Prevent data leaks by enabling listed restrictions in the Knox container.

  1. Navigate to Devices > Profiles & Resources > Profiles > Add > Add Profile > Android (Legacy) .

  2. Select Container.
  3. Configure the profile's General settings.

    These settings determine how the profile deploys and who receives it. For more information on General settings, see Add General Profile Settings.

  4. Select the Restrictions payload.

  5. Enable or disable the Device Functionality settings:

    Setting Description
    Allow Camera

    Enable to allow users to use their camera inside the Knox container. If Allow Camera has been turned off for the device side, then the camera will be disabled for all the containers and users created on the device.

    Allow Video Recording if Microphone is Allowed Enable which allows video recording within the Knox container.
    Allow Microphone Enable to allow use of the microphone inside the Knox container. If Allow Microphone has been turned off for the device side, then the microphone will be disabled for all the containers and users created on the device.
    Allow Audio Recording if Microphone is Allowed

    Enable to give users access to audio recording.

    Allow Display of Share Via List Disable to prevent your end-users from accessing their share options for sensitive content.
    Force Secure Keypad Usage Enable to prevent end-users from downloading and using third-party keyboard applications.
    Allow Contact Info Outside the Container Enable to allow contact information from the container to sync with personal contact information.
    Allow Account Addition

    Enable to allow users the ability add new email accounts within the Knox container.

    Allow Google Account Activation

    Enable to let users activate their Google account inside the Knox container.

    Allow Screen Capture

    Disable to prevent users from taking screenshots inside the Knox container.

    Enable Allow Clipboard

    Enable to give users the ability to copy content to their clipboard. The Allow Clipboard policy only takes effect over native Android clipboard.

    Allow Wallpaper Change Enable to allow users the ability to customize the wallpaper within the Knox container.
    Allow Home Key Disable to prevent home key functionality such as long press to display recently opened applications. For devices running KNOXv2.3+, Allow Home Key applies to Container Only Mode
    Allow Power Key Disable to prevent the user from turning off the device by pressing the power button. For devices running KNOXv2.3+, Allow Power Off applies to Container Only Mode
    Allow Status Bar Expansion Enable to give users access to the controls located in the notification tray. The notifications and controls are visible even if the feature is disabled. For devices running KNOXv2.3+, Allow Status Bar Expansion applies to Container Only Mode
    Allow Mock Locations

    Enable to allow users to change their longitude and latitude in the GPS application to show false coordinates.

    Allow Bluetooth Enable to allow Bluetooth inside the Knox container.
    Security
    Enforce Container Keyguard

    Enable to require authentication to enter the Knox container.

    Enable ODE Trusted Boot Verification

    Enable to allow device access to the decrypted data partition only when the binary and kernel is official.

    Prevent New Admin Activation

    Enable to prevent activation of another administrator application unless the application is part of the whitelisted applications.

    Set Common Criteria CC Mode

    Enable to allow the device to be placed in the common criteria configuration.

    To enable Set Common Criteria CC Mode, admins have to enable to prerequisite policies:

    Enable Device Encryption, Enable SD Card Encryption, and Number of attempts before device wipe.

    Enable Application Move Disable to prevent apps from being installed inside the Knox container.
    Enable File Move

    Disable to prevent files from being moved inside the Knox container.

    Enable OCSP Check

    Turn on to allow use of OCSP during certificate revocation for application SSL connections.

    Application
    Allow Google Crash Report

    Enable to allow crash reports to be sent to Google.

    Allow S Voice

    Enable so users can run the S Voice application which allows the use of wake-up commands.

    Allow User to Stop System Signed Applications Disable to prevent users from the force stop button for system applications inside the Knox container.
    Block Non-Trusted Application Installation Enable to block all applications that are not identified as Trusted.
    Allow GMS Applications in Container Enable to allow Google Service applications to be downloaded inside the Knox container.
    Sync and Storage
    Allow Google Accounts Auto Sync Enable which lets Google accounts automatically sync within the Knox container.
    Allow Change Data Sync Policy Enable to allow users to change Data Sync policies specific to applications. For devices running Knox v2.3+, Allow Change Data Sync Policy will always enable notification sanitization for the email app only, in case of MDFPP(Mobile Device Fundamentals Protection Profile) SDP enabled container.
    Allow SD Card Move Disable to stop users from moving applications to the SD card.
    Hardware
    Allow Settings Change Disable to prevent users from changing settings or system preferences within the Knox container.
    Allow Reset Container on Reboot Enable to allow user to reset the Knox container after restart.
  1. Select Save & Publish.