- Kaspersky Secure Mobility Management help
- What's new
- Working in Kaspersky Security Center Web Console
- About Kaspersky Secure Mobility Management
- Getting started
- Solution architecture
- Deployment scenarios
- Deploying a mobile device management solution in Kaspersky Security Center Web Console
- Deploying Kaspersky Security Center Linux and Kaspersky Security Center Web Console
- Deploying mobile management plug-ins
- Configuring Administration Server settings for connecting mobile devices
- Scenario: Configuring a connection gateway to connect mobile devices to Kaspersky Security Center Web Console
- Adding installation packages to Administration Server repository
- Adding a license key to the Administration Server repository
- Installing Network Agent Linux
- Configuring Kaspersky Security Center Linux Web Server settings
- Deploying an iOS device management system
- About iOS device operating modes
- About device management profiles
- Deploying Kaspersky Security for iOS
- Deploying a management system using the iOS MDM protocol
- Deploying iOS MDM Server
- Configuring an iOS MDM Server installation package
- Installing iOS MDM Server using a remote installation task
- Local installation of iOS MDM Server on a device via an installation package
- Updating iOS MDM Server using a remote installation task or locally
- Deleting iOS MDM Server using a remote uninstallation task
- Viewing the list of installed iOS MDM Servers and configuring their settings
- Configuring an iOS MDM Server certificate
- Configuring a reserve iOS MDM Server certificate
- Receiving or renewing an APNs certificate
- Installing an APNs certificate on iOS MDM Server
- Configuring access to Apple Push Notification service
- iOS MDM Server events
- Obtaining iOS MDM Server diagnostic data
- Deploying iOS MDM Server
- Deploying an Android device management system
- About Android device operating modes
- Using Firebase Cloud Messaging
- Deploying Kaspersky Endpoint Security for Android
- Permissions for Kaspersky Endpoint Security for Android
- Starting and stopping Kaspersky Endpoint Security for Android
- Activating Kaspersky Endpoint Security for Android
- Updating Kaspersky Endpoint Security for Android
- Removing Kaspersky Endpoint Security for Android
- Managing mobile devices in Kaspersky Security Center Web Console
- Creating administration groups
- Configuring policies
- Creating a policy
- Modifying a policy
- Copying a policy
- Moving a policy to another administration group
- Viewing the list of policies
- Viewing the policy distribution results
- Managing revisions to policies
- Restricting permissions to configure policies
- Configuring role-based access control
- Configuring policy profiles
- Deleting a policy
- Connecting mobile devices to Kaspersky Security Center Web Console
- Configuring synchronization settings
- Managing certificates of mobile devices
- Configuration and management
- Control
- Protection
- Configuring anti-malware protection on Android devices
- Protecting Android devices on the internet
- Protection of data on a stolen or lost device
- Configuring the device unlock password strength
- Configuring a virtual private network (VPN)
- Configuring Firewall on Android devices (only Samsung)
- Protecting Kaspersky Endpoint Security for Android against removal
- Detecting hacked devices
- Configuring a global HTTP proxy on iOS MDM devices
- Adding security certificates to iOS MDM devices
- Adding a SCEP profile to iOS MDM devices
- Restricting SD card usage (only Samsung)
- Management of mobile devices
- Managing Android devices
- Managing iOS MDM devices
- Adding a configuration profile
- Installing a configuration profile on a device
- Removing a configuration profile from a device
- Configuring managed apps
- Installing an app on a mobile device
- Removing an app from a device
- Configuring roaming on an iOS MDM mobile device
- Viewing information about an iOS MDM device
- Disconnecting an iOS MDM device from management
- Configuring kiosk mode for iOS MDM devices
- Management of mobile device settings
- Configuring connection to a Wi-Fi network
- Configuring email
- Configuring protection levels in Kaspersky Security Center
- Managing app configurations
- Managing app permissions
- Creating a report on installed mobile apps
- Installing root certificates on Android devices
- Configuring notifications for Kaspersky Endpoint Security for Android
- Connecting iOS MDM devices to AirPlay
- Connecting iOS MDM devices to AirPrint
- Configuring the Access Point Name (APN)
- Corporate container
- Adding an LDAP account
- Adding a contacts account
- Adding a calendar account
- Configuring a calendar subscription
- Configuring SSO
- Managing Web Clips
- Setting a wallpaper
- Adding fonts
- Working with commands for mobile devices
- Managing the app by using third-party EMM systems (Android only)
- Participating in Kaspersky Security Network
- Samsung Knox
- Using the Kaspersky Endpoint Security for Android app
- App features
- Main window at a glance
- Status bar icon
- Device scan
- Running a scheduled scan
- Changing the Protection mode
- Anti-malware database updates
- Scheduled database update
- Things to do if your device gets lost or stolen
- Web Protection
- Get Certificate
- Synchronizing with Kaspersky Security Center
- Activating the Kaspersky Endpoint Security for Android app without Kaspersky Security Center
- Installing the app on corporate devices
- Installing root certificates on the device
- Installing and using mail and VPN certificates on the device
- Enabling accessibility on Android 13 or later
- Updating the app
- Removing the app
- Applications with a briefcase icon
- Knox app
- Using the Kaspersky Security for iOS app
- Application licensing
- Comparison of solution features by management tool
- Contact Technical Support
- Sources of information about the application
- Glossary
- Activating the application
- Activation code
- Administration group
- Administration Server
- Administrator's workstation
- Anti-malware databases
- Apple Push Notification service (APNs) certificate
- Application management plug-in
- Basic control
- Basic protection
- Certificate Signing Request
- Compliance Control
- Corporate container
- Corporate device
- Device administrator
- Device management profile
- End User License Agreement
- Group task
- IMAP
- Installation package
- iOS MDM device
- iOS MDM profile
- iOS MDM Server
- Kaspersky categories
- Kaspersky Private Security Network (KPSN)
- Kaspersky Security Center Administrator
- Kaspersky Security Center Web Server
- Kaspersky Security Network (KSN)
- Kaspersky update servers
- Key file
- License
- License term
- Malware
- Manifest file
- Network Agent
- Personal device
- Phishing
- Policy
- POP3
- Proxy server
- Quarantine
- SSL
- Standalone installation package
- Subscription
- Supervised device
- Unlock code
- Virtual Administration Server
- Information about third-party code
- Trademark notices
Managing Google Chrome settings
These settings apply to corporate devices and devices with a corporate container.
To configure Google Chrome settings:
- In the main window of Kaspersky Security Center Web Console, select Assets (Devices) → Policies & profiles. In the list of group policies that opens, click the name of the policy that you want to configure.
- In the policy properties window, select Application settings.
- Select Android and go to the App configuration section.
- On the Google Chrome settings card, click Settings.
The Google Chrome settings window opens.
- Enable the settings using the Google Chrome settings toggle switch.
The toggle switch in this card does not enable or disable the corresponding functionality on devices. Enabling the toggle switch lets you configure custom settings. Disabling the toggle switch lets you use default settings.
- Configure the required settings.
- Click OK.
- Click Save to save the changes you have made.
Mobile device settings are changed after the next device synchronization with Kaspersky Security Center.
Manage content settings
On the Content tab, you can manage the following settings:
- In the Cookies section:
- Default mode
Default cookie settings.
Available options:
- Allow all websites to save local data (default)
- Prohibit all websites from saving local data
- Configure settings for selected websites
- Do not configure cookie settings
- Exceptions
Exceptions from the websites that are prohibited from or allowed to save local data.
For more information on URL patterns, see the Chrome enterprise documentation.
- Websites
The websites that are prohibited from or allowed to save local data.
For more information on URL patterns, see the Chrome enterprise documentation.
- Default mode
- In the JavaScript section:
- Default mode
Default JavaScript settings.
Available options:
- Allow JavaScript on all websites (default)
- Prohibit JavaScript on all websites
- Exceptions
Exceptions from the websites that are prohibited from or allowed to use JavaScript.
For more information on URL patterns, see the Chrome enterprise documentation.
- Default mode
- In the Pop-ups section:
- Default mode
Default pop-up setting.
Available options:
- Allow pop-ups on all websites. Lets all sites open pop-up windows. This value is selected by default.
- Prohibit pop-ups on all websites. Prohibits all sites from opening pop-up windows.
Only pop-ups included into the Google abusive pop-ups database will be blocked.
- Exceptions
Exceptions from the websites that are prohibited from or allowed to display pop-up windows.
- Default mode
- In the Location tracking section:
- Default mode
The default geographic location settings.
Available options:
- Allow all websites to track user's location
- Prohibit all websites from tracking user's location
- Ask whenever website wants to track user's location (default)
- Default mode
Manage proxy settings
On the Proxy tab, you can manage the following settings:
- Default mode
Proxy settings for Google Chrome and ARC-apps.
Available options:
- Never use proxy. Prohibits use of proxies and all other proxy settings are ignored.
- Detect proxy settings automatically. Detects proxy settings automatically and all other options are ignored.
- Use PAC file. Uses the proxy PAC file specified in the PAC file URL field.
- Use fixed proxy servers. Uses the data specified in the Proxy server URL field and Exceptions list.
- Use system proxy settings. Uses the system proxy settings. This option is selected by default.
- PAC file URL
A URL to a proxy PAC file.
- Proxy server URL
A URL of the proxy server.
- Exceptions
A list of hosts for which the proxy will be bypassed.
Manage search settings
On the Search tab, you can manage the following settings:
- In the Touch to Search section:
- Enable Touch to Search
Selecting or clearing this check box specifies whether the device user is allowed to use Touch to Search and turn the feature on or off.
This check box is selected by default.
- Enable Touch to Search
- In the Search provider section:
- Operating mode
This option lets you determine whether to configure a search provider that will be used on user devices.
If you select Enable default search provider, you can specify search provider settings.
- Search provider name
The default search provider name.
- Search URL
The URL of the search engine used during default searches.
- Suggest URL
The URL of the search engine to provide search suggestions.
- Icon URL
The URL of the default search provider's favicon.
- Encodings
Character encodings supported by the search provider. The supported encodings are:
- UTF-8
- UTF-16
- GB2312
- ISO-8859-1
- Alternate URLs
A list of alternate URLs to retrieve search terms from the search engine.
- Image search URL
The URL of the search engine used for image search.
- New tab URL
The URL of the search engine used to provide a New Tab page.
- Parameters for search URL that uses POST
URL parameters when searching a URL with the POST method. The parameters are comma-separated key-value pairs. If a value is a template parameter, for example, '{searchTerms}', it is replaced with real search terms. For example:
q={searchTerms},ie=utf-8,oe=utf-8 - Parameters for suggest URL that uses POST
URL parameters for search suggestions using the POST method. The parameters are comma-separated key-value pairs. If a value is a template parameter, for example, '{searchTerms}', it is replaced with real search terms. For example:
q={searchTerms},ie=utf-8,oe=utf-8 - Parameters for image URL that uses POST
URL parameters for image search using the POST method. The parameters are comma-separated key-value pairs. If a value is a template parameter, for example, '{imageThumbnail}', it is replaced with the real image thumbnail. For example:
content={imageThumbnail},url={imageURL},sbisrc={SearchSource}
- Operating mode
Manage security settings
On the Security tab, you can manage the following settings:
- In the Google Safe Browsing and SafeSearch section:
- Safe Browsing operating mode
Google Safe Browsing protection level.
Available options:
- No protection. Disables Google Safe Browsing completely.
- Standard protection. Makes Google Safe Browsing always enabled in standard protection mode. This option is selected by default.
- Enhanced protection. Makes Google Safe Browsing always enabled in enhanced protection mode, but device user browsing experience data will be sent to Google.
- Force SafeSearch
Selecting or clearing this check box specifies whether Google Search queries will be performed via Google SafeSearch.
This check box is cleared by default.
- Disable proceeding from the Safe Browsing warning page
Selecting or clearing this check box specifies whether the device user is allowed to proceed to the flagged site on Google Safe Browsing warnings, such as malware and phishing. The restriction does not apply to issues related to an SSL certificate, such as invalid or expired certificates.
This check box is cleared by default.
- Safe Browsing operating mode
- In the Blocked websites section:
- Block access to these websites
A list of forbidden URLs. You can also set URL patterns, for example:
[*.]example.com. - Exceptions
A list of URLs that are exceptions to the list specified in Block access to these websites. You can also set URL patterns, for example:
[*.]example.com.
- Block access to these websites
- In the Passwords and autofill section:
- Enable saving passwords
Selecting or clearing the check box specifies whether Google Chrome will remember the passwords the device user enters and also offer them the next time the device user signs in.
This check box is selected by default.
- Enable autofill for addresses
Autofill settings for addresses.
If the check box is selected, the device user is allowed to manage autofill for addresses in the user interface.
If the check box is cleared, autofill never suggests or fills in address information, nor does it save additional address information that the device user submits while browsing the web.
This check box is selected by default.
- Enable autofill for bank cards
Autofill settings for bank cards.
If the check box is selected, the device user is allowed to manage autofill suggestions for bank cards in the user interface.
If the check box is cleared, autofill never suggests or fills in bank card information, nor does it save additional bank card information that the device user submits while browsing the web.
This check box is selected by default.
- Enable saving passwords
- In the Network section:
- Minimum TLS version
Minimum allowed TLS version.
Available options:
- TLS 1.0 (default)
- TLS 1.1
- TLS 1.2
- Enable network prediction
Selecting or clearing this check box specifies whether Google Chrome will predict such network actions as DNS prefetching, TCP and SSL preconnection and prerendering of webpages.
If the check box is cleared, network prediction is disabled, but the device user can enable it.
This check box is selected by default.
- Minimum TLS version
Manage additional settings
On the Additional settings tab, you can manage the following settings:
- In the Bookmarks section:
- Managed bookmarks
An admin-managed list of bookmarks. The list is a dictionary with
nameandurlkeys. In other words, the key holds a bookmark's name and target. You can also set up a subfolder with achildrenkey, which also has a list of bookmarks.By default, the folder name for managed bookmarks is "Managed bookmarks". You can change it by adding a new sub-dictionary. To do this, specify the
toplevel_namekey with the required folder name as its value.If you enter an incomplete URL as a bookmark's target, Google Chrome will substitute it with a URL as if it was submitted through the address bar. For example,
kaspersky.combecomeshttps://www.kaspersky.com.For example:
"ManagedBookmarks": [{
//Changes the default folder name
"toplevel_name": "My managed bookmarks folder"
},
{
//Adds a bookmark to the managed bookmarks folder
"name": "Kaspersky",
"url": "kaspersky.com"
},
{
"name": "Kaspersky products",
"children": [{
"name": "Kaspersky Endpoint Security",
"url": "kaspersky.com/enterprise-security/endpoint"
},
{
"name": "Kaspersky Security for Mail Server",
"url": "kaspersky.com/enterprise-security/mail-server-security"
}
]
}
]
- Enable bookmark editing
Selecting or clearing this check box specifies whether the device user is allowed to add, remove, or modify bookmarks.
This check box is selected by default.
- Managed bookmarks
- In the History and Incognito mode section:
- Availability of Incognito mode
Specifies whether the device user can enable Incognito mode in Google Chrome.
Available options:
- Incognito mode is available (default)
- Incognito mode is disabled
- Disable saving browser history
Selecting or clearing this check box specifies whether browsing history is saved and tab syncing is on.
This check box is cleared by default.
- Availability of Incognito mode
- In the Other section:
- Restricted Mode for YouTube
Minimum required Restricted Mode level for YouTube.
Available options:
- Do not enforce Restricted Mode. Specifies that Google Chrome does not force Restricted Mode. However, external policies might still enforce Restricted Mode. This option is selected by default.
- Enforce at least Moderate Restricted Mode. Lets a device user enable the Moderate Restricted Mode on YouTube.
- Enforce Strict Restricted Mode. Makes Strict Restricted Mode on YouTube always active.
- Google Translate operating mode
Translation functionality.
Available options:
- Always offer translation. Shows the integrated translation notification and a translate option at the top of the screen.
- Never offer translation. Disables all built-in translation functionality.
- Prompt the user for action. Lets the user decide whether to use translation functionality. This option is selected by default.
- Enable alternate error pages
Selecting the check box specifies whether Google Chrome is allowed to use built-in error pages, such as "Page not found".
This check box is cleared by default.
- Enable printing
Selecting or clearing this check box specifies whether the device user is allowed to print in Google Chrome.
This check box is selected by default.
- Enable search suggestions
Selecting or clearing this check box specifies whether search suggestions are enabled in Google Chrome's address bar.
This check box is selected by default.
- Restricted Mode for YouTube