Location device policy 编辑

You create location device policies in Endpoint Management to enforce geographic boundaries. When users breach the defined boundary, also called a geofence, Endpoint Management can perform certain actions. For example, you can configure the policy to issue a warning message to users when they breach the defined perimeter. You can also configure the policy to wipe users’ corporate data when they breach a perimeter, right away or after a delay. For information about security actions, such as enabling tracking and locating a device, see Security actions.

To add or configure this policy, go to Configure > Device Policies. For more information, see Device policies.

iOS settings

• Location timeout: Type a numeral and then click Seconds or Minutes to set how often Endpoint Management attempts to fix the device’s location. Valid values are 60–900 seconds or 1–15 minutes. The default is 1 minute.
• Tracking duration: Type a numeral and then click Hours or Minutes to set how long Endpoint Management tracks the device. Valid values are 1–10 hours or 10–600 minutes. The default is 6 hours.
• Accuracy: Type a numeral and then click Meters, Feet, or Yards to set how close to a device Endpoint Management tracks the device. Valid values are 10–5000 yards, 30–15000 feet, or 10-5000 meters. The default is 328 feet (100 meters).
• Report if Location Services are disabled: Select whether the device sends a report to Endpoint Management when the user turns off GPS. The default is Off.

• Geofencing

  

  When you enable Geofencing, configure these settings:

• Radius: Type a numeral and then click the units to be used to measure the radius. The default is 16400 feet (5000 meters). Valid values for radius are:
  • 164–16400 feet
  • 50–50000 meters
  • 54–54680 yards
  • 1–31 miles
• Center point latitude: Type a latitude, such as 37.787454, to define the geofence center point’s latitude.
• Center point longitude: Type a longitude, such as 122.402952, to define the geofence center point’s longitude.
• Warn user on perimeter breach: Select whether to issue a warning message when users breach the defined perimeter. The default is Off. No connection to Endpoint Management is required to display the warning message.
• Wipe corporate data on perimeter breach: Select whether to wipe users’ devices when they breach the perimeter. The default is Off. When you enable this option, the Delay on local wipe field appears.
  • Type a numeral and then click Seconds or Minutes to set the length of time to delay before wiping corporate data from user devices. The delay gives users an opportunity to return to the allowed location before Endpoint Management selectively wipes their devices. The default is 0 seconds.

Android (legacy DA) settings

Android location tracking requires Android 9 or later.

• Poll interval: Type a numeral and then click Minutes or Hours, or Days to set how often Endpoint Management attempts to fix the device’s location. Valid values are 15–1440 minutes, 1–24 hours, or any number of days. The default is 15 minutes.
• Report if Location Services are disabled: Select whether the device sends a report to Endpoint Management when the user turns off GPS. The default is Off.

• Geofencing

  

  When you enable Geofencing, configure these settings:

• Radius: Type a numeral and then click the units to be used to measure the radius. The default is 16400 feet (5000 meters). Valid values for radius are:
  • 164–164000 feet
  • 1–50 kilometers
  • 50–50000 meters
  • 54–54680 yards
  • 1–31 miles
• Center point latitude: Type a latitude, such as 37.787454, to define the geofence center point’s latitude.
• Center point longitude: Type a longitude, such as 122.402952, to define the geofence center point’s longitude.
• Warn user on perimeter breach: Select whether to issue a warning message when users breach the defined perimeter. The default is Off. No connection to Endpoint Management is required to display the warning message.
• Device connects to Endpoint Management for policy refresh: Select one of the following options for when users breach the perimeter:
  • Perform no action on perimeter breach: Do nothing. This is the default.
  • Wipe corporate data on perimeter breach: Wipe corporate data after a specified length of time. When you enable this option, the Delay on local wipe field appears.
    • Type a numeral and then click Seconds or Minutes to set the length of time to delay before wiping corporate data from user devices. The delay gives users an opportunity to return to the allowed location before Endpoint Management selectively wipes their devices. The default is 0 seconds.
  • Lock device locally: Lock users’ devices after a specified length of time. When you enable this option, the Delay on lock field appears.
    • Type a numeral and then click Seconds or Minutes to set the length of time to delay before locking user devices. The delay gives users an opportunity to return to the allowed location before Endpoint Management locks their devices. The default is 0 seconds.
• Enable tracking: Select whether the device tracks user location. The default is Off.

Android Enterprise settings

For Android location tracking to work, ensure that the following requirements are met:

• Android 9 or later
• The Allow location sharing setting enabled in the Restrictions device policy for Android Enterprise
• Connection scheduling (Firebase Cloud Messaging recommended)

Apply to fully managed devices with a work profile

For fully managed devices with work profiles (formerly known as COPE devices), only the location mode setting is available.

• Apply to fully managed devices with a work profile/Work profile on corporate-owned devices: Allows you to configure the location mode for fully managed devices with work profiles. When this setting is on, configure the settings for the work profile:

  • Report if Location Services are disabled: Select whether the device sends a report to Endpoint Management when the user turns off GPS. The default is Off.
  • Geofencing: See the settings in this article under Managed device.

When Apply to fully managed devices with a work profile/Work profile on corporate-owned devices is off, settings apply to the managed device and work profile as shown in the following sections. Default is Off.

Managed device

• Location Mode: Specify the degree of location detection to enable. You can use the Locate security action only when location mode is set to High Accuracy or Battery Saving. The default is High Accuracy.
  • High Accuracy: Enables all location detection methods, including GPS, networks, and other sensors.
  • Sensors Only: Enables only GPS and other sensors.
  • Battery Saving: Enables only the network location provider.
  • Off: Disables location detection.

• Geofencing:

  

  When you enable Geofencing, configure these settings:

• Poll interval: Type a numeral and then click Minutes or Hours, or Days to set how often Endpoint Management attempts to fix the device’s location. Valid values are 1–1440 minutes, 1–24 hours, or any number of days. The default is 10 minutes. Setting this value to less than 10 minutes might adversely affect the device’s battery life.
• Radius: Type a numeral and then click the units to be used to measure the radius. The default is 16400 feet (5000 meters). Valid values for radius are:
  • 164–164000 feet
  • 1–50 kilometers
  • 50–50000 meters
  • 54–54680 yards
  • 1–31 miles
• Center point latitude: Type a latitude, such as 37.787454, to define the geofence center point’s latitude. To look up the value, go to Manage > Devices, select the device, click Secure, and then click Locate. After locating the device, Endpoint Management reports the device location in the Device Details > General page under Security.
• Center point longitude: Type a longitude, such as 122.402952, to define the geofence center point’s longitude.
• Warn user on perimeter breach: Select whether to issue a warning message when users breach the defined perimeter. The default is Off. No connection to Endpoint Management is required to display the warning message.
• Device connects to Endpoint Management for policy refresh: Select one of the following options for when users breach the perimeter:
  • Perform no action on perimeter breach: Do nothing. This setting is the default.
  • Wipe corporate data on perimeter breach: Wipe corporate data after a specified length of time. When you enable this option, the Delay on local wipe field appears.
    • Type a numeral and then click Seconds or Minutes to set the length of time to delay before wiping corporate data from user devices. The delay gives users an opportunity to return to the allowed location before Endpoint Management selectively wipes their devices. The default is 0 seconds.
  • Lock device locally: Lock users’ devices after a specified length of time. When you enable this option, the Delay on lock field appears.
    • Type a numeral and then click Seconds or Minutes to set the length of time to delay before locking user devices. The delay gives users an opportunity to return to the allowed location before Endpoint Management locks their devices. The default is 0 seconds.

Work profile

• Report if Location Services are disabled: Select whether the device sends a report to Endpoint Management when the user turns off GPS. The default is Off.
• Geofencing: See the settings in this article under Managed device.