Cloud Services MDM. Telecom Management Admin Guide

Size: px
Start display at page:

Download "Cloud Services MDM. Telecom Management Admin Guide"

Transcription

1 Cloud Services MDM Telecom Management Admin Guide 10/24/2014

2 CONTENTS Telecom Management... 2 Enabling Telecom Setting... 2 Creating and Managing Telecom Plans... 3 Dynamic Assignment... 4 Dashboard Usage... 5 Certificate Management Overview... 7 Utilizing Certificates for MDM Security and Compliance Application Groups and Policies Android Application Restriction Profiles Secure Channel Certificate Privacy Policy Commands Privacy The MDM Browser Managing and Securing Smart Device Web Access Keep in Mind

3 Telecom Management is one of nine sections of the overall Admin Guide for Mobile Device Manager. The following is the complete list of MDM Admin Guide components: MDM Overview and Setup Device Management Profile Management Geofencing Application Management Content Management Management Telecom Management Reports and Alerts TELECOM MANAGEMENT MDM s Telecom Management solution allows administrators to configure and assign telecom plans to devices across the mobile fleet. Using telecom management, admin can assign the devices to a telecom plan based on preconfigured criteria (Location Group, User Group, Model, Platform, Carrier, Country, etc.) and automatically associate plans to devices matching specific criteria such as SIM number and telephone number. This solution also allows the administrators to proactively track and monitor plan usage, access the plan and device details, and track the roaming history for the device. ENABLING TELECOM SETTING By default, the Telecom Management module is disabled for each customer location group. To enable this module, navigate to System Settings Advanced Other and select the Telecom Enabled checkbox. If the above setting is disabled, attempting to view the Telecom Management Dashboard presents the following Configuration Warning message: 2

4 CREATING AND MANAGING TELECOM PLANS Administrators can create telecom plans, assign plans to both the devices that are enrolled and to the devices that are not yet enrolled. Administrators can also manage, assign, and review all current telecom plans. Creating a Telecom Plan 1. Navigate to Telecom Telecom Management page. 2. Select Plans from the Configuration menu on the left. 3. Select [Add] from the Dashboard options to add a new Telecom Plan. Plan name Enter the name for a plan. Country Select the country of the carrier. Carrier Enter the name of the company providing the carrier plan. Voice/Message/Data limit Enter the voice, message, and data limit for the plan. 3

5 Peak Voice Time Interval Enter the peak voice time interval. o This is typically 6:00am - 9:00pm. o If a peak interval is not defined, then all minutes are applied to the plan limit. Usage Reset Enter the day after which the plan usage resets. Plan Effective Date Enter the earliest date for the plan to be effective. 4. Click [Save] or click [Save and Assign] to assign to the devices. DYNAMIC ASSIGNMENT Using Dynamic Assignment, an administrator creates a rule for a specified plan and assigns it to a device that does not have a specified plan. All the criteria in each assignment rule are evaluated based on the designated Rank. Before assigning a specified plan to the device, the Dynamic Assignment rule checks to see if the particular phone number is already associated with a device, and if a plan has already been assigned. If already assigned, disregard dynamic assignment. If no assignment is present, check the dynamic assignment rules for a match of the highest rank. Assigning a Rule to a Plan 1. Navigate to Telecom Telecom Management. 2. Select Dynamic Assignment from the Configuration menu on the left. 3. Click [Add] to assign rules to the existing plans. 4. Enter the information in each criteria field, as well as the plan for assigning the appropriate rule(s) to the devices. NOTE: The very basic criteria by which the devices will be dynamically assigned are Carrier and Country. 4

6 Editing an Assignment Select Edit Assignment for a particular plan to reconfigure assignment settings. From the Edit Assignment area, administrators can add more assets (devices), remove existing assets, reassign assets accordingly, or change the plan. NOTE: Current plan indicates whether the device is already assigned to a plan. DASHBOARD USAGE MDM collects telecom information from each device and sorts it out appropriately for viewing on the Telecom Dashboard. Upon completion of plan creation and assignment, the Telecom Dashboard allows an administrator to proactively perform the following: Monitor telecom usage in relation to plan limits. Review compliance to the specified limits. Access plan details and device information. Review roaming history for the device. The Telecom Dashboard has two views: Telecom Usage and Telecom Roaming. 5

7 Telecom Usage The Telecom Usage page allows the administrators to track: Telecom usage by month Telecom usage by day Plan usage details Roaming details 1. To access the Telecom Usage page, navigate to the Telecom Management area from the main menu: 2. Click a specified plan to view plan usage details in the tray view form. The Plan Usage Detail view provides an overview of all available device and user information, as illustrated below: Telecom Roaming The Telecom Roaming page conveniently displays the collected roaming information. This page assists the administrators in monitoring the entire device fleet, regardless of the carrier in a single confined interface. 6

8 CERTIFICATE MANAGEMENT OVERVIEW As digital information exchange evolves and becomes increasingly mobile, the possibilities for information sharing multiply. IT administrators are faced with the challenge of providing employees with convenient access to enterprise resources while overcoming the ever- expanding security concerns introduced by mobility and information fluidity. Traditional security technologies and solutions are not sufficient to meet the stricter requirements for information security and data loss prevention. In order to meet growing demands for information accessibility and security, the enterprise needs a multi- faceted and scalable data security solution, and many enterprises have turned to digital certificates and Public Key Infrastructure (PKI) for a resolution to this security dilemma. Benefits of Using Certificates There are several key features that make certificates an ideal solution for enterprise security. Cross- Platform Scalability Digital certificates can be leveraged to protect data across many different mobile platforms. Just as the same message can be transmitted across or instant messaging, digital certificates can be used for security across both. The extensibility of certificate security allows organizations to avoid implementing multiple inferior single point security solutions that ultimately leave data vulnerable as it moves from point to point. Multifunctional Once a user or device receives a certificate, it can be utilized across many different platforms for a variety of purposes. o Encryption Certificates can be used to encrypt digital information regardless of the platform. For example, the S\MIME standard leverages certificates for encryption, while the HTTPS protocol utilizes SSL to provide web page encryption. o Message Signing Enterprises in need of digital message signatures can leverage certificates in order to prove message integrity and show that the message originates from an authenticated sender and was not altered by any malicious third party. o Authentication Lastly, because digital certificates contain identifying information about both the user and the device that has been certified by a trusted source, certificates provide secure authentication into a number of systems such as , Wi- Fi, and VPNs. High Security Digital certificates are much more secure than traditional passwords, because they are not susceptible to common password cracking methods such as brute force or dictionary attacks. 7

9 Managing Certificates on the Certificate Dashboard The Admin Console is a central location for managing certificate authorities, integration and other certificate management needs for managed devices. All of these activities are centralized on the Certificate Dashboard. To navigate to the Certificate Dashboard, navigate to Profiles & Policies Certificates. Once a certificate has been issued to a device, administrators can perform the following actions from the Certificates Dashboard: Manage Certificate Authorities Renew Certificates o To renew a certificate, click the Actions menu next to the certificate and select Renew Certificate. Revoke Certificates o To revoke a certificate, click the Actions menu next to the certificate and select Revoke Certificate. Send certificate- related messages to devices o To send a push notification to all devices with a selected certificate installed, check the box next to the certificate and click the [Send Message] button at the top of the Certificates Dashboard. o Select the application to which to send the message (the selected application must be installed on the device) and fill out the message body. o Click [Send]. Additionally, the Certificates Dashboard contains links to upload APNs certificates and set up certificate integration. 8

10 Certificate Infrastructure Integration MDM can integrate with the certificate infrastructure in a way that allows the Enterprise to distribute certificates for authentication purposes to devices containing corporate data. There are several options for MDM certificate infrastructure integration, but each requires detailed technical information and therefore it is very important that a Certificate Infrastructure administrator be involved in this integration. There are two ways in which MDM integrates: Direct Certificate Authority (CA) integration MDM can act as a proxy for certificate distribution. Simple Certificate Enrollment Protocol (SCEP) integration MDM can act as a proxy for certificate distribution. Can be authenticated from the device. Direct Certificate Authority Integration To configure MDM integration with a Direct Certificate Authority (CA) services server, you must first configure the Certificate Authority. Configuring the Certificate Authority 1. Navigate to Configuration System Settings Device General Certificate Authorities. 2. Select [Add] to open the Certificate Authority Form. Fill in the required fields: Name Refers to the actual name of the instance of the CA on the CA server. Allow child location groups to use this certificate authority Check the box to allow inheritance by child location groups. 9

11 Authority Type The type of certificate authority. For Direct CA integration, choose one of the following: o Microsoft AD CS Supports a Microsoft Certificate Authority on a Windows Server 2003/2008 server. o Generic SCEP Supports an MDM- installed certificate service or Generic CA (which supports the standard CA protocol). For more information on configuring a SCEP certificate authority, see SCEP Integration. o Verisign MPKI Supports VeriSign Managed PKI for SSL Certificate Service. o Symantec Supports Symantec PKI integration. o OpenTrust Supports OpenTrust PKI integration. o Entrust Supports Entrust PKI integration. o Server Hostname/Server URL The server address of the CA server. The CA server needs to be in IP or domain name format (mycompany.local.com). 3. Enter in any necessary authentication credentials and complete the other remaining fields as needed. 4. Use the [Test Connection] button to check that your settings are correctly configured. 5. Click [Save] (or [Save and Add Template]). Simple Certificate Enrollment Protocol (SCEP) Integration The first step in configuring MDM integration with a corporate SCEP services server is to configure the Certificate Authority. Configuring the Certificate Authority 1. Select Add to open a new Certificate Authority Form (or select Edit from the Actions menu to edit an existing certificate). 2. Fill in all required fields: Name In SCEP integration this field is used by MDM to distinguish these settings. SCEP Provider The SCEP provider determines the rest of the configuration and what challenge options are available. 10

12 SCEP Provider: Basic Use the Basic option when the provider is not Microsoft, Verisign, Symantec, OpenTrust or Entrust. 1. Select Generic SCEP as the Authority Type. 2. Select Basic from the SCEP Provider drop- down. Selecting the Basic SCEP Provider option requires the following fields: Server URL The web address of the certificate enrollment URL. This is usually in the format of.exe or.dll, depending on the SCEP provider. Below are two examples: Challenge Type Select either No Challenge or Static, depending on the requirements of the certificate. o Static Challenge Select this when a singular key or password is required to authenticate with the certificate enrollment URL. A field displays when Static Challenge is chosen you to enter in the password or challenge key provided by SCEP. o No Challenge Select this when no challenge is required. This usually involves unsecured SCEP endpoints and it only applies in rare circumstances. Retry Timeout Enter in the number of minutes for a timeout. Max Retries When Pending Enter the maximum amount of tries a user gets before the system times out. After a timeout, the user waits the number of minutes specified in the above field before logging in. SCEP Provider: MSCEP 1. If MSCEP is the SCEP provider, select Generic SCEP as the Authority Type. 2. Select MSCEP from the SCEP Provider drop- down. The following options display: Server URL The web address of the certificate enrollment URL. This is usually in the format of.exe or.dll, depending on the SCEP provider. The server should be (where scepserver.mycompany.com is the web address of the SCEP server). Challenge Type Select either No Challenge or Static, depending on the requirements of the certificate. o Static Challenge Select this when a singular key or password is required to authenticate with the certificate enrollment URL. When Static Challenge is selected, a field displays for you to enter the password or challenge key provided by SCEP. o Dynamic Challenge Uses MDM to pull a challenge key or password from the SCEP provider. Username Is Required Check this box to require the Dynamic Challenge web address to require user authentication for access. Challenge Length Enter the challenge length provided by the SCEP provider. Challenge URL This field should contain the web address of the challenge URL: o For MSCEP 2003, the challenge URL is the same as the web enrollment URL. For MSCEP 2008 the challenge URL is typically: (where scepserver.mycompany.com is the web address of the SCEP server). NOTE: The trailing / (slash) is NOT optional. No Challenge Select this when no challenge is required. This usually involves unsecured SCEP endpoints and it only applies in rare circumstances. 11

13 Username & Password Username and password to authenticate with the SCEP challenge URL. The username and password need to have the correct permissions for both the SCEP server and the certificate template being used in order to authenticate with them. SCEP Provider: VeriSign 1. If VeriSign is the SCEP provider, select Generic SCEP as the Authority Type 2. Select Verisign from the SCEP Provider dropdown. The following options display: Server URL The web address of the certificate enrollment URL. This is usually in the format of.exe or.dll, depending on the SCEP provider. The server should be set to bin/pkiclient.exe. SCEP Challenge Phrase (Static Challenge Only) Enter the password or key provided by SCEP. Verisign Passcode Post URL (Dynamic Challenge Only) Enter the dynamic challenge URL. The URL should look like: admin.verisign.com/onsitehome.htm. Verisign DNS Post Fix (Dynamic Challenge Only) Enter the domain used to register the relevant mpki account. o For example, if the domain was registered with mycompany.com, enter ".mycompany.com" in this field. Verisign Certificate Name (Dynamic Challenge Only) This field displays the uploaded certificate used to authenticate with the VeriSign Cloud. New Certificate File and Certificate Password (Dynamic Challenge Only) Upload a new certificate into the SCEP configuration for authentication with the VeriSign Cloud. o Click [Browse] to upload a new file. o Enter the certificate password. SCEP Provider: Symantec 1. If Symantec is the SCEP provider, select Symantec as the Authority Type. 2. Select SCEP from the Certificate Retrieval Method radio buttons. The following options display: Server URL The web address of the certificate enrollment URL. This is usually in the format of.exe or.dll, depending on the SCEP provider. Enter authentication credentials as appropriate. (This could be a username/password combination of client authentication certificates.) SCEP Provider: OpenTrust 1. If OpenTrust is the SCEP provider, select OpenTrust as the Authority Type. 2. Select SCEP from the Certificate Retrieval Method radio buttons. The following options display: Server URL The web address of the certificate enrollment URL. This is usually in the format of.exe or.dll, depending on the SCEP provider. Enter authentication credentials as appropriate. (This could be a username/password combination of client authentication certificates). 12

14 SCEP Provider: Entrust 1. If Entrust is the SCEP provider, select Entrust as the Authority Type. 2. Select SCEP from the Certificate Retrieval Method radio buttons. The following options display: Server URL The web address of the certificate enrollment URL. This is usually in the format of.exe or.dll, depending on the SCEP provider. Enter authentication credentials as appropriate. (This could be a username/password combination of client authentication certificates). 3. Click [Save]. Certificate Template Configuration After the Certificate Authority is configured, configure the Certificate Template so that MDM can request a certificate from the Certificate Authority. To configure a Certificate Template for Direct Certificate Authority integration: 1. Click Request Templates from the Certificate Authorities page: 2. Click [Add] to open the Certificate Template form. 3. Enter appropriate info in all required fields. Distinguished Name The fully qualified distinguished name of the certificate. This field supports the lookup values used in MDM so that the certificate name can be unique per user/device in MDM (for example, CN={EnrollmentUser}). o The distinguished name supports both Crypto API and Netscape formats. The only field required to create a certificate is the Common Name (CN). The distinguished name should reflect what the certificate is authenticating against. Certificate Authority Specifies the CA that this template is assigned to in MDM. The remaining fields are determined by the CA type selected. 13

15 For a Microsoft Certificate Authority o Template Name Enter a template name so this certificate template can be used in the future. The Template Name is only used within the Admin Console. o Automatic Certificate Renewal Check this box to have MDM automatically renew the certificate. You can specify the number of days for auto renewal. o Use Existing Key Enable this option to use the existing private key, rather than creating a new one. The CA and Certificate Template must support this option in order for it to work. o Additional Attributes This field serves two purposes when configuring the Certificate Authority: First, the Additional Attributes field specifies the Certificate Template on the Certificate Authority. Use CertificateTemplate to specify which template to use (for example, enter CertificateTemplate:TemplateName, where TemplateName is the name of the template you would like to use). Second, the Additional Attributes field allows you to add relevant additional attributes. When you enter the additional attributes, separate them from the CertificateTemplate with \n (backslash n). An example of an additional attribute would be the Subject Alternative Name of the certificate. In order to specify the Subject Alternative Name, you would set the Additional Attributes field to: CertificateTemplate:TemplateName\nSAN: Address={ Address}. o Private Key Length The private key length should match the length of the private key on the certificate template being used on the CA. Compatibility note: Shorter lengths are more compatible with older technology and operating systems. o Private Key Type Determines the type of private key in direct CA integration. The standard setting is Signing & Encryption. o Use Existing Key Check this box to use an existing key. o Publish Private Key Check this box to publish the private key and store it in either your Active Directory Services or in a Custom Web Service. For a Verisign Certificate Authority o Template Name Enter a template name so this certificate template can be used in the future. The Template Name is only used within the Admin Console. o Automatic Certificate Renewal Check this box to have MDM automatically renew the certificate. You can specify the number of days for auto renewal. o Use Existing Key Enable this option to use the existing private key rather than creating a new one. The CA and Certificate Template must support this option in order for it to work. 14

16 o o o o o o Additional Attributes This field serves two purposes when configuring the Certificate Authority: First, the Additional Attributes field specifies the Certificate Template on the Certificate Authority. Use CertificateTemplate to specify which template to use (for example, enter CertificateTemplate:TemplateName where TemplateName is the name of the template you would like to use). Second, the Additional Attributes field allows you to add relevant additional attributes. When you enter the additional attributes, separate them from the CertificateTemplate with \n (backslash n). An example of an additional attribute would be the Subject Alternative Name of the certificate. In order to specify the Subject Alternative Name, you would set the Additional Attributes field to: CertificateTemplate:TemplateName\nSAN: Address={ Address}. Private Key Length The private key length should match the length of the private key on the certificate template being used on the CA. Compatibility note: Shorter lengths are more compatible with older technology and operating systems. Private Key Type Determines the type of private key in direct CA integration. The standard setting is Signing & Encryption. Use Existing Key Check this box to use an existing key. Publish Private Key Check this box to publish the private key and store it in either your Active Directory Services or in a Custom Web Service. For a Symantec Certificate Authority o Template Name Enter a template name so this certificate template can be used in the future. The Template Name is only used within the Admin Console. o Automatic Certificate Renewal Check this box to have MDM automatically renew the certificate. You can specify the number of days for auto renewal. o Use Existing Key Enable this option to use the existing private key rather than creating a new one. The CA and Certificate Template must support this option in order for it to work. o Additional Attributes This field serves two purposes when configuring the Certificate Authority: First, the Additional Attributes field specifies the Certificate Template on the Certificate Authority. Use CertificateTemplate to specify which template to use (for example, enter CertificateTemplate:TemplateName where TemplateName is the name of the template you would like to use). Second, the Additional Attributes field allows you to add relevant additional attributes. When you enter the additional attributes, separate them from the CertificateTemplate with \n (backslash n). An example of an additional attribute would be the Subject Alternative Name of the certificate. In order to specify the Subject Alternative Name, you would set the Additional Attributes field to: CertificateTemplate:TemplateName\nSAN: Address={ Address}. 15

17 o o o o Click Retrieve Profiles. Select the appropriate profile from the drop- down list. Upon profile selection, a list of mandatory attributes displays. Enter appropriate lookup values for mandatory attributes. For example: mail_id: { Address}. For an OpenTrust Certificate Authority o Template Name Enter a template name so this certificate template can be used in the future. The Template Name is only used within the Admin Console. o Automatic Certificate Renewal Check this box to have MDM automatically renew the certificate. You can specify the number of days for auto renewal. o Use Existing Key Enable this option to use the existing private key rather than creating a new one. The CA and Certificate Template must support this option in order for it to work. o Additional Attributes This field serves two purposes when configuring the Certificate Authority: First, the Additional Attributes field specifies the Certificate Template on the Certificate Authority. Use CertificateTemplate to specify which template to use (for example, enter CertificateTemplate:TemplateName where TemplateName is the name of the template you would like to use). Second, the Additional Attributes field allows you to add relevant additional attributes. When you enter the additional attributes, separate them from the CertificateTemplate with \n (backslash n). An example of an additional attribute would be the Subject Alternative Name of the certificate. In order to specify the Subject Alternative Name, you would set the Additional Attributes field to: CertificateTemplate:TemplateName\nSAN: Address={ Address}. o Click Retrieve Profiles. o Select the appropriate profile from the drop- down list. o Upon profile selection, a list of mandatory attributes displays. o Enter appropriate lookup values for mandatory attributes. For example: mail_id: { Address}. For an Entrust Certificate Authority o Template Name Enter a template name so this certificate template can be used in the future. The Template Name is only used within the Admin Console. o Automatic Certificate Renewal Check this box to have MDM automatically renew the certificate. You can specify the number of days for auto renewal. o Use Existing Key Enable this option to use the existing private key rather than creating a new one. The CA and Certificate Template must support this option in order for it to work. 16

18 o Additional Attributes This field serves two purposes when configuring the Certificate Authority: First, the Additional Attributes field specifies the Certificate Template on the Certificate Authority. Use CertificateTemplate to specify which template to use (for example, enter CertificateTemplate:TemplateName where TemplateName is the name of the template you would like to use). Second, the Additional Attributes field allows you to add relevant additional attributes. When you enter the additional attributes, separate them from the CertificateTemplate with \n (backslash n). An example of an additional attribute would be the Subject Alternative Name of the certificate. In order to specify the Subject Alternative Name, you would set the Additional Attributes field to: CertificateTemplate:TemplateName\nSAN: Address={ Address}. o Click Retrieve Profiles. o Select the appropriate Managed CA profile from the drop- down list. o Upon profile selection, a list of mandatory attributes displays. o Enter appropriate lookup values for mandatory attributes. For example: mail_id: { Address}. 4. When finished, click [Save]. UTILIZING CERTIFICATES FOR MDM Once the certificate authority and certificate templates have been properly configured, certificates can be leveraged within MDM for a number of purposes. Enterprise Wi-Fi, VPN, EAS Authentication Advanced Wi- Fi, VPN, and EAS configurations can now leverage certificates for authentication in the place of simple passwords to provide stronger security from unauthorized access. MDM can automatically distribute these authentication certificates down to devices and configure the device for Wi- Fi, VPN, or EAS access without any user interaction. An overview of the process: 1. Ensure that the Certificate Authority and Certificate Templates are properly configured, and then create a profile for your appropriate platform (ios or Android for these capabilities) NOTE: If you are using a static SSL certificate that is used for all devices, you may skip this step and simply upload the certificate into MDM for distribution. 2. Enter all general profile settings and then choose either Credentials or SCEP, depending on the type of CA you have previously configured. 17

19 3. From either page, specify all parameters to select the proper certificate to be used for Wi- Fi, VPN, or EAS authentication. 4. From the Credentials profile page only: If you are using a static SSL certificate that does not depend on the user, choose Upload as the credential source and upload the certificate. If you are generating certificates per each user or device from a CA, ensure that your credential source is Defined Certificate Authority and choose the proper certificate template. 5. Once you have completed the Credentials or SCEP profile settings, do not click [Save and Publish]. 6. Select another payload in this profile for Wi- Fi, VPN, or EAS, depending on the purpose of the certificate. 7. Specify all settings for the chosen payload. 8. Ensure that the authentication type utilizes a certificate, and that the certificate you deployed in the Credentials or SCEP profile is selected. NOTE: If authentication to the CA requires a trust (typically for internal certificate authorities), also ensure that you have uploaded and selected to use a CA Root Trust certificate. 9. When complete, select [Save and Publish]. For details or assistance, contact Customer Support. 18

20 S/MIME Signing and Encryption Secure/Multipurpose Internet Mail Extensions (S/MIME) is a standard for public key encryption and signing that has become the standard for signing and encryption. MDM can automatically distribute certificates; MDM can also configure or Exchange ActiveSync to utilize S/MIME signing and encryption without any user interaction. An overview of the process is as follows: 1. Ensure that the Certificate Authority and Certificate Templates are properly configured, and then create a profile for your appropriate platform (ios or Android for these capabilities). If you are using a static SSL certificate that is used for all devices, you may skip this step and simply upload the certificate into MDM for distribution. 2. Fill out all general profile settings and then choose either Credentials or SCEP, depending on the type of CA you have previously configured. 3. From either page, specify all parameters to select the proper certificate to be used for Wi- Fi, VPN, or EAS authentication. 4. From the Credentials profile page only: If you are using a static SSL certificate that does not depend on the user, then select Upload as the credential source and upload the certificate. If you are generating certificates per each user or device from a CA, then ensure that your credential source is Defined Certificate Authority and select the proper certificate template. 5. Once you have completed the Credentials or SCEP profile settings, do not click [Save and Publish]. 6. Select another payload in this profile for , or EAS, depending on your type of infrastructure. 7. Specify all settings for the chosen payload and ensure that Use S/MIME is checked. 8. Also ensure that the certificate you selected in the credentials or SCEP payload is being used for either signing or encryption, as shown. 9. When complete, click [Save and Publish]. For additional information or assistance configuring certificates with MDM, contact Customer Support. 19

21 SECURITY AND COMPLIANCE MDM uses a customizable compliance engine to allow for robust compliance policy creation and enforcement. The MDM compliance capabilities allow administrators to protect proprietary corporate data from unwanted exposure and to set rules for handling non- compliant activity on managed devices. These compliance policies are centrally managed in the Compliance page in the Web Console. To navigate to the Compliance page, select Profiles & Policies Compliance. From here, the administrator can create several different types of compliance policies and establish enforcement criteria: Device Policies: Device policies allow the administrator to create customized compliance policies based on device criteria such as operating system, compromised status and application lists. All enforcement actions are customized in Device Policies. Compliance Policies: compliance policies include general rules for accessing corporate , as well as enhanced access policies that only apply to managed devices. For information on policies, refer to Compliance Policies. NOTE: compliance policies only apply when the Secure Gateway is installed. Application Groups: Application policies are created based on custom groups of blacklisted, whitelisted, and required applications. In order to configure application compliance enforcement, you can first build lists of applications using Application Groups and then create compliance policies and actions using Device Policies. Passcode and Restrictions Profiles Overview In addition to the compliance engine, passcode and device restrictions provide further protection to managed devices. Passcode compliance policies include the ability to enforce passcodes, set passcode complexity, and manage auto- lock and passcode history settings. Restrictions profiles allow the administrator to prohibit and control use of device- specific functionality such as app installation, the device camera, and other similar functionality. To set Passcode and Restrictions profiles on individual devices, please refer to Creating Profiles. Building Device Compliance Policies Device compliance policies allow the administrator to identify device- specific compliance policies and instruct MDM to perform administrative actions on managed devices when specific device- based criteria are met. Using the customized and robust compliance actions and escalations, administrators can build out device policies to the extent needed to enforce corporate security policies. 20

22 To create a device compliance policy: 1. Navigate to Profiles & Policies Compliance. 2. To create a policy, click Add. OR To edit an existing policy, click Edit under the Actions column. The tabs at the top of the page represent the steps and criteria for creating a compliance policy: Rules The first step in creating compliance policies is defining the Rules (located on the Rules tab). 1. From the Match drop- down menu at the top of the page, choose whether to match All or Any of the compliance rules (default is All). 2. Choose the compliance area from the drop- down menu. The categories include: Application List (to determine if apps are Blacklisted, Whitelisted, or Required, you need to first configure Application Groups) Compromised Status Encryption Interactive Profile Expiry Last Compromised Scan Model OS Version Passcode Roaming SIM Card Change 3. Choose the appropriate rule statement from the middle drop- down menu (e.g., Contains Blacklisted App, Is Compromised, Is Roaming, etc.). Available selections in the middle drop- down are customized to the different compliance areas; therefore, the drop- down menu options differ depending on the selected rule compliance area. 4. If a third piece of information is necessary for the given rule (such as the specific operating system, etc.), select this information from the drop- down menu. 5. To add a related rule, click the [Add Rule] button. 6. Click [Next] to proceed to the Actions step. 21

23 Actions MDM enables the administrator to designate custom actions to perform to the device when it is initially detected as noncompliant, and escalation options to perform further actions if the device continues to be non- compliant. 1. On the Actions tab, select the action from the first drop- down menu (Application Compliance, Command, Notify, or Profile). This will be the first action performed on a non- compliant device. 2. Select the specific action to immediately perform (such as Send push notification). If you select an action that involves removing any profiles or applications, those resources will be automatically re- installed when the device becomes compliant (no end- user interaction required). Removal of applications only applies to supported devices. 3. If necessary, enter any supporting information (such as the message template or profile type) from the final drop- down menu. For notifications: Select an existing template, or create a new template in Configuration System Settings System General Message Templates. 4. Click [Next] to proceed to the Assignment step. OR Click [Add Escalation] to create an escalation policy that defines the next action to take if the user does not comply with the first compliance action. 5. Customize the time frame and action for each escalation, and add any additional escalations. 6. Click [Next] when finished. 22

24 Assignment From this tab, the administrator can select the devices/users to which this policy will be applied. 1. Select the device and user criteria for applying the compliance policy. 2. Click [Next]. Summary From the Summary tab, the administrator can summarize the compliance policy for reference in the Admin Console (General) and display the number of devices that the policy would affect (Device Summary) 1. On the Summary tab, enter a name and description for the compliance policy. The Device Summary displays the status of devices in the selected location or User Group. The compliance policy is complete. 2. To apply the policy, click [Finish and Activate]. To just save the policy, select [Finish]. NOTE: For Application Compliance Policies Some application compliance policies require the administrator to define application groups to identify applications that are Blacklisted, Whitelisted, and Required. 23

25 APPLICATION GROUPS AND POLICIES Application compliance policies enable the administrator to enforce corporate application compliance by restricting access to unauthorized applications and ensuring that required applications are present on corporate devices. The administrator can designate Blacklisted, Whitelisted, and Required application lists and perform administrative actions if MDM detects a non- compliant application list. There are several components within MDM that enable administrators to build and enforce application compliance policies: Create Application Groups to specify Blacklisted, Whitelisted, and Required applications. Build device compliance policies to designate actions for application non- compliance Deploy application restriction profiles (to supported Android devices) to enforce application restrictions and requirements Application Groups Application policies are created and managed according to groups (lists) of applications. To create or edit a list of Blacklisted, Whitelisted, and Required applications: 1. On the Compliance page, select Application Groups from the sidebar on the left of the page: 2. To create a new application group, select Add Group (or, to edit an existing application group, select the Actions icon at the end of the row and choose Edit). 3. Select or fill in the application information fields on the List and Assignment tabs: Type The type of application compliance policy: o Blacklist Applications not allowed on the device. o Whitelist Applications allowed on the device. o Required Applications that must be installed on the device. 24

26 Platform The device platform to which the application compliance policy applies. Currently, the only platform options are ios and Android. Name The name of the policy for reference in the Admin Console (for example, Apple Blacklisted Games). Application Name The name of the application for which you are creating a compliance rule. 4. Enter the Application ID and enter the application Version (optional). Specifying the application ID allows MDM to more accurately detect devices that have the blacklisted application installed by identifying applications by the exact bundle ID, rather than simply searching for the application name as entered in the Application Name field. 5. To specify any version of the app, enter an asterisk (*) wildcard in the Version field. 6. Click [Add Application] to add applications to the list. 7. Click [Next] to proceed to the Assignment step. 8. On the Assignment tab, select the device and user criteria for the application list (for example, you may wish to apply stricter application policies to corporate- owned devices). Device Ownership Specifying a device ownership type (Corporate- Dedicated, Corporate- Shared, or Employee Owned) limits deployment to only the devices that belong to the specified device ownership group. Distinguishing between corporate- and employee- owned devices allows for maximum privacy and protection. Model (optional) Designate specific device models to which the application group policy will be deployed. Operating System (optional) Designate specific operating systems to which the application group policy will be deployed. Managed By Select the Location Group level that will be able to manage this Application Group. Location Groups Enter the Location Groups to which this application group is assigned. User Groups (optional) Select User Groups (if you are leveraging User Groups in MDM) as an additional assignment filter for the application group. 9. Click [Finish]. 25

27 You may create additional application groups, if needed, and then apply the application policies to devices and users by Building Device Compliance Policies and deploying Android Application Restriction Profiles. ANDROID APPLICATION RESTRICTION PROFILES There are certain application restrictions for supported Android devices that are enforced through an application restriction profile. Device compliance policies can be used in addition to these restrictions, but the profile controls the ability to perform the specific actions controlled by these restrictions. The following settings are enabled or disabled through the application control profile: Prevent installing (or automatically remove) blacklisted apps on SAFE and 3LM Android devices. Prevent un- installing required apps on SAFE and 3LM devices. In order to enforce these restrictions: Define the application blacklist or required list by creating Application Groups. Create the application control profile by navigating to Profiles Add Profile Android Application Control. Ensure the appropriate checkboxes are checked and [Save] or [Save and Publish] the profile. SECURE CHANNEL CERTIFICATE The secure channel certificate allows encrypted communication between the console and device. Enabling this option allows all the communication (such as device details, device status, and support information) to happen in a secured way, thus ensuring an extra layer of security for your data. To enable this option, navigate to Configurations System Settings System Advanced. By default, the secure channel certificate is part of the MDM installation. This certificate is inherited from the Global location group and cannot be edited at any of the child location groups. It is activated only if the Block Non- Secure Channel Device Access checkbox is enabled on the console. Platforms supported: ios Android Symbian Blackberry 26

28 PRIVACY POLICY Administrators can set complex privacy policies within the Admin Console. These policies apply to specific device ownership types within Location Groups (ownership types are: Corporate- Dedicated, Corporate- Shared, Employee Owned, and Unassigned). To access privacy policies, navigate to Configuration System Settings Device General Privacy. For each privacy policy, administrators have three options for handling device information. The policies are defined by a filled circle, half- circle, or an empty circle at the top of the screen: Collect and Display The information is collected by MDM, and administrators will be able to view the data. Collect The information is collected by MDM, but administrators will not be able to view the data. Do Not Collect The information is not collected by MDM. To adjust the privacy policy information settings: 1. Move the mouse over the circle that matches up with the privacy policy and device ownership type. A small pop- up menu displays the privacy setting options (as illustrated below). 2. Click the appropriate icon to change the setting. 3. Click [Save] to finish the process and immediately apply the settings. 27

29 Commands Privacy The Commands section at the bottom of the page allows the administrator to restrict certain commands based on device ownership type. A full circle indicates that a command is allowed, while an empty circle indicates that the command is disabled. Currently, the only command that can be allowed or disallowed is Full Wipe. 1. Click the appropriate circle to choose the desired permissions. 2. Click [Save] to finish the process and immediately apply the settings. Privacy Settings NOTE: The Privacy Settings explained above affect whether or not device and user information are displayed both in the Admin Console and in the Self- Service Portal. Be aware of the privacy settings in place when navigating through user and device information (especially the pages explained in the following sections: Device Information, Device Details, Remote Actions, and Device Details Management). Many of the Self- Service Portal and Device Wipe settings are determined by both Privacy settings and Role settings (Users Admin Accounts). If multiple settings are in place, the strictest policy is enforced. 28

30 THE MDM BROWSER The MDM Browser application provides a safe, accessible and manageable alternative to internet browsing using ios- and Android- native browsers. Corporate IT administrators can customize and configure the Browser to meet unique business and device user needs, whether is to restrict web access from certain websites or to provide a secure internet portal for devices used as a mobile point of sale. By securing all Internet transactions and limiting Internet access to custom- defined websites, the MDM Browser gives your corporation the benefits of mobile technology but with fewer distractions and risks. With the Browser, MDM administrators can: Establish a custom browsing mode as either: o Kiosk Mode Remove the navigation and restrict the user to a specific home page. This is ideal for public- facing devices and situations where strict control is needed. o Restricted Mode Implement blacklists to block restricted websites or whitelists to only allow certain websites. Proxy Support provides broader flexibility by allowing the enterprise the ability to define the websites they will allow and deny users access to through the use of a proxy server. Make real- time adjustments to the Browser settings as device user needs evolve or change. Define general security settings, such as cookie acceptance, or restrict the ability to copy/paste and/or print. Important NOTE on App Versions: For ios devices, the versions of Browser Application (.ipa) file are: The Enterprise Browser This version is supplied directly to you and is not downloaded from the itunes Store. The Public Browser This version is downloadable from the itunes Store and for use by organizations using the MDM Cloud- based environment, or MDM versions

31 MANAGING AND SECURING SMART DEVICE WEB ACCESS To begin customizing the MDM Browser settings, log in to the Admin Console and navigate to the Browser Settings page by selecting Configuration System Settings Application Browser from the navigation menu on the left to open the settings page. Configure Security Settings To change the basic Security Settings for the Browser, select Security at the top of the page: Select the appropriate settings in the Security tab: Disable Copy Restrict end- users from copying content from websites viewed via the Browser. (ios only) Disable Printing Restrict end- users from printing content from websites viewed via the Browser. (ios only) Accept Cookies Specify the default policy (Always or Never) in a drop- down menu for accepting cookies from websites viewed via the Browser. Clear Cookies Upon Exit Ensure cookies are cleared when app is closed. Remember History Set whether or not the user can access browsing history. o Remember Browsing History From When the Remember History box is checked, select from the possible values: the past day, the past week, the past month, and the beginning. Clear Cookies if Idle for (mins) Select to clear cookies and history if idle for x minutes. Select 0 to keep cookies and history. View SDK Profile Click to access the SDK Profiles page for branding purposes. (ios only) Selecting an Operation Mode To change the Operation Mode for the Browser: Select Mode at the top of the page. Select either the Kiosk or Restricted mode option. 30

32 Kiosk Mode Kiosk mode designates a specific homepage for the Browser. There is no URL bar, and the user can only navigate to the links on the page. Home Page URL Enter the URL of the desired Kiosk Mode homepage. Return Home After Inactivity Check this box to require the Browser to return to the Kiosk homepage after a period of inactivity. o Inactivity (min) Specify the number of inactive minutes before the Browser returns to the Kiosk homepage. This specification is only available if the Return Home After Inactivity box is selected. NOTE: The URL bar is not enabled in Kiosk mode; therefore, users cannot enter any external URLs from the website(s) they are directed to. If an open website such as a search engine is the designated Kiosk homepage, no security or limitations exist beyond the ability to return the Browser to the homepage. Restricted Mode Restricted mode allows the administrator to allow or deny access to certain websites. Select Allow or Deny: Allow Select to specify the whitelisted URLs the Browser can access. Deny Select to specify the blacklisted URLs the Browser cannot access; all non- blacklisted sites are allowed. Wildcards Wildcard functionality is available if specifying whitelisted and blacklisted URLs. (ios only) NOTE: If http and https are not explicitly defined, and the wildcard is at the beginning of the domain, the wildcard is interpreted as including both http and https schemes. 31

Introduction to the AirWatch Browser Guide

Introduction to the AirWatch Browser Guide Introduction to the AirWatch Browser Guide The AirWatch Browser application provides a safe, accessible and manageable alternative to Internet browsing using native device browsers. The AirWatch Browser

More information

Cloud Services MDM. ios User Guide

Cloud Services MDM. ios User Guide Cloud Services MDM ios User Guide 10/24/2014 CONTENTS Overview... 3 Supported Devices... 3 System Capabilities... 3 Enrollment and Activation... 4 Download the Agent... 4 Enroll Your Device Using the Agent...

More information

Sophos Mobile Control Administrator guide. Product version: 3

Sophos Mobile Control Administrator guide. Product version: 3 Sophos Mobile Control Administrator guide Product version: 3 Document date: January 2013 Contents 1 About Sophos Mobile Control...4 2 About the Sophos Mobile Control web console...7 3 Key steps for managing

More information

Sophos Mobile Control Administrator guide. Product version: 3.6

Sophos Mobile Control Administrator guide. Product version: 3.6 Sophos Mobile Control Administrator guide Product version: 3.6 Document date: November 2013 Contents 1 About Sophos Mobile Control...4 2 About the Sophos Mobile Control web console...7 3 Key steps for

More information

Cloud Services MDM. Email Management Admin Guide

Cloud Services MDM. Email Management Admin Guide Cloud Services MDM Email Management Admin Guide 10/27/2014 CONTENTS Email Management... 2 Email Compliance Policies... 3 Email Policies... 4 Attachment Security Policies... 8 Attachment Security Policies

More information

Cloud Services MDM. Overview & Setup Admin Guide

Cloud Services MDM. Overview & Setup Admin Guide Cloud Services MDM Overview & Setup Admin Guide 10/27/2014 CONTENTS Systems Overview... 2 Solution Overview... 2 System Requirements... 3 Admin Console Overview... 4 Logging into the Admin Console... 4

More information

BlackBerry Enterprise Service 10. Universal Device Service Version: 10.2. Administration Guide

BlackBerry Enterprise Service 10. Universal Device Service Version: 10.2. Administration Guide BlackBerry Enterprise Service 10 Universal Service Version: 10.2 Administration Guide Published: 2015-02-24 SWD-20150223125016631 Contents 1 Introduction...9 About this guide...10 What is BlackBerry

More information

Sophos Mobile Control Startup guide. Product version: 3.5

Sophos Mobile Control Startup guide. Product version: 3.5 Sophos Mobile Control Startup guide Product version: 3.5 Document date: July 2013 Contents 1 About this guide...3 2 What are the key steps?...5 3 Log in as a super administrator...6 4 Activate Sophos Mobile

More information

Telstra Mobile Device Management (T MDM) Getting Started Guide

Telstra Mobile Device Management (T MDM) Getting Started Guide Telstra Mobile Device Management (T MDM) Getting Started Guide Welcome Thank you for your interest in T MDM and Welcome! In this guide we will take you through the steps to enrolling your first device

More information

Sophos Mobile Control Startup guide. Product version: 3

Sophos Mobile Control Startup guide. Product version: 3 Sophos Mobile Control Startup guide Product version: 3 Document date: January 2013 Contents 1 About this guide...3 2 What are the key steps?...5 3 Log in as a super administrator...6 4 Activate Sophos

More information

Administration Guide. BlackBerry Enterprise Service 12. Version 12.0

Administration Guide. BlackBerry Enterprise Service 12. Version 12.0 Administration Guide BlackBerry Enterprise Service 12 Version 12.0 Published: 2015-01-16 SWD-20150116150104141 Contents Introduction... 9 About this guide...10 What is BES12?...11 Key features of BES12...

More information

Introduction to the Windows Phone 8 Guide

Introduction to the Windows Phone 8 Guide Introduction to the Windows Phone 8 Guide Overview Windows Phone 8 is Microsoft's operating system designed for smartphones and shares the Modern UI with other Windows 8 devices. Windows Phone 8 offers

More information

Sophos Mobile Control SaaS startup guide. Product version: 6

Sophos Mobile Control SaaS startup guide. Product version: 6 Sophos Mobile Control SaaS startup guide Product version: 6 Document date: January 2016 Contents 1 About this guide...4 2 About Sophos Mobile Control...5 3 What are the key steps?...7 4 Change your password...8

More information

Vodafone Secure Device Manager Administration User Guide

Vodafone Secure Device Manager Administration User Guide Vodafone Secure Device Manager Administration User Guide Vodafone New Zealand Limited. Correct as of September 2014. Do business better Contents Introduction 3 Help 4 How to find help in the Vodafone Secure

More information

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0 Security Guide BlackBerry Enterprise Service 12 for ios, Android, and Windows Phone Version 12.0 Published: 2015-02-06 SWD-20150206130210406 Contents About this guide... 6 What is BES12?... 7 Key features

More information

Introduction to Google Apps for Business Integration

Introduction to Google Apps for Business Integration Introduction to Google Apps for Business Integration Overview Providing employees with mobile email access can introduce a number of security concerns not addressed by most standard email security infrastructures.

More information

Introduction to the EIS Guide

Introduction to the EIS Guide Introduction to the EIS Guide The AirWatch Enterprise Integration Service (EIS) provides organizations the ability to securely integrate with back-end enterprise systems from either the AirWatch SaaS environment

More information

Compliance Rule Sets in MaaS360

Compliance Rule Sets in MaaS360 Compliance Rule Sets in MaaS360 MaaS360 allows you to apply sets of compliance rules on mobile devices. These rules are conditions that are checked on devices on real-time basis. If a device is not in

More information

Advanced Configuration Steps

Advanced Configuration Steps Advanced Configuration Steps After you have downloaded a trial, you can perform the following from the Setup menu in the MaaS360 portal: Configure additional services Configure device enrollment settings

More information

UP L18 Enhanced MDM and Updated Email Protection Hands-On Lab

UP L18 Enhanced MDM and Updated Email Protection Hands-On Lab UP L18 Enhanced MDM and Updated Email Protection Hands-On Lab Description The Symantec App Center platform continues to expand it s offering with new enhanced support for native agent based device management

More information

Mobile Device Manager. Windows User Guide (Windows Phone 8/RT)

Mobile Device Manager. Windows User Guide (Windows Phone 8/RT) Mobile Device Manager Windows User Guide (Windows Phone 8/RT) Document Revision Date: Oct. 22, 2014 Mobile Device Manager Windows Phone 8 User Guide i Contents Windows Phone 8 Features Matrix... 1 Overview...

More information

Introduction to Mobile Email Management (MEM)

Introduction to Mobile Email Management (MEM) Introduction to Mobile Email Management (MEM) Overview To the users of most organizations, one of the most valued benefits of a managed device is the ability to access corporate mail on the go. Having

More information

Mobile Device Management Solution Hexnode MDM

Mobile Device Management Solution Hexnode MDM Mobile Device Management Solution Hexnode MDM Frequently Asked Questions www.hexnode.com Frequently Asked Questions How is Hexnode MDM license calculated?...4 Which ports do I need to open for Hexnode

More information

Sophos Mobile Control as a Service Startup guide. Product version: 3.5

Sophos Mobile Control as a Service Startup guide. Product version: 3.5 Sophos Mobile Control as a Service Startup guide Product version: 3.5 Document date: August 2013 Contents 1 About this guide...3 2 What are the key steps?...4 3 First login...5 4 Change your administrator

More information

Sophos Mobile Control Super administrator guide. Product version: 3

Sophos Mobile Control Super administrator guide. Product version: 3 Sophos Mobile Control Super administrator guide Product version: 3 Document date: January 2013 Contents 1 About Sophos Mobile Control...3 2 Super administrator accounts...4 3 The super administrator customer...5

More information

Cloud Services MDM. Application Management Admin Guide

Cloud Services MDM. Application Management Admin Guide Cloud Services MDM Application Management Admin Guide 10/24/2014 CONTENTS Application Management... 2 Using the Applications Page... 2 Enabling the Book Catalog... 9 Application Wrapping Android Apps...

More information

System Configuration and Deployment Guide

System Configuration and Deployment Guide System Configuration and Deployment Guide This guide provides information on...... Configuring an Organization using the Organization Wizard... Setting a default Policy Suite using the Organization Wizard...

More information

Administration Guide BES12. Version 12.3

Administration Guide BES12. Version 12.3 Administration Guide BES12 Version 12.3 Published: 2015-10-30 SWD-20151028105551254 Contents Introduction... 11 About this guide...12 How to use this guide... 13 Steps to administer BES12... 13 Examples

More information

Certificate Management

Certificate Management Certificate Management This guide provides information on...... Configuring the GO!Enterprise MDM server to use a Microsoft Active Directory Certificate Authority... Using Certificates from Outside Sources...

More information

Configuration Guide. BES12 Cloud

Configuration Guide. BES12 Cloud Configuration Guide BES12 Cloud Published: 2016-04-08 SWD-20160408113328879 Contents About this guide... 6 Getting started... 7 Configuring BES12 for the first time...7 Administrator permissions you need

More information

Introduction to Mobile Application Management (MAM)

Introduction to Mobile Application Management (MAM) Introduction to Mobile Application Management (MAM) Overview This guide details how your organization can manage mobile applications using AirWatch's Mobile Application Management (MAM) functionality.

More information

GO!Enterprise MDM Device Application User Guide Installation and Configuration for ios with TouchDown

GO!Enterprise MDM Device Application User Guide Installation and Configuration for ios with TouchDown GO!Enterprise MDM Device Application User Guide Installation and Configuration for ios with TouchDown GO!Enterprise MDM for ios Devices, Version 3.x GO!Enterprise MDM for ios with TouchDown 1 Table of

More information

Introduction to the Secure Email Gateway (SEG)

Introduction to the Secure Email Gateway (SEG) Introduction to the Secure Email Gateway (SEG) Overview The Secure Email Gateway (SEG) Proxy server is a separate server installed in-line with your existing email server to proxy all email traffic going

More information

Mobile Device Management Version 8. Last updated: 17-10-14

Mobile Device Management Version 8. Last updated: 17-10-14 Mobile Device Management Version 8 Last updated: 17-10-14 Copyright 2013, 2X Ltd. http://www.2x.com E mail: info@2x.com Information in this document is subject to change without notice. Companies names

More information

1. Introduction... 1. 2. Activation of Mobile Device Management... 3. 3. How Endpoint Protector MDM Works... 5

1. Introduction... 1. 2. Activation of Mobile Device Management... 3. 3. How Endpoint Protector MDM Works... 5 User Manual I Endpoint Protector Mobile Device Management User Manual Table of Contents 1. Introduction... 1 1.1. What is Endpoint Protector?... 2 2. Activation of Mobile Device Management... 3 2.1. Activation

More information

GO!Enterprise MDM Device Application User Guide Installation and Configuration for Android

GO!Enterprise MDM Device Application User Guide Installation and Configuration for Android GO!Enterprise MDM Device Application User Guide Installation and Configuration for Android GO!Enterprise MDM for Android, Version 3.x GO!Enterprise MDM for Android 1 Table of Contents GO!Enterprise MDM

More information

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise

More information

GO!Enterprise MDM Device Application User Guide Installation and Configuration for Android with TouchDown

GO!Enterprise MDM Device Application User Guide Installation and Configuration for Android with TouchDown GO!Enterprise MDM Device Application User Guide Installation and Configuration for Android with TouchDown GO!Enterprise MDM for Android, Version 3.x GO!Enterprise MDM for Android with TouchDown 1 Table

More information

Building a BYOD Program Using the Casper Suite. Technical Paper Casper Suite v9.4 or Later 17 September 2014

Building a BYOD Program Using the Casper Suite. Technical Paper Casper Suite v9.4 or Later 17 September 2014 Building a BYOD Program Using the Casper Suite Technical Paper Casper Suite v9.4 or Later 17 September 2014 JAMF Software, LLC 2014 JAMF Software, LLC. All rights reserved. JAMF Software has made all efforts

More information

Configuration Guide BES12. Version 12.3

Configuration Guide BES12. Version 12.3 Configuration Guide BES12 Version 12.3 Published: 2016-01-19 SWD-20160119132230232 Contents About this guide... 7 Getting started... 8 Configuring BES12 for the first time...8 Configuration tasks for managing

More information

Introduction to AirWatch and Configurator

Introduction to AirWatch and Configurator Introduction to AirWatch and Configurator Overview AirWatch integrates seamlessly with Apple Configurator to enable IT administrators to effectively deploy and manage Apple ios devices. Deploying a large

More information

Kaspersky Lab Mobile Device Management Deployment Guide

Kaspersky Lab Mobile Device Management Deployment Guide Kaspersky Lab Mobile Device Management Deployment Guide Introduction With the release of Kaspersky Security Center 10.0 a new functionality has been implemented which allows centralized management of mobile

More information

Advanced Administration

Advanced Administration BlackBerry Enterprise Service 10 BlackBerry Device Service Version: 10.2 Advanced Administration Guide Published: 2014-09-10 SWD-20140909133530796 Contents 1 Introduction...11 About this guide...12 What

More information

COMMUNITAKE TECHNOLOGIES MOBILE DEVICE MANAGEMENT FROM BELL USER GUIDE

COMMUNITAKE TECHNOLOGIES MOBILE DEVICE MANAGEMENT FROM BELL USER GUIDE COMMUNITAKE TECHNOLOGIES MOBILE DEVICE MANAGEMENT FROM BELL USER GUIDE Mobile Device Management, User Guide Copyright 2013, CommuniTake Technologies Ltd., Yokneam, Israel. All rights reserved. For a hard-copy

More information

CounterACT Plugin Configuration Guide for ForeScout Mobile Integration Module MaaS360 Version 1.0.1. ForeScout Mobile

CounterACT Plugin Configuration Guide for ForeScout Mobile Integration Module MaaS360 Version 1.0.1. ForeScout Mobile CounterACT Plugin Configuration Guide for ForeScout Mobile Integration Module Version 1.0.1 ForeScout Mobile Table of Contents About the Integration... 3 ForeScout MDM... 3 Additional Documentation...

More information

Product Manual. MDM On Premise Installation Version 8.1. Last Updated: 06/07/15

Product Manual. MDM On Premise Installation Version 8.1. Last Updated: 06/07/15 Product Manual MDM On Premise Installation Version 8.1 Last Updated: 06/07/15 Parallels IP Holdings GmbH Vordergasse 59 8200 Schaffhausen Switzerland Tel: + 41 52 632 0411 Fax: + 41 52 672 2010 www.parallels.com

More information

Enterprise Mobility Management Migration Migrating from Legacy EMM to an epo Managed EMM Environment. Paul Luetje Enterprise Solutions Architect

Enterprise Mobility Management Migration Migrating from Legacy EMM to an epo Managed EMM Environment. Paul Luetje Enterprise Solutions Architect Enterprise Mobility Management Migration Migrating from Legacy EMM to an epo Managed EMM Environment Paul Luetje Enterprise Solutions Architect Table of Contents Welcome... 3 Purpose of this document...

More information

1. What are the System Requirements for using the MaaS360 for Exchange ActiveSync solution?

1. What are the System Requirements for using the MaaS360 for Exchange ActiveSync solution? MaaS360 FAQs This guide is meant to help answer some of the initial frequently asked questions businesses ask as they try to figure out the who, what, when, why and how of managing their smartphone devices,

More information

User's Guide. Product Version: 2.5.0 Publication Date: 7/25/2011

User's Guide. Product Version: 2.5.0 Publication Date: 7/25/2011 User's Guide Product Version: 2.5.0 Publication Date: 7/25/2011 Copyright 2009-2011, LINOMA SOFTWARE LINOMA SOFTWARE is a division of LINOMA GROUP, Inc. Contents GoAnywhere Services Welcome 6 Getting Started

More information

GO!Enterprise MDM Device Application User Guide Installation and Configuration for ios Devices

GO!Enterprise MDM Device Application User Guide Installation and Configuration for ios Devices GO!Enterprise MDM Device Application User Guide Installation and Configuration for ios Devices GO!Enterprise MDM for ios Devices, Version 3.x GO!Enterprise MDM for ios Devices 1 Table of Contents GO!Enterprise

More information

MaaS360 Mobile Device Management (MDM) Administrators Guide

MaaS360 Mobile Device Management (MDM) Administrators Guide MaaS360 Mobile Device Management (MDM) Administrators Guide Copyright 2014 Fiberlink Corporation. All rights reserved. Information in this document is subject to change without notice. The software described

More information

EM L18 Managing ios and Android Mobile Devices with Symantec Mobile Management Hands-On Lab

EM L18 Managing ios and Android Mobile Devices with Symantec Mobile Management Hands-On Lab EM L18 Managing ios and Android Mobile Devices with Symantec Mobile Management Hands-On Lab Description The Symantec Mobile Management platform continues to expand it s offering with new support for native

More information

Integrating Cisco ISE with GO!Enterprise MDM Quick Start

Integrating Cisco ISE with GO!Enterprise MDM Quick Start Integrating Cisco ISE with GO!Enterprise MDM Quick Start GO!Enterprise MDM Version 3.x Overview 1 Table of Contents Overview 3 Getting GO!Enterprise MDM Ready for ISE 5 Grant ISE Access to the GO!Enterprise

More information

Architecture and Data Flow Overview. BlackBerry Enterprise Service 10 721-08877-123 Version: 10.2. Quick Reference

Architecture and Data Flow Overview. BlackBerry Enterprise Service 10 721-08877-123 Version: 10.2. Quick Reference Architecture and Data Flow Overview BlackBerry Enterprise Service 10 721-08877-123 Version: Quick Reference Published: 2013-11-28 SWD-20131128130321045 Contents Key components of BlackBerry Enterprise

More information

Sophos Mobile Control Installation guide. Product version: 3.5

Sophos Mobile Control Installation guide. Product version: 3.5 Sophos Mobile Control Installation guide Product version: 3.5 Document date: July 2013 Contents 1 Introduction...3 2 The Sophos Mobile Control server...4 3 Set up Sophos Mobile Control...10 4 External

More information

Preparing for GO!Enterprise MDM On-Demand Service

Preparing for GO!Enterprise MDM On-Demand Service Preparing for GO!Enterprise MDM On-Demand Service This guide provides information on...... An overview of GO!Enterprise MDM... Preparing your environment for GO!Enterprise MDM On-Demand... Firewall rules

More information

EM L05 Managing ios and Android Mobile Devices with Symantec Mobile Management Hands-On Lab

EM L05 Managing ios and Android Mobile Devices with Symantec Mobile Management Hands-On Lab EM L05 Managing ios and Android Mobile Devices with Symantec Mobile Management Hands-On Lab Description The Symantec Mobile Management platform continues to expand it s offering with new support for native

More information

Generating an Apple Push Notification Service Certificate for use with GO!Enterprise MDM. This guide provides information on...

Generating an Apple Push Notification Service Certificate for use with GO!Enterprise MDM. This guide provides information on... Generating an Apple Push Notification Service Certificate for use with GO!Enterprise MDM This guide provides information on...... APNs Requirements Tips on Enrolling in the ios Developer Enterprise Program...

More information

http://docs.trendmicro.com

http://docs.trendmicro.com Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. Before installing and using the product, please review the readme files,

More information

Android App User Guide

Android App User Guide www.novell.com/documentation Android App User Guide ZENworks Mobile Management 2.7.x August 2013 Legal Notices Novell, Inc., makes no representations or warranties with respect to the contents or use of

More information

Certificate Management

Certificate Management www.novell.com/documentation Certificate Management ZENworks Mobile Management 3.1.x August 2015 Legal Notices Novell, Inc., makes no representations or warranties with respect to the contents or use of

More information

CUSTOMER Android for Work Quick Start Guide

CUSTOMER Android for Work Quick Start Guide Mobile Secure Cloud Edition Document Version: 1.0 2016-01-25 CUSTOMER Content 1 Introduction to Android for Work.... 3 2 Prerequisites....4 3 Setting up Android for Work (Afaria)....5 4 Setting up Android

More information

Sophos Mobile Control Technical guide

Sophos Mobile Control Technical guide Sophos Mobile Control Technical guide Product version: 2 Document date: December 2011 Contents 1. About Sophos Mobile Control... 3 2. Integration... 4 3. Architecture... 6 4. Workflow... 12 5. Directory

More information

Feature List for Kaspersky Security for Mobile

Feature List for Kaspersky Security for Mobile Feature List for Kaspersky Security for Mobile Contents Overview... 2 Simplified Centralized Deployment... 2 Mobile Anti-Malware... 3 Anti-Theft / Content Security... Error! Bookmark not defined. Compliance

More information

Mobility Manager 9.5. Users Guide

Mobility Manager 9.5. Users Guide Mobility Manager 9.5 Users Guide LANDESK MOBILITY MANAGER Copyright 2002-2013, LANDesk Software, Inc. and its affiliates. All rights reserved. LANDesk and its logos are registered trademarks or trademarks

More information

Copyright 2013, 3CX Ltd. http://www.3cx.com E-mail: info@3cx.com

Copyright 2013, 3CX Ltd. http://www.3cx.com E-mail: info@3cx.com Manual Copyright 2013, 3CX Ltd. http://www.3cx.com E-mail: info@3cx.com Information in this document is subject to change without notice. Companies names and data used in examples herein are fictitious

More information

Sophos Mobile Control Installation guide. Product version: 3

Sophos Mobile Control Installation guide. Product version: 3 Sophos Mobile Control Installation guide Product version: 3 Document date: January 2013 Contents 1 Introduction...3 2 The Sophos Mobile Control server...4 3 Set up Sophos Mobile Control...16 4 External

More information

WatchDox Administrator's Guide. Application Version 3.7.5

WatchDox Administrator's Guide. Application Version 3.7.5 Application Version 3.7.5 Confidentiality This document contains confidential material that is proprietary WatchDox. The information and ideas herein may not be disclosed to any unauthorized individuals

More information

NotifyMDM Device Application User Guide Installation and Configuration for Windows Mobile 6 Devices

NotifyMDM Device Application User Guide Installation and Configuration for Windows Mobile 6 Devices NotifyMDM Device Application User Guide Installation and Configuration for Windows Mobile 6 Devices End-of-Life Notice Please note that GO!Enterprise MDM server version 3.6.3 is the last to officially

More information

Sophos Mobile Control Installation guide. Product version: 3.6

Sophos Mobile Control Installation guide. Product version: 3.6 Sophos Mobile Control Installation guide Product version: 3.6 Document date: November 2013 Contents 1 Introduction...3 2 The Sophos Mobile Control server...5 3 Set up Sophos Mobile Control...11 4 External

More information

Introduction to Directory Services

Introduction to Directory Services Introduction to Directory Services Overview This document explains how AirWatch integrates with your organization's existing directory service such as Active Directory, Lotus Domino and Novell e-directory

More information

Introduction to the ios Platform Guide

Introduction to the ios Platform Guide Introduction to the ios Platform Guide Overview AirWatch provides you with a robust set of mobility management solutions for enrolling, securing, configuring and managing your ios device deployment. Through

More information

End User Devices Security Guidance: Apple ios 8

End User Devices Security Guidance: Apple ios 8 GOV.UK Guidance End User Devices Security Guidance: Apple ios 8 Published Contents 1. Changes since previous guidance 2. Usage scenario 3. Summary of platform security 4. How the platform can best satisfy

More information

Comodo Mobile Device Manager Software Version 1.0

Comodo Mobile Device Manager Software Version 1.0 Comodo Mobile Device Manager Software Version 1.0 Installation Guide Guide Version 1.0.041114 Comodo Security Solutions 1255 Broad Street STE 100 Clifton, NJ 07013 Table of Contents 1.CMDM Setup... 3 1.1.System

More information

MaaS360 Cloud Extender

MaaS360 Cloud Extender MaaS360 Cloud Extender Installation Guide Copyright 2013 Fiberlink Communications Corporation. All rights reserved. Information in this document is subject to change without notice. The software described

More information

Configuration Guide BES12. Version 12.2

Configuration Guide BES12. Version 12.2 Configuration Guide BES12 Version 12.2 Published: 2015-07-07 SWD-20150630131852557 Contents About this guide... 8 Getting started... 9 Administrator permissions you need to configure BES12... 9 Obtaining

More information

FileCloud Security FAQ

FileCloud Security FAQ is currently used by many large organizations including banks, health care organizations, educational institutions and government agencies. Thousands of organizations rely on File- Cloud for their file

More information

MaaS360 On-Premises Cloud Extender

MaaS360 On-Premises Cloud Extender MaaS360 On-Premises Cloud Extender Installation Guide Copyright 2014 Fiberlink Communications Corporation. All rights reserved. Information in this document is subject to change without notice. The software

More information

MobileIron Support. Table of Contents. 1. Introduction. 2. Supported Features. Version 1.1 - November 2015

MobileIron Support. Table of Contents. 1. Introduction. 2. Supported Features. Version 1.1 - November 2015 MobileIron Support Version 1.1 - November 2015 Table of Contents 1. Introduction 2. Supported Features 3. Relevant Components 4. Testing a Trial Version with AppConnect 5. Creating a Configuration on the

More information

http://docs.trendmicro.com

http://docs.trendmicro.com Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. Before installing and using the product, please review the readme files,

More information

Sophos Mobile Control Installation guide

Sophos Mobile Control Installation guide Sophos Mobile Control Installation guide Product version: 2.5 Document date: July 2012 Contents 1 Introduction... 3 2 The Sophos Mobile Control server... 4 3 Set up Sophos Mobile Control... 13 4 Running

More information

SYNCSHIELD FEATURES. Preset a certain task to be executed. specific time.

SYNCSHIELD FEATURES. Preset a certain task to be executed. specific time. SYNCSHIELD FEATURES This document describes the diversity of SyncShield features. Please note that many of the features require a certain platform version, often earlier software versions do not support

More information

ManageEngine Desktop Central. Mobile Device Management User Guide

ManageEngine Desktop Central. Mobile Device Management User Guide ManageEngine Desktop Central Mobile Device Management User Guide Contents 1 Mobile Device Management... 2 1.1 Supported Devices... 2 1.2 What Management Operations you can Perform?... 2 2 Setting Up MDM...

More information

Deploying iphone and ipad Mobile Device Management

Deploying iphone and ipad Mobile Device Management Deploying iphone and ipad Mobile Device Management ios supports Mobile Device Management (MDM), giving businesses the ability to manage scaled deployments of iphone and ipad across their organizations.

More information

User Manual for Version 4.4.0.5. Mobile Device Management (MDM) User Manual

User Manual for Version 4.4.0.5. Mobile Device Management (MDM) User Manual User Manual for Version 4.4.0.5 Mobile Device Management (MDM) User Manual I Endpoint Protector Mobile Device Management User Manual Table of Contents 1. Introduction... 1 1.1. What is Endpoint Protector?...

More information

Configuration Guide. BlackBerry Enterprise Service 12. Version 12.0

Configuration Guide. BlackBerry Enterprise Service 12. Version 12.0 Configuration Guide BlackBerry Enterprise Service 12 Version 12.0 Published: 2014-12-19 SWD-20141219132902639 Contents Introduction... 7 About this guide...7 What is BES12?...7 Key features of BES12...

More information

Getting Started - MDM Setup

Getting Started - MDM Setup Mobile App Getting Started - MDM Setup Thank you for acquiring the Talon Mobile app. The Talon Mobile app allows you to request sensitive justice information. To use the Talon Mobile app, your agency s

More information

Copyright 2013, 3CX Ltd. http://www.3cx.com E-mail: info@3cx.com

Copyright 2013, 3CX Ltd. http://www.3cx.com E-mail: info@3cx.com Manual Copyright 2013, 3CX Ltd. http://www.3cx.com E-mail: info@3cx.com Information in this document is subject to change without notice. Companies names and data used in examples herein are fictitious

More information

Configuration Guide BES12. Version 12.1

Configuration Guide BES12. Version 12.1 Configuration Guide BES12 Version 12.1 Published: 2015-04-22 SWD-20150422113638568 Contents Introduction... 7 About this guide...7 What is BES12?...7 Key features of BES12... 8 Product documentation...

More information

User Self-Service Configuration Overview

User Self-Service Configuration Overview User Self-Service Configuration Overview Version 8.2 Mobile Service Manager Legal Notice This document, as well as all accompanying documents for this product, is published by Good Technology Corporation

More information

BlackBerry 10.3 Work and Personal Corporate

BlackBerry 10.3 Work and Personal Corporate GOV.UK Guidance BlackBerry 10.3 Work and Personal Corporate Published Contents 1. Usage scenario 2. Summary of platform security 3. How the platform can best satisfy the security recommendations 4. Network

More information

Introduction to the AirWatch Inbox Guide

Introduction to the AirWatch Inbox Guide Introduction to the AirWatch Inbox Guide Overview AirWatch Inbox is a fully containerized email management solution for ios, Windows 8 RT, and Android devices. The AirWatch Inbox enables administrators

More information

Delegated Administration Quick Start

Delegated Administration Quick Start Delegated Administration Quick Start Topic 50200 Delegated Administration Quick Start Updated 22-Oct-2013 Applies to: Web Filter, Web Security, Web Security Gateway, and Web Security Gateway Anywhere,

More information

Generating an Apple Push Notification Service Certificate for use with GO!Enterprise MDM. This guide provides information on...

Generating an Apple Push Notification Service Certificate for use with GO!Enterprise MDM. This guide provides information on... Generating an Apple Push Notification Service Certificate for use with GO!Enterprise MDM This guide provides information on...... APNs Requirements Tips on Enrolling in the ios Developer Enterprise Program...

More information

Zenprise Device Manager 6.1.5

Zenprise Device Manager 6.1.5 Zenprise Device Manager 6.1.5 CLIENT GUIDE Rev 6.1.50 Introduction 2 ZENPRISE DEVICE MANAGER 6.1 CLIENT GUIDE 2011 Zenprise, Inc. All rights reserved. This manual, as well as the software described in

More information

Managing ios Devices. Andrew Wellington Division of Information The Australian National University XW11

Managing ios Devices. Andrew Wellington Division of Information The Australian National University XW11 Managing ios Devices Andrew Wellington Division of Information The Australian National University About Me Mac OS X Systems Administrator Division of Information (Central IT) Mostly manage servers (about

More information

Clearswift Information Governance

Clearswift Information Governance Clearswift Information Governance Implementing the CLEARSWIFT SECURE Encryption Portal on the CLEARSWIFT SECURE Email Gateway Version 1.10 02/09/13 Contents 1 Introduction... 3 2 How it Works... 4 3 Configuration

More information

Windows Phone 8.1 in the Enterprise

Windows Phone 8.1 in the Enterprise Windows Phone 8.1 in the Enterprise Version 1.4 MobileIron 415 East Middlefield Road Mountain View, CA 94043 USA Tel. +1.650.919.8100 Fax +1.650.919.8006 info@mobileiron.com Introduction 3 Why Windows

More information

Introduction to the Windows Mobile Guide

Introduction to the Windows Mobile Guide Introduction to the Windows Mobile Guide Overview Windows Mobile and Windows CE devices and their operating systems are proven performers in rugged environments like warehouses, courier services, and healthcare

More information

BlackBerry Enterprise Service 10. Version: 10.2. Configuration Guide

BlackBerry Enterprise Service 10. Version: 10.2. Configuration Guide BlackBerry Enterprise Service 10 Version: 10.2 Configuration Guide Published: 2015-02-27 SWD-20150227164548686 Contents 1 Introduction...7 About this guide...8 What is BlackBerry Enterprise Service 10?...9

More information