Creating a policy

Kaspersky Security Center Web Console lets you create policies to configure the security settings of a group of Android, iOS, and Aurora mobile devices. The values of security settings configured in policies are saved on the Administration Server, distributed to mobile devices during synchronization, and saved to devices as current settings.

You can create policies using the Mobile policy wizard.

To create a policy:

1. In the main window of Kaspersky Security Center Web Console, select Assets (Devices) → Policies & profiles.
2. In the list of policies that opens, click Current path to select the administration group for which you want to create a policy.

   By default, the new policy is applied to the Managed devices group.

3. Click Add to start the Mobile policy wizard.
4. In the Select application window, select the Kaspersky Mobile Devices Protection and Management option, and then click Next.

   The Mobile policy wizard starts. Click Start, and then proceed through the wizard using the Back and Next buttons.

Step 1. License

At this step, choose a license.

The license you choose determines the security settings that you can configure in a policy. By default, the license that supports the Kaspersky Secure Mobility Management functionality is pre-selected. You can choose a different license manually.

Step 2. Operating systems and device operating modes

At this step, choose the operating systems the policy will apply to and specify the device operating modes.

• Android
  • Personal device (basic protection and management of a personal Android device).
  • Device with corporate container (isolated corporate environment on an Android device).
  • Corporate device (an extended set of settings for managing a corporate Android device).

    For detailed information, refer to the About Android device operating modes section.

• iOS
  • Basic protection (protection against web threats and jailbreak detection on iOS devices).
  • Basic control (basic management of a personal iOS device).
  • Supervised (an extended set of settings for managing an iOS device).

    For detailed information, refer to the About iOS device operating modes section.

    To connect and manage iOS devices in basic control and supervised operating modes, you must have an iOS MDM Server installed in the selected administration group. For detailed information on installing iOS MDM Server, refer to the Deploying iOS MDM Server section.

• Aurora
  • Protection (protection of Aurora devices against threats).

    To connect Aurora devices, you need to have Kaspersky Endpoint Security for Aurora pre-installed on the devices that will connect.

In the New policy window:

1. In the Name field, type the name of the new policy. If you specify the name of an existing policy, it will have (1) added at the end automatically.
2. In the Policy status block of settings, select the status of the policy:
   • Active. The wizard saves the created policy on the Administration Server. At the next synchronization of mobile devices with the Administration Server, the policy will be used on devices as an active policy.
   • Inactive. The wizard saves the created policy on the Administration Server as a backup policy. This policy can be activated in the future after a specific event. If necessary, an inactive policy can be switched to an active state.

     Several policies can be created for one application in the group, but only one of them can be active. When a new active policy is created, the previous active policy automatically becomes inactive.

3. On the General tab of the Settings inheritance block of settings, select the inheritance options:
   • Inherit settings from parent policy

     If you enable this option in a child policy and an administrator locks some settings in the parent policy, then you cannot change these settings in the child policy.

     If you disable this option in a child policy, then you can change all the settings in the child policy, even if some settings are locked in the parent policy.

   • Force inheritance of settings in child policies

     If you enable this option in a parent policy, this enables the Inherit settings from parent policy option for each child policy. In this case, you cannot disable this option for any child policy. All the settings that are locked in the parent policy are forcibly inherited in the child groups and you cannot change these settings in the child groups.

   By default, the Inherit settings from parent policy option is enabled and the Force inheritance of settings in child policies option is disabled.

   Inheritance of policy settings works only if either identical device operating modes are selected for the parent and child policy or device operating modes selected for the child policy provide more security settings. For example, a child policy for Android devices with a corporate container can inherit settings from a parent policy for personal devices but cannot inherit settings from a parent policy for corporate devices.
   If you create a child policy that is incompatible with the parent policy, you must delete it and create a new child policy to manage devices.

4. Click Save.

The new policy for mobile devices is created.

Page top