|Profiles and policies / Configurations for Android device profiles|
With the Knox Premium restrictions configuration you define restrictions for Samsung Knox devices. These restrictions apply to the device, not to the Knox container.
|Allow firmware auto update options||The device automatically checks for firmware updates. Users cannot change this in the device settings.|
|Enable ODE Trusted Boot verification||The device decrypts the data partition on boot only if the binary and the kernel are
official, i.e. if the device is not rooted.
If the check box is cleared, the device always decrypts the data partition on boot.
|Prevent installation of another administrator app||The installation of apps that require device administrator privileges is prevented. This does not affect apps that are installed by Sophos Mobile Control.|
|Prevent activation of another administration app||The activation of device administrator privileges for apps is prevented.|
|Allow Common Criteria mode||The Common Criteria mode (CC mode) of the device is turned on, ensuring that the
device meets the security requirements stated by the Mobile Device Fundamentals Protection
Note: CC mode is only used if the following requirements are met: