Android hardware security
The hardware security features from Android helps the Admins to lock hardware elements of a company-owned device to secure company data and prevent data loss.
- Applicable device types and management modes
-
- Company-owned device in fully managed mode
- Company-owned device in dedicated managed mode
- Configuring Restriction policy
- Through WebUI, as a Master Operator, create an Android hardware restriction
policy with the following settings:
- Mount Physical Media Disabled: To restrict device users from mounting physical external media, set the value to True.
- USB File Transfer Disabled: To restrict device users from transferring files over USB, set the value to True.
- Outgoing Beam Disabled: To restrict devices user from sharing company data from the device using NFC beam, set the value to True.
- Deploying the restriction policy
-
- Add the created restriction policy to a policy group.
- Deploy the policy group to MDM server or directly onto the selected devices.
- After applying the policy
-
- USB file transfer option will not be available.
- When the device user tries to mount the connected physical external storage device, it displays the notification “Action not allowed”.
- NFC option is disabled (still shows enabled which is not expected Google team to provide an update and solution for this)