MDX policies for third-party apps for Android 编辑
This article describes the MDX policies for Android third-party apps. You can change policy settings in the Citrix Endpoint Management console.
Authentication
App passcode
If On, a PIN or passcode is required to unlock the app when it starts or resumes after a period of inactivity. Default value is On.
To configure the inactivity timer for all apps, set the INACTIVITY_TIMER value in minutes in Client Properties on the Settings tab. The default inactivity timer value is 60 minutes. To disable the inactivity timer, so that a PIN or passcode prompt appears only when the app starts, set the value to zero.
Note:
If you select Secure offline for the Encryption keys policy, this policy is automatically enabled.
Maximum offline period (hours)
Defines the maximum period an app can run offline without a network logon for reconfirming entitlement and refreshing policies. Default value is 168 hours (7 days). Minimum period is 1 hour.
The user is reminded to log on at 30, 15, and 5 minutes before the period expires. After expiration, the app remains locked until the user completes a successful network logon.
Alternate Citrix Gateway
Note:
This policy name in the Endpoint Management console is Alternate NetScaler Gateway.
Address of a specific alternate Citrix Gateway (formerly, NetScaler Gateway) that is used for authentication and for micro VPN sessions with this app. This is an optional policy when used with the Online session required policy forces apps to reauthenticate to the specific gateway. Such gateways would typically have different (higher assurance) authentication requirements and traffic management policies. If left empty, the server’s default is always used. Default value is empty.
Device Security
Block jailbroken or rooted
If On, the app is locked when the device is jailbroken or rooted. If Off, the app can run even if the device is jailbroken or rooted. Default value is On.
Require device lock
If Device PIN or passcode, the app is locked if the device does not have a PIN or passcode. If Device pattern screen lock, the app is locked if the device does not have a pattern screen lock set. If Off, the app is allowed to run even if the device does not have a PIN, passcode, or pattern screen lock set. Default value is Off.
Device PIN or passcode requires a minimum version of Android 4.1 (Jelly Bean). Setting the policy to Device PIN or passcode prevents an app from running on older versions.
On Android M devices, the Device PIN or passcode and Device pattern screen lock options have the same effect: With either of those options, the app is locked if the device does not have a PIN, passcode, or pattern screen lock set.
Network Requirements
Require Wi-Fi
If On, the app is locked when the device is not connected to a Wi-Fi network. If Off, the app can run if the device has an active connection, such as a 4G/3G, LAN, or Wi-Fi connection. Default value is Off.
Allowed Wi-Fi Networks
Comma-delimited list of allowed Wi-Fi networks. If the network name contains any non-alphanumeric characters (including commas), the name must be enclosed in double-quotes. App runs only if connected to one of the networks listed. If left blank, all networks are allowed. This does not affect connections to cellular networks. Default value is blank.
Miscellaneous Access
App update grace period (hours)
Defines the grace period in which an app can be used after the system discovers that an app update is available. Default value is 168 hours (7 days).
Note:
Using a value of zero is not recommended since it immediately prevents a running app from being used until the update is downloaded and installed (without any warning to the user). This could lead to a situation where the user running the app is forced to exit the app (potentially losing work) to comply with the required update.
Erase app data on lock
Erases data and resets the app when the app is locked. If Off, app data is not erased when the app is locked. Default value is Off.
An app can be locked for any of the following reasons:
- Loss of app entitlement for the user
- App subscription removed
- Account removed
- Secure Hub uninstalled
- Too many app authentication failures
- Jailbroken device detected (per policy setting)
- Device placed in locked state by other administrative action
Active poll period (minutes)
When an app starts, the MDX framework polls Citrix Endpoint Management to determine current app and device status. Assuming the server running Endpoint Management can be reached, the framework returns information about the lock/erase status of the device and the enable/disable status of the app. Whether the server can be reached or not, a subsequent poll is scheduled based on the active poll period interval. After the period expires, a new poll is again attempted. Default value is 60 minutes (1 hour).
Important:
Only set this value lower for high-risk apps or performance may be affected.
Non-compliant device behavior
Allows you to choose an action when a device does not adhere to the minimum compliance requirements. Select Allow app for the app to run normally. Select Allow app after warning for the app to run after the warning appears. Select Block to block the app from running. Default value is Allow app after warning.
Public file migration
This policy is enforced only when you enable the Public file encryption policy (changed from Disabled to SecurityGroup or Application). This policy is applicable only to existing, unencrypted public files and specifies when these files are encrypted. Default value is Write (RO/RW).
Options:
- Disabled. Does not encrypt existing files.
- Write (RO/RW). Encrypts the existing files only when they are opened for write-only or read-write access.
- Any. Encrypts the existing files when they are opened in any mode.
Note:
- New files or existing unencrypted files that are overwritten encrypt the replacement files in every case.
- Encryption an existing public file makes the file unavailable to other apps that we do not have the same encryption key.
Security Group
Leave this field blank if you want all mobile apps managed by Citrix Endpoint Management to exchange information with one another. Define a security group name to manage security settings for specific sets of apps (for example, Finance or Human Resources).
Caution:
If you change this policy for an existing app, users must delete and reinstall the app to apply the policy change.
Allowed Secure Web domains
This policy is only in effect for the domains not excluded by URL filtering policy. Add a comma-separated list of fully qualified domain names (FQDN) or DNS suffixes that are redirected to the Secure Web app when Document Exchange is Restricted.
If this policy contains any entries, only those URLs with host fields matching at least one item in the list (via DNS suffix match) will be redirected to the Secure Web app when Document Exchange is Restricted.
All other URLs are sent to the default Android web browser (bypassing the Document Exchange Restricted policy). Default value is empty.
App Interaction
Cut and Copy
Blocks, permits, or restricts clipboard cut and copy operations for this app. If Restricted, the copied Clipboard data is placed in a private Clipboard that is only available to MDX apps. Default value is Restricted.
Paste
Blocks, permits, or restricts clipboard paste operations for the app. If Restricted, the pasted clipboard data is sourced from a private Clipboard that is only available to MDX apps. Default value is Unrestricted.
Document exchange (Open In)
Blocks, permits, or restricts document exchange operations for the app. If Restricted, documents can be exchanged only with other MDX apps and the app exceptions specified in the Restricted Open-In exception list policy. If Unrestricted, set the Private file encryption and Public file encryption policies to Disabled so that users can open documents in unwrapped apps. Default value is Restricted.
Restricted Open-In exception list
When the Document exchange (Open In) policy is Restricted, this list of Android intents is allowed to pass to unmanaged apps. A familiarity with Android intents is needed to add filters to the list. A filter can specify action, package, scheme, or any combination.
Examples
{action=android.intent.action.MAIN}
{package=com.sharefile.mobile}
{action=android.intent.action.DIAL scheme=tel}
<!--NeedCopy-->
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论