Common Mobile Settings
This topic provides detailed descriptions of the policy settings available under Policies > Endpoint Policies > Common Settings > Mobile Settings > Restrictions Settings.
Passcode Settings
Policy |
Description |
Auto-Lock (minutes) |
Require mobile devices to enforce passcode access. |
Grace period for device lock |
Require iOS devices and OS X computers to allow a grace period. For iOS devices, the grace period is the amount of time that a locked device may be unlocked without entering the passcode. In OS X, this will be translated to screensaver settings. |
Maximum number of failed attempts |
Specify the maximum number of failed attempts that are allowed before the device is wiped. |
Maximum passcode age (days) |
Specify the number of days a passcode can exist before it must be reset. |
Minimum number of complex characters |
Specify the minimum number of complex characters required for the passcode. |
Minimum passcode length |
Specify the minimum number of characters required for the passcode. |
Passcode history |
Specify the number of passcodes to store and compare against new passcodes. New passcodes are not allowed to repeat a stored passcode. |
Permit simple value |
Allow a passcode with simple values (that is, values that use repeating, ascending, or descending character sequences). |
Require alphanumeric value |
Require alphanumeric values (that is, values with at least one letter and one integer). |
Require passcode on device |
Require mobile devices to enforce passcode access. You must set this policy for the other passcode policies to be enforced.
|
Restrictions Settings
Policy |
Description |
Permit camera use |
Control whether user can use the camera and the FaceTime app on their devices. |
Permit user to unenroll device |
Control whether user can unenroll a device. This policy is only available in the CyberArk Cloud Directory policy service.
|
Permit user to wipe device |
Control whether user can wipe device. Notes:
|
Report mobile device location |
Display device location in the user portal. If enabled, you have the option to enforce mandatory sharing of device location with systems administrators or allow users to control sharing of their device locations. See Configure device location reporting and tracking. By default, this policy is enabled. The user must also have device tracking turned on in the device and in the user portal the default setting).
This policy is not supported on OS X computers. |
Report device details for SSO enrolled devices |
This setting controls whether the following device details are sent to CyberArk Identity if the device is SSO-enrolled.
These details might be considered personally identifiable information. Choose not to report these device details to comply with relevant privacy regulations, such as GDPR. If the device details are not reported to CyberArk Identity, the related rows are hidden in the User Portal and Identity Administration portal. Select Yes to report selected device details. You can deselect individual device details for additional control over reported information. Select No to not report any device details. Select -- to leave the default value, which is to report all device details. The device details are always reported for devices enrolled into CyberArk Identity MDM, regardless of this setting. Some Android devices report model number, while iOS devices do not report it.
|