Using Managed Configurations

Zebra EHS 6.2

Overview

Managed configurations are part of a specification developed by Google and the Android community for remotely configuring installed applications and devices through any Enterprise Mobility Management (EMM) system that supports it. Originally known as "App Restrictions" because of their limited initial scope, managed configurations (MCs) are now being used by Zebra to remotely configure a variety of settings, including those for device hardware, software and security.

The features of a given app that are manageable using MCs are defined in its schema. The EHS schema is downloaded when visiting Google Play through the EMM console and selecting EHS for administration. The schema defines the features available for consumption by the EMM, and provides the information necessary to present the app's management UI within the EMM console.† This data-driven UI method allows delivery of new features and their corresponding UI attributes as soon as they become available, and without the need to download a new .exe. For more information about configuring Zebra devices with managed configurations, see Zebra OEMConfig.

† The EHS management UI varies slightly depending on the EMM system in use.

Configuring EHS with MCs

At present, the full suite of EHS settings can be administered only through the EnterpriseHomeScreen.xml config file. Over time, Zebra plans to increase the features manageable through MCs until all are included, at which time the use of the EnterpriseHomeScreen.xml config file will be deprecated.

Current MC Capabilities:

  • Securely mass-deploy EHS settings files across an enterprise
  • Limit device-user access to approved apps only
  • Prevent unauthorized changes to device apps and settings

Requirements

  • One or more Zebra devices running Android 11 or later
  • A supported EMM with EHS and its schema downloaded from Google Play
  • EHS 5.0 (or later) installed on device(s) (can be deployed by EMM, if necessary)

App Restrictions

EHS app restriction categories and their a corresponding bundles are described in the table below. Specific parameters for each restriction are contained in individual the tables that follow.

Restriction Name Description Bundle Name
Secure EHS Login Configuration Controls and configure access to EHS login admin to prevent unexpected configuration changes. Admin Login Control
Control access to EHS Restricts application use of different types of EHS Application Management Control
Secure EHS Configuration Controls and configures access to EHS UI to prevent unexpected configuration changes. Home Screen UI
Control access to EHS applications Lock Down Functionality
Control EHS data Persist access to data Persist Config Data
Control EHS Profiles Controls role-based profile configurations Role Selection
Control size of EHS Logs Root Log File Max Size
Control access to EHS Logs Root Logging
Control EHS reboot on installation Use Root Reboot on the install bundle


Admin Login Control Group

Control log-in options of the administrative user on the device.

Restriction Name Value Display Name Description
Change Admin Password User inputs password Blank string (default) Encrypted admin password to set or updated the password.
Maximum Admin Login Attempt User inputs 1-100 10 (default) Maximum number of admin login attempts before admin lockout will occur.
Admin Inactivity Timeout 0
15
30
60
120
300
600
1800
Disabled
15 seconds
30 seconds
1 minute (default)
2 minutes
5 minutes
10 minutes
30 minutes
Inactivity time (in seconds) before admin is automatically logged out.
Admin Lockout Recovery 1
0
On
Off
Turn on/off admin lock out recovery
Admin Recovery Timeout User inputs 0-9999 60 (default) Time (in minutes) that admin must wait before trying to login to admin mode again after being locked out due to reaching maximum failed login attempts.

Application Management Group

Control the apps that device users are able to see and launch.

Restriction Name Value Display Name Description
User screen applications User inputs applications Json string containing a list of packages and/or activities and/or label information for the application shortcuts to be added to the user screen.
Example: [{"package":"com.symbol.datawedge","activity":"com.symbol.datawedge.DWDemoActivity","label":"DWDemo"}, {"package":"com.android.deskclock","activity":"com.android.deskclock.DeskClock","label":"Clock"}]
Tools menu applications User inputs applications Json string containing a list of packages and/or activities and/or label information for the application shortcuts to be added to the tools menu.
Example: [{"package":"com.symbol.datawedge","activity":"com.symbol.datawedge.DWDemoActivity","label":"DWDemo"}, {"package":"com.android.deskclock","activity":"com.android.deskclock.DeskClock","label":"Clock"}]
User screen links User inputs applications Json string containing a list of packages and/or activities and/or label information for the application shortcut links to be added to the user screen.
Example: [{"label":"google","url":"http://www.google.com"}, {"label":"yahoo","url":"http://www.yahoo.com"}]
Auto launch 0
1
Off (default)
On
Turn on/off app auto-launch
Auto launch applications User inputs applications Json string containing a list of auto-launch app information with package name, activity, Class Name and launching delay.
Example: :[{"delay":"8000","package":"com.andoid.calculator","activity":""}, {"package":"com.android.deskclock","activity":"com.android.deskclock.DeskClock","label":"Clock"}]
Service auto launch 0
1
Off (default)
On
Turn on/off service auto-launch
Service or Foreground applications User inputs services or foreground applications Json string containing a list of service information with package name, service Class Name, launching delay and action.
Example: :[{"delay":"4000","package":"com.sample.service","class":"com.sample.service.MyService","action":"downloadfile"}, "delay":"6000","package":"com.sample.fgservice","class":"com.sample.fgservice.FgService","action":"savefile"}]
Foreground service auto launch 0
1
off (default)
On
Turn on/off foreground service auto-launch.
Pin shortcuts 0
1
Remove pinned shortcut (default)
Add pinned shortcut
Add or remove pinned shortcuts to local apps or websites.
Bypass confirmation for pinned shortcuts 0
1
Disallow (default)
Allow
Allow/disallow Bypass confirmation screen for pinned shortcut requests.
Disable any application User inputs applications App checkbox checked if disabled in disabled app list Comma-separated list of app package names to disable on the device.
Enable any application User inputs applications Checkbox in front of the application is unchecked if disabled in disabled app list Comma-separated list of app package names to enable on the device.
Screen blanking 0
1
Off (default)
On
Turn on/off Screen blanking
Screen blanking threshold User inputs speed 10 (default) A value for speed (5 or greater) to enable Screen Blanking feature.
Screen blanking mode 1
2
Black screen (default)
Transparent screen
Blanking Mode
Enable icon grouping 0
1
Disable (default)
Enable
Enable/disable icon grouping
Application icon grouping User inputs applications to create the group Json string containing a list of packages and/or activities and/or label information of the application to be added to create a group.
Example: [{title: "UserGroup1",role:"User",applications: [{label: "Calculator",package: " com.android.calculator ",activity: ""},{label: "Calendar",package: " com.android.calendar",activity: ""}]

Advanced Screen Blanking Group

Controls Do Not Disturb, Notification Pulldown and Navigation Bar functions on the device when applied with Screen Blanking.

Restriction Name Value Display Name Description
Do not Disturb 0
1
Off (default)
On
Controls Do Not Disturb (DND) mode on the device, which (when enabled) silences all notifications coming into the device, including incoming phone calls, text messages, system alerts and all other notifications and sounds.
EMM users: This feature requires a device reboot after deployment.
Notification Pulldown 0
1
Enabled (default)
Disabled
Controls whether a device user is allowed to "pull down" the Notifications/Status bar and access the Notifications panel, which displays active notifications, alerts and other incoming messages.
EMM users: This feature requires a device reboot after deployment.
Navigation Bar 0
1
Enabled (default)
Disabled
Controls the on-screen Navigation Bar, which contains the BACK, HOME and RECENT soft keys. Disabling the Navigation Bar can prevent the user from switching between apps by means of those keys.
EMM users: This feature requires a device reboot after deployment.

Home Screen UI Group

Configure the EHS device user interface.

Restriction Name Value Display Name Description
EHS title User inputs title "Enterprise Home Screen" (default) Text to display on the title bar.
EHS title with device identifier [serial_number]
[mac_address]
[network_host_name]
[bluetooth_address]
[bluetooth_name]
[imei_number]
None
Serial number
MAC address
Network host name
Bluetooth address
Bluetooth name
IMEI number
The device identifier to be added in title bar text.
Title bar icon 0
1
Show (default)
Hide
Show/hide the title bar icon.
Title bar icon file File path of the image file Path and the name of the file containing the icon to be displayed in the title bar.
Reuse of custom icon 0
1
No (default)
Yes
Controls whether to reuse custom icon in other screens.
App icon settings 0
1
Allow (default)
Disallow
Controls app icon settings to be allowed in user mode.
Icon settings S
M
L
XL
XXL
Small (S)
Medium (M) (default)
Large (L)
Extra Large (XL)
Extra Extra Large (XXL)
Used to select the app icon size.
Screen size 0
1
Off (default)
On
Used to control whether to run an app in full-screen mode and obscure the status bar.
Orientation Set EHS orientation Default (default)
Portrait
Landscape
Controls orientation in which the EHS UI will be presented, with \'Default\' indicating use the system default orientation.
Wallpaper File path of the image file Used to enter the image file name and path of the file containing the wallpaper.
Wallpaper stretching 0
1
Disabled (default)
Enabled
Controls whether wallpaper is stretched to fill the screen.
Icon label text color User inputs HTML color Used to enter an HTML color code in RGB format for the icon label text.
Example: #557BF3
Icon label background color User inputs HTML color Used to enter an HTML color code in RGB format for the icon label background.
Example: #557BF3
IP address 0
1
Hide (default)
Show
Controls whether to show device IP address in user mode.
MAC address 0
1
Hide (default)
Show
Controls whether to show device MAC address in user mode.
BSSID 0
1
Hide (default)
Show
Controls whether to show Basic Service Set Identifier (BSSID) of the current access point in User Mode.
SSID 0
1
hide (default)
Show
Controls whether to show Service Set Identifier (SSID) of the current network in user mode.
Scan result 0
1
Hide (default)
Show
Controls whether to show the access points found in the most recent scan in user mode.

Lock Down Functionality Group

Configure device lock-down features and functionality.

Restriction Name Value Display Name Description
Kiosk Mode 0
1
Off (default)
On
Used to turn on/off Kiosk Mode.
Kiosk apps User inputs apps Json string containing a list of kiosk app package(s) and/or activities and/or label information.
Example: :[{"package":"com.symbol.datawedge","activity":"com. symbol.datawedge.DWDemoActivity","label":"DWDemo"}, {"package":"com.android.deskclock","activity":"com.android.deskclock.DeskClock","label":"Clock"}]
Keyguard camera 1
0
Off (default)
On
Used to turn on/off camera application in keyguard/unlock screen.
Keyguard search 1
0
Off (default)
On
Used to turn on/off search application in keyguard/unlock screen.
USB debugging 1
0
Off (default)
On
Used to turn on/off adb in the device.
System settings 1
0
Reduced (default)
Full
Controls whether to display a reduced set of system settings in user mode.
Recent apps button 1
0
Disabled (default)
Enabled
Controls whether to enable on recent apps button in the device.
Recent apps access 1
0
Disallow (default)
Allow
Controls whether to allow access to recently launched applications by the user in user mode.

Role Selection Group

Configure EHS on a device based on user roles, which are activated by Zebra Identity Guardian (per-device license required).

IMPORTANT NOTES

  • When roles are in use on a device, the existing enterprisehomescreen.xml profile is known as the "default" role, and is assigned to users launching EHS without a designated Role Name.
  • Before adding roles, Zebra recommends confirming that the default role defines accessible apps, settings and lockdown functions as required by the organization.
  • Content formatting for role configuration files is the same as for the existing enterprisehomescreen.xml file.
  • As with all EHS config files, role files are stored in the /enterprise/usr folder on the device.
  • Role configuration files are named according to their designated Role Name (e.g. Manager_config.xml).
  • To remove or update a role, delete or replace the corresponding XML file in the /enterprise/usr folder.
  • For organizations using Identity Guardian:
    • Role Names configured in EHS must match exactly with those of Identity Guardian for successful role assignment during sign-on.
    • The EHS User Screen for the default user appears briefly and is operable while Identity Guardian initializes after a device is restarted.
Restriction Name Value Description
Role Name [user-defined name]
(case-sensitive)
Used to enter a unique role name, which must match the roles defined in Zebra Identity Guardian.
Home Screen UI Home Screen UI Group bundle Configures the EHS user interface for the role.
EHS UI Lockdown Lockdown Functionality Group bundle Configures access to System settings, USB debugging and other potentially sensitive device features.
Application Management Application Management Group bundle Configures the apps accessible by device users in the role.

Root Logging

Configure root logging to capture log file on the device.

Restriction Name Value Display Name Description
Logging 0
1
On
Off
Used to turn on/off writing to the device log file.

Root Log File Max Size

Root log file max size defines the maximum size of the EHS log file.

Restriction Name Value Display Name Description
Log file maximum size User inputs value 10 MB (default) Used to set the maximum size of the log file in MB (from range 1-99999).

Root Reboot on Install

Root reboot on install controls whether to reboot on EHS installation.

Restriction Name Value Display Name Description
Auto reboot 0
1
Disabled
Enabled
Controls whether EHS automatically reboots the device the first time it is launched after initial installation. A device reboot is required after EHS installation in order to make EHS fully operational. Reboot can be performed automatically by EHS or manually at a later time.