Using Managed Configurations

Zebra EHS 5.0

Overview

Managed configurations are part of a specification developed by Google and the Android community for remotely configuring installed applications and devices through any Enterprise Mobility Management (EMM) system that supports it. Originally known as "App Restrictions" because of their limited initial scope, managed configurations (MCs) are now being used by Zebra to remotely configure a variety of settings, including those for device hardware, software and security.

The features of a given app that are manageable using MCs are defined in its schema. The EHS schema is downloaded when visiting Google Play through the EMM console and selecting EHS for administration. The schema defines the features available for consumption by the EMM, and provides the information necessary to present the app's management UI within the EMM console.† This data-driven UI method allows delivery of new features and their corresponding UI attributes as soon as they become available, and without the need to download a new .exe. For more information about configuring Zebra devices with managed configurations, see Zebra OEMConfig.

† The EHS management UI varies slightly depending on the EMM system in use.

Configuring EHS with MCs

At present, the full suite of EHS settings can be administered only through the EnterpriseHomeScreen.xml config file. Over time, Zebra plans to increase the features manageable through MCs until all are included, at which time the use of the EnterpriseHomeScreen.xml config file will be deprecated.

Current MC Capabilities:

  • Securely mass-deploy EHS settings files across an enterprise
  • Limit device-user access to approved apps only
  • Prevent unauthorized changes to device apps and settings

Requirements

  • One or more Zebra devices running Android 11 or later
  • A supported EMM with EHS and its schema downloaded from Google Play
  • EHS 5.0 (or later) installed on device(s) (can be deployed by EMM, if necessary)

App Restrictions

EHS currently offers eight app restriction categories, each with a corresponding bundle as described in the table below. Specific parameters for each restriction are contained in the tables that follow.

Restriction Name Description Bundle Name
Secure EHS Login Configuration Controls and configure access to EHS login admin to prevent unexpected configuration changes Admin Login Control
Control access to EHS Restricts application use of different types of EHS Application Management Control
Secure EHS Configuration Controls and configures access to EHS UI to prevent unexpected configuration changes Home Screen UI
Control access to EHS applications Lock Down Functionality
Control EHS data Persist access to data Persist Config Data
Control size of EHS Logs Root Log File Max Size
Control access to EHS Logs Root Logging
Control EHS reboot on installation Use Root Reboot on the install bundle


Admin Login Control Group

Admin Login Control Group controls and configures administrator login options.

Restriction Name Value Display Name Description
Change Admin Password User inputs password Blank string (default) Encrypted admin password to set or updated the password
Maximum Admin Login Attempt User inputs 1-100 10 (default) Maximum number of admin login attempts before admin lockout will occur
Admin Inactivity Timeout 0
15
30
60
120
300
600
1800
Disabled
15 seconds
30 seconds
1 minute (default)
2 minutes
5 minutes
10 minutes
30 minutes
Inactivity time (in seconds) before admin is automatically logged out
Admin Lockout Recovery 1
0
On
Off
Turn on/off admin lock out recovery
Admin Recovery Timeout User inputs 0-9999 60 (default) Time (in minutes) that admin must wait before trying to login to admin mode again after being locked out due to reaching maximum failed login attempts

Application Management Group

The Application Management Group controls and configures the apps visible to device users.

Restriction Name Value Display Name Description
User screen applications User inputs applications Json string containing a list of packages and/or activities and/or label information for the application shortcuts to be added to the user screen
Tools menu applications User inputs applications Json string containing a list of packages and/or activities and/or label information for the application shortcuts to be added to the tools menu
User screen links User inputs applications Json string containing a list of packages and/or activities and/or label information for the application shortcut links to be added to the user screen
Auto launch 0
1
Off (default)
On
Turn on/off app auto-launch
Auto launch applications User inputs applications Json string containing a list of auto-launch app information with package name, activity, Class Name and launching delay
Service auto launch 0
1
Off (default)
On
Turn on/off service auto-launch
Service or Foreground applications User inputs services or foreground applications Json string containing a list of service information with package name, service Class Name, launching delay and action
Foreground service auto launch 0
1
off (default)
On
Turn on/off foreground service auto-launch
Pin shortcuts 0
1
Remove pinned shortcut (default)
Add pinned shortcut
Add or remove pinned shortcuts to local apps or websites
Bypass confirmation for pinned shortcuts 0
1
Disallow (default)
Allow
Allow/disallow Bypass confirmation screen for pinned shortcut requests
Disable any application User inputs applications App checkbox checked if disabled in disabled app list Comma-separated list of app package names to disable on the device
Enable any application User inputs applications Checkbox in front of the application is unchecked if disabled in disabled app list Comma-separated list of app package names to enable on the device
Screen blanking 0
1
Off (default)
On
Turn on/off Screen blanking
Screen blanking threshold User inputs speed 10 (default) A value for speed (5 or greater) to enable Screen Blanking feature
Screen blanking mode 1
2
Black screen (default)
Transparent screen
Blanking Mode
Enable icon grouping 0
1
Disable (default)
Enable
Enable/disable icon grouping
Application icon grouping User inputs applications to create the group Json string containing a list of packages and/or activities and/or label information of the application to be added to create a group

Home Screen UI Group

Home screen UI group configures the EHS user interface.

Restriction Name Value Display Name Description
EHS title User inputs title "Enterprise Home Screen" (default) Text to display on the title bar
EHS title with device identifier [serial_number]
[mac_address]
[network_host_name]
[bluetooth_address]
[bluetooth_name]
[imei_number]
None
Serial number
MAC address
Network host name
Bluetooth address
Bluetooth name
IMEI number
The device identifier to be added in title bar text
Title bar icon 0
1
Show (default)
Hide
Show/hide the title bar icon
Title bar icon file File path of the image file Path and the name of the file containing the icon to be displayed in the title bar
Reuse of custom icon 0
1
No (default)
Yes
Controls whether to reuse custom icon in other screens
App icon settings 0
1
Allow (default)
Disallow
Controls app icon settings to be allowed in user mode
Icon settings S
M
L
XL
XXL
Small (S)
Medium (M) (default)
Large (L)
Extra Large (XL)
Extra Extra Large (XXL)
Used to select the app icon size
Screen size 0
1
Off (default)
On
Used to control whether to run an app in full-screen mode and obscure the status bar
Orientation Set EHS orientation Default (default)
Portrait
Landscape
Controls orientation in which the EHS UI will be presented, with \'Default\' indicating use the system default orientation
Wallpaper File path of the image file Used to enter the image file name and path of the file containing the wallpaper
Wallpaper stretching 0
1
Disabled (default)
Enabled
Controls whether wallpaper is stretched to fill the screen
Icon label text color User inputs HTML color Used to enter an HTML color code in RGB format for the icon label text (Example: #557BF3)
Icon label background color User inputs HTML color Used to enter an HTML color code in RGB format for the icon label background (Example: #557BF3)
IP address 0
1
Hide (default)
Show
Controls whether to show device IP address in user mode
MAC address 0
1
Hide (default)
Show
Controls whether to show device MAC address in user mode
BSSID 0
1
Hide (default)
Show
Controls whether to show Basic Service Set Identifier (BSSID) of the current access point in User Mode
SSID 0
1
hide (default)
Show
Controls whether to show Service Set Identifier (SSID) of the current network in user mode
Scan result 0
1
Hide (default)
Show
Controls whether to show the access points found in the most recent scan in user mode

Lock Down Functionality Group

Lock down functionality group configures and controls device lockdown features.

Restriction Name Value Display Name Description
Kiosk Mode 0
1
Off (default)
On
Used to turn on/off Kiosk Mode
Kiosk apps User inputs apps Json string containing a list of kiosk app package(s) and/or activities and/or label information
Keyguard camera 1
0
Off (default)
On
Used to turn on/off camera application in keyguard/unlock screen
Keyguard search 1
0
Off (default)
On
Used to turn on/off search application in keyguard/unlock screen
USB debugging 1
0
Off (default)
On
Used to turn on/off adb in the device
System settings 1
0
Reduced (default)
Full
Controls whether to display a reduced set of system settings in user mode
Recent apps button 1
0
Disabled (default)
Enabled
Controls whether to enable on recent apps button in the device
Recent apps access 1
0
Disallow (default)
Allow
Controls whether to allow access to recently launched applications by the user in user mode

Root Logging

Root logging configures to capture the device log file.

Restriction Name Value Display Name Description
Logging 0
1
On
Off
Used to turn on/off writing to the device log file

Root Log File Max Size

Root log file max size defines the maximum size of the EHS log file.

Restriction Name Value Display Name Description
Log file maximum size User inputs value 10 MB (default) Used to set the maximum size of the log file in MB (from range 1-99999)

Root Reboot on Install

Root reboot on install controls whether to reboot on EHS installation.

Restriction Name Value Display Name Description
Auto reboot 0
1
Disabled
Enabled
Controls whether EHS automatically reboots the device the first time it is launched after initial installation. A device reboot is required after EHS installation in order to make EHS fully operational. Reboot can be performed automatically by EHS or manually at a later time.