Kaspersky Secure Mobility Management
6.0
English

Contents

Connecting Android devices to a Wi-Fi network

Expand all | Collapse all

For an Android device to automatically connect to an available Wi-Fi network and protect data during the connection, you must configure the connection settings.

To connect a mobile device to a Wi-Fi network:

  1. In the main window of Kaspersky Security Center Web Console, select Assets (Devices)Policies & profiles. In the list of group policies that opens, click the name of the policy that you want to configure.
  2. In the policy properties window, select Application settings.
  3. Select Android and go to the Device configuration section.
  4. On the Wi-Fi card, click Settings.

    The Wi-Fi window opens.

  5. Enable the settings using the Wi-Fi toggle switch.
  6. Click Add.

    The Add Wi-Fi network window opens.

  7. In the Service set identifier (SSID) field, enter the name of the Wi-Fi network that includes the access point (SSID).
  8. Select the Connect automatically check box if you want Android devices to automatically connect to the Wi-Fi network.
  9. Select the Hidden network check box if you want the Wi-Fi network to be hidden in the list of available networks on the device.

    In this case, to connect to the network the user needs to manually enter the service set identifier (SSID) specified in the settings of the Wi-Fi router on the mobile device.

  10. In the Protection section, select the type of Wi-Fi network security (open network or secure network protected with the WEP, WPA2 PSK, or 802.1.x EAP protocol).

    The 802.1.x EAP security protocol is supported only in Kaspersky Endpoint Security for Android 10.48.1.1 or later. The WEP protocol is supported only on Android 9 or earlier.

  11. If you selected the 802.1.x EAP security protocol, specify the following network protection settings:
    • EAP method

      Specifies an Extensible Authentication Protocol (EAP) method for network authentication. Possible values:

      • TLS (default)
      • PEAP
      • TTLS
    • Method for uploading root certificate

      Specifies the way you want to upload a root certificate. Possible values:

      • From the list of root certificates – Lets you select any available certificate from the drop-down list.
      • From file – Lets you upload a certificate file from your computer.
    • Root certificate

      Specifies the root certificate to be used by the Wi-Fi network.

    • User certificate

      Specifies the user certificate to be used by the Wi-Fi network if the TLS EAP method is selected.

      The following values are available in the drop-down list:

      • Not selected – The user certificate is not specified.
      • User certificates – The VPN certificates that were added in the Certificates section and installed on the user device. If you choose this option, but no VPN certificate is installed on the device, the user certificate is not used for this Wi-Fi network.
      • SCEP profiles – SCEP certificate profiles configured in the SCEP and NDES settings and used to obtain certificates.
    • Domain name

      Specifies the constraint for the server domain name.

      If set, this Fully Qualified Domain Name (FQDN) is used as a suffix match requirement for the root certificate in SubjectAltName dNSName element(s). If a matching dNSName is found, this constraint is met.

      You can specify multiple match strings using semicolons to separate the strings. A match with any of the values is considered a sufficient match for the certificate (i.e., the OR operator is used).

      If you specify *, any root certificate is considered valid. This value is specified by default.

    • Two-factor authentication type

      Specifies a two-factor authentication type. Possible values:

      • Not selected (default)
      • MSCHAP
      • MSCHAPV2
      • GTC
    • User ID

      Specifies a user ID to be used to connect to the Wi-Fi network.

    • Anonymous ID

      Specifies an anonymous identity that is different from the user identity and is used if the PEAP or TTLS method of network authentication is selected.

    • Password

      Specifies a password for accessing the wireless network. The password will be sent in a QR code.

      Do not send a password for a confidential Wi-Fi network that should not be publicly available. The password is transmitted unencrypted along with other data to configure the device.

  12. In the Password field, set a network access password if you selected a secure network at step 9.
  13. On the Additional tab, select the Use a proxy server check box if you want to use a proxy server to connect to the Wi-Fi network.
  14. If you selected Use a proxy server, in the Proxy server address and Proxy server port fields, enter the IP address or DNS name of the proxy server and port number, if necessary.

    On devices running Android 8 or later, proxy server settings for Wi-Fi cannot be redefined with a policy. However, you can manually configure the proxy server settings for a Wi-Fi network on the mobile device.

    If you are not using a proxy server to connect to a Wi-Fi network, there are no limitations on using policies to manage a Wi-Fi network connection.

  15. In the Do not use proxy server for the specified addresses field, add web addresses that can be accessed without the use of the proxy server.

    For example, you can enter the address example.com. In this case, the proxy server will not be used for the addresses pictures.example.com, example.com/movies, etc. The protocol (for example, http://) can be omitted.

    On devices running Android 8 or later, excluding web addresses from the proxy server does not work.

  16. Click Add.

    The added Wi-Fi network is displayed in the list of Wi-Fi networks.

    This list contains the names of suggested wireless networks.

    On personal devices running Android 10 or later, the operating system prompts the user to connect to such networks. Suggested networks don't appear in the saved networks list on these devices.

    On corporate devices and personal devices running Android 9 or earlier, after synchronizing the device with the Administration Server, the device user can select a suggested wireless network in the saved networks list and connect to it without having to specify any network settings.

    You can modify or delete Wi-Fi networks in the list of networks using the Edit and Delete buttons at the top of the list.

  17. Click OK.
  18. Click Save to save the changes you have made.

Mobile device settings are changed after the next device synchronization with Kaspersky Security Center.

On devices running Android 10 or later, if a user refuses to connect to the suggested Wi-Fi network, the app's permission to change Wi-Fi state is revoked. The user must grant this permission manually.

Page top
[Topic 274806]