You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: memdocs/intune/configuration/device-restrictions-android-for-work.md
+17-1Lines changed: 17 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -7,7 +7,7 @@ keywords:
7
7
author: MandiOhlinger
8
8
ms.author: mandia
9
9
manager: dougeby
10
-
ms.date: 06/21/2022
10
+
ms.date: 07/19/2022
11
11
ms.topic: conceptual
12
12
ms.service: microsoft-intune
13
13
ms.subservice: configuration
@@ -200,6 +200,22 @@ For corporate-owned devices with a work profile, some settings only apply in the
200
200
201
201
-**Threat scan on apps**: **Require** (default) enables Google Play Protect to scan apps before and after they're installed. If it detects a threat, it may warn users to remove the app from the device. When set to **Not configured**, Intune doesn't change or update this setting. By default, the OS might not enable or run Google Play Protect to scan apps.
202
202
203
+
-**Common Criteria mode**: By default, this setting is **Not configured**.
204
+
205
+
Set *Common Criteria mode* to **Require** to enable an elevated set of security standards that are most often used in highly sensitive organizations, such as government establishments. Those settings include but are not limited to:
206
+
207
+
- AES-GCM encryption of Bluetooth Long Term Keys
208
+
- Wi-Fi configuration stores
209
+
- Blocks bootloader download mode, the manual method for software updates
210
+
- Mandates additional key zeroization on key deletion
211
+
- Prevents non-authenticated Bluetooth connections
212
+
- Requires that FOTA updates have 2048-bit RSA-PSS signature
213
+
214
+
Learn more about Common Criteria:
215
+
-[Common Criteria for Information Technology Security Evaluation](https://www.commoncriteriaportal.org) at commoncriteriaportal.org
216
+
-[CommonCriteriaMode](https://developers.google.com/android/management/reference/rest/v1/enterprises.policies#commoncriteriamode) in the Android Management API documentation.
217
+
-[Knox Deep Dive: Common Criteria Mode](https://www.samsungknox.com/blog/knox-deep-dive-common-criteria-mode) at samsungknox.com
218
+
203
219
### Device experience
204
220
205
221
Use these settings to configure a kiosk-style experience on your dedicated devices, or to customize the home screen experiences on your fully managed devices. You can configure devices to run one app, or run many apps. When a device is set with kiosk mode, only the apps you add are available.
0 commit comments