Contents
The help for this version of the solution is no longer updated, so it may contain outdated information. For up-to-date information about the solution refer to the Kaspersky Secure Mobility Management 4.1 Help.
Deploying the mobile app
To manage mobile devices in Kaspersky Security Center Web Console or Cloud Console, you must deploy the Kaspersky Endpoint Security for Android app or the Kaspersky Security for iOS app on mobile devices. You can deploy apps on mobile devices by using Kaspersky Security Center Web Console or Cloud Console.
The help for this version of the solution is no longer updated, so it may contain outdated information. For up-to-date information about the solution refer to the Kaspersky Secure Mobility Management 4.1 Help.
Deploying the mobile app by using Kaspersky Security Center Web Console or Cloud Console
The mobile app is deployed on the mobile devices of users whose user accounts have been added to Kaspersky Security Center. For more information about user accounts in Kaspersky Security Center:
- If you use Kaspersky Security Center Web Console, please refer to Kaspersky Security Center Help.
- If you use Kaspersky Security Center Cloud Console, please refer to Kaspersky Security Center Cloud Console Help.
You can use the Kaspersky Security for Mobile (Devices) plug-in to install the app from Kaspersky Security Center Web Console and Cloud Console by sending an installation link to a mobile device.
- On an Android device, the user receives a Google Play link to download the Kaspersky Endpoint Security for Android app. The app can be installed by following the standard installation procedure on the Android platform. After the installation of the app, the user must provide the required permissions.
Some Huawei and Honor devices do not have Google services and therefore no access to apps in Google Play. If some users of Huawei and Honor devices cannot install the app from Google Play, they should be instructed to install the app from Huawei App Gallery.
- On an iOS device, the user receives an App Store link to download the Kaspersky Security for iOS app. The app can be installed by following the standard installation procedure on the iOS platform.
Before connecting an iOS device, send the address of Kaspersky Security Center to the device user to improve connection security. The user will see this address during app installation and can cancel the connection if the displayed address doesn't match the address you sent.
The link contains the following data:
- Kaspersky Security Center synchronization settings
- Mobile certificate
To deploy the app on a mobile device:
- Start the Mobile Device Connection Wizard:
- In the main window of Kaspersky Security Center Web Console or Cloud Console, select Devices > Mobile > Devices, and then click Add.
- In the main window of Kaspersky Security Center Web Console or Cloud Console, select Users & roles > Users. Click the name of the user or the user group to whom you want to send the link for connecting a mobile device, and then select Devices. Click Add mobile device. In this case, skip step 3.
Proceed through the Wizard by using the Next button.
- Select the operating system of the devices that you want to add:
- Android
- iOS and iPadOS
- Select users and user groups to whom you want to send the link for connecting a mobile device.
- Select email addresses where to send the link:
- All email addresses
- Main email address
- Alternative email address
- Another email address
If you select this option, specify the email address below.
- The link summary is displayed.
Make sure that all parameters of the link are correct, and then click Send.
- A window opens with a confirmation that the link for adding a mobile device has been sent.
Click OK to finish the Wizard.
When the user installs the Kaspersky Endpoint Security for Android app or the Kaspersky Security for iOS app, the user's device will be displayed on the Devices > Mobile > Devices tab of Web Console or Cloud Console.After installing the app on users' mobile devices, you will be able to configure the settings for devices and apps by using group policies. You will also be able to send commands to mobile devices (for Android only) for data protection in case devices are lost or stolen.
Page topThe help for this version of the solution is no longer updated, so it may contain outdated information. For up-to-date information about the solution refer to the Kaspersky Secure Mobility Management 4.1 Help.
Activating the mobile app
In Kaspersky Security Center, the license can cover various groups of features. To ensure that the Kaspersky Endpoint Security for Android app and the Kaspersky Security for iOS app are fully functional, the Kaspersky Security Center license purchased by the organization must provide for the Mobile Device Management functionality. The Mobile Device Management functionality is intended for connecting mobile devices to Kaspersky Security Center and managing them.
For detailed information about licensing Kaspersky Security Center and licensing options:
- If you use Kaspersky Security Center Web Console, please refer to Kaspersky Security Center Help.
- If you use Kaspersky Security Center Cloud Console, please refer to Kaspersky Security Center Cloud Console Help.
Activating the Kaspersky Endpoint Security for Android app or the Kaspersky Security for iOS app on a mobile device is done by providing valid license information to the app. License information is delivered to the mobile device, together with the policy, when the device is synchronized with Kaspersky Security Center.
If the activation of the mobile app is not completed within 30 days from the time of installation on the mobile device, the app is automatically switched to the limited functionality mode. In this mode, most of the app components are not operational. When switched to the limited functionality mode, the app stops performing automatic synchronization with Kaspersky Security Center. Therefore, if the activation of the app has not been completed within 30 days after the installation, the user must synchronize the device with Kaspersky Security Center manually.
If Kaspersky Security Center is not deployed in your organization or is not accessible to mobile devices, users can activate the mobile app on their devices manually.
To activate the mobile app:
- Open the policy properties window:
- In the main window of Kaspersky Security Center Web Console or Cloud Console, select Devices > Policies & profiles. In the list of group policies that opens, click the name of the policy that you want to configure.
- In the main window of Kaspersky Security Center Web Console or Cloud Console, select Devices > Mobile > Devices. Click the mobile device that falls under the policy that you want to configure, and then select the policy on the Active policies and policy profiles tab.
- In the policy properties page, select Application settings > Licenses.
- Use the drop-down list to select the required license key from the key storage of the Administration Server.
The details of the license key are displayed in the fields below.
If a key file is selected from the Kaspersky Security Center key storage and sent to the device, Kaspersky Security for iOS will be not able to process it, because Kaspersky Security for iOS does not support this activation method. To activate Kaspersky Security for iOS, you must add the license to Kaspersky Security Center as an activation code.
You can replace the existing activation key on the mobile device if it is different from the one selected in the drop-down list above. To do so, select the If the key on device is different, replace with this key check box.
- Click the Save button to save the changes you have made to the policy and exit the policy properties window.
Mobile device settings are configured after the next device synchronization with Kaspersky Security Center.
Page topThe help for this version of the solution is no longer updated, so it may contain outdated information. For up-to-date information about the solution refer to the Kaspersky Secure Mobility Management 4.1 Help.
Providing the required permissions for the Kaspersky Endpoint Security for Android app
Certain features of the Kaspersky Endpoint Security for Android app require permissions. Kaspersky Endpoint Security for Android asks for mandatory permissions during installation, as well as after installation and prior to using individual features of the app. It is impossible to install Kaspersky Endpoint Security for Android without providing the mandatory permissions.
On certain devices (for example, Huawei, Meizu, and Xiaomi), you must manually add Kaspersky Endpoint Security for Android to the list of apps that are started when the operating system starts, in the device settings. If the app is not added to the list, Kaspersky Endpoint Security for Android stops performing all of its functions after the mobile device is restarted.
On devices running Android 11 or later, you must disable the Remove permissions if app isn't used system setting. Otherwise, after the app is not used for a few months, the system automatically resets the permissions that the user granted to the app.
Permissions requested by the Kaspersky Endpoint Security for Android app
Permission |
App function |
---|---|
Phone (for Android 5.0–9.X) |
Connect to Kaspersky Security Center (device ID) |
Storage (mandatory) |
Anti-Virus |
Access to manage all files (for Android 11 or later) |
Anti-Virus |
Nearby Bluetooth devices (for Android 12 or later) |
Restrict use of Bluetooth |
Notifications (for Android 13) |
Notify the user about security issues and app events |
Allow running in the background (for Android 12 or later) |
Ensure continuous operation of the app. If permission is not granted, the app may be unloaded from memory and unable to restart. |
Device administrator (mandatory) |
Anti-Theft—lock the device (only for Android 5.0–6.X) |
Anti-Theft—take a mugshot with frontal camera Although taking mugshots is not supported in Kaspersky Security Center Web Console and Cloud Console, the Kaspersky Endpoint Security for Android app requires this permission so that it can be managed by all Kaspersky Security Center consoles. |
|
Anti-Theft—sound an alarm |
|
Anti-Theft—full reset |
|
Password protection |
|
App removal protection |
|
Install security certificate |
|
App Control |
|
Restrict use of the camera, Bluetooth, and Wi-Fi |
|
Camera |
Anti-Theft—take a mugshot with frontal camera Although taking mugshots is not supported in Kaspersky Security Center Web Console and Cloud Console, the Kaspersky Endpoint Security for Android app requires this permission so that it can be managed by all Kaspersky Security Center consoles. On devices running Android 11.0 or later, the user must grant the "While using the app" permission when prompted. |
Location |
Anti-Theft—locate device On devices running Android 10.0 or later, the user must grant the "All the time" permission when prompted. |
Accessibility
|
Anti-Theft—lock the device (only for Android 7.0 or later) |
Web Protection |
|
App Control |
|
App removal protection (only for Android 7.0 or later) |
|
Display of warnings of Kaspersky Endpoint Security for Android (only for Android 10.0 or later) |
|
Restrict use of the camera (only for Android 11 or later) |
|
Display pop-up window (for some Xiaomi devices) |
Web Protection |
Display pop-up windows while running in the background (for some Xiaomi devices) |
Web Protection |
Run in the background (for Xiaomi devices with MIUI firmware on Android 11 or earlier) |
App Control |
Web Protection |
|
Anti-Theft |