Greetings,
I’ve been tasked with preparing a CC600 device with our company’s security policies so that it can be moved to our general development networks. Until then, it’s been designated to live in an isolated network segment that prohibits almost all forms of access. I’ve been given only StageNow to make the necessary security updates, but have been running into some issue doing so in that it seems that StageNow doesn’t have the options to make the updates that I need. So I’m posting some of my roadblocks, hoping that someone may be able to give some guidance regarding what I need to do, or even if it's something that's not possible to do with StageNow. For the record, I’m fairly new to Android in general.
1) I need to update/limit the device’s application installation policy to prevent installation of applications from unknown sources or through unauthorized applications. For example, the check for this policy on the device is:
On the Zebra device, do the following:
1. Open Settings >> Apps and notifications >> Advanced >> Special app access.
2. Open Install unknown apps.
3. Ensure the list of apps is blank or if an app is on the list, "Disabled by admin" is listed under the app name.
In the Unknown Sources section in StageNow, I’ve got the ‘Install App from Unknown Sources’ option set to ‘Turn Off’, but that doesn’t seem to have accomplished what I need it to. Is there somewhere else within StageNow that I could set the kind of setting that I need to above?
2) Our security policies require us to manage the authorized use Google Play. However, unless I’m simply not seeing it, I’m not seeing any profiles in StageNow that allow for management of what Google Play is permitted to do on the device. Is this something that I’m just not seeing, or is this a limitation of StageNow? Is there a way to simply disable the installation of anything from Google Play by default, except for what might be in a created whitelist? I’ve found Whitelist options in StageNow that require the actual App names, but I haven’t found any ‘Prohibit anything that isn’t in the whitelist’ option.
3) We have a requirement the requires us to disable the use of third-party keyboards. Is this something that can actually be explicitly configured in StageNow, or would it instead be something that we would use include in an application allow list?
4) Our security policies require us to disable multi-user modes or the ability to modify accounts from the device. In a real MDM, it would be under “Set User Restrictions -> Disallow modify accounts”, but I haven’t seen anything like this in StageNow. Again, might simply be missing the screen/option where it’s done.
5) Our security policies require security logging on the device to be turned on. I’m not seeing any option for this in StageNow, nor do I even know where to check on the device to verify whether or not it already is. Can this be done in StageNow?
6) Is there a way to disable the ability of device users to remove User certs? System certs don’t appear to be able to be removed by users (although it looks like they can be disabled), but it looks like User certs can. Can StageNow create a config that prevents device users from being able to remove User certs, or even disable System certs?
7) Can StageNow be used to disable autocomplete/autofill in the installed Chrome browser?
8) I’ve found in StageNow screens for configuring Date/Time formats, as well as whether to use an NTP server, but is there a way to disable a device user from being able to update those settings with StageNow? So that the option for it is grayed out. Ie,
On the Zebra Android 11 device, do the following:
1. Open "Settings".
2. Tap "System".
3. Tap "Date & time".
4. Validate that "Use network-provided time" is grayed out.
9) Our security policy requires us to enable Common Criteria Mode (CC Mode). I haven’t seen anything with this name in any of the StageNow profile screens that I’ve looked through. Is this something that StageNow can configure, or is it something that we need to look into a full MDM solution for?
Thanks in advance for your time, especially if you read through all of this. It's much appreciated.
-Adrian
0 Replies