Hexnode UEM offers a wide range of features to all the leading OS platforms, viz. Android, iOS/iPadOS, Windows, macOS, tvOS and Fire OS. Although these platforms differ vastly from each other, some of the management requirements remain the same across all of them.
We’ve compiled a list of the common restrictions and functionalities supported on all major platforms by Hexnode UEM:
Android
Hexnode’s endpoint management solution offers a range of restrictions for Android devices to help secure it. Hexnode’s seamless integration with Android Enterprise, Kyocera Enterprise Solution, LG Enterprise Solution and Samsung Knox integration makes the management of these devices easier.
App installations
Legacy Android |
- Store App- A notification prompts the user to install the app.
- Enterprise App- A notification prompts the user to install the app.
- Web App- The app is installed only in kiosk mode.
|
Android Enterprise: Device Owner |
- Store App- Silent installation of the app.
- Enterprise App- A popup prompts the user to install the app. Enterprise Apps can be pushed silently on publishing as private apps in Managed Play Store.
- Web App- The app is installed only in kiosk mode.
|
Android Enterprise: Profile Owner (BYOD) |
|
Samsung Knox |
- Store App- A popup prompts the user to install the app.
- Enterprise App- Silent installation of the app.
- Web App- The app is installed only in kiosk mode.
|
LG GATE, Kyocera Business Phones |
- Store App- A popup prompts the user to install the app.
- Enterprise App- Silent installation of the app.
- Web App- The app is installed only in kiosk mode.
|
Custom ROM Devices |
-
Store App- A popup prompts the user to install the app.
- Enterprise App- Silent installation of the app.
(Only if Hexnode UEM APK file is stored in the system/priv-app folder)
- Web App- The app is installed only in kiosk mode.
|
App Blocklisting/Allowlisting
Legacy Android |
- Blocklisting/Allowlisting won’t hide apps. The device will be marked as ‘non-compliant’.
|
Android Enterprise: Device Owner |
- Blocklisted apps will be hidden.
|
Android Enterprise: Profile Owner (BYOD) |
- Only apps with the Work badge can be blocklisted or allowlisted. Blocklisted Apps will be hidden.
|
Samsung Knox |
- Blocklisted apps cannot be installed or updated. Does not affect already installed apps.
|
LG GATE, Kyocera Business Phones |
- Blocklisting/Allowlisting won’t hide apps. They will be marked as ‘non-compliant’.
|
Custom ROM Devices |
- Blocklisting/Allowlisting won’t hide apps. They will be marked as ‘non-compliant’.
|
Kiosk mode
Legacy Android |
- Single App, Multi app & Background App Kiosk modes.
|
Android Enterprise: Device Owner |
- Single App, Multi app & Background App Kiosk modes.
|
Samsung Knox |
- Single App, Multi app & Background App Kiosk modes.
|
LG GATE, Kyocera Business Phones |
- Single App, Multi app & Background App Kiosk modes.
|
Custom ROM Devices |
- Single App, Multi app & Background App Kiosk modes.
|
Network Configurations
Legacy Android |
|
Android Enterprise: Device Owner |
|
Android Enterprise: Profile Owner (BYOD) |
|
Samsung Knox |
|
LG GATE, Kyocera Business Phones |
|
Custom ROM Devices |
|
Accounts
Samsung Knox |
- Email, Exchange ActiveSync
|
Security
Android Enterprise: Device Owner |
- OS Updates- Available
- Certificates- Silent installation provided the device is password protected and the certificate is not.
|
Android Enterprise: Profile Owner (BYOD) |
- Certificates- Silent installation provided the device is password protected and the certificate is not.
|
Samsung Knox |
- Web content filtering- Android 6+ devices.
- Global HTTP proxy- Samsung Knox 2.5+ devices.
- Certificates- Silent installation of all certificates.
|
LG GATE, Kyocera Business Phones |
- Certificates- Silent installation of all certificates.
|
Custom ROM Devices |
- Certificates- Silent installation of all certificates.
|
Data Restrictions
Legacy Android |
- Monitors and controls how Wi-Fi and mobile data connection are being used.
|
Android Enterprise: Device Owner |
- Monitors and controls how Wi-Fi and mobile data connection are being used.
|
Android Enterprise: Profile Owner (BYOD) |
- Monitors and controls how Wi-Fi and mobile data connection are being used.
|
Samsung Knox |
- Monitors and controls how Wi-Fi and mobile data connection are being used.
|
LG GATE, Kyocera Business Phones |
- Monitors and controls how Wi-Fi and mobile data connection are being used.
|
Custom ROM Devices |
- Monitors and controls how Wi-Fi and mobile data connection are being used.
|
iOS/iPadOS
Apple has always been rather assiduous when it comes to its security policies. These, along with the policies of an endpoint management solution, should, in most cases, prove to be adequate in protecting corporate data. iOS/iPadOS can be managed as both unsupervised and supervised devices, the latter being more restrictive, is also more work-specific.
App installations
iOS/iPadOS Supervised |
- Store App- Silent installation of the app (iTunes login required).
- Enterprise App- Silent installation of the app.
- Web App- App installation in kiosk mode for iOS 9.3+ devices.
- Web Clip- Silent installation of the app.
- VPP App- Silent installation of the app.
|
Devices enrolled via User Enrollment |
- Store App- A notification prompts the user to install the app.
- Enterprise App- A notification prompts the user to install the app.
- Web Clip- Silent installation of the app.
- VPP App- A notification prompts the user to install the app.
|
Others |
- Store App- A notification prompts the user to install the app.
- Enterprise App- A notification prompts the user to install the app.
- Web Clip- Silent installation of the app.
- VPP App- Silent installation of the app.
|
App Blocklisting/Allowlisting
iOS/iPadOS Supervised |
- Blocklisted app is hidden.
|
Devices enrolled via User Enrollment |
- Blocklisting/Allowlisting won’t hide apps. The device will be marked as ‘non-compliant’.
|
Others |
- Blocklisting/Allowlisting won’t hide apps. The device will be marked as ‘non-compliant’.
|
Kiosk mode
iOS/iPadOS Supervised |
- Single App (iOS 6.0+), Multi App (iOS 9.3+) & Web App Kiosk (9.3+) modes.
- Autonomous Single App Mode (iOS 7.0+)
|
Network Configurations
iOS/iPadOS Supervised |
|
Devices enrolled via User Enrollment |
|
Others |
|
Accounts
iOS/iPadOS Supervised |
- Email, Exchange ActiveSync, CardDAV, Calendar, CalDAV, Google Accounts, LDAP, Business Container
|
Devices enrolled via User Enrollment |
- Email, Exchange ActiveSync, CardDAV, Calendar, CalDAV, Google Accounts, LDAP, Business Container
|
Others |
- Email, Exchange ActiveSync, CardDAV, Calendar, CalDAV, LDAP, Business Container
|
Security
iOS/iPadOS Supervised |
- Web content filtering- iOS 7.0+ devices
- Global HTTP proxy
- OS Updates- iOS 11.3+ devices
- Certificates- Silent installation of all certificates.
|
Devices enrolled via User Enrollment |
- Certificates- Silent installation of all certificates.
|
Others |
- Certificates- Silent installation of all certificates.
|
Configurations
iOS/iPadOS Supervised |
- App configuration- Configure specific settings for an app using XML files.
- Deploy Custom Configurations, Fonts, Wallpaper, AirPlay, AirPrint, Lock Screen Message, Home Screen Layout
|
Devices enrolled via User Enrollment |
- App configuration- Configure specific settings for an app using XML files.
- Deploy Custom Configurations, Fonts, AirPlay, AirPrint
|
Others |
- App configuration- Configure specific settings for an app using XML files.
- Deploy Custom Configurations, Fonts, AirPlay, AirPrint
|
Data Restriction
iOS/iPadOS Supervised |
- Controls how managed apps access data on cellular networks and when the device is roaming.
- Monitor how your Wi-Fi and mobile data connection is being used and set up usage limits to track devices’ daily and monthly data usage.
|
Devices enrolled via User Enrollment |
- Monitor how your Wi-Fi and mobile data connection is being used and set up usage limits to track devices’ daily and monthly data usage.
|
Others |
- Controls how managed apps access data on cellular networks and when the device is roaming.
- Monitor how your Wi-Fi and mobile data connection is being used and set up usage limits to track devices’ daily and monthly data usage.
|
macOS
Hexnode’s UEM solution for macOS provides a wide range of restrictions and policies that help secure the device. Applying policies adhering to the company policies can ensure that the safety regulations are always up to par. Hexnode not only helps secure the device but also makes using and managing the device much more straightforward.
App installations
Mac Device |
- Store App- The app cannot be installed directly.
- Enterprise App- Silent installation of the app.
- Web App- App not available.
- VPP App- Silent installation of the app.
|
App Blocklisting/Allowlisting
Mac Device |
- Application Allowlisting will work only on MDM-managed user accounts and macOS 10.11+ devices.
- Enterprise apps uploaded using DMG files cannot be blocklisted/allowlisted.
|
Accounts
Mac Device |
- Email, Exchange ActiveSync, CardDAV, CalDAV, LDAP
|
Security
Mac Device |
- Web Content Filtering
- OS Updates- for DEP enrolled devices.
- Certificates- The formats and recognized file extensions are:
- PKCS1: .cer, .crt, .der
- PKCS12: .p12, .pfx
- Firewall- macOS 10.12+ devices
- FileVault- Mac OS X 10.3+ devices
|
Customization
Mac Device |
- Custom Script- macOS 11.11+ devices and supports Perl (.pl), Bash (.sh), Shell (.sh), C Shell (.csh), Z shell (.zsh), Korn Shell (.ksh), Hypertext Preprocessor (.php), Ruby (.rb) and Python (.py) file formats.
- App configuration- Configure specific settings for an app using XML files.
|
Apple TV
An environment employing iOS and macOS devices benefits immensely from using Apple TV for display due to the Airplay feature. Utilizing features like the single-app kiosk and conference room display, Hexnode makes the management and security appear seamless.
App installations
Apple TV |
- Enterprise App- Silent installation of the app.
|
Kiosk mode
Apple TV |
- Single App Kiosk mode (Supervised devices)
|
Security
Apple TV |
- Global HTTP proxy- tvOS 10.2+ devices
- Airplay Security- tvOS 11.0+ devices
- Certificates- The formats and recognized file extensions are:
- PKCS1: .cer, .crt, .der
- PKCS12: .p12, .pfx
|
Customization
Apple TV |
- Conference Room Display- Supervised tvOS 10.2+ devices
|
Windows
With features like Custom Script, BitLocker, and Microsoft Defender, Hexnode effortlessly manages and secures Windows PCs. App management features like blocklisting and the kiosk modes help make Windows management flawless.
App installations
Windows PC |
- Store App- Silent installation of the app.
- Enterprise App- The app can be uploaded to the portal as an MSI app. It is then installed silently on Windows 10 and Windows 11 devices.
|
App Blocklisting/Allowlisting
Windows PC |
- Device will be marked as ‘non-compliant’. The apps will not be hidden. (Windows 10 and 11 devices only).
|
Kiosk mode
Windows PC |
- Single App and Multi App Kiosk mode (Supported on Windows 10 Pro and Windows 11 Pro).
|
Accounts
Windows PC |
- Email, Exchange ActiveSync
|
Security
Windows PC |
- BitLocker, Microsoft Defender
|
Customization
Windows PC |
- Custom Script- Supported on Windows 10 v1709 or later PCs and tablets and file formats such as “.bat”, “.cmd”, and “.ps1”.
|