- Kaspersky Secure Mobility Management help
- What's new
- Working in MMC-based Administration Console
- Key use cases
- About Kaspersky Secure Mobility Management
- Distribution kit
- About Kaspersky Endpoint Security for Android app
- About Kaspersky Device Management for iOS
- About the Kaspersky Endpoint Security for Android Administration Plug-in
- About the Kaspersky Device Management for iOS Administration Plug-in
- Hardware and software requirements
- Known issues and considerations
- Deployment
- Solution architecture
- Deployment scenarios for Kaspersky Endpoint Security for Android
- Deployment scenarios for iOS MDM profile
- Preparing the Administration Console for deployment of the integrated solution
- Configuring Administration Server settings for connection of mobile devices
- Configuring a connection gateway to connect mobile devices to Kaspersky Security Center Administration Server
- Displaying the Mobile Device Management folder in the Administration Console
- Creating an administration group
- Creating a rule for device automatic allocating to administration groups
- Working with certificates of mobile devices
- Deploying mobile device management systems
- Scenario: Mobile Device Management deployment
- Enabling Mobile Device Management
- Deploying a management system using the iOS MDM protocol
- iOS MDM Server deployment scenarios
- Simplified deployment scheme
- Deployment scheme involving Kerberos constrained delegation (KCD)
- Enabling support of Kerberos Constrained Delegation
- Installing iOS MDM Server
- Receiving an APNs certificate
- Renewing an APNs certificate
- Configuring a reserve iOS MDM Server certificate
- Installing an APNs certificate on an iOS MDM Server
- Configuring access to Apple Push Notification service
- Connecting KES devices to the Administration Server
- Disabling Mobile Device Management
- Installing Kaspersky Endpoint Security for Android
- Permissions
- Installation of Kaspersky Endpoint Security for Android on personal devices
- Installation of Kaspersky Endpoint Security for Android in device owner mode
- Installation of Kaspersky Endpoint Security for Android in device owner mode in a closed network
- Other methods of installation of Kaspersky Endpoint Security for Android
- Configuring synchronization settings
- Activating the Kaspersky Endpoint Security for Android app
- Installing an iOS MDM profile
- Installing administration plug-ins
- Updating a previous version of the application
- Removing Kaspersky Endpoint Security for Android
- Configuration and Management
- Getting Started
- Control
- Protection
- Configuring anti-malware protection on Android devices
- Protecting Android devices on the internet
- Protection of stolen or lost device data
- Configuring device unlock password strength
- Configuring a virtual private network (VPN)
- Configuring Firewall on Android devices (only Samsung)
- Protecting Kaspersky Endpoint Security for Android against removal
- Detecting device hacks (root)
- Configuring a global HTTP proxy on iOS MDM devices
- Adding security certificates to iOS MDM devices
- Adding a SCEP profile to iOS MDM devices
- Restricting SD card usage (only Samsung)
- Management of mobile devices
- Managing KES devices
- Managing iOS MDM devices
- Signing an iOS MDM profile by a certificate
- Adding a configuration profile
- Installing a configuration profile on a device
- Removing the configuration profile from a device
- Adding a provisioning profile
- Installing a provisioning profile to a device
- Removing a provisioning profile from a device
- Configuring managed apps
- Installing an app on a mobile device
- Removing an app from a device
- Installing and uninstalling apps on a group of iOS MDM devices
- Configuring roaming on an iOS MDM mobile device
- Viewing information about an iOS MDM device
- Disconnecting an iOS MDM device from management
- Configuring kiosk mode for iOS MDM devices
- Management of mobile device settings
- Configuring connection to a Wi-Fi network
- Configuring email
- Configuring device status in Kaspersky Security Center
- Managing app configurations
- Managing app permissions
- Creating a report on installed mobile apps
- Installing root certificates on Android devices
- Configuring notifications for Kaspersky Endpoint Security for Android
- Key features of mobile device management in MMC-based Administration Console
- Connecting iOS MDM devices to AirPlay
- Connecting iOS MDM devices to AirPrint
- Bypassing the Activation Lock on supervised iOS devices
- Configuring the Access Point Name (APN)
- Configuring the Android work profile
- Adding an LDAP account
- Adding a calendar account
- Adding a contacts account
- Configuring calendar subscription
- Managing web clips
- Setting wallpaper
- Adding fonts
- Working with commands for mobile devices
- Managing the app by using third-party EMM systems (Android only)
- Network load
- Participating in Kaspersky Security Network
- Data provision to third-party services
- Global acceptance of additional Statements
- Samsung KNOX
- Appendices
- Using the Kaspersky Endpoint Security for Android app
- App features
- Main window at a glance
- Status bar icon
- Device scan
- Running a scheduled scan
- Changing the Protection mode
- Anti-malware database updates
- Scheduled database update
- Things to do if your device gets lost or stolen
- Web Protection
- Get Certificate
- Synchronizing with Kaspersky Security Center
- Activating the Kaspersky Endpoint Security for Android app without Kaspersky Security Center
- Installing the app in device owner mode
- Installing root certificates on the device
- Enabling accessibility on Android 13 or later
- Enabling accessibility for the app on Android 13
- Updating the app
- Removing the app
- Applications with a briefcase icon
- KNOX app
- Using the Kaspersky Security for iOS app
- Working in Kaspersky Security Center Web Console and Kaspersky Security Center Cloud Console
- About mobile device management in Kaspersky Security Center Web Console and Cloud Console
- Distribution kit
- Key features of mobile device management in Kaspersky Security Center Web Console and Cloud Console
- About the Kaspersky Endpoint Security for Android app
- About the Kaspersky Security for iOS app
- About the Kaspersky Security for Mobile (Devices) plug-in
- About the Kaspersky Security for Mobile (Policies) plug-in
- Hardware and software requirements
- Known issues and considerations
- Deploying a mobile device management solution in Kaspersky Security Center Web Console or Cloud Console
- Managing mobile devices in Kaspersky Security Center Web Console and Cloud Console
- Managing group policies
- Defining policy settings
- Configuring anti-malware protection
- Defining device unlock settings
- Configuring protection of stolen or lost device data
- Configuring app control
- Configuring compliance control of mobile devices with corporate security requirements
- Configuring user access to websites
- Configuring feature restrictions
- Protecting Kaspersky Endpoint Security for Android against removal
- Configuring synchronization of mobile devices with Kaspersky Security Center
- Kaspersky Security Network
- Exchanging information with Google Analytics for Firebase, Firebase Performance Monitoring, and Crashlytics
- Configuring notifications on mobile devices
- Detecting device hacks
- Defining licensing settings
- Configuring events
- Configuring events about the installation, update, and removal of apps on users' devices
- Network load
- About mobile device management in Kaspersky Security Center Web Console and Cloud Console
- Application licensing
- Comparison of solution features depending on the management tools
- Contact Technical Support
- Sources of information about the application
- Glossary
- Activating the application
- Activation code
- Administration group
- Administration Server
- Administrator's workstation
- Android work profile
- Anti-malware databases
- Apple Push Notification service (APNs) certificate
- Application management plug-in
- Certificate Signing Request
- Compliance control
- Device administrator
- End User License Agreement
- Group task
- IMAP
- Installation package
- iOS MDM device
- iOS MDM profile
- iOS MDM Server
- Kaspersky categories
- Kaspersky Private Security Network (KPSN)
- Kaspersky Security Center Administrator
- Kaspersky Security Center Web Server
- Kaspersky Security Network (KSN)
- Kaspersky update servers
- KES device
- Key file
- License
- License term
- Malware
- Manifest file
- Network Agent
- Phishing
- Policy
- POP3
- Provisioning profile
- Proxy server
- Quarantine
- SSL
- Standalone installation package
- Subscription
- Supervised device
- Unlock code
- Virtual Administration Server
- Information about third-party code
- Trademark notices
The help for this version of the solution is no longer updated, so it may contain outdated information. For up-to-date information about the solution refer to the Kaspersky Secure Mobility Management 4.1 Help.
Configuring other apps
The Other apps section lets you configure apps installed on devices managed via the Kaspersky Endpoint Security for Android app in device owner mode or to apps installed in Android work profile.
When configuring some apps, the certificates installed on devices via the Kaspersky Security Center can be used. In this case, you need to specify a certificate alias in the app configuration:
VpnCertfor VPN certificates.MailCertfor mail certificates.SCEP_profile_namefor certificates received by using SCEP.
To configure apps via the Other apps section:
- In the console tree, in the Managed devices folder, select the administration group to which the Android devices belong.
- In the workspace of the group, select the Policies tab.
- Open the policy properties window by double-clicking any column.
Complete the following steps within 15 minutes. Otherwise, you may face an error when saving changes to the policy.
- In the policy Properties window, select the App configuration > Other apps section.
- In the List of apps configurations section, click the Add button.
The Add app configuration window opens.
- In the window that opens, specify the following parameters:
- Activate
Specifies whether to apply the configuration to the app on the devices that fall under the policy.
The check box is selected by default.
- App name (cannot be left blank)
Name of the app to which the configuration is to be applied.
When importing a configuration from an APK file or an installation package, the value is inserted automatically.
- Package name (cannot be left blank)
Name of the package to which the configuration is to be applied. How to get the package name of an app
To get the package name of an app:
- Open Google Play.
- Find the required app and open its page.
The app's URL ends with its package name (for example, https://play.google.com/store/apps/details?id=com.android.chrome).
To get the package name of an app that has been added to Kaspersky Security Center:
- In the console tree of Kaspersky Security Center go to Advanced > Remote installation > Installation packages.
- Click the Additional actions button and select Manage mobile apps packages in the drop-down list.
In the Mobile apps package management window that opens, identifiers of managed apps are displayed in the Application name column.
If you have an app package as an .apk or .ipa file and want to know the app identifier, you can add the app package to the Mobile apps package management window by clicking the New button and following the on-screen instructions.
When importing a configuration from an APK file or installation package, the value is inserted automatically.
You can add only one configuration for each package name.
- Version
Version of the app, on which the created configuration will be based.
When importing a configuration from an APK file or installation package, the value is inserted automatically.
- Comment
An optional comment.
- Activate
- In the same window, select how to add configuration:
- Manually
When this method is selected, click the Add button to add a new setting to the configuration. You need to specify the following parameters for each setting of the configuration:
- Identifier
Cannot be left blank. The value of this parameter is filled in manually.
- Type
Cannot be left blank. The value of this parameter is selected from a drop-down list.
The following types are available:
- String—A sequence of characters, digits, or symbols, always treated as text.
- Boolean—True or false.
- Integer—A numeric data type for numbers without fractions.
- Choice—A data type that allows selecting one option from a predefined set of options.
- Multiple choice—A data type that allows selecting one or multiple options from a list of possible options.
- Bundle—A set of fields of any type, except for Bundle or BundleArray.
- BundleArray—A set of bundles.
- Value
An optional parameter, whose value depends on the setting type.
For some types of settings, additional parameters can be configured. For example, you can add macros for a String setting, add a field to a Bundle setting, or add a bundle to a BundleArray setting.
It is also possible to edit a setting to be added to a bundle array by clicking the Edit button and configuring the setting's parameters.
For information about configuring rules, please refer to the official documentation for the app to be configured.
- Identifier
- Using installation package from Kaspersky Security Center
When adding an app configuration using an installation package from Kaspersky Security Center, you need to select the app from a list of mobile app packages.
After that, you can view the description for each setting of the configuration. These descriptions are part of the configuration file.
Settings of configurations added using installation packages cannot be deleted.
- Using APK file from your computer
When adding an app configuration by using an APK file from your computer, you need to select the file saved on your computer.
After that, you can view the description for each setting of the configuration. These descriptions are part of the configuration file.
Settings of configurations added using APK files cannot be deleted.
An example of configured basic parameters for the Microsoft Outlook app.
Microsoft Outlook app configuration
Configuration key
Description
Type
Value
Default value
com.microsoft.outlook.EmailProfile.EmailAccountNameUsername
String
The username that will be used to pull the username from Microsoft Active Directory. It might be different from the user's email address. You can either enter a value or select one from the Available macros drop-down list. For example,
User.com.microsoft.outlook.EmailProfile.EmailAddressEmail address
String
The email address that will be used to pull the user's email address from Microsoft Active Directory. You can either enter a value or select one from the Available macros drop-down list. For example,
user@companyname.com.com.microsoft.outlook.EmailProfile.EmailUPNUser Principal Name or username for the email profile that is used to authenticate the account
String
The name of the user in email address format. For example,
userupn@companyname.com.com.microsoft.outlook.EmailProfile.ServerAuthenticationAuthentication method
String
Username and Password– Prompts the device user for their password.Certificates– Certificate-based authentication.Username and Passwordcom.microsoft.outlook.EmailProfile.ServerHostNameActiveSync FQDN
String
The Exchange ActiveSync email server URL. You don't need to use HTTP:// or HTTPS:// in front of the URL. For example,
mail.companyname.com.com.microsoft.outlook.EmailProfile.AccountDomainEmail domain
String
The account domain of the user. You can either enter a value or select one from the Available macros drop-down list. For example,
companyname.com.microsoft.outlook.EmailProfile.AccountTypeAuthentication type
String
ModernAuth– Uses a token-based identity management method. Specify ModernAuth as the Account Type for Exchange Online.BasicAuth– Prompts the device user for their password. Specify BasicAuth as the Account Type for Exchange On-Premises.BasicAuth - Manually
- Click OK to apply the configuration.
The configuration appears in the List of apps configurations.
- Click the Apply button to save the changes you have made.
The configuration is applied. Mobile device settings are changed after the next device synchronization with Kaspersky Security Center.
To change an app configuration:
- In the Other apps section, select the app from the list, and then click the Edit button.
The Edit app configuration window opens.
- In the Edit app configuration window, you can edit a configuration of the selected app:
- To upload a new APK file from your computer, click the Select button.
- To add a new setting to the configuration, click the Add button below all the settings, and then specify the required parameters.
- To delete a setting added manually, click the X button in the upper right corner of the setting's field.
- Click OK to close the Edit app configuration window.
- Click the Apply button to save the changes you have made.
The applied configuration is edited. Mobile device settings are changed after the next device synchronization with Kaspersky Security Center.
To enable or disable the app configuration:
- In the Other apps section, select the app from the list.
- Do either of the following:
- Switch the toggle button to On to enable the configuration.
- Switch the toggle button to Off to disable the configuration.
- Click the Apply button to save the changes you have made.
The applied configuration is edited. Mobile device settings are changed after the next device synchronization with Kaspersky Security Center.
To delete an app configuration:
- In the Other apps section, select the app from the list, and then click the Delete button.
- Click the Apply button to save the changes you have made.
The applied configuration is deleted. Mobile device settings are changed after the next device synchronization with Kaspersky Security Center.