Vodafone Secure Device Manager Administration User Guide

Vodafone Secure Device Manager Administration User Guide Vodafone New Zealand Limited. Correct as of September 2014. Do business better

Contents Introduction 3 Help 4 How to find help in the Vodafone Secure Device Manager console 4 Mobile Device Management structure 5 Creating organisation groups 6 Generating an APNs certificate 7 Why do you need an Apple APNs certificate? 7 Renewing an APNs certificate 8 Creating an administrator account 9 Creating user accounts 10 Configuring and deploying profiles 11 Enrolling devices 12 The enrolment process 12 Requirements If you would like to enroll Apple devices you will need an apple APN certificate, or Apple ID. Internet access supported browsers include: - Internet Explorer 8+ - Google Chrome 11 - Firefox 3.x - Safari 5.x If you have any questions, your first port of call is the Help section on page 4 of this user guide. For all other queries contact your Account Manager or call 888 from your mobile. Vodafone Secure Device Manager hub 13 Dashboard 14 Device detail 15 Email 16 Deploy email to your users 16 Reporting 17 Creating report subscriptions 17 Glossary of terms 18 Vodafone Secure Device Manager Administration User Guide Page 2

Introduction Get ready to work flexibly and securely. Vodafone Secure Device Manager provides a suite of services that deliver a costeffective and easy way to securely manage and control your company data on all devices wirelessly and from a simple web-based portal. Vodafone Secure Device Manager will also enable your team to work flexibly from anywhere and on any device. Vodafone Secure Device Manager is managed by Vodafone Group services and is powered by Airwatch, a global leader in mobile device management and security. Vodafone Secure Device Manager Administration User Guide Page 3

Help You have three options for administration support and assistance for VSDM: 1. Administrator training: The three hours of administrator training is important if you are taking VSDM in order to understand the basics of how to administer the product so you can take advantage of the extensive range of features and benefits. 2. VSDM Online Guide: Once you ve completed the training, the online guide should be your first port of call for any queries on VSDM. There are a number of guides available to help you navigate and familiarise yourself with the features within the product, as well as more detailed information if you are looking at how to integrate more of your services with VSDM. The online help is broken down into relevant sections so you can find what you need, and there s a search function so you can quickly find your answer. 3. Call us: If you can t find the answer you re looking for in the online guide, you can call 888 from your mobile or 0800 400 888 from your landline. This will open up the online guide where you can search for a topic, or view the array of administration guides available. How to find Help in the Vodafone Secure Device Manager console In the upper right hand corner of the console there is a Help link. Vodafone Secure Device Manager Administration User Guide Page 4

Mobile Device Management structure The VSDM console has the ability to provide a hierarchal structure. This means you are able to create a structure to meet the needs of your business. Should you decide to have a different set of policies to manage different parts of your organisation the console can support this. Below are some examples of how you might choose to create your structure within VSDM. Hierarchal structure Profiles are inherited Each container can also have its own set of profiles Customer APNs Root Level Administrator account Production Profile C Production Profiles Profiles at this level will apply to the entire production group Help desk administrator BYO Corp Owned Finance HR Profile C Department Profiles Profiles at this level will apply to this container Exec Team Test Profile C Test Profile s Any profiles created here can be contained in a text environment before being put into production Administrator User Vodafone Secure Device Manager Administration User Guide Page 5

Creating organisation groups Create an organisation group for each business entity where devices are deployed: 1. Navigate to Groups & Settings > Organisation Groups > Organisation Group Details. 2. Select Add Child Organisation Group. 3. Specify the name and Group ID for the new Organisation Group. Group IDs are used during enrolment to group devices to the appropriate Organisation Group. 4. Add region information and Save. Vodafone Secure Device Manager Administration User Guide Page 6

Generating an APNs certificate Administrators of ios devices must generate and upload an Apple Push Notification service (APNs) certificate in order to manage ios devices. VSDM helps ios administrators to quickly and easily complete this process by breaking it down into a few simple steps. What is an APNs Certificate? The Apple Push Notification service (APNs) is used to allow VSDM to securely communicate to the smart device fleet over-the-air. VSDM uses the APNs certificate to send notifications to devices when the Administrator requests information or during a defined monitoring schedule. No data is sent through the APNs server, only the notification. Why do you need an Apple APNs certificate? Apple requires each organisation to maintain their own certificate to ensure a secure mechanism for their corporate devices to communicate across Apple s push notification messaging network. To generate an APNs certificate, follow the simple steps outlined in the Getting Started Wizard: 1. Select the Yes radio button in the Apple MDM section of the Setup options in the Getting Started Wizard. Choose the newly presented Apple Certificate section to access the additional APNs options. 2. Download the linked Certificate Request file (MDM_APNsRequest.plist). 3. Navigate to the Apple Push Certificates Portal website and sign in using your corporate Apple ID and password. 4. Select Create a Certificate and accept Apple's EULA. 5. Select Choose File underneath the Create a New Push Certificate heading and select the saved CSR generated in Step Three. Once the CSR is uploaded, a new APNs Certificate is generated. Select Download to save the signed certificate. The signed certificate must be saved as a.pem file. 6. Return to the APNs creation page of the AirWatch Getting Started Wizard, upload the signed certificate (.pem file) downloaded from the Apple website. 7. Enter the Apple ID used in certificate generation. This will facilitate future APNs certificate renewal. 8. Click Next and save the updated APNs settings. You can now proceed with managing ios devices. Summary of steps: Generate MDM certificate in VSDM console Vodafone Secure Device Manager Administration User Guide Page 7

Generating an APNs certificate continued Renewing an APNs certificate The APNs certificate expires annually and must be renewed every year. Renewing your certificates will ensure you are able to communicate with and manage your ios devices. To regenerate your certificate, you need to: 1. Return to the APNs for MDM page by navigating to Devices > Settings > Device & Users > Apple > APNs for MDM. 2. Select the Renew option and right-click the.plist file to download the file to an accessible location. 3. Select the Go to Apple button and sign into the Apple Push Certificates Portal using the same Apple ID used to obtain the original signed certificate. Using an alternate Apple ID will not allow you to regenerate the proper certificate. 4. Select the Renew button corresponding to the certificate that is due to expire and upload the.plist file downloaded in step 2. 5. Click the Download button on the confirmation page and save the regenerated.pem file. 6. Return to the APNs for MDM page in the AirWatch Admin Console, upload the regenerated.pem file and enter the same Apple ID used to generate the certificate. Click Next and save the settings on the APNs for MDM page. Image below shows the relationship between VSDM, Apple and your ios device. Note: When generating or regenerating at a top-level Organization Group, set child groups to inherit or override settings. If you receive the error message "No APNs found at this location," ensure that your current Organization Group is inheriting the APNs certificate from the top-level Organization Group. Vodafone Secure Device Manager Administration User Guide Page 8

Creating an adminstrator account You will be given an administrator account to use when you sign up for VSDM. You may wish to create additional Administrator accounts for other people who will also be managing the VSDM console. You can also define specific administrator roles for your team. 1. Navigate to Accounts > Administrators > List View and select Add User. 2. Fill in all required fields on the Basic tab. Continue to the Roles tab, select Organisation Group followed by the Role you want to assign to the new admin. Add as many roles as you want to assign to the admin by using the Add Role button. 3. Choose Save to create the new Admin Account with every assigned role. Vodafone Secure Device Manager Administration User Guide Page 9

Creating user account A user account is required before enrolling a device. This is the process to follow to create end user accounts within the VSDM console. For other methods such as importing users from your Active Directory, or doing a bulk upload please refer to the VSDM online help. 1. Navigate to Accounts > Users > List View. 2. Select Add User from the Add menu. 3. Fill in required fields and choose Save. Vodafone Secure Device Manager Administration User Guide Page 10

Configuring and deploying profiles Profiles are used to help you manage and configure your devices. A profile may be used to support your mobile security policies by enforcing restrictions on a device. A profile may also be used to assist with your IT deployment by configuring services on a device. 1. Navigate to Menu > Profiles & Policies > Profiles, select Add and choose your appropriate platform. 2. Configure General deployment settings. While configuring General deployment settings, consider: Intended Recipients by Assigned Organisation Group or User Group. Intended Devices by make, model, OS and Ownership type. Delivery Model by automatic or optional assignment type. Permissions to allow or disallow removal. Access Constraints by Geo-fence Area or Time Schedule. 3. Select and configure your profile payload. Each payload contains unique settings and options depending on make, model and OS of the device you're configuring. 4. Choose Save or Save & Deploy. Selecting Save keeps the newly created profile in the list of available Profiles. Choosing Save & Deploy adds the profile to the list of Profiles as well as pushing the profile to all devices within the target Organisation Group. Vodafone Secure Device Manager Administration User Guide Page 11

Enrolling devices In order to manage devices via VSDM a device must first be enrolled. Enrolling a device, allows you to associate and authenticate the device against a user in the VSDM console. In order to enroll a device, the end user will need the following information: Enrolment URL this URL brings you to the enrolment screen. It is specific to your Organisation's enrolment environment (e.g. mdm-ds.vodafone.co.nz). Group ID this Group ID determines what MDM resources and features the end-user will have access to upon enrolment. User Credentials this username and password confirm the identity of a user to allow login, authentication an enrolment. The credentials may be the same as the network directory services credentials, or may be VSDM-specific credentials. The VSDM console will allow you to send an enrolment message to end users with this information to assist with enrolment. The enrolment process The enrolment process may differ slightly depending on device platform. You can find specific instructions for enrolling each type of device in the applicable Platform Guides within the help section of the VSDM console. You can look at the different enrolment options and how they affect device enrolment in the Enrolment Processes Guide within the help section. Note: As a prerequisite it is recommended that the AirWatch agent is installed on the device. The AirWatch agent is necessary to establish communication with the VSDM console. 1. Navigate to AWAgent.com from the native browser on the device that you are enrolling. AirWatch auto-detects if the AirWatch Agent is already installed and redirects to the appropriate mobile app store to download the Agent if needed. Note: Downloading the Agent from public application stores requires either an Apple ID or a Google Account. 2. Launch the AirWatch Agent upon download completion or return to your browser session to continue enrolment. 3. Enter your email address. AirWatch checks if your address has been previously added to the environment in which case you are already configured as an end user and your Organisation Group is already assigned. If AirWatch cannot identify you as a previously configured end user based on your email address, enter your Environment URL, Group ID and Credentials when prompted. 4. Follow all remaining prompts to finalise enrolment. Note: Each platform has slight variations in this process, so refer to each specific Platform Guide in the VSDM help section for more information. Vodafone Secure Device Manager Administration User Guide Page 12

Vodafone Secure Device Manager hub The VSDM Hub is a new feature of the platform and can provide you with a snapshot view of your devices. Click on one of the various graphs that display on the VSDM Hub to bring up a Device List View that is automatically filtered for whichever segment you selected. Send message actions can now be performed directly from the Device List View. In addition, a new Export to PDF option lets you quickly generate an at-a-glance report of your mobile device deployment for reporting purposes. Vodafone Secure Device Manager Administration User Guide Page 13

Dashboard The Device Dashboard displays updated data for compromised devices, passcode status, and device encryption. Vodafone Secure Device Manager Administration User Guide Page 14

Device detail Via the Dashboard you are able to remotely lock, wipe or enterprise wipe a managed device. Vodafone Secure Device Manager Administration User Guide Page 15

Email VSDM can be used to help you manage and configure email to your devices. By managing email via VSDM you have the ability to control access to your corporate email by removing the email profile. Requirements around email set up may vary depending on the devices in your organisation. Below is an extract from the online help on how to configure an email profile. Deploy email to your users You can integrate your email infrastructure in a few simple steps using the Mobile Email Management (MEM) configuration wizard. To configure: 1. Navigate to Email > Settings and then select Configure. 2. Select your email server type and the Exchange version and if prompted, the preferred deployment type and then choose Next. Note: For more information on the deployment methods, please see Protecting Your Email Infrastructure section. 3. Choose the deployment type and enter the details. If you choose the deployment type as SEG, then: - Enter a Friendly Name for this deployment. - Enter the SEG proxy server details. If you choose the deployment type as PowerShell, then: - Enter a Friendly Name for this deployment. - Enter the PowerShell server, authentication, and sync settings. If you choose the deployment type as SEG for Google Apps for Business then: - Enter a Friendly Name for this deployment. - Enter the Google App, authentication, and SEG proxy settings. 4. Create a template Exchange Active Sync profile for devices that you will manage using this MEM deployment. This template profile is not published to devices automatically. This needs to be done from the Profiles page. Alternatively, you can also choose to associate an existing profile to this deployment. This is mandatory if more than one MEM deployment is to be configured at a single organisation group. Select Next. Vodafone Secure Device Manager Administration User Guide Page 16

Reporting Subscribing to reports provides you with a regular update on the status of your mobile devices. To access the Reports page, navigate to Hub > Reports & Analytics > Reports > List View. From here, there are several key pieces of functionality that administrators can use to leverage VSDM reporting capabilities: Creating report subscriptions Report subscriptions can be used to send custom generated reports to specific recipients at a scheduled occurrence. To subscribe to a report: 1. Navigate to the Reports page at Hub > Reports & Analytics > Reports > List View. 2. Select a pre-defined report template from the list and then from the Actions icon on the right click the Subscribe button. 3. Complete the Report Subscriptions Form with all required information. General Information The name of the subscription, the email subject, etc. Report Parameters The parameters defining the scope and options of the report. Distribution List The recipients who will receive the custom report whenever the subscription is executed. Execution Schedule The time and schedule at which the custom report is generated. 4. Select Save. Vodafone Secure Device Manager Administration User Guide Page 17

Glossary of terms Term / Abbreviation Description APNs Apple Push Notification service Console The web based system through which devices are managed Device Any mobile or fixed hardware that connects to a wireless network, including personal computers, mobile computers, mobile RF scanners, printers Enrolment url The url needed to enroll a device in the VSDM Basic console EULA End user Licence Agreement GPS Global Positioning System HTTP Hypertext Transfer Protocol HTTPS Hypertext Transfer Protocol Secure IM Instant Messaging IMAP4 Internet Message Access Protocol 4 IP Internet Protocol OS Operating System POP3 Post Office Protocol 3 Profile A group of device configuration settings that are configured in the console and delivered to the device Role Defines the access role of a VSDM user including the ability to restrict or grant access to specific functionality within the console SIM Subscriber Identity Module SME Small Medium enterprise SMS Short Message Service SMTP Single Mail Transfer Protocol URL Uniform Resource Locator VSDM Vodafone Secure Device Manager Wi-Fi Wireless Fidelity Vodafone Secure Device Manager Administration User Guide Page 18