Hello and Welcome to AMGuard Business & Enterprise Knowledge-base Series.
Let’s get started, here in this article. We will show how to harden your device for security measures.
We will discuss the process of securing a device by reducing its surface of vulnerability. For this demonstration, we used a device registered with a Kiosk policy, to a AMGuard Enterprise account. This feature works equally well with other Android policies on Business and Enterprise accounts.
It is assumed that you already have a AMGuard enterprise account created for your organization.
A device hardened, means it is a more secure operating device. Turning off non-essential services and configuring the system with security controls such as password management, file permissions and disabling unused features and applications.
- Click on the Policy Group option on the left-hand menu. On clicking this option, you will be shown a page similar to the one in the screenshot below
- For demonstration purposes, we are using default policy. Click on the Default Android Kiosk Policy
- Location Settings is a way to prevent location services from being turned off on your devices. This ensures that the end-users know that location services are enabled and not allowed to disable.
- By default, you will be on the General settings tab find the location settings option and choose “Location On” from the dropdown
2. Disable Factory Reset is a security method that was designed to make sure to wipe and factory reset of your device feature is turned off if lost or stolen. Nobody else can use the device other than you.
- Scroll-on to the Security tab as shown in the screenshot. find the “Disable Factory Reset” option and turn on the toggle.
3. Safe Boot – Safe boot allows a user to boot an Android device through which the user can alter the bootloader and applications on the device and misuse it for personal gain. So, it is necessary to restrict user access and disable the Safe Boot feature on the device.
- Find the “Disable Safe Boot” option and turn on the toggle button
4. Disable Allow Power-Off – Disabling the Power option will hide the power-off option when a user presses the power button on Android devices.
- Find the “Allow Power-Off” option and turn on the toggle button
5. Disable Apps Installations from Unknown Sources - Our devices and personal data are more vulnerable to threats such as ransomware apps downloaded from unknown sources. So, it’s necessary to disable this functionality.
- Find the “Disable Apps Installations from Unknown Sources” option and turn on the toggle button.
6. Disable Physical Reading Mounting is a way to prevent the user from accessing the physical storage files on the device. This ensures locking down user access to the physical storage on the device.
- Find the “Disable Physical Reading Mounting” option and turn on the toggle button.
7. Enabling Power Saving Mode on the device helps extend the battery life of your device by disabling features and limiting the CPU usage of your device.
Now, scroll to the Advanced tab as shown in the screenshot. Find the “Allow Power Saving Mode” option and turn on the toggle button.
- Press on Save and Continue. A pop-up will appear on the screen for confirmation. Press on SAVE for the policy changes to be implemented.
8. Force-On Mobile Data is a way to prevent mobile data from being turned off on your devices. This ensures the end-users know that mobile data is turned on and not allowed to be turned off.
By default, AMGuard keeps the mobile data turned on 24*7 on the device even when the device may not have connectivity to the data network. This ensures the device will be online whenever the network is available on the device.
9. Kiosk Mode allows organizations to set up devices for a specific use case and ensures that devices are restricted and used only for assigned specific work purposes during the usage of the device.
Note: To affect the changes mentioned above to your device(s) you need to have the devices enrolled in the policy which you have hardened by executing the above steps. Your device needs to be on a stable data connection to be able to sync with the policy and be classified as a “hardened device.”
Pro’s
- By following the above steps, you have successfully hardened the device and made it a secure device.
- You can access all the files on the device. In case of the device being Lost/Stolen/Screen Damage using the device storage explore feature.
- Users can’t load any other applications on the device other than the applications prescribed to be used on the device.
We hope this article was useful. Thank you for reading. For more AMGuard insights, please explore the Visual Knowledge-base Series.
For more details, please do visit https://augmentalis.com
If you need any help on this, contact AMGuard Support Email.