Corporate MSI Install Advice Needed

[del-leehopper]

I would like to remove the OATH option to "Remember password" and the add account option to force "Require Touch" is enabled.

I cannot see an option to set this on the YubiKey themselves (via ykman) and didn't really expect to see one.

Is there an easy way to do this via the application?

We currently install the MSI file via GPO onto all Windows devices. I am happy to edit the MSI via Orca if someone can point me in the right direction? Or maybe there is a better way?

Automatically setting the icon pack to a shared folder would be useful too, but not essential.

On top of this, is there a way to create a custom APK file for company issued Androids with the same options? (I've never done this before but I'm willing to learn).

p.s. I am aware that even if it is possible to do this it would only apply to the software installed on these devices and if someone installed it on a personal device these customisations would not exist. This is about mitigating risk - I understand I am not able to remove the risk completely. It's very rare someone would need to install this on a personal device as everyone has personal issue laptops, mobiles, etc.

[dainnilsson]

We are working on a mechanism to selectively hide parts of the app if not needed, which could potentially (at least with slight modification) be used to solve the "Remember password" and "Require touch" request. The custom icon pack request is also interesting. We'll need to give it some thought and investigate a bit!

[del-leehopper]

@dainnilsson Just wondered if you had any more thoughts on the following in a corporate environment (Desktop and Mobile):

• "Remember password" disabled
• "Require Touch" mandatory
• Automatically set icon pack location (i.e. on a shared drive)

Thanks

[mensoh]

@dainnilsson Is there any progress on this? It's been 10 months :-)