The objective of this document is to list out the hardware/software capabilities of managed devices utilized by the ME MDM app. The platform-wise permissions for mobile device management, along with their purpose are listed below.
NOTE: If the specific configuration/feature is not pushed by the IT Administrator, then the ME MDM app doesn't utilize the related permission. For example, if Geo-Tracking is disabled for a particular device, MDM doesn't track the device, even if the corresponding permission is listed.
The ME MDM Android app utilizes the following capabilities of Android devices. These are listed, along with their purpose.
| PERMISSION | PURPOSE |
|---|---|
| Camera | Required for enrolling devices via Invites using QR code and EMM Token enrollment. Additionally, camera access is necessary for the webshortcut to open the camera |
| Contacts | Required for fetching the Google account associated with the device, to be used for Android Enterprise. MDM doesn't read any other data present in Contacts. |
| Notification | Allows the MDM app to display important alerts and policy updates. |
| Location | Required for Geo-Tracking, Location History, Wi-Fi, and Geofencing. |
| Storage (From OS 13 : Photos and videos ) | Required for storing app logs. Note: MDM doesn't read/access any other data stored in the device. |
| Nearby Devices | Required for bluetooth restriction. |
| Accessibility permision | Required for enabling the Unattended remote access and Universal add-on for remote control. |
| Phone | Required for obtaining the IMEI, MEID, and serial number of the managed device. Further, it can be used to temporarily disable Kiosk in the managed device. |
| Usage Data Access | Required to detect and close unapproved apps running in the foreground in Kiosk devices. Also to perform actions like enabling status bar and notification bar, task manager and recent buttons, launch a specific app after idle time and few in custom settings like mobile data, bluetooth etc. Additionally, Usage Data Access Permission is required for Telecom Expense Mgmt |
| Modify System Settings | Required for modifying system settings such as brightness, screen rotation, etc., in Kiosk devices. Additionally, Modify System settings permission is also required for Sound configuration profile if ringtone is configured. |
| Screen Overlay | Required to draw over apps and display content on top of other applications running in the foreground in Kiosk non-Samsung devices running Android 5.0 or below. Screen overlay permission is also required for Block camera app in BYOD. |
| Device & app notifications(Prompted only when Kiosk profile and Notification badge is applied) | Required for showing the notification badge for allowed app in kiosk mode. |
Note: All the above permissions, other than Usage Data Access, Modify System Settings and Screen Overlay, will be automatically granted in devices enrolled as Profile Owner, Device Owner and Knox-enabled Samsung devices.
The ME MDM iOS app permissions for iOS devices are listed below, along with its purpose.
| PERMISSION | PURPOSE |
|---|---|
| Notification Permission | Allows the MDM app to display important alerts and policy updates. |
| Camera | The MDM app requires camera access to scan the enrollment QR code during device setup. In single web kiosk mode with a web shortcut configuration, if IT admin publishes a web app that requires camera access, the ME MDM app will prompt for camera permission to proceed. |
| Location Tracking | Location tracking is only enabled when an administrator activates it for specific use cases, such as Lost device tracking and Geofencing policies |
| Microphone | The MDM app does not request or require microphone permissions. Whereas in single web kiosk mode with a web shortcut configuration, if IT admin publishes a web app that requires Microphone access, the ME MDM app will prompt for camera permission to proceed. |
| Photo library usage | Required to save files during remote control sessions |
The ME MDM macOS app permissions for macOS devices are listed below, along with its purpose.
| PERMISSION | PURPOSE |
|---|---|
| Location Services | Required for Geo-Tracking and Location History. |
The ME MDM Windows app utilizes the following device capabilities. These are listed below, along with their purpose.
| PERMISSION | PURPOSE |
|---|---|
| Location Services | Required for Geo-Tracking. |
| Device Network Services | Required for periodical syncing of the App Catalog and the files distributed using Content Management. |
| Push Notifications | Required for displaying information from the MDM server as notifications in the managed Windows device. |
| Internet services | Required for updating the files distributed using Content Management and the App Catalog present in ME MDM app. |