With Z-Push 2.3 we introduce the possibility to setup global mobile policies on a server wide level.
Work in progress
This page is a documentation stub. Supported policies and their impact on different mobile phones will be documented here.
|Policy name||Possible values (bold ones are default)||Tested devices||Comments|
0 - Password not required.
|Blackberry Z 10 (10.3.2.2836)|
Specifies if a device requires a password to unlock it.
If a password is required, the user has to enter a password after the policies (Provisioning command) has been deployed to the mobile device. Password complexity depends on alphanumpwreq, mindevpwlenngth and allowsimpledevpw (see below for the description of theser policies). The time of inactivity until device requests to enter the password is set in maxinacttimedevlock (see below).
0 - Alphanumeric password not required.
|Blackberry Z 10 (10.3.2.2836)||Specifies if a device requires an alphanumeric password to unlock it.|
|0 - Password recovery not enabled on the server.|
1 - Password recovery enabled on the server.
|Specifies if the server supports storing a recovery password which could be sent by the client using the Settings command.|
This policy is currently not supported by Z-Push.
|0 - Attachments not allowed for download.|
1 - Attachments allowed for download.
|Blackberry Z 10 (10.3.2.2836)||Specifies if email attachments are enabled for download.|
1 .. 16
default - 4
|Blackberry Z 10 (10.3.2.2836)||Specifies the minimum client password length to unlock it. The mindevpwlenngth can be empty or have a value between 1 and 16. If the value is empty or 1, there is no minimum length for the device password.|
0 .. 9999
default - 900
|Blackberry Z 10 (10.3.2.2836)||The maximum number of seconds of inactivity before the device locks itself. If this value is greater than or equal to 9999, the client interprets it as unlimited.|
4 .. 16
default - 8
|Blackberry Z 10 (10.3.2.2836)||The maximum number of failed password attempts to unlock the device.|
The client SHOULD perform a local wipe or enter a timed lock out mode if the maximum number of failed password attempts is reached.
The maxdevpwfailedattempts can be empty or have a value between 4 and 16. If the value is empty, the client interprets this as no maximum number of failed password attempts has been set by the security policy.
|default - empty value (no limit)||The maximum attachment size in bytes as determined by security policy.|
0 - Do not allow simple password.
1 - Allow simple password.
|Specifies if the device allows simple passwords. A simple password contains repeated ("0000") or sequential ("xyz") characters only.|
|default - 0||The maximum number of days until a password expires. Empty or 0 devpwexpiration value indicates that the password will not expire.|
0 - Do not store previously used passwords.
>0 - Store the minimum number of previously used passwords.
|The minimum number of previously used passwords stored to prevent reuse by the device.|
|0 - SD card not allowed.|
1 - SD card allowed.
|The device allows to use a storage card.|
|0 - Usage of the built-in camera not allowed.|
1 - Usage of built-in the camera allowed.
|The device allows to use the built-in camera.|
|0 - Encryption not required.|
1 - Encryption required.
|Specifies if the client uses encryption.|
|0 - Unsigned applications not allowed to execute.|
1 - Unsigned applications allowed to execute.
|Specifies if the device allows unsigned applications to execute.|
1 .. 4
default - 3
The required complexity level of the device password.
For example, if the value of mindevcomplexchars is 2, a password may contain lower case and upper case characters. A password with numbers and non-alphanumeric characters would be also valid.
|0 - The use of Wi-Fi connections not allowed.|
1 - The use of Wi-Fi connections allowed.
|The device allows the use of Wi-Fi connections.|
|0 - SMS or text messaging not allowed.|
1 - SMS or text messaging allowed.
|The device allows the use of SMS or text messaging.|
|0 - POP or IMAP email access not allowed.|
1 - POP or IMAP email access allowed.
|The device allows access to POP or IMAP email.|
|0 - Disable Bluetooth.|
1 - Disable Bluetooth, but allow the configuration of hands-free profiles.
2 - Allow Bluetooth.
|The use of Bluetooth on the device.|
|0 - Disable IrDA.|
1 - Allow IrDA.
|The device allows the use of IrDA (infrared) connections.|
|0 - Do not require manual sync; allow direct push when roaming.|
1 - Require manual sync when roaming.
|The device requires manual synchronization when the device is roaming.|