You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: memdocs/intune/configuration/device-restrictions-android-for-work.md
+17-1Lines changed: 17 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -7,7 +7,7 @@ keywords:
7
7
author: MandiOhlinger
8
8
ms.author: mandia
9
9
manager: dougeby
10
-
ms.date: 07/12/2022
10
+
ms.date: 07/26/2022
11
11
ms.topic: conceptual
12
12
ms.service: microsoft-intune
13
13
ms.subservice: configuration
@@ -200,6 +200,22 @@ For corporate-owned devices with a work profile, some settings only apply in the
200
200
201
201
-**Threat scan on apps**: **Require** (default) enables Google Play Protect to scan apps before and after they're installed. If it detects a threat, it may warn users to remove the app from the device. When set to **Not configured**, Intune doesn't change or update this setting. By default, the OS might not enable or run Google Play Protect to scan apps.
202
202
203
+
-**Common Criteria mode**: **Require** enables an elevated set of security standards that are most often used in highly sensitive organizations, such as government establishments. Those settings include but are not limited to:
204
+
205
+
- AES-GCM encryption of Bluetooth Long Term Keys
206
+
- Wi-Fi configuration stores
207
+
- Blocks bootloader download mode, the manual method for software updates
208
+
- Mandates additional key zeroization on key deletion
209
+
- Prevents non-authenticated Bluetooth connections
210
+
- Requires that FOTA updates have 2048-bit RSA-PSS signature
211
+
212
+
When set to **Not configured** (default), Intune doesn't change or update this setting.
213
+
214
+
Learn more about Common Criteria:
215
+
-[Common Criteria for Information Technology Security Evaluation](https://www.commoncriteriaportal.org) at commoncriteriaportal.org
216
+
-[CommonCriteriaMode](https://developers.google.com/android/management/reference/rest/v1/enterprises.policies#commoncriteriamode) in the Android Management API documentation.
217
+
-[Knox Deep Dive: Common Criteria Mode](https://www.samsungknox.com/blog/knox-deep-dive-common-criteria-mode) at samsungknox.com
218
+
203
219
### Device experience
204
220
205
221
Use these settings to configure a kiosk-style experience on your dedicated devices, or to customize the home screen experiences on your fully managed devices. You can configure devices to run one app, or run many apps. When a device is set with kiosk mode, only the apps you add are available.
0 commit comments