In Cortado's administration portal, you will find a variety of policies that you can use to protect your users' Android devices from data loss.
Aim
In diesem How-To zeigen wir Ihnen, wie Sie Richtlinien zum Schutz vor Datenverlust konfigurieren, um so die Geräte- und Datensicherheit zu erhöhen.
Implementation
- In the Cortado administration portal, select Administration→ Policies.
- Add a new policy by clicking on the plus icon.
- Then select Android and as the setup method Fully managed device, Work profile or Work profile on company-owned device (example in illus.).
Under Data Leakage Protection, you will find the options that are explained in more detail below. The image shows the available policies for fully managed devices. All settings are allowed here by default.
Note! Only some of the policies described below are available on devices with a work profile or work profile on company-owned devices.
Allow mounting external storage media
Allow copy & paste data between the work profile and personal profile
Allow modifying accounts
You can use this policy to specify that users are not allowed to add (left illus.) or remove (right illus.) accounts (e.g. for email apps). To do this, remove the tick from the checkbox and assign the policy to the users/groups/devices. Instead, configure the accounts for your users using the managed configurations. Users then only need to enter their password and can get started straight away without having to set up an account themselves. This simplifies things for users and also ensures that only the accounts you want are used.
Allow mounting external storage media
External storage media, such as hard disks or USB sticks, can be quickly and easily connected to an Android device via USB cable to transfer data (left and right illus.). In a corporate context, this can become a security risk under certain circumstances.
If you want to prevent data from being transferred from an Android device to physical, external storage media, remove the tick from the checkbox and assign the policy to the users/groups/devices. The external storage devices are then no longer displayed in the Files app under Storage devices (left illus.). Data can therefore no longer be transferred.
Please note, however, that it is still possible to transfer data to a PC/laptop/Mac connected via USB (right illus.). If you would also like to prevent this data transfer option, remove the checkmark from the Allow USB file transfer policy instead.
Allow USB mass storage
This policy is outdated and will be removed from the list shortly!
Allow USB file transfer
Exchanging data between an Android device and a PC/laptop/Mac (left illus.) or a USB stick or external hard disk (right illus.) has many advantages. For example, photos can be downloaded from the smartphone to the PC or an app (.apk file) from the PC to the smartphone via a USB connection.
What is desirable for private use can quickly become a security risk in a corporate context. If you want to prevent files from being transferred to external storage media or to a PC/laptop/Mac via USB, remove the tick from the checkbox and assign the policy to the users/groups/devices. The File transfer option is then hidden for both a connected PC/laptop/Mac and for external storage media (left illus.). A connected external storage device is not displayed in the Files app (right illus.).
Allow screen capture
On most Android devices, a screenshot can be taken by pressing the power and silent buttons simultaneously. These screenshots can then be edited, saved and shared. This can pose a security risk for companies under certain circumstances.
If you want to prevent users from taking screenshots, remove the tick from the checkbox and then assign the policy to the users/groups/devices. Screenshots can then no longer be created. Instead, a message is displayed stating that the creation of screenshots has been blocked by the IT administrator.
Allow printing
Many Android devices can now access printers via Wi-Fi. Most printers require a special app in order to function properly. But simple printouts are often already possible with the integrated standard print service (middle illus.).
This can lead to unwanted data loss for companies. If you want to prevent this, remove the tick from the checkbox and assign the policy to the users/groups/devices. Access to the print option in the Settings is then no longer possible (left illus.) and printing is deactivated (right illus.).
Allow use of camera
The camera app is one of the standard apps on Android devices (left illus.). If you do not want your users to be able to use the camera app, remove the tick from the checkbox and assign the policy to the users/groups/devices. The camera icon will then be grayed out on the devices (middle illus.) and the app can no longer be opened (right illus.).
Allow copy & paste data between the work profile and personal profile
For devices with a work profile (BYOD and COPE), the Allow copy & paste data between the work profile and personal profile policy is also available. This policy is deactivated by default (illus.).
This means that by default it is not possible to paste texts that have been copied to the clipboard in the work profile (left illus.) into the private profile (right illus.).
Note! This policy only applies to data in the clipboard and not to files (photos, videos etc.).
If you want to allow your users to copy data (i.e. text from the clipboard) in the work profile (left illus.) and then paste it into the personal profile (middle illus.), check the box and assign the policy to the users/groups/devices. The data can then be pasted into the desired document in the private profile (right illus).
