Mobile Device Management Fleet manager s guide Philippe CAJET Admin Guide MDM R1.6_2013 August 1 st _V 1
2 Summary Pages Pages Mobile Device Management Fleet manager s guide 1 SUMMARY 2 SUMMARY 3 0. connection to MDM web portal 4 Fleet manager connection to MDM (Cloud pre biznis portal ) 5 Fleet manager connection to MDM by Bookmark 6 Fleet manager 1 connection to MDM portal (continued) 7 End users connection to MDM portal 8 End users connection - initial logon 9 Fleet Manager connection to end user portal 10 1. users 11 users > list of users 12 users list synchronization 13 Modification of MSISDN in Cloud pre biznis 14 users > list of users (continued) 15 users > list of users (continued) 16 users > groups 17 users > groups (continued) 18 users > self enrollment 19 users > send a reminder message 20 users > user information 21 users > device backup activation 22 2. device enrolment 23 enrolment 24 device enrolment 25 device enrolment (continued) 26 device enrolment (continued) 27 Guide to enrolment for Androïd 28 step 1 download agent / profile' 29 step 1 download agent / profile' (continued) 30 step 1 download agent / profile' (continued) 31 step 2 activate Device Manager 32 step 3 send the Data Backup application 33 step 3 send the Data Backup application (continued) 34 step 3 send the Data Backup application (continued) 35 Guide to enrolment for ios 36 enrolment > ios (Apple) 37 step 1 download agent / profile' iphone 38 step 1 download agent / profile' (continued) iphone 39 step 1 download agent / profile' (continued) iphone 40 step 2 activate Device Manager iphone 41 step 3 send Data backup iphone 42 step 3 send Data Backup (continued) iphone 43 step 1 download agent / profile' i Pad 44 step 1 download agent / profile' (continued) i Pad 45 step 1 download agent / profile' (continued) i Pad 46 step 1 download agent / profile' (continued) i Pad 47 step 2 activate Device Manager i Pad 48 step 3 send Data Backup i Pad 49 Guide to enrolment for Black Berry 50 step 1 download agent / profile' 51 step 1 download agent / profile' (continued) 52 step 1 download agent / profile' (continued) 53 step 2 activate Device Manager 54 step 3 send the Data backup application 55 step 3 send the Data backup application (continued) 56 step 3 send the Data backup application (continued) 57 Guide to enrolment for Symbian 58 step 1 download agent / profile' 59 step 1 download agent / profile' (continued) 60 step 1 download agent / profile' (continued) 61 step 2 send configuration 62 step 2 send configuration (continued) 63 step 3 activate Device Manager 64
Summary Pages Pages step 3 activate Device Manager (continued) 65 step 4 send the Data Backup application 66 step 4 send the Data Backup application (continued) 67 step 4 Data Backup first use on the smartphone 68 3. device management 69 users > device management 70 users > device management (continued) 71 users > device management > blocking with lock code 72 Guide: company applications 73 company applications 74 company applications (continued) 75 company applications (continued) 76 Guide: applications policy 77 applications policy 78 applications policy (continued) 79 applications policy (continued) 80 applications policy (continued) 81 Guide: configuration deployment 82 configuration deployment 83 configuration deployment (continued) 84 configuration deployment (continued) 85 configuration deployment (continued) 86 deployment of a password policy 87 removal of password policy deployed on an ios device 88 Guide: backup monitoring 89 backup monitoring 90 Guide: setup 91 setup 92 setup > polling campaigns 93 setup > certificate ios 94 Follow up certificates creation for each Cloud created 95 Guide ios certificate (from a Mac OS X computer) 96 setup > ios certificate on Mac 97 setup > ios certificate on Mac 98 setup > ios certificate upload certificate signing request 99 setup > ios certificate (continued) 100 setup > ios certificate (continued) 101 setup > ios certificate on APPLE identity web site 102 setup > ios certificate on APPLE identity web site 103 setup > ios certificate on APPLE identity web site 104 setup > ios certificate on APPLE identity web site 105 setup > ios certificate upload certificate on MDM Server 106 ios certificate guide (from a Mac OS X computer) 107 setup > ios certificate on PC 108 setup > ios certificate on PC (continued) 109 setup > ios certificate on PC (continued) 110 setup > ios certificate on PC (continued) 111 setup > ios certificate on PC (continued) 112 setup > ios certificate on PC (continued) 113 setup > ios certificate upload certificate signing request 114 setup > ios certificate upload certificate (continued) 115 setup > ios certificate upload certificate (continued) 116 follow up of the end of creation certificates for Clouds 117 setup > ios certificate on APPLE identity web site 118 setup > ios certificate on APPLE identity web site 119 setup > ios certificate on APPLE identity web site 120 setup > ios certificate on PC Finish certificate request 121 setup > ios certificate on PC (continued) 122 setup > ios certificate on PC (continued) 123 setup > ios certificate on PC (continued) 124 setup > ios certificate upload certificate on MDM Server 125 3
0. connection to MDM web portal
Fleet manager connection to MDM portal by Cloud pre biznis portal To access the MDM service you can connect by : https://tb1n.orange.sk/cloudpro/front/home To log on the fleet manager web interface, please use your Cloud Pro End-user login/password 1 click to login to your personal area in Cloud pre biznis with your login password. 2 click on my applications to join your subscribed applications 3 click on use to access to : - the landing page if it s your first connexion ( next slide 6) - the first page of MDM service later 5
Fleet manager connection to MDM portal by the Mobile Device Management service saved in you book mark To access the MDM service you can connect by : https://smz.cloudprebiznis.orange.sk To log on the fleet manager web interface, please use your Cloud Pro login/password. 2 type Cloud Pro login/password 1 click on login button 3 click on Connect you to access the MDM service first page 6
Fleet manager 1 connection to MDM portal (continued) At your first connection, information are displayed on the landing page. Then you have to accept the Terms & Conditions of MDM service to access the home page An email is automatically sent by MDM server for keeping this initial information (It will no longer be available at the next connection). All users accounts are synchronized from Cloud Pro to the MDM data base. 7
End users connection to MDM portal To access the MDM service you can connect by : https://tb1n.orange.sk/cloudpro/front/home To log on your web end user interface, please use your Cloud Pro login/password as a secondary user Mobile Device Management 8
End users connection - initial logon End-users access the User MDM web portal with their Cloud Pro login. At first connection information are displayed on the landing page. Then end users have to create a specific backup password and to accept Terms & Conditions. MDM server sends a message for keeping initial information (It will no longer be displayed at the next connection). Marketing Phil Some practical information displayed on the user landing page When end users first log on, have to set their specific backup password A message is sent to the end user when T&C s are accepted 9
Fleet Manager connection to end user portal From your fleet manager web interface, you can connect directly to the User web interface by simply clicking the link "SELF CARE" on top right of the main menu. As any end user you have to create your specific backup password and accept Terms & Conditions. See previous page End users connection - initial logon for more information. 10
1. users
users > list of users The 'users' menu provides you with an overview of your fleet, with the device enrolment status for each user and the device model used once the device is enrolled. From the list of users you can: access the main information on each user ('user information'), by clicking their line number (msisdn). enroll a device ('device enrolment' column) manage a device ('device model' column) The list of users comes from Cloud Pro, it is updated each time you connect to your fleet manager interface In your company, if your Cloud Manager federated several enterprises, you will see as Fleet Manager the entire fleets each federated enterprises. 12
users list synchronization The list comes from Cloud Pro, updated each time you connect to your fleet manager interface. The complete synchronization (first and last names, msisdn, e-mail) is done every night or by clicking on the link Synchronize When an msisdn or e-mail are not well informed or in a wrong format, an error message is displayed. 1 Then by clicking the link more users or details into the message a table appears. 2 Click on Reset User account(s) to continue. 3 page 14 Click Synchronize "to force full synchronization with Cloud Pro 1 massage erreur format 2 13 3
Modification of MSISDN in Cloud pre biznis, informative popup on MDM portal. Manual synchronization (button) that MDM takes into account the new mobile phone number +33643xx9836 14
users > list of users (continued) the 'device model' and 'OS version' column show "undetected" and "not complete" if the device has not yet been enrolled or has not been identified correctly at the end of enrolment. you can create groups and add each user to any of these groups (see users > groups ) see 'users > enrolment you can send a reminder to users who have not completed enrolment of their device (see users > send a reminder ) 15
users > list of users (continued) for each column, you may select a sorting criterion by clicking the header you can search for users using their name or mobile number. total and partial matches are shown. when you have created groups, you can click the header and sort users by which group they belong to. Or you can apply a filter to show only the members of a specific group 16
users > groups Attaching users to a group facilitates management and deployment actions. 1 opens the tab create a new group' 2 name of the group to be created 3 creating a new group 4 once the group is created you can manage the users attached to this group. 17
users > groups (continued) 2 assigning or removing selected users to/from the group 1 select the users to assign to or remove /from the group 18
users > self enrollment You can delegate to end users to enrol their device. On the users menu, select self enrolment and tick each user you want to delegate the enrolment to. Then click on the Allow button. All the selected users will receive a message inviting them to log on their user web interface and start the enrolment. 3 1 2 4 Send message Users will receive a message inviting them to enroll their device. 19
users > send a reminder message from the 'users' page, you can remind users that they must complete their device enrolment 1 sort the users to display those who have not yet completed enrolment. 2 select the users to whom you wish to send a reminder 3 send the reminder. each user will be notified by text message. 20
users > user information the 'user information' page provides access to tools and settings for a given user users may exchange their old device which was enrolled for a new device. by clicking here, you can enroll the new device, while keeping on the server the user's data saved from the old device. the colour orange means that this step is not yet complete enroll the user device enrol l log on to the device to manage it to access information on backups performed by the user (see next page) 21
users > device backup activation Data backup / restore works via the mobile Data Backup application, which is downloaded and installed on the device during the enrolment phase. Mobile device data (contacts, calendar, documents) is backed up on the Mobile Device Management server; to transfer it onto another device, the user must install the Data Backup application on this other device. On the 'device backup' page, you can find information on backups performed by the user and change some settings You can remind users to perform regular backups from the 'backups' menu Technocenter tick to allow the user to backup the corresponding types of data save don't forget to save the settings you have chosen note: some types of data cannot be shown for a given OS. The types of data which need to be backed up depend on the device OS 22
2.device enrolment
enrolment The "enrolment " page enables you to add a user's device to the fleet of devices administered through the Service. You can enroll a device on behalf of a user Click In the column device enrolment to start or to continue enrolment of the device 24
device enrolment If you have a large number of devices to enrol, it may be more efficient to delegate this task to each user. To do so: send to the end users a text message for self-enrolment from the users > the link selfenrolment on the page list of users users can log in the User web portal with their Cloud Pro login users may then follow the steps of the device enrolment' page with their device (the enrolment steps are more or less the same on both interfaces) from the "users list" page you can see if users have completed enrolment of their device, and send reminder messages if necessary you can also help certain users enrol their devices using the device enrolment' page on your Fleet manager portal 25
device enrolment (continued) The device enrolment process depends on the OS of the device: Android and BlackBerry devices require the user to download a device management client (named Device Manager ) and then the fleet manager must activate it Nokia Symbian devices have a native device management client embedded; however users are required to download an Device Manager adaptor, and then the fleet manager must activate it ios devices require the user to download a configuration Profile, and then the fleet manager must activate the native device management client (Apple MDM) for all OSs, it is necessary to download the Orange Data Backup application to use the device data backup and restore functions 1 click step 1 to start the device enrolment process 2 at each step, follow the instructions 3 once the action is completed, refresh the page to move to the next step 26
device enrolment (continued) the steps depend on the OS. complete each step by following the instructions. refresh after each action to move to the next step once the last step is completed, please remind to the end user he doesn t forget to create his specific data backup password and signed the T&C s to log on his user web interface the first time. 27
Guide to enrolment on certain Android models it is necessary to have a memory card in order to download and install applications other than those present on the device
step 1 download agent / profile' on the Fleet manager Interface: click step 1 download agent/profile. The interface will display "download url successfully sent." on the mobile: the mobile will receive a text message. Click the link received in the text message. It will be in the 'Messages' application available on the mobile home page on some mobiles (Samsung in particular), a 'Select action' window containing the link will be displayed, the link must be clicked to start the download 29
step 1 download agent / profile' (continued) on the mobile: the mobile browser will start up and the "Terms and Conditions" will be displayed. Go to the foot of the page and click 'accept'. a second page will open and explain that it is necessary to download the IT Manager software: Click the 'continue' button click 'accept' then 'continue' 30
on the mobile: step 1 download agent / profile' (continued) 1. the mobile will briefly display "Downloading commenced" and application downloading will start on the mobile ("Arrow down to a line" icon at top of mobile) 2. open the notifications tab (by sliding your finger from top to bottom of screen) to find the file downloading or already downloaded if downloading is complete 3. once downloading is complete, click the file Device Manager.apk" listed in the notifications tab which should already be open to begin installation of the "IT Manager" application 4. the installation screen of the Device Manager" application will be displayed with the question "Do you want to install this application?" : Click the 'Install' button 5. the installation screen will now read "Application installed": Click the 'Open' button, then exit the application by clicking on the 'back' arrow under the screen 31
step 2 activate Device Manager on the mobile: the mobile Web browser will again display the last page viewed Quit the browser once installation is complete, the user must inform the Fleet manager, so they can continue with enrolment. on the Fleet manager Interface: click refresh ensure that the Device Manager application has been opened at least once on the device click step 2: activate Device Manager 32 on the mobile: the mobile will briefly show in the notifications bar at the top of the Device Manager activation" screen then, in the notifications tab, " Device Manager session in progress " the mobile will then display a screen entitled "Activate device administrator?" or "Activate security policies" (depending on the model) click the OK (or ON ) or Activate button (depending on the model) on the Fleet manager Interface: a window will display "trusted relationship with device created successfully"
step 3 send the Data Backup application on the Fleet manager Interface: The Fleet manager can, if he wants to, click step 3, to send the "backup/restore" application download link. If so, the Fleet manager must click send Data Backup. The interface will display "download url successfully sent" 33
step 3 send the Data Backup application (continued) on the mobile: the mobile will receive a text message. Click the link received in the text message. This is in the 'Messages' application available on the mobile homepage on some mobiles (Samsung for example), a "Select action" window containing the link will be displayed, the link must be clicked to start the download the web browser will launch and the mobile will briefly display "Downloading commenced", then application downloading will start on the mobile ("Arrow down to a line" icon at top of mobile) Data Backup.apk 34
step 3 send the Data Backup application (continued) on the mobile: open the notifications tab (by sliding your finger from top to bottom of screen) to find the file downloading or already downloaded if downloading is complete once downloading is complete, click the application file listed in the notifications tab which should already be open to begin installation of the " Data Backup " application the installation screen of the " Data Backup " application will be displayed with the question "Do you want to install this application?" : Click the 'Install' button the installation screen will now read "Application installed": Click the 'OK' button. the application is now available in the mobile's applications list. 35
Guide to enrolment
enrolment > ios (Apple) if you would like to manage ios devices through the Mobile Device Management service, you must first obtain an SSL certificate from Apple for your company and download it please see the section setup > certificate ios of this user guide in order to follow the Apple certificate downloading procedure Important: the enrolment procedure is different for iphones and ipads on iphones, enrolment may either be performed from the Fleet manager portal or from the User portal on ipads, enrolment must be performed by the user, by logging on to their User portal directly from the ipad. 37
step 1 download agent / profile' on the Fleet manager Interface: click step 1 download agent/profile. The interface will display "download url successfully sent." on the mobile: the mobile will receive a text message. Click the link received in the text message. It will be in the 'Messages' application available on the mobile home screen. 38
step 1 download agent / profile' (continued) on the mobile: the mobile browser will start up and the "Terms and Conditions" will be displayed. Go to the foot of the page and click 'accept'. a second page will open and explain the necessity of installing the "profile" sent by the server: Click the 'continue' button click 'accept' then 'continue' 39
on the mobile: step 1 download agent / profile' (continued) the mobile will display the profile configuration window offering to install the Device Manager' profile which corresponds to your Company certificate download the profile (by clicking the 'Install' button) once the download is complete, click the 'Install' button at the top right of the mobile screen to begin profile installation the installation screen will now read "Profile installed": click the 'OK' button. the browser windows may now be closed 40
step 2 activate Device Manager on the Fleet manager Interface: click refresh click step 2: activate Device Manager ; the interface will now display "trusted relationship with device created successfully" 41
step 3 send Data backup on the Fleet manager Interface: the Fleet manager may, if he wishes, click step 3, to send the "backup/restore" application download link". if so, the Fleet manager must click send Data Backup. The interface will display "download url successfully sent". 42
step 3 send Data Backup (continued) on the mobile: the mobile will receive a text message. Click the link received in the text message. This is in the 'Messages' application available on the mobile home screen the App Store will open and present the Data Backup application. Click 'Install' and enter the Apple credentials requested (ID and password) downloading begins and the application is installed simultaneously. once the application installed, it can be accessed via its iphone home screen icon Cancel Data backup Detail 43
step 1 download agent / profile' on the Fleet manager Interface: tick the enroll ipad tablet. The interface then states that "enrolment must be performed by the user, by logging on to their User portal directly from the ipad. From the Fleet manager portal it is only possible to monitor the ipad enrolment status. End users are able to enroll their ipad, by accessing to the User web portal (Cloud pro credential). From: MDM service@orange.sk Date: July 19th 2013 13:34:47 UTC+02:00 To: Demo.technocentre@orange.com Subject: Mobile Device Management : enrolment of your device The fleet manager delegated previously the self enrolment (he allows self enrolment). Endusers receive automatically an email including the link to the web portal. The click on it and start the enrolment of the ipad. Hello, Your fleet manager has delegated you to enroll your terminal in the fleet of your company. To proceed, click on the link https://tb1n.orange.sk/cloudpro/front/home to log in your MDM User web portal. Then click on 'enroll device', then follow the instructions step by step. A user manual is available on the web portal. We invite you to download it by clicking on the 'user guide' link on the top right corner of the screen and to refer to it while you enroll your device. The Orange MDM team 44
step 1 download agent / profile' (continued) on the ipad: End users with this email launch the web browser Safari by clicking the link. on the 'user information' page, click enroll device and start enrolment 45
on the ipad: step 1 download agent / profile' (continued) on the enrolment page, tick the box enroll an ipad tablet then click step 1 download the configuration profile onto the ipad. 2 1 2 the web browser (Safari) then opens up a new window and displays the "Terms and Condtions". Go to the foot of the page and click 'accept'. a second page will be displayed explaining the necessity of installing the "profile" sent by the server: click the 'continue' button 3 click 'accept' then 'continue' 46
on the ipad: step 1 download agent / profile' (continued) a profile configuration window will open offering to install the Device Manager' profile which corresponds to your Company MDM certificate download the profile (by clicking the 'Install' button) once the download is complete, click the 'Install' button at the top right of the mobile screen to begin profile installation the installation screen will now read "Profile installed": click the 'OK' button. the last window opened by the web browser may now be closed 47
on the ipad, in the User Interface: click refresh step 2 activate Device Manager click step 2: activate Device Manager ; the interface will now display "trusted relationship with device created successfully" 48
step 3 send Data Backup on the ipad, in the User Interface: the user may, if they wish, click step 3, to download the DM express device data backup/restore application from the App Store if so, the user must click send Data Backup. The App Store will then open to the Data Backup application page; click 'Install' for downloading to begin and the application will be installed once downloading is complete, it can be accessed via its ipad home screen icon 49
Guide to enrolment
step 1 download agent / profile' on the Fleet manager Interface : click step 1 download agent/profile. The interface will display "download url successfully sent." on the mobile: the mobile will receive a text message. Click the link received in the text message. It will be in the 'Messages' application available on the mobile home page 51
on the mobile: step 1 download agent / profile' (continued) the mobile browser will start up and the "Terms and Conditions" will be displayed. Go to the foot of the page and click 'accept'. a second page will open and explain that it is necessary to download the Device Manager software: Click the 'continue' button click 'accept' then 'continue' 52
step 1 download agent / profile' (continued) on the mobile: the mobile will display the downloading window. Click 'Download' once downloading is complete, if an application authorisation window requests "approval "click 'Yes' for the installation to run the installation screen will now display "The application has been properly installed." : click the 'OK' button. 53
on the mobile: step 2 activate Device Manager if the mobile web browser remains open with the last page displayed, you may now close it if the Fleet manager does not have the mobile to hand, the user must inform him once the installation is complete to that he may continue with the enrolment. on the Fleet manager Interface : click refresh click step 2: activate Device Manager ; the interface will now display "trusted relationship with device created successfully" on the mobile: the mobile will briefly display "profile saved" click the 'OK' button. 54
step 3 send the Data backup application on the Fleet manager Interface : the Fleet manager can, if he wants to, click step 3, to send the "backup/restore" application download link. If so, the Fleet manager must click send Data Backup. The interface will display "download url successfully sent" 55
step 3 send the Data backup application (continued) on the mobile: the mobile will receive a text message. Click the link received in the text message. This is in the 'Messages' application available on the mobile homepage the download window opens. Click 'Download' 56
step 3 send the Data backup application (continued) on the mobile: the installation screen will now display "The application has been properly installed." : Click the 'OK' button. the application is now available in the mobile's applications list. at the first launch, click 'Yes' when the applications Authorisation window requests your "approval" 57
Guide to enrolment
step 1 download agent / profile' on the Fleet manager Interface : click step 1 download agent/profile. The interface will display "download url successfully sent." Orange MDM service on the mobile: the mobile will receive a text message. Click the link received in the text message. It will be in the 'Messages' application available on the mobile home page 59
step 1 download agent / profile' (continued) on the mobile: the mobile browser will start up and the "Terms and Conditions" will be displayed. Go to the foot of the page and click 'accept'. a second page will open and explain that it is necessary to download the Device Manager agent: Click the 'continue' button 60 click 'accept' then 'continue'
on the mobile: step 1 download agent / profile' (continued) the mobile downloads the Device Manager" agent once downloading is complete, an 'Install' window will open, click OK or Yes (depending on the device) the installation screen will now read "Installation complete" on Symbian ^3 on Symbian S60 61
on the mobile: if the mobile web browser remains open with the last page displayed, you may now close it if the Fleet manager does not have the mobile to hand, the user must inform him once the installation is complete to that he may continue with the enrolment. on the Fleet manager Interface: click refresh step 2 send configuration click step 2: send configuration ; the interface will now display: "configuration profile sent successfully" before moving to step 3, please wait for the profile to be installed on the device 62 35
on Symbian S60 on Symbian ^3 on the mobile: step 2 send configuration (continued) the mobile will receive a message; click 'Display'. the notifications bar at the top of the screen will display "Configuration settings"; click 'Options' then 'Save the mobile will then display "A recommended update is available on the Data Backup server. would you like to download it now?". Click 'Yes' the mobile will connect to the Mobile Device Management server and retrieve the data from the server 63 36
step 3 activate Device Manager on the Fleet manager Interface: click step 3 activate Device Manager ; the server will then connect to the device the action is to be performed on the mobile : read the code here and follow the instructions on the next page. 64
step 3 activate Device Manager (continued) on the mobile: if the mobile will then display "A recommended update is available on the Data Backup server...", click 'Yes' the mobile will display a screen entitled "Security details:" and request to allow the server to perform certain actions on the mobile. Click 'OK' the mobile will request you to enter the "first 4 digits of the fingerprint" ( Code ) for Mobile Device Management. This code will be displayed on the Mobile Device Management portal in the explanatory text of step 3 of enrolment. the mobile will display "Control request accepted". Click 'OK' again the mobile will receive data from the express Mobile Device Management server. Wait for the end of the operation. on the Fleet manager Interface: the interface will display "configuration installed successfully" 65
step 4 send the Data Backup application on the Fleet manager Interface : the Admin Fleet manager can, if he wants to, click step 4, to send the "backup/restore" application download link. If so, the Fleet manager must click send Data Backup. The interface will display "download url successfully sent" 66
on the mobile: step 4 send the Data Backup application (continued) the mobile will receive a text message. Click the link received in the text message. This is in the 'Messages' application available on the mobile homepage the mobile will display "Download details:". Click 'Options' then 'Install' to launch the installation and confirm by clicking 'Yes' if necessary. an information tab will open on the application. Click 'Continue' the installation screen will now read "Installation in progress" once downloading complete, the Data backup application will appear in the 'Applications' folder 67
step 4 Data Backup first use on the smartphone 68
3. device management
users > device management from the 'device management' page, you can perform various management actions on the user's device: retrieve information from the device ( vital signs ) install applications configure the device (connection settings, screen shortcuts, ) define the password protection policy set certain, restrictions (ios) block the device and/or wipe device data in an emergency (loss, theft, ) the management functions available depend on the device OS 70
users > device management (continued) retrieve important information block and wipe in an emergency view the list of applications, and install configure connections, the home screen, force password protection note: some tabs may remain absent on certain OSs. The management functions available depend on the device OS 71
users > device management > blocking with lock code on Nokia Symbiandevices, the device lock code may be changed in several ways: in the actual device settings (menu Security > Telephone and SIM card ) from the Device Management express portal, under the "device management' section: block and wipe tab-> lock 'password policy' tab you therefore have several ways of resetting the device lock code is the user has forgotten it. on Androiddevices, the device lock code may be changed in several ways: in the actual device settings (menu Security > Screen lock ) from the Device Management express portal, under the "device management' section, 'block and wipe' tab -> lock 72
Guide: company applications
company applications with applications management, you can load your own applications on the Mobile Device Management platform, then deploy them on user devices. 1 OS selection 2 the name of the application and the icon are those which will be used on the portal to identify the application. 3 load application file. If more than one file is needed you will be asked to load the following files once the first one has loaded. 4 loading the application on the portal before deployment 74
company applications (continued) once the application has been created you can deploy it at will. 75
company applications (continued) the application deployment page enables you to push the application to one or more users. A little too much do-it-yourself all the same to redo 3 refresh to see the last application deployment status. 1 select the users to whom it will be sent 2 send the application installation and download link note: only devices with the OS in question appear 76
Guide: applications policy
applications policy With the applications policy, you will be alerted when certain keywords are found (or vice versa) among the names of applications installed on user devices. It is possible to choose between two applications policies for each OS: A blacklist which will alert you when a user has an application containing one of the keywords defined on their device A whitelist which will alert you when a user has an application which doesn't contain any of the keywords defined on their device This function requires regular feedback of information from devices in order to define the list of applications installed on them. You can define the regularity of this feedback in setup -> polling campaigns. If automatic retrieval of device information is deactivated, applications policy will not apply. 78
applications policy (continued) 1 OS selection 2 selection of either whitelist or blacklist 3 add a search keyword 4 applications policy backup 79
applications policy (continued) users who are not compliant with the applications policy in place are displayed here. This list is automatically updated each time device information is fed back from devices to the portal. Click the user to see which applications are installed on their device which do not comply with the policy in place. 80
applications policy (continued) non-compliant applications are highlighted on a different coloured background. 81
Guide: configuration deployment
configuration deployment with configuration deployment, you can configure different settings such as mobile network or Wi-Fi access points, shortcuts, email configuration or password policy. And you can do this for one or more users at the same time. 83
configuration deployment (continued) 1 select the item to configure 3 configuration window and fields to be filled in 2 open the window to create a new configuration 4 create the configuration to deploy. Once created, it will be backed up so you can deploy it at any time for the users selected. 84
configuration deployment (continued) note: you can change a configuration up until its first deployment. Once it has been deployed for the first time, you will have to create a new configuration if you wish to change certain settings. once the configuration created you can deploy it on the user devices you wish Cancel 85
configuration deployment (continued) the configuration deployment page enables you to send a configuration to one or more users and in some cases delete it from the device. 3 refresh to see the last configuration deployment status on the devices concerned. 1 select the users to whom you wish to push the configuration 2 create a configuration for the users selected note: only devices with the OS in question appear 86
deployment of a password policy the steps to follow to deploy a password policy on your fleet devices are described below 1 name the password policy and define the settings on the mobile device, the next action depends on the OS: save Android: a message appears in the notification bar "N.B. You must define a new password" ios: a message will appear on the screen "Code compulsory You must set a code within 60 minutes" Nokia Symbian: no message appears if the user has never changed the lock code, the default code is 12345 2 3 deploy Symbian^3: the password policy deployed on the device cannot be wiped; it may only be overwritten by a stronger policy. To remove the password policy on a Symbian^3, it is necessary to reset to factory settings (factory reset). 87
removal of password policy deployed on an ios device removal of password policy deployed on an ios device: go to the device management > vital signs section click refresh open the 'configuration profiles" tab, find the PASSWORD profile and click delete 88
Guide: backup monitoring
backup monitoring the backup page enables you to monitor the last backup data actions performed by users on their devices, or to invite them to perform this action with a reminder message. 2 sending the reminder message 1 selecting users to prompt 3 refresh so view the last backup status and reminder messages sending status. 90
Guide: setup
setup The setup page enables you to set several Mobile Device Management portal settings: ios certificate loading device information feedback frequency preferences 92
setup > polling campaigns this page enables you to configure settings for your Company's use of the portal. this setup applies to users when roaming. the regularity of feedback enables Mobile Device Management to automatically retrieve information from users devices at defined periods. Certain functions, such as polling campaigns, require this automatic polling to operate at optimum capacity. note : a small volume of data will always be exchanged no matter what when switching to roaming. If you perform a Device Management action on a user when roaming, you will be requested to confirm the action before starting the Device Management session. 93
setup > certificate ios to be able to manage ios devices, you need to load an ios certificate for your Enterprise / Cloud. A company can managed several Clouds up to 200 end-users each. In case of multiple Clouds, if they have been federated by the Primary Manager by a federation ID,, the Fleet(s) Manager(s) have to create one certificate by Cloud. the following pages explain how to obtain and configure the ios certificate on a Mac OS or Windows 7 or Windows Server type computer 94
Follow up certificates creation for each Cloud created Name of the Company Cloud 2 due an existing federation Code. It appears even the certificate of the enterprise Cloud 2 is not yet created. Then you have to create it in this example, 200-7j is active and the 200-056 to be crated 95
ios certificate guide (from a Mac OS X computer)
setup > ios certificate to obtain this certificate, four steps are necessary: 1. CSR generation (Certificate Signing Request) on Mac 2. CSR signed via the Mobile Device Management interface 3. Apple signature 4. signed certificate exported and integrated in Mobile Device Management CSR signature via the Mobile Device Management portal Fleet manager /Admin 2 Access Mobile Device Management Interface 1 Generate the CSR on a computer running on Mac OS 3 4 Export and integration of signed certificate in Mobile Device Management 97
setup > ios certificate 1 CSR generation (Certificate Signing Request) on Mac OS: use a Mac OS computer. open the Access toolkit in Applications -> Utilities select the 'Certificates' Category. in the Access toolkit menu choose: Certification assistant -> Request a certificate from a certification authority' as shown in the image below a dialog box will open in which you must enter an email address and the and the Shared name, then select: Saved to disk you just need to save the file to your computer. you will have a file entitled CertificateSigningRequest.certSigningRequest continue without changing the key Bi information. 98
setup > ios certificate 2 signature of CSR via the Mobile Device Management interface: on the Mobile Device Management portal interface, access the 'setup -> ios certificate' menu and open the load a certificate signing request (CSR) click 'choose file' and choose the previously created CSR file from your computer then click the 'load' button 99
setup > ios certificate (continued) a pop-up window will indicate that loading has been successful. the file is then ready to be downloaded 100
setup > ios certificate (continued) 3 Apple signature: this means obtaining the signed CSR file from Apple. this step requires an Apple account, which is easy to create if you don't have one: https://appleid.apple.com/ return to the Mobile Device Management interface under 'setup -> ios certificate', open the 'load a certificate signing request certificate (CSR), and click 'download' you will obtain a PushCertWebRequest.plist to save (if the file contains the.txt extension, then manually change it to.plist ) 101
setup > ios certificate visit this site: https://identity.apple.com/pushcert/ to access your Apple account. once logged in, click the 'Create Certificate' button accept the legal information to move to the next step 102
setup > ios certificate download the PushCertWebRequest.plist file previously saved (if the file is in another format, change it to.plist) If you are using Safari or Google Chrome, you just have to click download and you will obtain a.pem file 103
setup > ios certificate if you are using another browser, you will first obtain a 'create' file to save. you must then log back on here: https://identity.apple.com/pushcert/, then click Download to obtain the.pem file 104
setup > ios certificate 4 export and integration of signed certificate in the Mobile Device Management portal double click on the certificate file obtained (.pem) to add it to the access toolkit the certificate must appear under Category -> Certificates scroll the certificate and the private key will appear right click on the private key then choose 'Export' as shown in the image below ( the file exported will be in.p12 format) 105
setup > ios certificate choose a strong password of both digits and letters, then save the certificate. return to the Device Management express interface in 'setup -> ios certificate, and open the load certificate tab upload the certificate obtained (.p12 file), from your computer to the portal, by clicking 'Choose file', and enter the password defined when creating the certificate, then click 'load' You will now have a signed and saved certificate which will enable you to manage your fleet of ios devices. 106
ios certificate guide (from a Windows 7 or Windows Server computer)
setup > ios certificate to obtain this certificate, four steps are necessary: 1. CSR generation (Certificate Signing Request) on Windows Server 2. CSR signature via the Mobile Device Management interface 3. Apple signature 4. signed certificate exported and integrated in Mobile Device Management CSR signature via the Mobile Device Management portal Fleet manager/ Admin 2 Access Mobile Device Management Interface 1 Generate the CSR via its Interface Windows Server 3 4 Signed certificated exported and integration in Mobile Device Management 108
setup > ios certificate (continued) 1 CSR generation (Certificate Signing Request) on Windows 7 or Windows Server: Select 'Start'-> Control panel -> Administrative tools -> Internet Information services (IIS) Manager. If this function is not available in your administrative tools, activate it in Windows functions by returning to 'Control panel -> Programs and functions then by choosing the 'Activate or deactivate Windows functions' menu top left You must tick the 'IIS manager MMC' and 'shared HTTP functions'. This will require restarting the computer. You will now see the 'Internet Information Services Manager' appear in the control panel administrative tools 109
setup > ios certificate (continued) 1 CSR generation (Certificate Signing Request) on Windows 7 or Windows Server: Select 'Start'-> Control panel -> Administrative tools -> Internet Information services (IIS) Manager. In the Internet Information Services (IIS) Manager, in the 'Connections' column on the left, click the server name In the window central tab, double-click 'Server certificates' 110
setup > ios certificate (continued) In the Actions column in the right panel, click 'Create a certificate request'. This will open the IIS Certificate assistant. Enter the following information in the window which opens: Shared name - The name of the person from whom the request originates (any name can be entered in this field). Organisation - Your Company's legal name. Organisational unit - The division of your organisation managing the certificate. Town / City - Your Company location. State / province - the state / county where your Company is located. Country / Region - the two letter ISO code for the country where your organisation is located. Click 'Next' Marketing 1 Cloud1 111
setup > ios certificate (continued) In the "Encryption services supplier properties" window, select: Encryption services supplier: Microsoft RSA (by default) Number of bits: 2048 (recommended) 112
setup > ios certificate (continued) Save the CSR file on the Desktop or any other location where you can find it easily. You will now have created a CSR request file and are ready to import it onto the Device Management express portal cal\testr1.6\ioscertificate_cloud1_preprod_osk\ioscertificat_cloud1.txt Cloud1 NB: with Windows 7 or Windows Server, the file saved will have a.txt extension; with Mac OS X, the extension will be.certsigningrequest. 113
setup > ios certificate 2 signature of CSR via the Mobile Device Management Interface; on the Mobile Device Management Interface, access the 'setup -> ios certificate' menu and open the load a certificate signing request (CSR) click 'Browse' and choose the previously createdcsr file from your computer click the 'load' button. 114
setup > ios certificate a pop-up window will indicate that loading has been successful. the file is then ready to be downloaded 115
3 setup > ios certificate Apple signature: this means obtaining the signed CSR file from Apple. this step requires an Apple account, which is easy to create if you don't have one: https://appleid.apple.com/ return to the Mobile Device Management Interface under 'setup -> ios certificate', open the shutter 'certificate for enterprise xxxx (example ftcloudi) and under upload signing request certificate (CSR), click on 'download' you will obtain a PushCertWebRequest.plist to save (if the file does not carry the extension.plist, manually change the extension) 116
setup > ios certificate visit this site: https://identity.apple.com/pushcert/ to access your Apple account. once logged in, click the 'Create Certificate' button accept the legal information to move to the next step 117
setup > ios certificate download the PushCertWebRequest.plist file previously saved (if the file is in another format, change it to.plist) If you are using Firefox or Google Chrome, you just have to click download and you will obtain a.pem file 118
setup > ios certificate if you are using another browser, you will obtain a 'create' file to save. you must then log back on here: https://identity.apple.com/pushcert/, then click Download to obtain the.pem file 119
setup > ios certificate 4 exporting the signed certificate and integration in the Mobile Device Management portal return to 'start'-> 'Control panel' -> Administrative tools -> Internet Information Services (IIS) Manager ; in the 'Connections' column, click the server name, then on the server home page at the centre of the screen, double-click Server certificates from the 'Actions' menu on the right, select 'Finish certificate request. this will open the Certificate request Assistant. 120
setup > ios certificate (continued) select the.pem file you have just downloaded from the identity.apple.com website. give it a user-friendly name click 'OK' to install the certificate on the server. The certificate should now appear under the 'Server certificates' section (see next page). 121
setup > ios certificate no you will have to export the certificate in order to load it onto the Mobile Device Management portal. right-click on the certificate you have just imported and select 'Export'. 122
setup > ios certificate save the file on your Desktop in.pfx format. When exporting the certificate, you will be asked to set a password. it is recommended you choose a strong password, made up of both digits and letters, then note it down before saving the certificate (you will be asked for the password on the Mobile Device Management portal). 123
setup > ios certificate return to the Mobile Device Management Interface in 'setup -> ios certificate, and open the load certificate tab upload the certificate obtained (.pfx file), from your computer to the portal, by clicking 'Browse', and enter the password defined when creating the certificate, then click 'load' You will now have a signed and saved certificate which will enable you to manage your fleet of ios devices. 124