Managing app configurations
This section provides instructions on how to manage settings and edit configurations of the apps installed on your users' devices.
Page top
[Topic 274789]
Managing Google Chrome settings
Expand all | Collapse all
These settings apply to corporate devices and devices with a corporate container.
To configure Google Chrome settings:
- In the main window of Kaspersky Security Center Web Console, select Assets (Devices) → Policies & profiles. In the list of group policies that opens, click the name of the policy that you want to configure.
- In the policy properties window, select Application settings.
- Select Android and go to the App configuration section.
- On the Google Chrome settings card, click Settings.
The Google Chrome settings window opens.
- Enable the settings using the Google Chrome settings toggle switch.
The toggle switch in this card does not enable or disable the corresponding functionality on devices. Enabling the toggle switch lets you configure custom settings. Disabling the toggle switch lets you use default settings.
- Configure the required settings.
- Click OK.
- Click Save to save the changes you have made.
Mobile device settings are changed after the next device synchronization with Kaspersky Security Center.
Manage content settings
On the Content tab, you can manage the following settings:
- In the Cookies section:
- Default mode
Default cookie settings.
Available options:
- Allow all websites to save local data (default)
- Prohibit all websites from saving local data
- Configure settings for selected websites
- Do not configure cookie settings
- Exceptions
Exceptions from the websites that are prohibited from or allowed to save local data.
For more information on URL patterns, see the Chrome enterprise documentation.
- Websites
- In the JavaScript section:
- Default mode
Default JavaScript settings.
Available options:
- Allow JavaScript on all websites (default)
- Prohibit JavaScript on all websites
- Exceptions
Exceptions from the websites that are prohibited from or allowed to use JavaScript.
For more information on URL patterns, see the Chrome enterprise documentation.
- In the Pop-ups section:
- Default mode
Default pop-up setting.
Available options:
- Allow pop-ups on all websites. Lets all sites open pop-up windows. This value is selected by default.
- Prohibit pop-ups on all websites. Prohibits all sites from opening pop-up windows.
Only pop-ups included into the Google abusive pop-ups database will be blocked.
- Exceptions
Exceptions from the websites that are prohibited from or allowed to display pop-up windows.
- In the Location tracking section:
- Default mode
The default geographic location settings.
Available options:
- Allow all websites to track user's location
- Prohibit all websites from tracking user's location
- Ask whenever website wants to track user's location (default)
Manage proxy settings
On the Proxy tab, you can manage the following settings:
- Default mode
Proxy settings for Google Chrome and ARC-apps.
Available options:
- Never use proxy. Prohibits use of proxies and all other proxy settings are ignored.
- Detect proxy settings automatically. Detects proxy settings automatically and all other options are ignored.
- Use PAC file. Uses the proxy PAC file specified in the PAC file URL field.
- Use fixed proxy servers. Uses the data specified in the Proxy server URL field and Exceptions list.
- Use system proxy settings. Uses the system proxy settings. This option is selected by default.
- PAC file URL
A URL to a proxy PAC file.
- Proxy server URL
A URL of the proxy server.
- Exceptions
A list of hosts for which the proxy will be bypassed.
Manage search settings
On the Search tab, you can manage the following settings:
- In the Touch to Search section:
- Enable Touch to Search
Selecting or clearing this check box specifies whether the device user is allowed to use Touch to Search and turn the feature on or off.
This check box is selected by default.
- In the Search provider section:
- Operating mode
This option lets you determine whether to configure a search provider that will be used on user devices.
If you select Enable default search provider, you can specify search provider settings.
- Search provider name
The default search provider name.
- Search URL
The URL of the search engine used during default searches.
- Suggest URL
The URL of the search engine to provide search suggestions.
- Icon URL
The URL of the default search provider's favicon.
- Encodings
Character encodings supported by the search provider. The supported encodings are:
- UTF-8
- UTF-16
- GB2312
- ISO-8859-1
- Alternate URLs
A list of alternate URLs to retrieve search terms from the search engine.
- Image search URL
The URL of the search engine used for image search.
- New tab URL
The URL of the search engine used to provide a New Tab page.
- Parameters for search URL that uses POST
URL parameters when searching a URL with the POST method. The parameters are comma-separated key-value pairs. If a value is a template parameter, for example, '{searchTerms}', it is replaced with real search terms. For example:
q={searchTerms},ie=utf-8,oe=utf-8
- Parameters for suggest URL that uses POST
URL parameters for search suggestions using the POST method. The parameters are comma-separated key-value pairs. If a value is a template parameter, for example, '{searchTerms}', it is replaced with real search terms. For example:
q={searchTerms},ie=utf-8,oe=utf-8
- Parameters for image URL that uses POST
URL parameters for image search using the POST method. The parameters are comma-separated key-value pairs. If a value is a template parameter, for example, '{imageThumbnail}', it is replaced with the real image thumbnail. For example:
content={imageThumbnail},url={imageURL},sbisrc={SearchSource}
Manage security settings
On the Security tab, you can manage the following settings:
- In the Google Safe Browsing and SafeSearch section:
- Safe Browsing operating mode
Google Safe Browsing protection level.
Available options:
- No protection. Disables Google Safe Browsing completely.
- Standard protection. Makes Google Safe Browsing always enabled in standard protection mode. This option is selected by default.
- Enhanced protection. Makes Google Safe Browsing always enabled in enhanced protection mode, but device user browsing experience data will be sent to Google.
- Force SafeSearch
Selecting or clearing this check box specifies whether Google Search queries will be performed via Google SafeSearch.
This check box is cleared by default.
- Disable proceeding from the Safe Browsing warning page
Selecting or clearing this check box specifies whether the device user is allowed to proceed to the flagged site on Google Safe Browsing warnings, such as malware and phishing. The restriction does not apply to issues related to an SSL certificate, such as invalid or expired certificates.
This check box is cleared by default.
- In the Blocked websites section:
- Block access to these websites
A list of forbidden URLs. You can also set URL patterns, for example: [*.]example.com.
- Exceptions
A list of URLs that are exceptions to the list specified in Block access to these websites. You can also set URL patterns, for example: [*.]example.com.
- In the Passwords and autofill section:
- Enable saving passwords
Selecting or clearing the check box specifies whether Google Chrome will remember the passwords the device user enters and also offer them the next time the device user signs in.
This check box is selected by default.
- Enable autofill for addresses
Autofill settings for addresses.
If the check box is selected, the device user is allowed to manage autofill for addresses in the user interface.
If the check box is cleared, autofill never suggests or fills in address information, nor does it save additional address information that the device user submits while browsing the web.
This check box is selected by default.
- Enable autofill for bank cards
Autofill settings for bank cards.
If the check box is selected, the device user is allowed to manage autofill suggestions for bank cards in the user interface.
If the check box is cleared, autofill never suggests or fills in bank card information, nor does it save additional bank card information that the device user submits while browsing the web.
This check box is selected by default.
- In the Network section:
- Minimum TLS version
Minimum allowed TLS version.
Available options:
- TLS 1.0 (default)
- TLS 1.1
- TLS 1.2
- Enable network prediction
Selecting or clearing this check box specifies whether Google Chrome will predict such network actions as DNS prefetching, TCP and SSL preconnection and prerendering of webpages.
If the check box is cleared, network prediction is disabled, but the device user can enable it.
This check box is selected by default.
Manage additional settings
On the Additional settings tab, you can manage the following settings:
- In the Bookmarks section:
- Managed bookmarks
An admin-managed list of bookmarks. The list is a dictionary with name and url keys. In other words, the key holds a bookmark's name and target. You can also set up a subfolder with a children key, which also has a list of bookmarks.
By default, the folder name for managed bookmarks is "Managed bookmarks". You can change it by adding a new sub-dictionary. To do this, specify the toplevel_name key with the required folder name as its value.
If you enter an incomplete URL as a bookmark's target, Google Chrome will substitute it with a URL as if it was submitted through the address bar. For example, kaspersky.com becomes https://www.kaspersky.com.
For example:
"ManagedBookmarks": [{
//Changes the default folder name
"toplevel_name": "My managed bookmarks folder"
},
{
//Adds a bookmark to the managed bookmarks folder
"name": "Kaspersky",
"url": "kaspersky.com"
},
{
"name": "Kaspersky products",
"children": [{
"name": "Kaspersky Endpoint Security",
"url": "kaspersky.com/enterprise-security/endpoint"
},
{
"name": "Kaspersky Security for Mail Server",
"url": "kaspersky.com/enterprise-security/mail-server-security"
}
]
}
]
- Enable bookmark editing
Selecting or clearing this check box specifies whether the device user is allowed to add, remove, or modify bookmarks.
This check box is selected by default.
- In the History and Incognito mode section:
- Availability of Incognito mode
Specifies whether the device user can enable Incognito mode in Google Chrome.
Available options:
- Incognito mode is available (default)
- Incognito mode is disabled
- Disable saving browser history
Selecting or clearing this check box specifies whether browsing history is saved and tab syncing is on.
This check box is cleared by default.
- In the Other section:
- Restricted Mode for YouTube
Minimum required Restricted Mode level for YouTube.
Available options:
- Do not enforce Restricted Mode. Specifies that Google Chrome does not force Restricted Mode. However, external policies might still enforce Restricted Mode. This option is selected by default.
- Enforce at least Moderate Restricted Mode. Lets a device user enable the Moderate Restricted Mode on YouTube.
- Enforce Strict Restricted Mode. Makes Strict Restricted Mode on YouTube always active.
- Google Translate operating mode
Translation functionality.
Available options:
- Always offer translation. Shows the integrated translation notification and a translate option at the top of the screen.
- Never offer translation. Disables all built-in translation functionality.
- Prompt the user for action. Lets the user decide whether to use translation functionality. This option is selected by default.
- Enable alternate error pages
Selecting the check box specifies whether Google Chrome is allowed to use built-in error pages, such as "Page not found".
This check box is cleared by default.
- Enable printing
Selecting or clearing this check box specifies whether the device user is allowed to print in Google Chrome.
This check box is selected by default.
- Enable search suggestions
Selecting or clearing this check box specifies whether search suggestions are enabled in Google Chrome's address bar.
This check box is selected by default.
Page top
[Topic 274811]
Managing Exchange ActiveSync for Gmail
Expand all | Collapse all
These settings apply to corporate devices and devices with a corporate container.
The Exchange ActiveSync settings let you manage Exchange ActiveSync for the Gmail app.
To configure Exchange ActiveSync settings:
- In the main window of Kaspersky Security Center Web Console, select Assets (Devices) → Policies & profiles. In the list of group policies that opens, click the name of the policy that you want to configure.
- In the policy properties window, select Application settings.
- Select Android and go to the App configuration section.
- On the Exchange ActiveSync card, click Settings.
The Exchange ActiveSync window opens.
- Enable the settings using the Exchange ActiveSync toggle switch.
- Specify the Exchange ActiveSync settings:
- On the General tab, specify the following settings:
- Exchange ActiveSync server address
The Exchange ActiveSync email server URL. You don't need to use http:// or https:// in front of the URL.
- Settings in the User credentials section:
- Device ID
A string used by a Kaspersky Security Center proxy or a third-party gateway to identify the device and connect it to Exchange ActiveSync. You can either enter a value or select a macro by clicking the 
button.
- User name
The user name that will be used to pull the user name from Microsoft Active Directory. It might be different from the user's email address. You can either enter a value or select a macro by clicking the button.
- Email address
The email address that will be used to pull the user's email address from Microsoft Active Directory. You can either enter a value or select a macro by clicking the button.
- Settings in the Authentication section:
- Authentication type
The authentication type used to verify a device user's email credential. Possible values:
- Modern token-based authentication. Uses a token-based identity management method. This value is selected by default.
- Basic authentication. Prompts the device user for their password and stores it for future use.
- Authentication certificate
The authentication certificate used to verify user identity, simplify user authentication, and ensure data security.
The following values are available in the drop-down list:
- Not selected. The authentication certificate is not specified.
- User certificates. The list of Mail certificates configured in the Assets (Devices) → Mobile → Certificates section.
- SCEP profiles. The list of SCEP certificate profiles configured in the SCEP and NDES card of the Device configuration section of the policy and used to obtain certificates.
- On the Additional tab, specify the following settings:
- Settings in the Email synchronization section:
- Synchronization period
The default time interval for synchronization of mail items between Exchange ActiveSync servers and Gmail. Possible values:
- 1 day
- 3 days
- 1 week (default)
- 2 weeks
- 1 month
- Settings in the Restrictions section:
- Use SSL connection
Selecting or clearing this check box specifies whether communication to the server port specified in the Exchange ActiveSync server address field will use the SSL protocol.
This check box is selected by default.
- Disable SSL certificate verification
Selecting or clearing this check box specifies whether validation checks on SSL certificates used on Exchange ActiveSync servers will be performed. Performing a check is useful if certificates are self-signed.
This check box is cleared by default.
- Allow unmanaged accounts
Selecting or clearing the check box specifies whether the device user is allowed to add other accounts to the Gmail app.
This check box is selected by default.
- Settings in the Signature section:
- Click OK.
- Click Save to save the changes you have made.
Mobile device settings are changed after the next device synchronization with Kaspersky Security Center.
Page top
[Topic 274812]
Configuring other apps
Expand all | Collapse all
These settings apply to corporate devices and devices with a corporate container.
The Configure other apps settings let you configure installed apps that support configurations.
To add app configurations:
- In the main window of Kaspersky Security Center Web Console, select Assets (Devices) → Policies & profiles. In the list of group policies that opens, click the name of the policy that you want to configure.
- In the policy properties window, select Application settings.
- Select Android and go to the App configuration section.
- On the Configure other apps card, click Settings.
The Configure other apps window opens.
- Enable the settings using the Configure other apps toggle switch.
- Click Add.
The Add app configuration window opens.
- In the Method for adding configuration drop-down list, select how to add configuration:
- App package uploaded by administrator
When adding an app configuration by using an APK file from your computer, you must select a file saved on your computer.
After that, you can view the description for each setting of the configuration. These descriptions are part of the configuration file.
Configuration keys uploaded from the app package cannot be deleted. If you want to add a new setting to the uploaded configuration, click the Add setting button.
- Kaspersky Security Center installation package
When adding an app configuration using an installation package from Kaspersky Security Center, you need to select the app from a list of mobile app packages.
After that, you can view the description for each setting of the configuration. These descriptions are part of the configuration file.
Settings of configurations added using installation packages cannot be deleted.
- Manual configuration
When this method is selected, click the Add setting button to add a new setting to the configuration.
- In the Configuration data section, specify the following settings:
- App name
Name of the app to which the configuration is to be applied.
When importing a configuration from an APK file or an installation package, the value is inserted automatically.
- Package name
Name of the package to which the configuration is to be applied.
How to get the package name of an app
To get the name of an app package:
- Open Google Play.
- Find the app and open its page.
The app's URL ends with its package name (for example, https://play.google.com/store/apps/details?id=com.android.chrome).
To get the name of an app package that has been added to Kaspersky Security Center:
- In the main window of Kaspersky Security Center Web Console, select Assets (Devices) → Mobile → Apps & files.
- Select Android → Apps.
In the list of apps that opens, app identifiers are displayed in the Package name column.
When importing a configuration from an APK file or an installation package, the value is inserted automatically.
You can add only one configuration for each package name.
- Version
Version of the app, that the created configuration will be based on.
When importing a configuration from an APK file or installation package, the value is inserted automatically.
- Comment
An example of configured basic parameters for the Microsoft Outlook app.
Microsoft Outlook app configuration
Configuration key
|
Description
|
Type
|
Value
|
Default value
|
com.microsoft.outlook.EmailProfile.EmailAccountName
|
Username
|
String
|
The username that will be used to pull the username from Microsoft Active Directory. It might be different from the user's email address. You can either enter a value or select a macro by clicking the button. For example, User.
|
|
com.microsoft.outlook.EmailProfile.EmailAddress
|
Email address
|
String
|
The email address that will be used to pull the user's email address from Microsoft Active Directory. You can either enter a value or select a macro by clicking the button. For example, user@companyname.com.
|
|
com.microsoft.outlook.EmailProfile.EmailUPN
|
User Principal Name or username for the email profile that is used to authenticate the account
|
String
|
The name of the user in email address format. For example, userupn@companyname.com.
|
|
com.microsoft.outlook.EmailProfile.ServerAuthentication
|
Authentication method
|
String
|
Username and Password – Prompts the device user for their password.
Certificates – Certificate-based authentication.
|
Username and Password
|
com.microsoft.outlook.EmailProfile.ServerHostName
|
ActiveSync FQDN
|
String
|
The Exchange ActiveSync email server URL. You don't need to use http:// or https:// in front of the URL. For example, mail.companyname.com.
|
|
com.microsoft.outlook.EmailProfile.AccountDomain
|
Email domain
|
String
|
The account domain of the user. You can either enter a value or select a macro by clicking the button. For example, companyname.
|
|
com.microsoft.outlook.EmailProfile.AccountType
|
Authentication type
|
String
|
ModernAuth – Uses a token-based identity management method. Specify ModernAuth as the Account Type for Exchange Online.
BasicAuth – Prompts the device user for their password. Specify BasicAuth as the Account Type for Exchange On-Premises.
|
BasicAuth
|
- Click the Add setting button to add a block of the app configuration settings. You can add several blocks of settings.
Specify the following parameters for each block of settings of the configuration:
- Key
Cannot be left blank. The value of this parameter is filled in manually.
- Type
Cannot be left blank. The value of this parameter is selected from a drop-down list.
The following types are available:
- String. A sequence of characters, digits, or symbols, always treated as text.
- Bool. True or false.
- Integer. A numeric data type for numbers without fractions.
- Bundle. A set of fields of any type, except for Bundle or BundleArray.
- BundleArray. A set of Bundles.
- Value
An optional parameter, whose value depends on the setting type.
For some types of settings, additional parameters can be configured. For example:
- You can add macros for a String.
- You can add a field to a Bundle.
- You can add a Bundle to a BundleArray.
It is also possible to edit a setting to be added to a BundleArray by clicking the Configure Bundle button and configuring the setting's parameters.
For information about configuring rules, please refer to the official documentation for the app to be configured.
- Click Add.
The configuration appears in the list of app configurations.
You can modify or delete app configurations in the list using the Edit and Delete buttons at the top of the list.
- Click OK.
- Click Save to save the changes you have made.
The app configuration is applied.
Some apps may not notify Kaspersky Endpoint Security for Android that the app configuration has been applied.
When configuring some apps, certificates installed on devices via Kaspersky Security Center can be used. In this case, you must specify a certificate alias in the app configuration:
VpnCert for VPN certificates.MailCert for mail certificates.SCEP_profile_name for certificates received using SCEP.
Page top
[Topic 274813]