Manage Device Security

StageNow 5.12

Overview

StageNow 4.0 (and higher) supports Trusted Staging, which can protect devices with MX 9.2 and higher from unauthorized staging.
See the Trusted Staging Guide for usage details.


About Wizard Behavior

Settings created automatically by a Profile Wizard are sometimes not removed completely from the Profile when one or more of those settings are deleted manually. This occurs in Wizard-based Profiles that are further modified with settings created using Xpert mode. While parts of the deleted settings might still be visible, they are inaccessible by the administrator. However, the Profile does not execute them and otherwise functions normally.

image Click image to enlarge; ESC to exit.


The Manage Device Security Wizard configures security options and policies for a device. Options for this Profile are listed below.

Security options:

  • Whitelisting and blacklisting apps
  • Controlling screen time-out
  • Encrypting SD Card(s)
  • Control user access to:
    • Power-off menu
    • Android Settings panel
    • App installation from unknown sources
    • Threat management
  • Enable/disable:
    • SD Card(s)
    • Device camera(s)
    • The GPRS subsystem
    • Wireless radio(s)
    • GPS locationing
    • USB port(s)

In addition, StageNow implements multiple layers of security in the barcode and NFC staging media it creates.

Security included in staging media:

  • Parm encryption - All input text values considered sensitive (i.e. passwords) are encrypted using an asymmetric key algorithm.
  • Profile encoding - Upon creation of a Profile, parm names are encoded, rendering them unreadable.
  • Profile encryption - Optionally, an admin can elect to encrypt an entire staging Profile using a shared (symmetric) key, which must be known before the barcode(s) or NFC tag(s) can be used.

Create a Security Profile

To create a Manage Device Security Profile:

  1. Select Create New Profile.

  2. Select the MX version from the drop-down menu.

  3. Select the Manage Device Security Wizard, and select Create.

    image

  4. Enter a name for the Profile and select Start.

    image

    Note: During Profile creation, Profile Status is indicated in the upper-right corner of the window, (e.g., "Incomplete").

  5. Select whether to perform Application Whitelisting. If selecting Yes, see Setting Types / AccessMgr for instructions.

  6. Select whether to Blacklist an Application. If selecting Yes, see Setting Types / AppMgr for instructions.

  7. Select whether to control the Display Timeout. If selecting Yes, see Setting Types / DisplayMgr for instructions.

  8. Select whether to control the Screen Lock Timeout. If selecting Yes, see Setting Types / DevAdmin for instructions.

  9. Select whether to control the Installation of Applications from Unknown Sources. If selecting Yes, see Setting Types / DevAdmin for instructions.

  10. Select whether to control the contents of the Power Key Menu. If selecting Yes, see Setting Types / PowerKeyMgr for instructions.

    img

  11. Select whether to control what the Settings UI can accomplish. If selecting Yes, see Setting Types / SettingsMgr for instructions.

  12. Select whether to configure Threat Management. If selecting Yes, see Setting Types / ThreatMgr for instructions.

  13. Select whether to control USB usage. If selecting Yes, see Setting Types / UsbMgr for instructions.

  14. Select whether to control Wireless usage. If selecting Yes, see Setting Types / WirelessMgr for instructions.

  15. Select whether to control Camera usage. If selecting Yes, see Setting Types / CameraMgr for instructions.

  16. Select whether to SD Card usage. If selecting Yes, see Setting Types / SdCardMgr for instructions.

  17. Select whether to encrypt the SD Card. If selecting Yes, select the method for providing the Encryption Key.

    image

    Then see Setting Types / EncryptMgr for instructions.

  18. Select Continue to proceed to the Review window.