Prevent data leaks by enabling listed restrictions in the Knox container.
- Navigate to .
- Select Container.
- Configure the profile's General settings. These General profile settings determine how the profile is deployed and who receives it.
- Select the Restrictions payload.
- Enable or disable the Device Functionality settings:
Setting Description Allow Camera
Enable to allow users to use their camera inside the Knox container. If Allow Camera has been turned off for the device side, then the camera will be disabled for all the containers and users created on the device.
Allow Video Recording if Microphone is Allowed Enable which allows video recording within the Knox container. Allow Microphone Enable to allow use of the microphone inside the Knox container. If Allow Microphone has been turned off for the device side, then the microphone will be disabled for all the containers and users created on the device. Allow Audio Recording if Microphone is Allowed
Enable to give users access to audio recording.
Allow Display of Share Via List Disable to prevent your end-users from accessing their share options for sensitive content. Force Secure Keypad Usage Enable to prevent end-users from downloading and using third-party keyboard applications. Allow Contact Info Outside the Container Enable to allow contact information from the container to sync with personal contact information. Allow Account Addition
Enable to allow users the ability add new email accounts within the Knox container.
Allow Google Account Activation
Enable to let users activate their Google account inside the Knox container.
Allow Screen Capture
Disable to prevent users from taking screenshots inside the Knox container.
Enable Allow Clipboard
Enable to give users the ability to copy content to their clipboard. The Allow Clipboard policy only takes effect over native Android clipboard.
Allow Wallpaper Change Enable to allow users the ability to customize the wallpaper within the Knox container. Allow Home Key Disable to prevent home key functionality such as long press to display recently opened applications. For devices running KNOXv2.3+, Allow Home Key applies to Container Only Mode. Allow Power Key Disable to prevent the user from turning off the device by pressing the power button. For devices running KNOXv2.3+, Allow Power Off applies to Container Only Mode. Allow Status Bar Expansion Enable to give users access to the controls located in the notification tray. The notifications and controls are visible even if the feature is disabled. For devices running KNOXv2.3+, Allow Status Bar Expansion applies to Container Only Mode. Allow Mock Locations
Enable to allow users to change their longitude and latitude in the GPS application to show false coordinates.
Allow Bluetooth Enable to allow Bluetooth inside the Knox container. Enforce Container Keyguard
Enable to require authentication to enter the Knox container.
Enable ODE Trusted Boot Verification
Enable to allow device access to the decrypted data partition only when the binary and kernel is official.
Prevent New Admin Activation
Enable to prevent activation of another administrator application unless the application is part of the whitelisted applications.
Set Common Criteria CC Mode
Enable to allow the device to be placed in the common criteria configuration.
To enable Set Common Criteria CC Mode, admins have to enable to prerequisite policies: Enable Device Encryption, Enable SD Card Encryption, and Number of attempts before device wipe.
Enable Application Move Disable to prevent apps from being installed inside the Knox container. Enable File Move
Disable to prevent files from being moved inside the Knox container.
Enable OCSP Check
Turn on to allow use of OCSP during certificate revocation for application SSL connections.
Allow Google Crash Report
Enable to allow crash reports to be sent to Google.
Allow S Voice
Enable so users can run the S Voice application which allows the use of wake-up commands.
Allow User to Stop System Signed Applications Disable to prevent users from the force stop button for system applications inside the Knox container. Block Non-Trusted Application Installation Enable to block all applications that are not identified as Trusted. Allow GMS Applications in Container Enable to allow Google Service applications to be downloaded inside the Knox container. Allow Google Accounts Auto Sync Enable which lets Google accounts automatically sync within the Knox container. Allow Change Data Sync Policy Enable to allow users to change Data Sync policies specific to applications. For devices running Knox v2.3+, Allow Change Data Sync Policy will always enable notification sanitization for the email app only, in case of MDFPP(Mobile Device Fundamentals Protection Profile) SDP enabled container. Allow SD Card Move Disable to stop users from moving applications to the SD card. Allow Settings Change Disable to prevent users from changing settings or system preferences within the Knox container. Allow Reset Container on Reboot Enable to allow user to reset the Knox container after restart.
- Select Save & Publish.