats, run a full device scan. To ensure reliable protection of your data, eliminate all detected objects.

5. Click the Save button to save the changes you have made to the policy and exit the policy properties window.

Mobile device settings are configured after the next device synchronization with Kaspersky Security Center.

The help for this version of the solution is no longer updated, so it may contain outdated information. For up-to-date information about the solution refer to the Kaspersky Secure Mobility Management 4.1 Help.

Configuring autorun of malware scans on a mobile device

You can define these policy settings only for Android devices.

To configure autorun of malware scans on a mobile device:

1. Open the policy properties window:
   • In the main window of Kaspersky Security Center Web Console or Cloud Console, select Devices > Policies & profiles. In the list of group policies that opens, click the name of the policy that you want to configure.
   • In the main window of Kaspersky Security Center Web Console or Cloud Console, select Devices > Mobile > Devices. Click the mobile device that falls under the policy that you want to configure, and then select the policy on the Active policies and policy profiles tab.
2. In the policy properties window, select Application settings > Essential protection.
3. To block adware and apps that can be exploited by criminals to harm the device or user data, select the Detect adware, autodialers, and apps that may be used by cybercriminals to cause harm to the user's device and data checkbox in the Device scan section.
4. In the Action on threat detection list, select one of the following options:
   • Delete and save a backup copy of file in quarantine

     Detected objects will be automatically deleted. The user is not required to take any additional actions. Prior to deleting an object, Kaspersky Endpoint Security for Android will create a backup copy of file and save it in quarantine.

   • Delete

     Detected objects will be automatically deleted. The user is not required to take any additional actions. Prior to deleting an object, Kaspersky Endpoint Security for Android will display a temporary notification about the detection of the object.

   • Skip

     If the detected objects have been skipped, Kaspersky Endpoint Security for Android warns the user about problems in device protection. For each skipped threat, the app provides actions that the user can perform to eliminate the threat. The list of skipped objects may change, for example, if a malicious file was deleted or moved. To receive an up-to-date list of threats, run a full device scan. To ensure reliable protection of your data, eliminate all detected objects.

   • Ask user

     The Kaspersky Endpoint Security for Android app displays a notification prompting the user to choose the action to take on the detected object: Skip or Delete.

     When the app detects several objects, the Ask user option allows the device user to apply a selected action to each file by using the Apply to all threats check box.

     Kaspersky Endpoint Security for Android must be set as an Accessibility feature to ensure the display of notifications on mobile devices running Android 10.0 or later. Kaspersky Endpoint Security for Android prompts the user to set the app as an Accessibility feature through the Initial Configuration Wizard. The user can skip this step or disable this service in the device settings at a later time. In this case, Kaspersky Endpoint Security for Android displays an Android system window prompting the user to choose the action to take on the detected object: Skip or Delete. To apply an action to multiple objects, you need to open Kaspersky Endpoint Security.

5. In the Scheduled scan section, you can configure the automatic full scan of the device file system.

   Select one of the following options:

   • Disabled

     The scan of the device file system will not be launched automatically.

   • After database update

     The device file system will be scanned automatically on each anti-malware database update.

   • Daily

     The device file system will be scanned automatically every day.

     If you select this option, you can also specify the time of the scan in the Start time field.

   • Weekly on

     The device file system will be scanned automatically once a week.

     If you select this option, you can also select the day of the week when you want to run the scan, by using the drop-down list and specify the time of the scan in the Start time field.

   If the device is in battery saver mode, the app may perform this task later than specified. To ensure timely responses of KES devices on Android to the administrator's commands, enable the use of Google Firebase Cloud Messaging.

6. Click the Save button to save the changes you have made to the policy and exit the policy properties window.

Mobile device settings are configured after the next device synchronization with Kaspersky Security Center.

The help for this version of the solution is no longer updated, so it may contain outdated information. For up-to-date information about the solution refer to the Kaspersky Secure Mobility Management 4.1 Help.

Configuring anti-malware database updates

You can define these policy settings only for Android devices.

To configure anti-malware database updates:

1. Open the policy properties window:
   • In the main window of Kaspersky Security Center Web Console or Cloud Console, select Devices > Policies & profiles. In the list of group policies that opens, click the name of the policy that you want to configure.
   • In the main window of Kaspersky Security Center Web Console or Cloud Console, select Devices > Mobile > Devices. Click the mobile device that falls under the policy that you want to configure, and then select the policy on the Active policies and policy profiles tab.
2. In the policy properties window, select Application settings > Database update.
3. In the Database update section, configure the schedule of automatic database updates on the user's device.

   Select one of the following options:

   • Disabled

     Automatic updates of anti-malware databases will be disabled.

   • Daily

     Anti-malware databases will be updated every day.

     If you select this option, you can also specify the time of update in the Update time field.

   • Weekly

     Anti-malware databases will be updated once a week.

     If you select this option, you can also specify the time of update in the Update time field and the day of the week when you want to run update in the Day of the week drop-down list.

   If the device is in battery saver mode, the app may perform this task later than specified. To ensure timely responses of KES devices on Android to the administrator's commands, enable the use of Firebase Cloud Messaging.

4. In the Database update source section, specify the update source from which Kaspersky Endpoint Security for Android receives and installs anti-malware database updates:
   • Kaspersky servers

     Kaspersky Endpoint Security for Android will use a Kaspersky update server as an update source for downloading anti-malware databases to the user's device.

   • Administration Server

     Available only if you use Kaspersky Security Center Web Console.

     Kaspersky Endpoint Security for Android will use the repository of Kaspersky Security Center Administration Server as an update source for downloading anti-malware databases to the user's device.

   • Other source

     Kaspersky Endpoint Security for Android will use a third-party server as an update source for downloading anti-malware databases to the user's device.

     If you select this option, you must specify the address of an HTTP server in the Use another server as an update source for anti-malware databases field.

5. If you want Kaspersky Endpoint Security for Android to download anti-malware database updates according to the update schedule when the user's device is roaming, select the Allow database update while roaming check box in the Update anti-malware databases while roaming section.
6. Click the Save button to save the changes you have made to the policy and exit the policy properties window.

Mobile device settings are configured after the next device synchronization with Kaspersky Security Center.

Updates functionality (including providing anti-malware signature updates and codebase updates), as well as KSN functionality will not be available in the software in the U.S. territory from 12:00 AM Eastern Daylight Time (EDT) on September 10, 2024 in accordance with the restrictive measures.

The help for this version of the solution is no longer updated, so it may contain outdated information. For up-to-date information about the solution refer to the Kaspersky Secure Mobility Management 4.1 Help.

Defining device unlock settings

You can define these policy settings only for Android devices.

To keep a mobile device secure, you need to configure the use of a password for which the user is prompted when the device comes out of sleep mode.

You can impose restrictions on the user's activity on the device if the unlock password is weak (for example, lock the device). You can impose restrictions by using the Compliance Control component.

On certain Samsung devices running Android 7.0 or later, when the user attempts to configure unsupported methods for unlocking the device (for example, a graphical password), the device may be locked if the following conditions are met: Kaspersky Endpoint Security for Android removal protection is enabled and screen unlock password strength requirements are set. To unlock the device, you must send a special command to the device.

To configure device unlock password strength:

1. Open the policy properties window:
   • In the main window of Kaspersky Security Center Web Console or Cloud Console, select Devices > Policies & profiles. In the list of group policies that opens, click the name of the policy that you want to configure.
   • In the main window of Kaspersky Security Center Web Console or Cloud Console, select Devices > Mobile > Devices. Click the mobile device that falls under the policy that you want to configure, and then select the policy on the Active policies and policy profiles tab.
2. In the policy properties window, select Application settings > Essential protection.
3. If you want the app to check whether an unlock password has been set, select the Require to set screen unlock password in the Password protection section.

   If the application detects that no system password has been set on the device, it prompts the user to set it. The password is set according to the parameters defined by the administrator.

4. Specify the minimum number of characters in the user password.

   Possible values: 4 to 16 characters.

   The user's password is 4 characters long by default.

   On devices running Android 10.0 or later, Kaspersky Endpoint Security resolves the password strength requirements into one of the system values: medium or high.

   The values for devices running Android 10.0 or later are determined by the following rules:

   • If the password length required is 1 to 4 symbols, then the app prompts the user to set a medium-strength password. It must be either numeric (PIN) with no repeating or ordered (e.g. 1234) sequences, or alphanumeric. The PIN or password must be at least 4 characters long.
   • If the password length required is 5 or more symbols, then the app prompts the user to set a high-strength password. It must be either numeric (PIN) with no repeating or ordered sequences, or alphanumeric (password). The PIN must be at least 8 digits long; the password must be at least 6 characters long.
5. If you want the user to have the capability to use fingerprints to unlock the screen, select the Allow use of fingerprints (Android 9 or earlier) check box. If the unlock password is not compliant with corporate security requirements, you cannot use a fingerprint scanner to unlock the screen.

   On devices running Android 10.0 or later, the use of a fingerprint to unlock the screen is not supported.

   Kaspersky Endpoint Security for Android does not restrict the use of a fingerprint scanner for signing in to apps or confirming purchases.

   On certain Samsung devices, it is impossible to block the use of fingerprints for unlocking the screen.

   On certain Samsung devices, if the unlock password does not comply with corporate security requirements, Kaspersky Endpoint Security for Android does not block the use of fingerprints for unlocking the screen.

   After adding a fingerprint in the device settings, the user can unlock the screen by using the following methods:

   • Press the finger to the fingerprint scanner (main method).
   • Enter the unlock password (backup method).
6. Click the Save button to save the changes you have made to the policy and exit the policy properties window.

Mobile device settings are configured after the next device synchronization with Kaspersky Security Center.

The help for this version of the solution is no longer updated, so it may contain outdated information. For up-to-date information about the solution refer to the Kaspersky Secure Mobility Management 4.1 Help.

Configuring protection of stolen or lost device data

You can define these policy settings only for Android devices.

To protect corporate data in case a mobile device is lost or stolen, you must configure the unauthorized access protection.

To ensure protection of stolen or lost device data, Kaspersky Endpoint Security for Android must be set as an Accessibility feature. Kaspersky Endpoint Security for Android prompts the user to set the app as an Accessibility feature through the Initial Configuration Wizard. The user can skip this step or disable this service in the device settings at a later time.

To configure protection of stolen or lost device data:

1. Open the policy properties window:
   • In the main window of Kaspersky Security Center Web Console or Cloud Console, select Devices > Policies & profiles. In the list of group policies that opens, click the name of the policy that you want to configure.
   • In the main window of Kaspersky Security Center Web Console or Cloud Console, select Devices > Mobile > Devices. Click the mobile device that falls under the policy that you want to configure, and then select the policy on the Active policies and policy profiles tab.
2. In the policy properties window, select Application settings > Essential protection.
3. In the Anti-Theft section, configure device locking:
   • Specify the number of characters in the unlock code.
   • Specify the text to be displayed when the device is locked.
4. Click the Save button to save the changes you have made to the policy and exit the policy properties window.

Mobile device settings are configured after the next device synchronization with Kaspersky Security Center.

The help for this version of the solution is no longer updated, so it may contain outdated information. For up-to-date information about the solution refer to the Kaspersky Secure Mobility Management 4.1 Help.

Configuring app control

You can define these policy settings only for Android devices.

App Control checks that the apps installed on a mobile device are compliant with corporate security requirements. In Kaspersky Security Center, the administrator creates lists of allowed, blocked, mandatory, and recommended apps according to the corporate security requirements. As a result of App Control, Kaspersky Endpoint Security prompts the user to install mandatory and recommended apps, and to remove blocked apps. It is impossible to start blocked apps on the user's mobile device.

In Kaspersky Security Center Web Console and Cloud Console, you can manage apps on users' devices by applying pre-defined rules. You can configure two types of App Control rules: application rules and category rules.

An App rule is applied to a specific app, while a Category rule is applied to any app that belongs to a pre-defined category. App categories are specified by Kaspersky experts.

To configure App Control:

1. Open the policy properties window:
   • In the main window of Kaspersky Security Center Web Console or Cloud Console, select Devices > Policies & profiles. In the list of group policies that opens, click the name of the policy that you want to configure.
   • In the main window of Kaspersky Security Center Web Console or Cloud Console, select Devices > Mobile > Devices. Click the mobile device that falls under the policy that you want to configure, and then select the policy on the Active policies and policy profiles tab.
2. In the policy properties page, select Application settings > Security controls.
3. In the table under the App Control section, add rules that will define what apps will be controlled.
   • To add a rule for a specific app:
     1. In the table, click App rule.
     2. In the App rule window that opens, choose the action that will be performed with the apps covered by the created rule.
     3. Specify the app that will be subject to the rule by filling in Link to installation package (for example, https://play.google.com/store/apps/details?id=com.kaspersky.kes), Package name (for example, katana.facebook.com), and App name.
     4. Click Save.

     The rule is added to the list of App Control rules.

   • To add a rule for a category of apps:
     1. In the table under the App Control section, click Category rule.
     2. In the Category rule window that opens, select the app category from the drop-down list.

        Apps within the selected category will be subject to the created rule.

     3. In the Operation mode section, select the action that will be performed when any apps within the selected category attempt to start up: Forbidden apps or Allowed apps.
     4. Fill in the Additional comment shown on the user's device when an app of a specified category is detected, if necessary.
     5. Click Save.

     The rule is added to the list of App Control rules.

4. In the Actions with forbidden apps section, choose what action is performed for forbidden applications:
   • If you want Kaspersky Endpoint Security for Android to block the startup of forbidden applications on the user's mobile device, select Block apps from launching.
   • If you want Kaspersky Endpoint Security for Android to send data on forbidden apps to the event log without blocking them, select Do not block forbidden apps, report only.
5. In the Operation mode section, choose whether the rules you add will define allowed apps or forbidden apps:
   • If you want the rules to define which apps are allowed, select Forbidden apps.

     If you want Kaspersky Endpoint Security for Android to block the startup of system apps on the user's mobile device (such as Calendar, Camera, and Settings) in the Forbidden apps mode, select the Block system apps check box.

     Kaspersky experts recommend against blocking system apps because this could lead to failures in device operation.

   • If you want the rules to define which apps are forbidden, select Allowed apps.
6. To receive information about all apps installed on mobile devices, in the Application report section, select the Send a list of installed apps on all mobile devices check box.

   Kaspersky Endpoint Security for Android sends data to the event log each time an app is installed or removed from the device.

7. Click the Save button to save the changes you have made to the policy and exit the policy properties window.

Mobile device settings are configured after the next device synchronization with Kaspersky Security Center.

The help for this version of the solution is no longer updated, so it may contain outdated information. For up-to-date information about the solution refer to the Kaspersky Secure Mobility Management 4.1 Help.

Configuring compliance control of mobile devices with corporate security requirements

You can define these policy settings only for Android devices.

Compliance control allows you to monitor Android devices for compliance with corporate security requirements and take actions in case of non-compliance. Corporate security requirements regulate how the user can work with the device. For example, real-time protection must be enabled on the device, anti-malware databases must be up-to-date, and the device password must be sufficiently strong. Compliance control is based on a list of rules. A compliance rule includes the following components:

• Device non-compliance criterion.
• Action that will be taken on a device if the user does not fix the non-compliance within the set time period.
• Time period allocated for the user to fix the non-compliance (for example, 24 hours).

  When the specified time period is over, the selected action will be taken on the user's device.

  If the device is in battery saver mode, the app may perform this task later than specified. To ensure timely responses of KES devices on Android to the administrator's commands, enable the use of Google Firebase Cloud Messaging.

To configure compliance control, you can perform the following actions:

• Enable or disable existing compliance rules.
• Edit an existing compliance rule.
• Add a new rule.
• Delete a rule.

The help for this version of the solution is no longer updated, so it may contain outdated information. For up-to-date information about the solution refer to the Kaspersky Secure Mobility Management 4.1 Help.

Enabling and disabling compliance rules

You can define these policy settings only for Android devices.

To enable or disable existing rules of compliance control of mobile devices with corporate security requirements:

1. Open the policy properties window:
   • In the main window of Kaspersky Security Center Web Console or Cloud Console, select Devices > Policies & profiles. In the list of group policies that opens, click the name of the policy that you want to configure.
   • In the main window of Kaspersky Security Center Web Console or Cloud Console, select Devices > Mobile > Devices. Click the mobile device that falls under the policy that you want to configure, and then select the policy on the Active policies and policy profiles tab.
2. In the policy properties page, select Application settings > Security controls.
3. In the Compliance Control section, enable or disable the existing compliance rules by using the toggle buttons in the Status column.
4. Click the Save button to save the changes you have made to the policy and exit the policy properties window.

Mobile device settings are configured after the next device synchronization with Kaspersky Security Center.

The help for this version of the solution is no longer updated, so it may contain outdated information. For up-to-date information about the solution refer to the Kaspersky Secure Mobility Management 4.1 Help.

Editing compliance rules

You can define these policy settings only for Android devices.

To edit a rule for controlling the compliance of mobile devices with corporate security requirements:

1. Open the policy properties window:
   • In the main window of Kaspersky Security Center Web Console or Cloud Console, select Devices > Policies & profiles. In the list of group policies that opens, click the name of the policy that you want to configure.
   • In the main window of Kaspersky Security Center Web Console or Cloud Console, select Devices > Mobile > Devices. Click the mobile device that falls under the policy that you want to configure, and then select the policy on the Active policies and policy profiles tab.
2. In the policy properties page, select Application settings > Security controls.
3. In the Compliance Control section, select the rule that you want to edit, and then click Edit.
4. In the Rule window that opens, edit the rule as follows:
   1. In the Action column, configure the list of actions to be performed in case of non-compliance with the rule by adding new actions, editing the existing actions, or deleting them.
   2. Optionally, specify the time period in which a user can fix the non-compliance by using the Time to rectification column for each action.
   3. Click the Save button to save the rule.
5. Click the Save button to save the changes you have made to the policy and exit the policy properties window.

Mobile device settings are configured after the next device synchronization with Kaspersky Security Center.

The help for this version of the solution is no longer updated, so it may contain outdated information. For up-to-date information about the solution refer to the Kaspersky Secure Mobility Management 4.1 Help.

Adding compliance rules

You can define these policy settings only for Android devices.

To add a rule for controlling the compliance of mobile devices with corporate security requirements:

1. Open the policy properties window:
   • In the main window of Kaspersky Security Center Web Console or Cloud Console, select Devices > Policies & profiles. In the list of group policies that opens, click the name of the policy that you want to configure.
   • In the main window of Kaspersky Security Center Web Console or Cloud Console, select Devices > Mobile > Devices. Click the mobile device that falls under the policy that you want to configure, and then select the policy on the Active policies and policy profiles tab.
2. In the policy properties page, select Application settings > Security controls.
3. In the Compliance Control section, click Rule.
4. In the Rule window that opens, define the rule as follows:
   1. Select the non-compliance criterion for the rule.
   2. Click Add, and then select the action to be performed in case of non-compliance with the rule in the Action column.

      You can add several actions.

   3. Specify the time period in which a user can fix the non-compliance by using the Time to rectification column for each action.
   4. Click the Save button to save the rule.
5. Click the Save button to save the changes you have made to the policy and exit the policy properties window.

Mobile device settings are configured after the next device synchronization with Kaspersky Security Center.

The help for this version of the solution is no longer updated, so it may contain outdated information. For up-to-date information about the solution refer to the Kaspersky Secure Mobility Management 4.1 Help.

Deleting compliance rules

You can define these policy settings only for Android devices.

To delete a rule for controlling the compliance of mobile devices with corporate security requirements:

1. Open the policy properties window:
   • In the main window of Kaspersky Security Center Web Console or Cloud Console, select Devices > Policies & profiles. In the list of group policies that opens, click the name of the policy that you want to configure.
   • In the main window of Kaspersky Security Center Web Console or Cloud Console, select Devices > Mobile > Devices. Click the mobile device that falls under the policy that you want to configure, and then select the policy on the Active policies and policy profiles tab.
2. In the policy properties page, select Application settings > Security controls.
3. In the Compliance Control section, select the rule that you want to delete, and then click Delete.
4. Click the Save button to save the changes you have made to the policy and exit the policy properties window.

Mobile device settings are configured after the next device synchronization with Kaspersky Security Center.

The help for this version of the solution is no longer updated, so it may contain outdated information. For up-to-date information about the solution refer to the Kaspersky Secure Mobility Management 4.1 Help.

List of non-compliance criteria

You can define these policy settings only for Android devices.

To ensure that an Android device complies with corporate security requirements, Kaspersky Endpoint Security for Android can check the device against the following criteria:

• Real-time protection is disabled.

  Real-time protection must be enabled.

  For more information on configuring real-time protection, see the "Configuring real-time protection" section.

• Anti-malware databases are out of date.

  The anti-malware database of Kaspersky Endpoint Security for Android must be regularly updated.

  For more information on defining the settings of anti-malware database updates, see the "Configuring anti-malware protection" section.

• Forbidden apps are installed.

  The device must not have applications installed that are classified as Block from launching, as specified in the App Control section.

  For more information on creating rules for applications, see the "Configuring App Control" section.

• Apps from forbidden categories are installed.

  The device must not have applications installed that fall under a category that is classified as Block from launching, as specified in the App Control section.

  For more information on creating rules for application categories, see the "Configuring App Control" section.

• Not all required apps are installed.

  The device must have specific applications installed that are classified as Force to install, as specified in the App Control section.

  For more information on creating rules for applications, see the "Configuring App Control" section.

• Operating system version is out of date.

  The device must have an allowed version of the operating system.

  For using this non-compliance criterion, you must specify the range of allowed operating system versions in the Minimum operating system version and Maximum operating system version drop-down lists.

• Device has not been synchronized for a long time.

  The device must be regularly synchronized with the Administration Server.

  For using this non-compliance criterion, you must specify the maximum time interval between device synchronizations in the Synchronization period drop-down list.

• Device has been rooted.

  The device must not be rooted.

  For more information, see the "Detecting device hacks (root)" section.

• Unlock password is not compliant with security requirements.

  The device must be protected with an unlock password that complies with the unlock password strength requirements.

The help for this version of the solution is no longer updated, so it may contain outdated information. For up-to-date information about the solution refer to the Kaspersky Secure Mobility Management 4.1 Help.

List of actions in case of non-compliance

You can define these policy settings only for Android devices.

If the user does not fix a non-compliance issue within the specified time, the following actions are available:

• Block all apps except system apps.

  All apps on the user's mobile device, except system apps, are blocked from starting.

• Lock device.

  Mobile device is locked. To obtain access to data, you must unlock the device. If the reason for locking the device is not rectified after the device is unlocked, the device will be locked again after the specified time period.

• Wipe corporate data.

  The corporate data is wiped from the device. The list of wiped data depends on the mode in which the device operates:

  • On a personal device, KNOX container and mail certificate are wiped.
  • If the device operates in device owner mode, KNOX container and the certificates installed by Kaspersky Endpoint Security for Android (mail, VPN, and SCEP profile certificates, except the mobile certificates) are wiped.
  • Additionally, if Android work profile is created, the work profile (its content, configurations, and restrictions) and the certificates installed in the work profile (mail, VPN, and SCEP profile certificates, except the mobile certificates) are wiped.
• Fully reset device to factory settings.

  All data is deleted from the mobile device and the settings are rolled back to their factory values.

The help for this version of the solution is no longer updated, so it may contain outdated information. For up-to-date information about the solution refer to the Kaspersky Secure Mobility Management 4.1 Help.

Configuring user access to websites

You can define these policy settings for Android and iOS devices.

To protect personal and corporate data stored on mobile devices during internet browsing, you can configure user access to websites by using Web Protection. Web Protection scans websites before a user opens them, and then blocks websites that distribute malicious code and phishing websites designed to steal confidential data and gain access to financial accounts.

For Android devices, this feature also supports website filtering by categories defined in the Kaspersky Security Network cloud service. Filtering allows you to restrict access to certain websites or categories of websites (for example, those from the "Gambling, lotteries, sweepstakes" or "Internet communication" categories).

To enable Web Protection on iOS devices, the user must allow the Kaspersky Security for iOS app to add a VPN configuration.

To enable Web Protection on Android devices:

• The Statement regarding data processing for the purpose of using Web Protection (Web Protection Statement) should be accepted. Kaspersky Endpoint Security uses Kaspersky Security Network (KSN) to scan websites. The Web Protection Statement contains the terms of data exchange with KSN.

  You can accept the Web Protection Statement for the user in Kaspersky Security Center. In this case, the user is not required to take any action.

  If you have not accepted the Web Protection Statement and prompt the user to do this, the user must read and accept the Web Protection Statement in the app settings.

  If you have not accepted the Web Protection Statement, Web Protection is not available.

Web Protection on Android devices is supported only by Google Chrome, HUAWEI Browser, Samsung Internet Browser, and Yandex Browser.

If the Kaspersky Endpoint Security for Android app in device owner mode is not enabled as an Accessibility Features service, Web Protection is supported only by the Google Chrome browser and checks only the domain of a website. To allow other browsers (Samsung Internet Browser, Yandex Browser, and HUAWEI Browser) support Web Protection, enable Kaspersky Endpoint Security as an Accessibility Features service. This will also enable the Custom Tabs feature operation.

The Custom Tabs feature is supported by Google Chrome, HUAWEI Browser, and Samsung Internet Browser.

Web Protection for HUAWEI Browser, Samsung Internet Browser, and Yandex Browser does not block sites on a mobile device if a work profile is used and Web Protection is enabled only for the work profile.

To configure user access to websites:

1. Open the policy properties window:
   • In the main window of Kaspersky Security Center Web Console or Cloud Console, select Devices > Policies & profiles. In the list of group policies that opens, click the name of the policy that you want to configure.
   • In the main window of Kaspersky Security Center Web Console or Cloud Console, select Devices > Mobile > Devices. Click the mobile device that falls under the policy that you want to configure, and then select the policy on the Active policies and policy profiles tab.
2. In the policy properties page, select Application settings > Security controls.
3. In the Web Protection section, select the Enable Web Protection check box to enable the feature.
4. For Android devices, you can select one of the following options:
   • To restrict user access to websites based on their content:
     1. Select Block websites of specified categories.
     2. Select the check boxes next to the categories of websites to which Kaspersky Endpoint Security for Android will block access.

        If Web Protection is enabled, user access to websites in the Phishing and Malware sites categories is always blocked.

   • To specify the list of allowed websites:
     1. Select Allow only specified websites.
     2. Create a list of websites by adding website addresses to which the app will not block access. You can add websites by link (full URL, including the protocol, e.g. https://example.com).

        Kaspersky Endpoint Security for Android also supports regular expressions. When entering the address of an allowed or blocked website, use the following templates:

        • https://example\.com/.*—This template blocks or allows all child pages of the website, accessed via the HTTPS protocol (for example, https://example.com/about).
        • https?://example\.com/.*—This template blocks or allows all child pages of the website, accessed via both the HTTP and HTTPS protocols.
        • https?://.*\.example\.com—This template blocks or allows all subdomain pages of the website (e.g., https://pictures.example.com).
        • https?://example\.com/[abc]/.*—This template blocks or allows all child pages of the website where the URL path begins with 'a', 'b', or 'c' as the first directory (e.g., https://example.com/b/about).
        • https?://\w{3,5}.example\.com/.*—This template blocks or allows all child pages of the website where the subdomain consists of a word with 3 to 5 characters (e.g., http://abde.example.com/about).

        Use the expression https? to select both the HTTP and HTTPS protocols. For more details on regular expressions, please refer to the Oracle Technical Support website.

   

   Web Protection section with regular expressions' examples

   • To block user access to all websites, select Block all websites.
5. Click the Save button to save the changes you have made to the policy and exit the policy properties window.

Mobile device settings are configured after the next device synchronization with Kaspersky Security Center.

The help for this version of the solution is no longer updated, so it may contain outdated information. For up-to-date information about the solution refer to the Kaspersky Secure Mobility Management 4.1 Help.

Configuring feature restrictions

You can define these policy settings only for Android devices.

Kaspersky Security Center Web Console enables you to configure user access to the following features of mobile devices:

• Wi-Fi
• Camera
• Bluetooth

By default, the user can use Wi-Fi, camera, and Bluetooth on the device without restrictions.

To configure the Wi-Fi, camera, and Bluetooth usage restrictions on the device:

1. Open the policy properties window:
   • In the main window of Kaspersky Security Center Web Console or Cloud Console, select Devices > Policies & profiles. In the list of group policies that opens, click the name of the policy that you want to configure.
   • In the main window of Kaspersky Security Center Web Console or Cloud Console, select Devices > Mobile > Devices. Click the mobile device that falls under the policy that you want to configure, and then select the policy on the Active policies and policy profiles tab.
2. In the policy properties page, select Application settings > Security controls.
3. In the Feature management section, configure the usage of Wi-Fi, camera, and Bluetooth:
   • To disable the Wi-Fi module on the user's mobile device, select the Prohibit use of Wi-Fi (Android 9 or earlier) check box.

     On devices running Android 10 or later, prohibiting the use of Wi-Fi networks is not supported.

   • To disable the camera on the user's mobile device, select the Prohibit use of camera check box.

     On devices running Android 11 or later, Kaspersky Endpoint Security for Android must be set as an Accessibility feature. Kaspersky Endpoint Security for Android prompts the user to set the app as an Accessibility feature through the Initial Configuration Wizard. The user can skip this step or disable this service in the device settings at a later time. If this is the case, you will not be able to restrict use of the camera.

   • To disable Bluetooth on the user's mobile device, select the Prohibit use of Bluetooth check box.

     On Android 12 or later, the use of Bluetooth can be disabled only if the device user granted the Nearby Bluetooth devices permission. The user can grant this permission during the Initial Configuration Wizard or at a later time.

     On personal devices running Android 13 or later, the use of Bluetooth cannot be disabled.

4. Click the Save button to save the changes you have made to the policy and exit the policy properties window.

Mobile device settings are configured after the next device synchronization with Kaspersky Security Center.

The help for this version of the solution is no longer updated, so it may contain outdated information. For up-to-date information about the solution refer to the Kaspersky Secure Mobility Management 4.1 Help.

Protecting Kaspersky Endpoint Security for Android against removal

For mobile device protection and compliance with corporate security requirements, you can enable protection against the removal of Kaspersky Endpoint Security for Android. In this case, the user cannot remove the app by using the Kaspersky Endpoint Security for Android interface. When removing the app by using the tools of the Android operating system, the user is prompted to disable administrator rights for Kaspersky Endpoint Security for Android. After disabling the rights, the mobile device will be locked.

To enable protection against the removal of Kaspersky Endpoint Security for Android:

1. Open the policy properties window:
   • In the main window of Kaspersky Security Center Web Console or Cloud Console, select Devices > Policies & profiles. In the list of group policies that opens, click the name of the policy that you want to configure.
   • In the main window of Kaspersky Security Center Web Console or Cloud Console, select Devices > Mobile > Devices. Click the mobile device that falls under the policy that you want to configure, and then select the policy on the Active policies and policy profiles tab.
2. In the policy properties page, select Application settings > Security controls.
3. In the Manage app on mobile device section, clear the Allow removal of Kaspersky Endpoint Security for Android from device check box.

   To protect the app from removal on devices running Android 7.0 or later, Kaspersky Endpoint Security for Android must be set as an Accessibility feature. When the Initial Configuration Wizard is running, Kaspersky Endpoint Security for Android prompts the user to grant the application all required permissions. The user can skip these steps or disable these permissions in the device settings at a later time. If this is the case, the app is not protected from removal.

4. Click the Save button to save the changes you have made to the policy and exit the policy properties window.

Mobile device settings are configured after the next device synchronization with Kaspersky Security Center.

If an attempt is made to remove the app, the mobile device will be locked.

The help for this version of the solution is no longer updated, so it may contain outdated information. For up-to-date information about the solution refer to the Kaspersky Secure Mobility Management 4.1 Help.

Configuring synchronization of mobile devices with Kaspersky Security Center

You can define these policy settings for Android and iOS devices.

To manage mobile devices and receive reports or statistics from mobile devices, you must define synchronization settings. Synchronization of mobile devices with Kaspersky Security Center can be performed in the following ways:

• By schedule. Synchronization by schedule is performed by using HTTP. You can configure the synchronization schedule in the policy properties. Modifications to policy settings, commands, and tasks are performed when mobile devices are synchronized with Kaspersky Security Center according to the schedule—that is, with a delay. By default, mobile devices are synchronized with Kaspersky Security Center automatically every six hours.
• Forced (for Android devices). Forced synchronization is performed by using push notifications of the FCM service (Firebase Cloud Messaging). Forced synchronization is primarily intended for timely delivery of commands to a mobile device. It might be useful when a device is in battery saver mode, because in this case the app may perform tasks later than specified. If you want to use forced synchronization, make sure that the FCM settings are configured in Kaspersky Security Center.

To configure mobile device synchronization with Kaspersky Security Center:

1. Open the policy properties window:
   • In the main window of Kaspersky Security Center Web Console or Cloud Console, select Devices > Policies & profiles. In the list of group policies that opens, click the name of the policy that you want to configure.
   • In the main window of Kaspersky Security Center Web Console or Cloud Console, select Devices > Mobile > Devices. Click the mobile device that falls under the policy that you want to configure, and then select the policy on the Active policies and policy profiles tab.
2. In the policy properties page, select Application settings > Synchronization.
3. In the Synchronization with the Administration Server section, use the Synchronization period drop-down list to select the synchronization period.

   By default, synchronization is performed every six hours.

   When the specified synchronization period is very short, the actual synchronization period may be a bit longer due to technical limitations. This is especially true for devices in the battery saver mode. Frequent synchronizations discharge the device battery more quickly.

4. For Android devices, you can disable synchronization when the device is roaming. To do so, select the Do not synchronize while roaming check box.

   By default, synchronization while roaming is enabled.

5. Click the Save button to save the changes you have made to the policy and exit the policy properties window.

Mobile device settings are configured after the next device synchronization with Kaspersky Security Center.

The help for this version of the solution is no longer updated, so it may contain outdated information. For up-to-date information about the solution refer to the Kaspersky Secure Mobility Management 4.1 Help.

Kaspersky Security Network

To protect mobile devices more effectively, Kaspersky Endpoint Security for Android and Kaspersky Security for iOS use data acquired from users around the globe. Kaspersky Security Network is designed to process such data.

Kaspersky Security Network (KSN) is an infrastructure of cloud services providing access to the Kaspersky online knowledge base with information about the reputation of files, web resources, and software. The use of data from Kaspersky Security Network ensures faster responses by Kaspersky applications to threats, improves the performance of some protection components, and reduces the likelihood of false alarms.

Your participation in Kaspersky Security Network helps Kaspersky to acquire real-time information about the types and sources of new threats, develop methods of neutralizing them, and reduce the number of false alarms. Participation in Kaspersky Security Network also lets you access reputation statistics for applications and websites.

When you participate in Kaspersky Security Network, some statistics are acquired while the mobile apps are running and they are automatically sent to Kaspersky. This information makes it possible to keep track of threats in real time. Files or their parts that may be exploited by intruders to harm the computer or user's content can be also sent to Kaspersky for additional examination.

The following app components use the Kaspersky Security Network cloud service:

• The Anti-Malware, Web Protection, and App Control components in the Kaspersky Endpoint Security for Android app.
• The Web Protection component in the Kaspersky Security for iOS app.

To start using KSN, you must accept the terms and conditions of the End User License Agreement.

Refusal to participate in KSN reduces the level of device protection, which may lead to infection of the device and loss of data.

To improve the performance of the mobile app, you can also provide statistical data to Kaspersky Security Network.

Providing the information to Kaspersky Security Network is voluntary.

You can opt out of participating in Kaspersky Security Network at any time.

Updates functionality (including providing anti-malware signature updates and codebase updates), as well as KSN functionality will not be available in the software in the U.S. territory from 12:00 AM Eastern Daylight Time (EDT) on September 10, 2024 in accordance with the restrictive measures.

The help for this version of the solution is no longer updated, so it may contain outdated information. For up-to-date information about the solution refer to the Kaspersky Secure Mobility Management 4.1 Help.

Information exchange with Kaspersky Security Network

Information exchange in Kaspersky Endpoint Security for Android

To improve real-time protection, Kaspersky Endpoint Security for Android uses the Kaspersky Security Network cloud service for operating the following components:

• Anti-Malware. The app obtains access to the Kaspersky online knowledge base regarding the reputation of files and apps. The scan is performed for threats whose information has not yet been added to anti-malware databases but is already available in KSN. Kaspersky Security Network cloud service provides full operation of Anti-Malware and reduces the likelihood of false alarms.
• Web Protection. The app uses data received from KSN to scan websites before they are opened. The app also determines the website category to control internet access to users, based on lists of allowed and blocked categories (for example, the "Internet communication" category).
• App Control. The app determines the app category to restrict the startup of apps that do not meet corporate security requirements, based on lists of allowed and blocked categories (for example, the "Games" category).

Information on the type of data submitted to Kaspersky when using KSN during operation of Anti-Malware and App Control is available in the End User License Agreement. By accepting the terms and conditions of the License Agreement, you agree to transfer this information.

Information on the type of data submitted to Kaspersky when using KSN during operation of Web Protection is available in the Statement regarding data processing for Web Protection. By accepting the terms and conditions of the Statement, you agree to transfer this information.

For more information about data provision to KSN, refer to Data provision in Kaspersky Endpoint Security for Android.

Providing data to KSN is voluntary. If you want, you can disable data exchange with KSN.

Information exchange in Kaspersky Security for iOS

To improve real-time protection, Kaspersky Security for iOS uses the Kaspersky Security Network cloud service for operating the Web Protection component. The app uses data received from KSN to scan web resources before they are opened.

Information on the type of data submitted to Kaspersky when using KSN during operation of Web Protection is available in the End User License Agreement. By accepting the terms and conditions of the License Agreement, you agree to transfer this information.

For more information about data provision to KSN, refer to Data provision in Kaspersky Security for iOS.

Providing data to KSN is voluntary. If you want, you can disable data exchange with KSN.

Sending statistics to KSN from Android and iOS apps

To exchange data with KSN for the purposes of improving the performance of the app, the following conditions must be fulfilled:

• The device user must read and accept the terms of the Kaspersky Security Network Statement.
• You must configure the group policy settings to allow statistics to be sent to KSN.

You can opt out of sending statistic data to Kaspersky Security Network at any time. Information on the type of statistic data submitted to Kaspersky when using KSN during operation of the mobile app is available in the Kaspersky Security Network Statement.

The help for this version of the solution is no longer updated, so it may contain outdated information. For up-to-date information about the solution refer to the Kaspersky Secure Mobility Management 4.1 Help.

Enabling and disabling Kaspersky Security Network

By default, the use of Kaspersky Security Network is enabled.

If the use of Kaspersky Security Network is disabled, Web Protection, App Control, and additional protection in Kaspersky Security Network are disabled automatically and their settings become unavailable.

To enable or disable the use of Kaspersky Security Network:

1. Open the policy properties window:
   • In the main window of Kaspersky Security Center Web Console or Cloud Console, select Devices > Policies & profiles. In the list of group policies that opens, click the name of the policy that you want to configure.
   • In the main window of Kaspersky Security Center Web Console or Cloud Console, select Devices > Mobile > Devices. Click the mobile device that falls under the policy that you want to configure, and then select the policy on the Active policies and policy profiles tab.
2. In the policy properties page, select Application settings > KSN and statistics.
3. To enable or disable the use of Kaspersky Security Network, select or clear the Use Kaspersky Security Network check box.
4. If the use of Kaspersky Security Network is enabled and if you agree to submit data to Kaspersky, select the Allow statistics to be sent to Kaspersky Security Network check box. This data will help the mobile app more quickly respond to threats, improve the performance of protection components, and decrease the likelihood of false alarms.
5. Click the Save button to save the changes you have made to the policy and exit the policy properties window.

Mobile device settings are configured after the next device synchronization with Kaspersky Security Center.

The help for this version of the solution is no longer updated, so it may contain outdated information. For up-to-date information about the solution refer to the Kaspersky Secure Mobility Management 4.1 Help.

Exchanging information with Google Analytics for Firebase, Firebase Performance Monitoring, and Crashlytics

You can define these policy settings only for Android devices.

Kaspersky Endpoint Security for Android exchanges data with the Google Analytics for Firebase, Firebase Performance Monitoring, and Crashlytics services in order to improve the quality, appearance, and performance of Kaspersky software, products, services, and infrastructure by analyzing users' experience, features, status, and device settings used.

Exchanging information with the Google Analytics for Firebase, Firebase Performance Monitoring, and Crashlytics services is disabled by default.

To enable data exchange:

1. Open the policy properties window:
   • In the main window of Kaspersky Security Center Web Console or Cloud Console, select Devices > Policies & profiles. In the list of group policies that opens, click the name of the policy that you want to configure.
   • In the main window of Kaspersky Security Center Web Console or Cloud Console, select Devices > Mobile > Devices. Click the mobile device that falls under the policy that you want to configure, and then select the policy on the Active policies and policy profiles tab.
2. In the policy properties page, select Application settings > KSN and statistics.
3. In the Sending statistics to third-party services section, select the Allow data transfer to help improve the quality, appearance, and performance of the app check box.
4. Click the Save button to save the changes you have made to the policy and exit the policy properties window.

Mobile device settings are configured after the next device synchronization with Kaspersky Security Center.

The help for this version of the solution is no longer updated, so it may contain outdated information. For up-to-date information about the solution refer to the Kaspersky Secure Mobility Management 4.1 Help.

Configuring notifications on mobile devices

You can define these policy settings only for Android devices.

If you do not want the mobile device user to be distracted by Kaspersky Endpoint Security for Android notifications, you can disable certain notifications.

Kaspersky Endpoint Security uses the following tools to display the device protection status:

• Protection status notification. This notification is pinned to the notification bar. A protection status notification cannot be removed. The notification displays the device protection status (for example, ) and number of issues, if any. The device user can tap the device protection status and see the list of issues in the app.
• App notifications. These notifications inform the device user about the application (for example, threat detection).
• Pop-up messages. Pop-up messages require an action from the device user (for example, an action to take when a threat is detected).

All Kaspersky Endpoint Security for Android notifications are enabled by default.

On Android 13, the device user should grant permission to send notifications during the Initial Configuration Wizard or later.

An Android device user can disable all notifications from Kaspersky Endpoint Security for Android in the settings on the notification bar. If notifications are disabled, the user does not monitor the operation of the app and can ignore important information (for example, information about failures during device synchronization with Kaspersky Security Center). In this case, to find out the app operating status, the user must open Kaspersky Endpoint Security for Android.

To configure the display of notifications about the operation of Kaspersky Endpoint Security for Android on a mobile device:

1. Open the policy properties window:
   • In the main window of Kaspersky Security Center Web Console or Cloud Console, select Devices > Policies & profiles. In the list of group policies that opens, click the name of the policy that you want to configure.
   • In the main window of Kaspersky Security Center Web Console or Cloud Console, select Devices > Mobile > Devices. Click the mobile device that falls under the policy that you want to configure, and then select the policy on the Active policies and policy profiles tab.
2. In the policy properties page, select Application settings > Notifications and reports.
3. In the Notifications section, configure the display of notifications:
   • To hide all notifications and pop-up messages, disable the Display notifications when Kaspersky Endpoint Security is in the background toggle button.

     Kaspersky Endpoint Security for Android will display the protection status notification only. The notification displays the device protection status (for example, ) and number of issues. The app also displays notifications when the user is working with the app (for example, the user updates anti-malware databases manually).

     Kaspersky experts recommend that you enable notifications and pop-up messages. If you disable notifications and pop-up messages when the app is in background mode, the app will not warn users about threats in real time. Mobile device users can learn about the device protection status only when they open the app.

   • In List of security issues displayed on users' devices, select the Kaspersky Endpoint Security for Android issues that you want to be displayed on the user's mobile device.
4. Click the Save button to save the changes you have made to the policy and exit the policy properties window.

Mobile device settings are configured after the next device synchronization with Kaspersky Security Center.

The help for this version of the solution is no longer updated, so it may contain outdated information. For up-to-date information about the solution refer to the Kaspersky Secure Mobility Management 4.1 Help.

Detecting device hacks

Kaspersky Security Center Web Console enables you to detect device hacks (root) on Android devices and jailbreaks on iOS devices. System files are unprotected on a hacked device and can therefore be modified. Moreover, third-party apps from unknown sources could be installed on hacked devices. Upon detection of a hack attempt, we recommend that you immediately restore normal operation of the device.

Kaspersky Endpoint Security for Android uses the following services to detect when a user obtains root privileges:

• Embedded service of Kaspersky Endpoint Security for Android. A Kaspersky service that checks whether a mobile device user has obtained root privileges (Kaspersky Mobile Security SDK).

Kaspersky Security for iOS uses the following service to detect a jailbreak:

• Embedded service of Kaspersky Security for iOS. A Kaspersky service that checks whether a mobile device is jailbroken (Kaspersky Mobile Security SDK).

If the device is hacked, you receive a notification. You can view hacking notifications in Kaspersky Security Center Web Console on the Monitoring & reporting > Dashboard tab. You can also disable notifications about hacks in the event notification settings.

On Android devices, you can impose restrictions on the user's activity if the device is hacked (for example, lock the device). You can impose restrictions by using the Compliance Control component. To do this, create a compliance rule with the Device has been rooted criterion.

The help for this version of the solution is no longer updated, so it may contain outdated information. For up-to-date information about the solution refer to the Kaspersky Secure Mobility Management 4.1 Help.

Defining licensing settings

You can define these policy settings for Android and iOS devices.

To manage mobile devices in Kaspersky Security Center Web Console or Cloud Console, you must activate the mobile app on the mobile devices. Activating the Kaspersky Endpoint Security for Android app or the Kaspersky Security for iOS app on a mobile device is done by providing valid license information to the app. License information is delivered to the mobile device, together with the policy, when the device is synchronized with Kaspersky Security Center.

If the activation of the mobile app is not completed within 30 days from the time of installation on the mobile device, the app is automatically switched to the limited functionality mode. In this mode, most of the app components are not operational. When switched to the limited functionality mode, the app stops performing automatic synchronization with Kaspersky Security Center. Therefore, if the activation of the app has not been completed within 30 days after the installation, the user must synchronize the device with Kaspersky Security Center manually.

To define licensing settings of a group policy:

1. Open the policy properties window:
   • In the main window of Kaspersky Security Center Web Console or Cloud Console, select Devices > Policies & profiles. In the list of group policies that opens, click the name of the policy that you want to configure.
   • In the main window of Kaspersky Security Center Web Console or Cloud Console, select Devices > Mobile > Devices. Click the mobile device that falls under the policy that you want to configure, and then select the policy on the Active policies and policy profiles tab.
2. In the policy properties page, select Application settings > Licenses.
3. Use the drop-down list to select the required license key from the key storage of the Administration Server.

   The details of the license key are displayed in the fields below.

   You can replace the existing activation key on the mobile device if it is different from the one selected in the drop-down list above. To do so, select the If the key on device is different, replace with this key check box.

4. Click the Save button to save the changes you have made to the policy and exit the policy properties window.

Mobile device settings are configured after the next device synchronization with Kaspersky Security Center.

The help for this version of the solution is no longer updated, so it may contain outdated information. For up-to-date information about the solution refer to the Kaspersky Secure Mobility Management 4.1 Help.

Configuring events

You can define these policy settings for Android and iOS devices.

You can define the storage and notification settings of events that occur on your users' devices and that are sent to Kaspersky Security Center.

You can configure events only when modifying a policy.

Events are distributed by importance level on the following tabs:

• Critical

  A critical event indicates a problem that may lead to data loss, an operational malfunction, or a critical error.

• Functional failure

  A functional failure indicates a serious problem, error, or malfunction that occurred during the operation of the app.

• Warning

  A warning is not necessarily serious, but nevertheless indicates a potential future problem.

• Info

  An informational event notifies about the successful completion of an operation or a procedure, or of the proper functioning of the app.

In each section, the list shows the types of events and the default event storage term in Kaspersky Security Center (in days).

From the list of events, you can do the following:

• Add or remove an event type from the list of event types that are sent to Kaspersky Security Center.
• Define the storage and notification settings for each event type, for example: how long events of this type must be stored in the Administration Server database or whether you will be notified about events of this type by email.

For more details on configuring events in Kaspersky Security Center Web Console and Cloud Console:

• If you use Kaspersky Security Center Web Console, please refer to Kaspersky Security Center Help.
• If you use Kaspersky Security Center Cloud Console, please refer to Kaspersky Security Center Cloud Console Help.

The help for this version of the solution is no longer updated, so it may contain outdated information. For up-to-date information about the solution refer to the Kaspersky Secure Mobility Management 4.1 Help.

Configuring events about the installation, update, and removal of apps on users' devices

You can define these policy settings for Android and iOS devices.

If you use Kaspersky Security Center Cloud Console, the list of types of events that occur on your users' devices, and that are sent to Kaspersky Security Center, does not include the installation, update, and removal of apps on the devices. This is because such events occur often and these events may replace other important events in the Kaspersky Security Center database when the events count limit is reached. They may also affect the performance of Administration Server or the DBMS, and the bandwidth of the internet connection with Kaspersky Security Center Cloud Console.

If you nevertheless want to store events of this type and be notified about them, proceed as described in this section.

To configure events about the installation, update, and removal of apps on users' devices:

1. In the settings of a policy, on the Event configuration tab, add the An app has been installed or removed (list of installed apps) informational event type to the list of events that are stored in the Administration Server database.

   For more details on configuring events, please refer to Kaspersky Security Center Cloud Console Help.

2. Enable the Send a list of installed apps on all mobile devices option.

Events about the installation, update, and removal of apps on users' devices are stored in the Kaspersky Security Center database. You are notified about these events.