Product Documentation

Managing Amazon Device Configurations

Oct 20, 2015

You can apply the following device management policies and configurations to users' enrolled Amazon devices.

  • App. Uninstall Restriction. Define a list of applications and specify whether or not users are permitted to uninstall them.
  • VPN. Configure virtual private network (VPN) settings to enable users' devices to connect securely to corporate resources.
  • Restrictions. Prevent users from performing certain actions and disable functionality on their devices.

To create an Amazon device configuration

  1. Using a web browser, navigate to http[s]://serveraddress[:port]/zdm, where serveraddress is the fully qualified domain name (FQDN) or IP address of the Device Manager server and port is the optional port number if you changed the default setting.
  2. Log on to the Device Manager web console using an account with administrative permissions.
  3. Click the Policies tab and then in the left pane under MDM Policies, click Android > Configurations.
  4. In the results pane, click New Configuration > Amazon and then select the configuration that you want to create.
  5. On the General tab, give the configuration a name that helps you to identify the configuration and, optionally, a description.
  6. Configure the additional settings as required.

    More details about specific options for individual configurations are given in the following section.

VPN Configuration Settings

  • Type. Select the protocol from the following list that you want to use to tunnel and encrypt traffic between users and the corporate network, and the authentication method used to establish the tunnel.
    • L2TP PSK—Use the Layer 2 Tunneling Protocol (L2TP) with pre-shared key authentication.
    • L2TP RSA—Use L2TP with RSA SecurID authentication.
    • IPSEC XAUTH PSK—Use Internet Protocol security (IPsec) with extended authentication using a pre-shared key.
    • IPSEC XAUTH RSA—Use IPsec with extended authentication using RSA SecurID.
    • IPSEC HYBRID RSA—Use IPsec with hybrid authentication using RSA SecurID.
    • PPTP—Use the Point-to-Point Tunneling Protocol (PPTP).
  • Forwarding routes. Specify IP addresses for which traffic should be sent through a VPN.
  • L2TP Secret. When using the L2TP protocol, specify a string that will be known only to Device Manager and users' devices to enable authentication.
  • IPSec Identifier. Enter the name of the group on the VPN server to which users are assigned.
  • IPSec pre-shared key. Specify a key to be shared only between Device Manager and users' devices to enable authentication.
  • DNS search domains. Optionally, specify internal domains to access for address resolution after the VPN is established.
  • DNS servers. Optionally, specify internal DNS servers to access for address resolution after the VPN is established.
  • IPSec server certificate. When using RSA SecurID authentication, select the certificate to be installed on users' devices to enable authentication.
  • CA certificate. When using RSA SecurID authentication, select the root certificate to be installed on users' devices to enable authentication.
  • Identity credential. When using RSA SecurID authentication with L2TP or IPsec with extended authentication, select the credentials to be used to authenticate users.
  • PPP encryption (MPPE). Select the check box to encrypt PPTP traffic with the Microsoft Point-to-Point Encryption (MPPE) protocol.

Restrictions Configuration Settings

  • Allow profiles. Specifies whether or not Kindle FreeTime profiles can be created on the device to manage the access of specific users to particular content and functionality.
  • Allow USB debugging. Specifies whether or not computers running Android Debug Bridge are permitted to establish USB connections to the device. Debugging connections provide system-level access and can be used to side-load applications or root the device, for example.