Telstra Mobile Device Management (T MDM) Getting Started Guide Welcome Thank you for your interest in T MDM and Welcome! In this guide we will take you through the steps to enrolling your first device and we will show you some of the features of AirWatch. For more information please register for a free webinar at telstra.com/tmdm and we will provide you with a demonstration and answer your technical questions AirWatch gives you the ability to enrol and manage devices across the most popular operating systems: Android v4+ Apple Windows Phone 8 The AirWatch software allows you to: Remotely deploy configurations on your devices Remotely deploy mobile apps on your devices Enable policies to enforce automated actions on devices if they break compliance Generate detailed reports Deploy documents to devices (where you subscribe to Secure Content Locker) Telstra Mobile Device Management (T MDM) Page 1 of 20
Integration with Company Resources (Optional) The Enterprise Integration Service (EIS) and Secure Email Gateway (SEG) allow you to integrate with company resources. Users can enrol and manage devices using their existing Active Directory based authentication Configure devices with identity certificates from your Certificate Services, so they can securely connect to your network Quickly import your Active Directory hierarchy structure and associate company policies based on this corporate hierarchy (including automatically wiping company data if the user is no longer active) Prevent devices from connecting to company email unless they comply with company policies Distribute content and documents from file servers and Microsoft SharePoint Speak to your Telstra sales person or dealer who can arrange for an experienced technician to remotely install and configure software on your server for an additional fee (your server must meet the pre requisite hardware, software and connectivity requirements before a Telstra technician will install software). This server then acts as a secure proxy between our Mobile Device Management platform and your company resources as shown below Telstra Mobile Device Management (T MDM) Page 2 of 20
First Steps There are 5 steps involved to enrol your first device: 1. Generate and upload an Apple Push Notification Service (APNs) Certificate 2. Create a Location Group 3. Create a Profile 4. Create a Basic User 5. Enrol your first device We will guide you through each step one at a time. In this guide we will show you how to enrol an Apple device. OK, let s get started Telstra Mobile Device Management (T MDM) Page 3 of 20
Lesson 1 Apple Push Notification Service (APNs) Certificate Before you can manage Apple devices, you must generate and upload an APNs certificate. This is only required for Apple devices. Please visit the following webpage and view the video showing you how to create the APNs certificate http://www.air watch.com/resources/videos Lesson 2 Location Groups Purpose Location Groups allow you to group: devices users administrator settings We will start with Location Groups because they are used to simplify administration and define access to users. Location Groups can be nested allowing you to inherit settings or device policies or overridee them at any level. In this lesson you will find that Location groups allow you to control configurations, applications and content deployed to devices. Creating a new Location Group Navigate to Menu Location & Groups. Select a parent Location Group from the Location Group bar. The currently selected group is shown in bold, blue text. Telstra Mobile Device Management (T MDM) Page 4 of 20
Telstra Mobile Device Management (T MDM) Page 5 of 20
Select Add Child Location Group to open a new Location Group. You are required to fill in some details about this Location Group. There are 2 types of details: Unique Identifiers and General Information. The Unique Identifiers will allow you to referr to this Location Group by name or Group ID. The Group ID is important when we go to enrol our first device. Location Group Name The display name for the location group Group ID The activation code used to enrol into this location group General Informationn is specific information about the Location Group and is for internal use only. Location Group Type internal reference only Country The country you are in Locale This is used for format settings Check the Add Default Location box and fill in the required default location information: Internal Name the display name for this location group Display Name a unique name that is used internally to define this location group Status progress of this location group Location Type internal reference only Time zone used for the GPS timestamps Telstra Mobile Device Management (T MDM) Page 6 of 20
Click Save. GroupID In AirWatch each device will belong to a Location Group. The Location Group defines the applications, policies and content that device has access to. Later when you enrol a device, you will be asked for a GroupID. The GroupID is the Location Group the user will enrol into. The Location Group will determine which Profiles and Apps the user receives. You will type the GroupID into the device during the enrolment process. Telstra Mobile Device Management (T MDM) Page 7 of 20
Lesson 3 Profiles Purpose AirWatch uses profiles to remotely deploy Restrictions Configurations Accounts Settings Profiles are assigned based on Location Groups. There are many tabs in each profile, each tab is called a Payload. A payload could be an Exchange ActiveSync configuration, a restriction to YouTube, a VPN connection or a Wi Fi connection, etc. As a best practice, AirWatch recommends configuring a single payload per Profile to more easily troubleshoot and edit after deployment. We will now show you how to create a profile and configure some of the payloads. Telstra Mobile Device Management (T MDM) Page 8 of 20
Creating a new profile We will now create our first profile, in whichh we will cover the basicss of the first two payloads. Navigate to Menu Profiles. When creating a new Profile it is important to pay attention to the Location Group you are currently operating in, as this will becomee the new profile's Root Location Group. Confirm that the correct Root Location Group is selected in the left column. The Root Location Group determines: o o The access an Administrator needs to later edit the profile The Groups to whichh the profile can be assigned Click the Add button. Telstra Mobile Device Management (T MDM) Page 9 of 20
Select your device platform. In this example we will use Apple ios. The General tab is where you decide which devices will receive this profile. Telstra Mobile Device Management (T MDM) Page 10 of 20
An explanation of what each field is can found on this table: Name The name of the profile to be displayed in the Web Console. Description A brief description of what the profile does. This will be displayed on managed devices under Profile Details. Platform The platform to which this profile will be deployed (this field is pre populated based on the platform selected in the previous step). Profile support varies by platform, therefore platform choice will determine which types of profiles can be deployed. Deployment Managed will remove the profile when the device is unenrolled. Manual will leave the profile installed when the device is unenrolled. Assignment Type This determines how the profile is pushed out to devices. Auto Automatically push out the profile to all devices. Optional Manually push the profile to selected devices in the location groups selected in the assignments box. Minimum OS Enter the specific models and minimum operating systems to which the profile will be deployed. The profile will only be deployed to devices that meet the specified parameters. Model Only the device model specified will receive this profile Ownership Specifying a device ownership type (Corporate Dedicated, Corporate Shared, or Employee Owned) will limit deployment to only the devices that belong to the specified device ownership group. Distinguishing between corporate and employee owned devices allows for maximum privacy and protection. Importance/Sensitivity These are fields used within the Web Console only for additional details and profile filtering capabilities. They have no effect on how the profiles are deployed. Allow Removal A security parameter specifying what end users can do to remove the specific profile from their device: Always Users can remove the profile on their own without entering any authorization codes. With Authorization Users can remove the profile if they correctly enter an authorization code as created by a Web Console administrator. Console administrator. Never Users can not remove the profile unless the device is unenrolled from AirWatch management. Root Location Group The location group that administrators must be associated with in order to edit and delete this profile. If administrators manage higher location groups than the management group, then they will also have access to profile management by inheritance. Assigned Location The location groups (and all child location groups) that will be configured with this profile. Any devices that enroll into these groups or their child groups will receive the profile. Assigned User Group The additional user group(s) that will receive the profile in addition to the specified location groups (optional). Telstra Mobile Device Management (T MDM) Page 11 of 20
Configure a Passcode The Passcode tab is where you set the criteria for a passcode. An explanation of what each field is can found on this table: Require passcode on device Force user to set a passcode on the device. Allow simple value Allows simple password values (for example: 1111 or 1234 ). Alphanumeric character is required Requires passcode with letters and numbers Minimumm Passcode length Sets a minimumm required passcode length. Minimum passcode age (days) Sets the number of days until a password expires. Auto Lock (min) Sets timeout for the device to automatically lock and require a passcode for entry. Passcode history Sets the number of previous passwordss that cannot be reused. Grace period for device lock (min) Time period after device lock where passcode is not required for re entry. of failed passcode attempts before the device is Maximum number of failed attempts Number wiped. Feel freee to experiment with the other Payloads that are available. Telstra Mobile Device Management (T MDM) Page 12 of 20
Telstra Mobile Device Management (T MDM) Page 13 of 20
Managing your profiles After saving the Profile, you will now be back in your list of available Profiles. You may click the Actions Icon (shaped like a gear) to manage the Profile on your device. An explanation of what each field is can found on this table: Edit Copy View Devices Publish View XML Edit Assignment Delete Allows customization of an existing profile. Allows copying of an existing profile with a new profile name. Shows devices that are available for that profile and if the profile is installed currently. Pushes out the profile to devices that match the profile criteria. View the XML code sent over the air to devices describing the application or profile. Change the location groups to which the profile is assigned without re publishing the profile to every assigned user (only removes or adds the profile where applicable). Deletes the profile and removes it from devices. Telstra Mobile Device Management (T MDM) Page 14 of 20
Lesson 4 Create a basic user Purpose There are 2 types of users in AirWatch: Basic Users standard staff members who have devices Admin Users administrators who have access to the AirWatch console We will step you through the process of creating a Basic User, this is because it is a Basic User whom will enrol a device. Creating a new user A user can be associated to multiple devices, but each device can only be associated to one user. Users will be classified based on their Security Type, which dictates how that account will be authenticated. When creating a new User it is important to pay attention to the Location Group you are currently operating in, as this will becomee the new Users Root Location Group. Navigate to Menu User Accounts. Confirm that the correct Root Location Group is selected in the left column. Click the Add button. Telstra Mobile Device Management (T MDM) Page 15 of 20
On this page you are asked to type in the details for the user. An explanation of what each field is can found on this table: Security Type There are 4 methods of authenticating a user: 1. Basic the username and password is stored by AirWatch Location Group Username Password Email Address Phone Number Enable Device Staging Message Type User Role Category The remaining 3 methods require configuration into your company resources: 2. Directory Use the AD/LDAP credentials 3. Authentication Proxy Use of third party credential. 4. SAML A single sign on. Which location group this user will be assigned to. For Basic security only, the username the user will use to enrol a device. For Basic security only, the password the user will use to enrol a device. For receiving an email notification about how to enrol a device. For receiving an SMS notification about how to enrol a device. Allow this user to enrol multiple devices. Allows a message to be sent out to the user letting them know that the device can now be enrolled. Access level to the Self Service Portal. Assign users to a category, which has been defined by the admin user. Telstra Mobile Device Management (T MDM) Page 16 of 20
Click Save. Telstra Mobile Device Management (T MDM) Page 17 of 20
Lesson 5 Enrol your first device Purpose In this lesson we will get your first device enrolled and show general management capabilities. We strongly suggest you find a test device so you can follow along in the steps below. The goal of this Lesson is to show the enrolment process and how each device is associated to a user. Device enrolment can be thought of as a mutual handshake The user allowing the device to be managed, and The server allowing the device to receive configurations. To begin, we will need the following three pieces of information: Server URL https://enrol.telstra.com GroupID The location Group you created in Lesson 2. User Authentication The user you created in Lesson 4. The Profile you created in Lesson 3 will be downloaded and installed automatically. The Enrolment Process Download the AirWatch Agent On your device, open the Google Play Store, Apple App Store or Windows Phone Store and search for "AirWatch MDM Agent." Select the AirWatch Agent from the search results screen and install it onto your device. To enrol an Apple device 1. Enter the Server URL, https://enrol.telstra.com 2. Enter the GroupID you created in Lesson 2 earlier. 3. Enter the credentials of the User you created in Lesson 4 and press Enrol. You may be prompted to accept a Terms of Use. Accept the Apple Device Administrator screens Telstra Mobile Device Management (T MDM) Page 18 of 20
View the device in the dashboard The dashboard provides a summary for your devices. Now that your first device is enrolled you can use the Dashboard to monitor device data and perform administrative actions. To begin, navigate Menu Dashboard. You will see your device below the graphs. Telstra Mobile Device Management (T MDM) Page 19 of 20
To view details for a specific device, you can click on the Friendly Name of the Device. This panel will show you details like the Security state Current profiles Applications Certificates installed User information Congratulations! You have just enrolled your first device. For further information please register for a free webinar at telstra.com/tmdm Apple is a registered trade mark of Apple Inc registered in the US and other countries. Microsoft, Windows and SharePoint are registered trade marks of Microsoft Corporation. Android is a trade mark of Google Inc. and are trade marks and registered trade marks of Telstra Corporation Limited ABN 333 051 775 556. Telstra Mobile Device Management (T MDM) Page 20 of 20