Connecting Android devices to a Wi-Fi network

Expand all | Collapse all

For an Android device to automatically connect to an available Wi-Fi network and protect data during the connection, you should configure the connection settings.

To connect the mobile device to a Wi-Fi network:

1. In the console tree, in the Managed devices folder, select the administration group to which the Android devices belong.
2. In the workspace of the group, select the Policies tab.
3. Open the policy properties window by double-clicking any column.

   Complete the following steps within 15 minutes. Otherwise, you may face an error when saving changes to the policy.

4. In the policy Properties window, select the Wi-Fi section.
5. In the Wi-Fi networks section, click Add.

   This opens the Wi-Fi network window.

6. In the Service set identifier (SSID) field, enter the name of the Wi-Fi network that includes the access point (SSID).
7. Select the Hidden network check box if you want the Wi-Fi network to be hidden in the list of available networks on the device. In this case, to connect to the network the user needs to manually enter the Service set identifier (SSID) specified in the settings of the Wi-Fi router on the mobile device.
8. Select the Automatic connection to network check box if you want the device to connect to the Wi-Fi network automatically.
9. In the Network protection section, select the type of Wi-Fi network security (open or secure network protected with the WEP, WPA/WPA2 PSK, or 802.1.x EAP protocol).

   The 802.1.x EAP security protocol is supported only in the Kaspersky Endpoint Security for Android app version 10.48.1.1 or later. The WEP protocol is supported only on Android 9 or earlier.

10. If you selected the 802.1.x EAP security protocol, specify the following network protection settings:
    • EAP method

      Specifies an Extensible Authentication Protocol (EAP) method of network authentication. Possible values:

      • TLS (default)
      • PEAP
      • TTLS
    • Root certificate

      Specifies the root certificate to be used by the Wi-Fi network if the TLS EAP method is selected.

      You can specify a certificate in one of the following ways:

      • Select any available certificate from the drop-down list. It contains certificates previously added to the Root certificates section. On devices, these certificates are installed to a trusted certificate store.
      • Load a new certificate file (.cer, .pem, or .key) by clicking Browse. This certificate will not be added to the Root certificates section. On devices, the certificate will be used only for configuring this Wi-Fi network and will not be installed to a trusted certificate store.
    • Domain

      Specifies the constraint for the server domain name.

      If set, this Fully Qualified Domain Name (FQDN) is used as a suffix match requirement for the root certificate in SubjectAltName dNSName element(s). If a matching dNSName is found, this constraint is met.

      You can specify multiple match strings using semicolons to separate the strings. A match with any of the values is considered a sufficient match for the certificate (i.e., the OR operator is used).

      If you specify *, any root certificate is considered valid. This value is specified by default.

    • User certificate

      Specifies the user certificate to be used by the Wi-Fi network if the TLS EAP method is selected.

      The following values are available in the drop-down list:

      • None - The user certificate is not specified.
      • VPN certificate - The VPN certificate that was last added in the Mobile Device Management > Certificates section of the Kaspersky Security Center Administration Console and was installed on the user device. If you choose this option, but no VPN certificate is installed on the device, the user certificate is not used for this Wi-Fi network.
      • List of SCEP certificate profiles configured in the SCEP and NDES section and used to obtain certificates.
    • Type of two-factor authentication

      Specifies a two-factor authentication type. Possible values:

      • None (default)
      • MSCHAP
      • MSCHAPV2
      • GTC
    • User identity

      Specifies a user ID to be used if the TLS EAP method is selected. You can either enter the value or select it from the Available macros drop-down list.

    • Anonymous identity

      Specifies an anonymous identity that is different from User identity and is used if the PEAP method of network authentication is selected. You can either enter the value or select it from the Available macros drop-down list.

    • Available macros

      A macro that will be used to replace values in the corresponding fields. Possible values:

      • %email%. Specifies the email address of the user to whom the device is registered. The value is retrieved from a mobile certificate.
      • %email_domain%. Specifies the email address domain of the user to whom the device is registered. The value is retrieved from a mobile certificate.
      • %email_user_name%. Specifies the username from the email address to which the device is registered. The value is retrieved from a mobile certificate.
      • %user_name%. Specifies the username under which the device is registered. The value is retrieved from a mobile certificate.
      • %device_id%. Specifies the ID of the device.
      • %group_id%. Specifies the ID of the administration group to which the device belongs to.
      • %device_platform%. Specifies the device platform.
      • %device_model%. Specifies the device model.
      • %os_version%. Specifies the operating system version on the device.
    • Password

      Specifies a password for accessing a wireless network protected using a WEP or WPA2 PSK protocol. The password will be sent in QR code.

      Do not use a password for a confidential Wi-Fi network. The password is sent to the user in the open way along with other necessary configuration data.

11. In the Password field, set a network access password if you selected a secure network at step 9.
12. Select the Use proxy server option if you want to use a proxy server to connect to a Wi-Fi network. Otherwise, select the Do not use proxy server option.
13. If you selected Use proxy server, in the Proxy server address and port field, enter the IP address or DNS name of the proxy server and port number, if necessary.

    On devices running Android version 8.0 or later, settings of the proxy server for Wi-Fi cannot be redefined with the policy. However, you can manually configure the proxy server settings for a Wi-Fi network on the mobile device.

    If you are using a proxy server to connect to a Wi-Fi network, you can use a policy to configure the settings for connecting to the network. On devices running Android 8.0 or later, you must manually configure the proxy server settings. On devices running Android 8.0 or later, you cannot use a policy to change the Wi-Fi network connection settings, except for the network access password.

    If you are not using a proxy server to connect to a Wi-Fi network, there are no limitations on using policies to manage a Wi-Fi network connection.

14. In the Do not use proxy server for addresses field, generate a list of web addresses that can be accessed without the use of the proxy server.

    For example, you can enter the address example.com. In this case, the proxy server will not be used for the addresses pictures.example.com, example.com/movies, etc. The protocol (for example, http://) can be omitted.

    On devices running Android version 8.0 or later, the proxy server exclusion for web addresses does not work.

15. Click OK.

    The added Wi-Fi network is displayed in the list of Wi-Fi networks.

    This list contains the names of suggested wireless networks.

    On personal devices running Android 10 or later, the operating system prompts the user to connect to such networks. Suggested networks don't appear on the saved networks list on these devices.

    On devices operating in device owner mode and personal devices running Android 9 or earlier, after synchronizing the device with the Administration Server, the device user can select a suggested wireless network in the saved networks list and connect to it without having to specify any network settings.

    You can modify or delete Wi-Fi networks in the list of networks using the Edit and Delete buttons at the top of the list.

16. Click the Apply button to save the changes you have made.

Mobile device settings are changed after the next device synchronization with Kaspersky Security Center.

On devices running Android version 10 or later, if a user refuses to connect to the suggested Wi-Fi network, the app's permission to change Wi-Fi state is revoked. The user must grant this permission manually.

Page top