|Profiles and policies / Configurations for Sophos container policies for Android|
With the General configuration you define settings that apply to all Sophos container apps, if applicable.
|Enable Sophos container password||Users must enter an additional password to be able to start a Sophos container app. The password has to be defined when the first container app is started after the configuration has been applied. This password applies to all container apps.|
|Password complexity||The required minimum complexity of the Sophos container password. More secure passwords
are always allowed. Passwords (a mix of numeric and alphanumeric characters) are always seen
as more secure than PINs (numeric characters only).
|Password age in days||The number of days that a password can be used before users are prompted to change it.|
|Failed logins until lock||The number of failed login attempts that are tolerated before the container apps are locked. Once they are locked an administrator needs to unlock the apps or, if allowed, users can use the Self Service Portal to do so.|
|Allow fingerprint||Users can use their fingerprint to unlock the app.|
|Grace period in minutes||The period of time within which no Sophos container password must be entered when a
container app comes to the foreground again.
The grace period applies to all container apps. You can switch between the apps during the grace period without entering a password.
You can select 1, 2, 5, 10, 15 minutes.
|Lock on device lock||When the device is locked, the Sophos container is locked as well.
If the check box is cleared, the container is locked only after the grace period has expired.
|Last server connect||The period of time within users can use a Sophos container app without a connection to
the Sophos Mobile Control server.
When a Sophos container app becomes active and does not have contact with the server within the defined period of time, a lock screen will be displayed. Users can only unlock the app by tapping Retry on the lock screen. The app will then try to connect to the server. If the connection can be established, the app will be unlocked. If not, access will be denied.
|Offline starts without server connection||In this field you define how often users can start one of the Sophos container apps
without a server connection.
Note: This setting requires the Sophos container password feature to be turned on.
A counter is incremented whenever users enter the Sophos container password. If the counter exceeds the defined number, the same lock screen as for the Last server connect setting will be displayed. The counter will be reset if a connection to the Sophos Mobile Control server is established.
|Root allowed||Container apps are allowed to run on rooted devices.|
|App usage constraints
Here you can define constraints on using the Sophos container apps. Click Add to enter constraints.
|Geo-fencing||Lets you add latitude and longitude and a radius within which the Sophos container apps can be used.|
|Time-fencing||Lets you specify a start and end time within which the Sophos container apps can be used. Days of the week on which the apps can be used can be specified as well.|
|Wi-Fi fencing||Lets you specify Wi-Fi networks to which the device must be connected in order to use
the Sophos container apps.
The device must actually be connected to one of the listed networks. Being able to see a particular network in the list of available networks is not enough.
Important: We recommend that you do not rely on Wi-Fi fencing as the only security mechanism because Wi-Fi names can be spoofed very easily.