IBM MaaS360 Kiosk Mode Settings Configuration Settings for Kiosk Mode Operation IBM Security September 2017
Android Kiosk Mode IBM MaaS360 provides a range of Android device management including Samsung SAFE / Knox and Android Enterprise (for Work). MaaS360 can configure Android devices to operate in a Kiosk mode which restricts the user to a number of mobile applications. This guide details how the Kiosk mode is represented on Android and Samsung SAFE including the appropriate MaaS360 portal settings. For queries around these settings, you can contact MaaS360 support via support@maas360.ibm.com or via the 24x7 chat service 2 IBM Security
Manage Devices Secure & manage Manage Apps Curate & deploy Enable Content Enable & control access Protect Data Contain & prevent leaks Phone XP Win 10 CYOD BYOD Shared Contractors Seamless Identity Authenticate & authorise Establish Context Alert & analyze Provide Cognitive Sense & respond Mail systems Directories Certificates File shares 3 IBM Security
IBM MaaS360 Kiosk Mode The MaaS360 logo can be rebranded 4 IBM Security
Kiosk Mode Settings Apply the following Android Policy Settings: Device Settings - Device Management Do not allow user to disable device management Advanced Settings Kiosk Mode Restrictions Block Task Manager (Disables Task Manager) Select the list of allowed applications (do not include Settings app)* Enable Admin bypass for Kiosk mode Block Hardware Keys Enable Admin bypass for Kiosk mode *See the Appendix 5 IBM Security
Additional Samsung Kiosk Mode Settings Apply the following Android Policy Settings: Advanced Settings Kiosk Mode Restrictions Block Multi-Window Mode Hide Navigation Bar Hide Status Bar Hide System Bar 6 IBM Security
Customise the Kiosk Launcher Apply the Settings as required: 7 IBM Security
AppIDs The following are a list of Android AppID s you can use to list applications in Kiosk mode. Others can be found with applications such as APK Extractor Android Apps com.android.contacts* com.android.settings com.android.mms com.android.dialer and/or com.android.phone com.sec.android.app.camera MaaS360 Apps: com.fiberlink.maas360.android.control com.fiberlink.maas360.android.secureeditor com.fiberlink.maas360.android.securebrowser * S7 removed the dialer as an option under contacts, so doesn't have it's own app id. 8 IBM Security
Integrated Threat Protection Real-time Malware Protection Detect, analyse and remediate Mobile malware and compromised devices Near real-time compliance rules engine for automated remediation Over-the-air detection logic updates For more information - https://www.youtube.com/watch?v=t-qk-9mvr8i 9 IBM Security
THANK YOU FOLLOW US ON: ibm.com/security securityintelligence.com xforce.ibmcloud.com @ibmsecurity youtube/user/ibmsecuritysolutions Copyright IBM Corporation 2016. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and / or capabilities referenced in these materials may change at any time at IBM s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANYSYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.