for System Center Manager DEVICE MANAGEMENT EXTENSIONS 2011 www.odysseysoftware.com
Athena for System Center Manager Document Information Date: 4/13/2011 2011, All Rights reserved. Athena is a trademark of Microsoft, SQL Server, and Internet Explorer are registered trademarks of Microsoft, Inc. in the United States and other countries. RIM and BlackBerry are registered trademarks of Research In Motion Limited in the United States and may be pending or registered in other countries. Apple, Mac OS, iphone, and ipad are registered trademarks of Apple Inc., registered in the United States and other countries. Android is a trademark of Google Inc. Nokia is a registered trademark of Nokia Corporation. Other product or service names may be trademarks or registered trademarks of their respective owners. This document contains material that is proprietary of and is protected by copyright. Copying, reproducing, or disclosure of this document, or any part of this document is prohibited without the written permission of Odyssey Software, Inc. shall not be held liable for technical or editorial errors, or for any consequential or incidental damages caused or allegedly caused by information contained in this document. For specific information on the software or our packages, please contact us at support@odysseysoftware.com. Page ii
Athena for System Center Manager Table of Contents Introduction... 5 Athena License Migration Program... 5 Summary of Athena Benefits for IT Professionals... 6 Athena and Manager Architecture... 7 Native Manager Device Management Capabilities... 8 Manager 2007... 8 Manager 2012... 8 Summary of Athena... 9 Athena Extensions to Manager... 11 Management Console Extensions... 11 On-device Agent... 11 Device Management... 12 Windows Embedded CE and Windows Mobile Devices... 12 BlackBerry Smartphones... 15 ios (iphone/ipad), Android and Windows Phone 7 Devices... 16 Management of Nokia Mail for Exchange, HP webos and other Exchange ActiveSync-enabled devices... 18 Detailed review of Athena... 19 Appendix A Policies... i ios Policies... i Accounts... i Policies... i Restrictions... ii Other settings... ii Android 2.2 Policies... iii Windows Phone 7 Policies... iv Page iii
Athena for System Center Manager This page intentionally left blank Page iv
Athena for System Center Manager Introduction Odyssey Software s Athena mobile device management product is designed to extend and complement the native device management capabilities of the Microsoft System Center Manager platform. Unlike other device management products, which require their own proprietary servers and consoles, Athena uniquely integrates seamlessly into the native infrastructure of Manager without the need for additional Athena servers or consoles. Athena's architectural advantage enables organizations to leverage their existing strategic investment in Manager to also provide comprehensive management of mobile devices. The purpose of this document is to provide an overview of how Athena integrates into the Manager platform and to outline the device management features that Athena adds to the Manager platform. In addition to integrating into the current System Center Manager 2007 platform, Odyssey Software is a launch partner for Microsoft s forthcoming System Center Manager 2012 release. Athena s approach for integration with Manager 2012, and value proposition for management of Windows Mobile, Android, ios, Windows Phone 7, BlackBerry and Windows Embedded CE devices is comparable to the Athena integration and value-add for the Manager 2007 platform. The device management feature matrices in this document provide details about the value-add of Athena to both Microsoft platforms. Please note that this document does include information about the forthcoming Athena device management agent for Windows Phone 7, which Odyssey Software plans to release in Q3 2011. Athena agents for Windows Mobile, Android, ios, BlackBerry and Windows Embedded CE have been introduced and/or are released. Athena License Migration Program The Athena license migration program for System Center Manager enables customers enrolled in Odyssey Software s Support and Maintenance program to easily transfer their Athena licenses between Manager 2007 and Manager 2012 without any additional licensing cost. Odyssey Software s license migration program is designed to complement its commitment to ensuring successful technical customer migrations for Athena between these two Microsoft enterprise management platforms. Protect your investment in Athena as you migrate from Manager 2007 to Manager 2012 by including Odyssey Software s Support and Maintenance program with your purchase of Athena licenses. Page 5 of 40
Athena for System Center Manager Summary of Athena Benefits for IT Professionals Leverages your organization s investment in Manager Fast, low-cost deployment by utilizing existing management platform infrastructure. No additional server hardware or proprietary server software required. Athena-enabled functions extend and complement the native device management capabilities of Manager. Familiar console navigation provides savings in Help Desk and training costs. Non-impactful to device and network resources Ultra-low impact on mobile device performance and battery life. Uses bandwidth efficiently. Never interferes with business operations sharing the network. Nominal impact on metered wireless plans. Addresses real-world management needs of mobile device users Enables increased efficiencies through fast, uniform distribution of applications and updates to mobile workforce. Improves device-user productivity through decreased downtime. Decreases costs through the ability to quickly and efficiently troubleshoot and solve issues remotely for Windows Mobile, BlackBerry smartphones, and Windows Embedded CE devices. Helps achieve first-time resolution to problems. Page 6 of 40
Athena for System Center Manager Athena and Manager Architecture The Athena device management extensions for Manager consist of on-device Athena agents for Windows Mobile, ios (iphone/ipad), Android, and BlackBerry smartphones as well as Windows Embedded CE devices, management console extensions, the Athena Tunnel Service, and PowerShell extensions from Manager 2007 to Exchange 2007 or 2010. The extensions enable core device management support functions for Exchange ActiveSync-enabled mobile devices platforms that do not yet have an Odyssey Software developed agent such as Nokia Mail for Exchange and HP webos devices. Manager 2012 includes access to Exchange for setting Exchange ActiveSync policies and collecting core device information. The following diagram shows the integrated Athena/ Manager architecture. Page 7 of 40
Athena for System Center Manager Native Manager Device Management Capabilities Manager 2007 Manager 2007 provides the following core device management capabilities for Windows Embedded CE and Windows Mobile devices: Device discovery. Provisioning of device software and settings. Inventory of core device information. Retrieval of files and file information. Manager 2012 Microsoft is incorporating additional features for Windows Mobile 6.1 and 6.5 devices for inclusion in Manager 2012, which have been migrated from the System Center Mobile Device Manager 2008 platform. The following functions are included: Device policy management. Application allow/deny. Encryption of data at rest on the device or memory card. Device lock/wipe. OTA bootstrapping and software deployment. Manager 2012 also enables remote administration of Exchange ActiveSync policies to devices that support these Exchange ActiveSync policies. Page 8 of 40
Athena for System Center Manager Summary of Athena The following tables summarize the core platform and value-added device management features enabled by the Athena device management extensions for Windows Mobile, Windows Embedded CE, Android, ios (iphone/ipad), Windows Phone 7, and BlackBerry smartphones for the Manager 2007 and 2012 platforms. Table 1. Summary of core and Athena-enabled device management capabilities for the Manager 2007 platform Core and extended mobile device management features for System Center Manager 2007 Device Management Category Reporting Provisioning Software distribution Wipe & Lock Remote Assistance Mobile Library Mobile Device Management and Security Capabilities Windows CE Windows Mobile Windows Phone ios Android BlackBerry Symbian Other Exchange ActiveSync Enabled Devices (e.g HP WebOs) Report core device information (e.g. device type and device OS) Core+ Core+ Athena Athena Athena Athena Athena Athena Reporting of detailed device hardware, software and health information Athena Athena Athena Athena Athena Athena N/A N/A Reporting of device location information Athena Athena Athena Athena Athena Roadmap N/A N/A Reporting of device OS tampering (e.g. jailbreak, rooting) N/A N/A N/A Athena Athena N/A N/A N/A Provision device policy settings through Exchange Active Sync N/A Athena Athena Athena Athena N/A Athena Athena Provision core device policy settings through device agent Athena Core+ N/A Athena Athena Roadmap N/A N/A Provision advanced device settings through device agent (e.g. device accounts and restrictions) Athena Athena N/A Athena N/A Roadmap N/A N/A Automated provisioning of files and applications Core+ Core+ N/A N/A N/A N/A N/A N/A Automated detection and repair of corrupt/missing files and missing applications Athena Athena N/A N/A N/A N/A N/A N/A Full Remote device wipe through Exchange N/A Athena Athena Athena Athena N/A Athena Athena Full or selective device wipe based on policy, device state, or on-demand through device agent Athena Athena N/A N/A N/A N/A N/A N/A Selective device wipe (Files or Folders [WinCE/WinMo], PIM data [ios]) Athena Athena N/A Athena N/A N/A N/A N/A Remote device lock Athena Athena N/A Athena Athena Roadmap N/A N/A Remote Control Athena Athena N/A N/A N/A Athena N/A N/A Live access to device subsystems Athena Athena N/A N/A Athena Athena N/A N/A Enterprise Mobile Library for self-service distribution of in-house applications, files, video, etc. N/A N/A Athena Athena Athena Roadmap N/A N/A Leverage mobile platform's push notification service to alert device users of new mobile library content N/A N/A Athena Athena Athena N/A N/A N/A Key: Core = Core feature included with System Center Manager 2007 Core+ = Core feature included with System Center Manager 2007 with additional features available through Athena device management extensions Athena = Extended feature enabled by Athena device management extensions to System Center Manager 2007 Roadmap = Planned near-term roadmap feature for Athena device management extensions to System Center Manager 2007 N/A = not available Page 9 of 40
Athena for System Center Manager Table 2. Summary of core and Athena-enabled device management capabilities for the Manager 2012 platform Core and extended mobile device management features for System Center Manager 2012 Device Management Category Reporting Provisioning Software distribution Wipe & Lock Remote Assistance Mobile Library Mobile Device Management and Security Capabilities Windows CE Windows Mobile Windows Phone ios Android BlackBerry Symbian Other Exchange ActiveSync Enabled Devices (e.g HP WebOs) Report core device information (e.g. device type and device OS) Core+ Core+ Core+ Core+ Core+ Athena Core Core Reporting of detailed device hardware, software and health information Athena Athena Athena Athena Athena Athena N/A N/A Reporting of device location information Athena Athena Athena Athena Athena Roadmap N/A N/A Reporting of device OS tampering (e.g. jailbreak, rooting) N/A N/A N/A Athena Athena N/A N/A N/A Provision device policy settings through Exchange Active Sync N/A Core Core Core Core N/A Core Core Provision core device policy settings through device agent Athena Core N/A Athena Athena Roadmap N/A N/A Provision advanced device settings through device agent (e.g. device accounts and restrictions) Athena Core N/A Athena N/A Roadmap N/A N/A Automated provisioning of files and applications Core Core N/A N/A N/A N/A N/A N/A Automated detection and repair of corrupt/missing files and missing applications Athena Athena N/A N/A N/A N/A N/A N/A Full Remote device wipe through Exchange N/A Core Core Core Core N/A Core Core Full or selective device wipe based on policy, device state, or on-demand through device agent Athena Athena N/A N/A N/A N/A N/A N/A Selective device wipe (Files or Folders [WinCE/WinMo], PIM data [ios]) Athena Athena N/A Athena N/A N/A N/A N/A Remote device lock Athena Athena N/A Athena Athena Roadmap N/A N/A Remote Control Athena Athena N/A N/A N/A Athena N/A N/A Live access to device subsystems Athena Athena N/A N/A Athena Athena N/A N/A Enterprise Mobile Library for self-service distribution of in-house applications, files, video, etc. N/A N/A Athena Athena Athena Roadmap N/A N/A Leverage mobile platform's push notification service to alert device users of new mobile library content N/A N/A Athena Athena Athena N/A N/A N/A Key: Core = Core feature included with System Center Manager 2012 platform Core+ = Core feature included with System Center Manager 2012 platform with additional features available through Athena device management extensions Athena = Extended feature enabled by Athena device management extensions to System Center Manager 2012 Roadmap = Planned near-term roadmap feature for Athena device management extensions to System Center Manager 2012 N/A = not available Page 10 of 40
Athena for System Center Manager Athena Extensions to Manager The two primary components of the Athena device management extensions are management console extensions and an on-device agent. Management Console Extensions Management console extensions allow all Athena-enabled device management capabilities to appear in the native Manager Administrator console as a single pane of glass. Athena s management console extensions are constructed with navigation similar to the Manager native user interface, minimizing training required to start using the Athena device management features. The console extensions supplement the scalability, security, and reliability of Manager. On-device Agent The Athena on-device agent is architected as an extensible engine, which contains individual plug-ins (service modules) that power Athena s device management functions. Athena device management is designed for very low impact on device performance and battery life. All of Athena s device management capabilities are optimized for operation over any IP-based wired or wireless network including wireless wide area networks (WWAN) and wireless local area networks (WLAN). The Athena agent transmits collected data to Manager by calling.net web services that are installed on the Management Point server. These.NET web services call the native Manager Management Point API to post device discovery, device hardware/software inventory, and health status to Manager s SQL Server database. Page 11 of 40
Athena for System Center Manager Device Management The Athena device management capabilities provide additional functionality and expand the native device management capabilities of Manager. Windows Embedded CE and Windows Mobile Devices The Athena agent can be deployed to Windows Mobile and Windows Embedded CE-based devices through a wide variety of methods. Some methods include browsing with the device to a secure portal to download and install the Athena agent over-the-air, delivering and installing the Athena agent using the native Manager mobile client, or installing the Athena agent from a device memory card. Once the Athena agent is installed and running on a device, it will be automatically discovered by Manager and the device will appear in the applicable Manager collection(s). Athena Tunnel Service The Athena Tunnel Service is a client-initiated SSL tunnel with 2-way certificate-based authentication. The Athena Tunnel Service provides a secure path to connect to a mobile device and establish a live remote session. A session can be established across inherently private network connections such as GSM. Inventory and Status The on-device Athena agent periodically performs tasks such as collecting device hardware inventory, software inventory, network information and health status. The Athena agent also checks for available software distribution updates. Page 12 of 40
Athena for System Center Manager Athena Device Explorer The Athena Device Explorer extensions to the Manager administrator console access data stored in SQL Server to provide a comprehensive view of device hardware, software, and health information. The Athena Device Explorer also serves as the launch point for a live remote control/remote tools session for immediate diagnosis, troubleshooting, and repair of a connected mobile device. Athena Device Explorer with Windows Mobile device ( Manager 2007) Page 13 of 40
Athena for System Center Manager Athena Package Creation and Distribution For software, settings, and application distribution, Athena provides wizardbased tools for package creation and distribution that are integrated into the Manager administrator console. Native Manager collections are leveraged to target packages for distribution, and the packages are staged on Manager s native distribution points for on-demand or scheduled pickup by a mobile device. Athena Device Software Package Wizard ( Manager 2007) Athena Distribution Wizard ( Manager 2007) Page 14 of 40
Athena for System Center Manager BlackBerry Smartphones Management of BlackBerry smartphones with the Athena device management extensions to Manager is designed to enhance the native device management capabilities of both Manager and the BlackBerry Enterprise Server. Athena s key device management functions for BlackBerry smartphones are remote control/remote tools and hardware/software/health reporting. Management of BlackBerry smartphones is identical to Athena s management of Windows Mobile and Windows Embedded CE-based devices with the following exceptions: The on-device Athena agent is deployed to BlackBerry smartphones by browsing to a secure portal to download and install the Athena agent over-the-air, or by the BlackBerry Enterprise Server deploying and installing the Athena agent on a BlackBerry smartphone. Software, settings, and application distribution to BlackBerry smartphones is accomplished through the native functions of the BlackBerry Enterprise Server. Athena Device Explorer with BlackBerry smartphone ( Manager 2007) Page 15 of 40
Athena for System Center Manager ios (iphone/ipad), Android and Windows Phone 7 Devices The Athena agent for ios, Android or Windows Phone 7 devices is downloaded by the device user from the Apple App Store, Android Marketplace, or Windows Phone 7 Marketplace. User input of credentials automatically initiates device management. Athena reports extended device hardware, software, and health information to Manager including installed applications, policies, memory, battery, and network information. Athena also detects and reports whether an ios device is jailbroken, and whether rooting has been done on an Android device. Athena Device Explorer with ipad ( Manager 2007) Administrators can use this information to determine if a device is compliant and whether action should be taken to notify the device user or whether specific policies should be distributed to the device. Athena also periodically updates this information to the Manager database. This prevents jailbreaking ios devices or rooting Android devices after enrollment without detection. Unique enterprise and device certificates used for authentication to corporate services are automatically provisioned to ios and Android devices using the Simple Certificate Enrollment Protocol (SCEP). Users can choose to have Athena periodically report the device s current location to Manager. A breadcrumb trail of past locations is also maintained in the Manager database. Page 16 of 40
Athena for System Center Manager Athena enables a lock or wipe command to be issued directly from Manager to a remote ios, Android, or Windows Phone 7 device. A selective wipe of PIM data (e-mail account and associated contacts, calendar, e-mails, etc.) can also be invoked on ios devices. For ios and Android devices, the Athena device management extensions include the Mobile Enterprise Library repository where enterprise resources such as applications, files, videos, links to other corporate resources, etc. can be stored for access by users. The Apple, Android, or Windows Phone 7 push notification services are used to alert users about the availability of new resources in the Mobile Enterprise Library or alert for other required device actions. Athena Mobile Enterprise Library Manager ( Manager 2007) The Athena device management extensions enable an administrator to specify and invoke an extensive set of ios, Android, or Windows Phone 7 policies directly from the Manager console. A summary of supported policies for these devices is included in Appendix A Policies. Page 17 of 40
Athena for System Center Manager Athena ios Policy ( Manager 2007) Management of Nokia Mail for Exchange, HP webos and other Exchange ActiveSync-enabled devices Odyssey Software has developed PowerShell extensions for Manager 2007, which enables Exchange ActiveSync policies to be specified and invoked on collections of Exchange ActiveSync-enabled devices from the Manager console to Exchange 2007/2010. Example Exchange ActiveSync mobile platforms include Nokia Mail for Exchange, and HP webosbased devices. Core device information natively collected by Exchange is also reported through these extensions to the Manager 2007 database. The Manager 2012 platform will natively include administration of Exchange ActiveSync policies to device platforms that support Exchange ActiveSync policies from the Manager console. Page 18 of 40
Athena for System Center Manager Detailed review of Athena The following tables provide more detailed information about the value-added device management features enabled by the Athena device management extensions for Windows Mobile, Windows Embedded CE, Android, ios (iphone/ipad), Windows Phone 7, and BlackBerry smartphones to the Manager 2007 and 2012 platforms. Table 3. Supported Mobile Device Platforms using On-device Client/Agent or Extensions from Manager to Exchange ActiveSync Supported mobile devices utilizing on-device client/agent Remote administration of Exchange ActiveSync policies from the Manager console Native Manager 2007 Capability Windows Embedded CE 4.2, Windows Embedded CE 5.0 Pocket PC 2003, Windows Mobile 5, Windows Mobile 6 - Native Manager 2012 Capability Windows Embedded CE 5.0 Windows Mobile 5, Windows Mobile 6.x Windows Mobile 5 Windows Mobile 6.x, Windows Phone 7, ios (iphone and ipad), Nokia Mail for Exchange, HP webos, Android 2.2+ devices Athena-enabled Extensions for Manager 2007 and Manager 2012 Windows Embedded CE 3.0 and newer, Pocket PC, Pocket PC 2002, Pocket PC 2003, Windows Mobile 5, Windows Mobile 6 and newer, Win32 including Windows XP Embedded, Windows Phone 7, Apple ios 4.2 and newer (iphone and ipad), Google Android 2.2 and newer, BlackBerry 4.3 and newer. Nokia Mail for Exchange and HP webos devices. Note: Athena extensions from Manager to Exchange are used only with Manager 2007 as Manager 2012 includes remote administration of Exchange ActiveSync policies. Page 19 of 40
Athena for System Center Manager Table 4. Detailed Table of Extended Capabilities enabled by Athena for Windows Mobile and Windows Embedded CE-based Devices KEY - = set not available = Core feature set available + = Enhanced feature set available Mobile Platform Windows Mobile and Windows Embedded CE Manager 2007 Mobile Device Client Manager 2012 Mobile Device Client Athena-enabled extensions for Manager 2007 and Manager 2012 Bootstrap + Athena s on-device agent can be downloaded and automatically installed using Pocket Internet Explorer to browse to a web location hosted within the Manager infrastructure. Athena can also automatically provision predefined applications, files, and settings to the device during the bootstrapping operation. Device Discovery + The Athena agent can replace or be Over-the-air deployment of device software and settings + WLAN and WWAN + WLAN and WWAN co-resident with the native or Manager client. The Athena agent replicates all of the native agent functionality including device discovery. + WLAN and WWAN plus compression. Athena Pack Device Provisioning Page 20 of 40
Athena for System Center Manager Mobile Platform Windows Mobile and Windows Embedded CE Wizard-based tools to create and target packages to logical groups of devices. Updates are targeted to native Manager device collections Automatic detection and repair of corrupt or missing device files and applications (self-healing) Automatic removal of files, or applications per a pre-determined schedule Automatic updating of applications that are currently running Manager 2007 Mobile Device Client Manager 2012 Mobile Device Client Athena-enabled extensions for Manager 2007 and Manager 2012 - - + Athena can automatically detect and repair incorrect, corrupt, or missing device files and applications. Athena is ideal to set and maintain desired device configuration management. - - + In addition to automatically taking actions to remove files or applications at a pre-determined date and time, Athena also includes removal metrics that are used to validate and report that the file or application has been successfully removed from the device. - - + Athena can automatically terminate a running application so that it can be updated, and then automatically launch the application when the update is complete. Athena Pack Device Provisioning Page 21 of 40
Athena for System Center Manager Mobile Platform Windows Mobile and Windows Embedded CE Automatic updating of common runtimes (e.g..net Compact Framework and SQL Server Mobile) Unattended (silent) software installation Check for updates ondemand or on a pre-defined schedule Report status and details of provisioning history Manager 2007 Mobile Device Client Manager 2012 Mobile Device Client Athena-enabled extensions for Manager 2007 and Manager 2012 - - + Athena automatically detects all applications utilizing common runtimes and terminates these applications for update. - - + Athena software and settings update packages can be configured for notification and/or acceptance by the device user, or for silent, unattended installation. + Athena can be configured to check for updates periodically or on-demand, plus Athena can automatically wake a sleeping device to check for updates. Updates can be designated as critical. Critical updates are processed ASAP rather than using a pre-defined schedule. + Athena provides a rich set of detailed information about the current status and history of updates provisioned to a device including detailed error messages. Athena Pack Device Provisioning Page 22 of 40
Athena for System Center Manager Mobile Platform Manager 2007 Mobile Device Client Manager 2012 Mobile Device Client Athena-enabled extensions for Manager 2007 and Manager 2012 Device hardware inventory + Athena provides extended device hardware details. Athena Pack Windows Mobile and Windows Embedded CE Device software inventory Device health information Device network information Device/network performance information Custom reporting of device information + Retrieve selected device files Provides basic battery and memory levels Provides basic device MAC and IP address information + Retrieve selected device files and version information Provides basic battery and memory levels Provides basic device MAC and IP address information + Athena provides detailed file version and attribute information utilizing a pattern-based file inventory scan. + Athena provides status for extended battery, memory, and running processes on the device. + Athena collects extensive information about all of the device s network adapters including wired, WWAN and WLAN adapters. - - + Athena provides graphical reporting of device memory, device power, network packet traffic, and wireless signal strength. + Extended information collected by Athena is available in the database of the reporting tool. An extended set of predefined device reporting templates is available with Athena. Asset Reporting Page 23 of 40
Athena for System Center Manager Mobile Platform Manager 2007 Mobile Device Client Manager 2012 Mobile Device Client Athena-enabled extensions for Manager 2007 and Manager 2012 Remote Control - - + Athena s remote control functionality is Athena Pack Windows Mobile and Windows Embedded CE Remote access to device file system optimized for operation across low bandwidth, congested, high latency networks. Up to eight helpdesk personnel can concurrently remote control the same device. This feature simplifies collaboration in diagnosing and repairing problems with remote devices. Video and macro recording are also available. - - + Athena provides live, interactive access to the device s file system enabling files to be copied, deleted, renamed, moved, and imported to/exported from the device in real time. Remote access to device registry - - + Athena provides live, interactive access to the device s registry enabling sophisticated registry searches, and registry keys to be copied, deleted, renamed, moved, modified and imported to/exported from the device in real time. Remote access to system level functions Remote access functions are operational over all wired and wireless IPbased connections - - + Athena provides live, interactive access to system level functions such as installing/uninstalling applications, start/stop device processes, and warm/cold device resets. - - + Athena includes the Athena Tunnel Service, which provides a secure, robust device-initiated HTTPS communications link. The Athena Tunnel Service enables Athena s Interactive Support functions to operate across all wired, wireless, or cradled connections. Interactive Support Page 24 of 40
Athena for System Center Manager Mobile Platform Windows Mobile and Windows Embedded CE Current and historical device location information Manager 2007 Mobile Device Client Manager 2012 Mobile Device Client Athena-enabled extensions for Manager 2007 and Manager 2012 - - + Provides detailed status about a device s GPS module and satellite association information. - - + Offers remote access to current location of a device and historical (bread crumb) location information. - - + Positional history can be collected based upon pre-determined distance changes and/or time intervals. Device lock and - - + Lock/wipe progression is fully configurable wipe including sequence from locking with power-on password to administrator password to wipe of specific registry keys/files/folders/storage cards, to a complete device wipe. - - + Configurable device screens and/or audio files can automatically be played on the locked device. - - + Lock actions survive a device reset. - - + Lock/wipe actions can be initiated by an IT administrator remotely on-demand, or automatically though a prescribed set of configurable out-of-band conditions. - - + Phone operation can be permitted while a device is locked. Athena Pack Positioning Security Essentials Page 25 of 40
Athena for System Center Manager Mobile Platform Windows Mobile Provides detailed phone status, utilization and messaging information Manager 2007 Mobile Device Client Manager 2012 Mobile Device Client Athena-enabled extensions for Manager 2007 and Manager 2012 - - + Remotely access detailed information about a device s phone status, WWAN signal strength, cell tower association, and carrier information. - - + Provides information and statistics on incoming, outgoing, missed and dropped calls. - - +Provides a summary of sent/received e-mail, SMS and MMS messages. Athena Pack Phone Motorola/Symbol devices Windows Mobile and Windows Embedded CE-based devices only Barcode Scanning and Smart Battery information for Symbol/ Motorola devices - - + Manage integrated bar code scanners in most Symbol/Motorola Windows Mobile and Windows Embedded CE-based devices. - - + Configure, enable, and disable scanner features. - - + Monitor scan statistics and raw input data. - - + View and log smart battery information such as serial number, date of manufacture, and charge cycles. Barcode Scanning and Smart Battery Page 26 of 40
Athena for System Center Manager Table 5. Extended Device Management Capabilities enabled by Athena for ios, Android, Windows Phone 7, and BlackBerry Smartphones Key: - = set not available = Core feature set available + = Enhanced feature set available Mobile Platform Native Manager 2007 capability Native Manager 2012 capability Athena-enabled extensions for Manager 2007 and Manager 2012 ios 4.x and newer (iphone/ipad) Simplified Enrollment with Active Directory Integration Extended hardware and software inventory N/A as there is no native Manager client for ios. N/A as there is no native Manager client for ios. + Device user downloads Athena agent from Apple App Store, inputs credentials (username, password and domain) to automatically bring the device under management. - - + Upon enrollment, Athena reports extended hardware and software inventory including installed applications, policies, memory, battery, and network information. Administrators can use this information to determine if a device is compliant (e.g. a required password policy is in force on the device) and whether action should be taken to notify the device user or whether specific policies should be distributed to the device. Athena also periodically reports this information to the Manager database. Page 27 of 40
Athena for System Center Manager Mobile Platform Native Manager 2007 capability Native Manager 2012 capability Athena-enabled extensions for Manager 2007 and Manager 2012 ios 4.x and newer (iphone/ipad) Jailbreak detection and reporting Automatic provisioning of certificates - - + Upon enrollment, Athena detects and reports whether a device is jailbroken. Administrators can use this information to determine if a device is compliant (e.g. jailbroken devices are not allowed to access enterprise resources) and whether action should be taken to notify the device user, or whether specific policies should be distributed to the device. Athena also periodically reports this information to the Manager database so that devices cannot be jailbroken without detection. - - + Upon enrollment, unique enterprise and device certificates are automatically provisioned to the device using the Simple Certificate Enrollment Protocol (SCEP). These certificates are used for authentication to corporate services. Zero-touch management - - + Updates such as hardware and software inventory, and jailbreak status are reported by Athena to Manager without user intervention. Find my phone and location history - - + Device users can choose to allow Athena to periodically report the device s current location to Manager. A breadcrumb trail of past locations is maintained in the Manager database. Page 28 of 40
Athena for System Center Manager Mobile Platform Native Manager 2007 capability Native Manager 2012 capability Athena-enabled extensions for Manager 2007 and Manager 2012 ios 4.x and newer (iphone/ipad) Remote lock and wipe full or selective Self-service software distribution via Enterprise Mobile Library - Full remote wipe action can be implemented through Exchange ActiveSync from the Manager console. + Athena enables a device lock or wipe command to be issued directly from Manager to a remote device. In addition, a selective wipe of PIM data (e-mail account and associated contacts, calendar, e-mails, etc.) can also be invoked (no Exchange ActiveSync required). - - + Included with the Athena device management extensions is an Enterprise Mobile Library repository where enterprise resources such as applications, files, videos, links to other corporate resources, etc. can be stored for access by device users. Utilizes push notifications - - + The Apple push notification service is used to alert device users about the availability of new resources in the Enterprise App Store or other required device user actions. Page 29 of 40
Athena for System Center Manager Mobile Platform Native Manager 2007 capability Native Manager 2012 capability Athena-enabled extensions for Manager 2007 and Manager 2012 ios 4.x and newer (iphone/ipad) Android 2.2 and newer Specify and invoke all native ios policies Simplified Enrollment with Active Directory Integration Extended hardware and software inventory - Supported Exchange ActiveSync policies can be specified and deployed from the Manager N/A as there is no native Manager client for Android. console. N/A as there is no native Manager client for Android. + Athena leverages the native ios 4 MDM API which enables an administrator to specify and invoke the native ios policies directly from the Manager console (no Exchange ActiveSync required). Note: A summary of supported ios policies in is included in Appendix A ios Policies. + Device user downloads Athena agent from Android Market, inputs credentials (username, password and domain) to automatically bring the device under management - - + Upon enrollment, Athena reports extended hardware and software inventory including installed applications, policies, memory, battery, and network information. Administrators can use this information to determine if a device is compliant (e.g. password policy is required on the device) and whether action should be taken to notify the device user or whether specific policies should be distributed to the device. Athena also periodically reports this information to the Manager database. Page 30 of 40
Athena for System Center Manager Mobile Platform Native Manager 2007 capability Native Manager 2012 capability Athena-enabled extensions for Manager 2007 and Manager 2012 Android 2.2 and newer Rooting detection and reporting Automatic provisioning of certificates - - + Upon enrollment, Athena detects and reports rooting of an Android device. Administrators can use this information to determine if a device is compliant (e.g. Android devices with rooting are not allowed to access enterprise resources) and whether action should be taken to notify the device user, or whether specific policies should be distributed to the device. Athena also periodically reports this information to the Manager database so that rooting of Android devices cannot be done without detection. - - + Upon enrollment, unique enterprise and device certificates are automatically provisioned to the device using the Simple Certificate Enrollment Protocol (SCEP). These certificates are used for authentication to corporate services. Zero-touch management - - + Updates such as hardware and software inventory, and jailbreak status are reported by Athena to Manager without user intervention. Find my phone and location history - - + Device users can choose to enable Athena to periodically report the device s current location to Manager. A breadcrumb trail of past locations is maintained in the Manager database. Page 31 of 40
Athena for System Center Manager Mobile Platform Native Manager 2007 capability Native Manager 2012 capability Athena-enabled extensions for Manager 2007 and Manager 2012 Android 2.2 and newer Remote lock and wipe - Full remote wipe action can be implemented through Exchange ActiveSync from the Manager Self-service software distribution via Enterprise Mobile Library console. + Athena enables a device lock or wipe command to be issued directly from Manager to a remote device (no Exchange ActiveSync required). - - + Included with the Athena device management extensions is an Enterprise Mobile Library repository where enterprise resources such as applications, files, videos, links to other corporate resources, etc. can be stored for access by device users. Utilizes push notifications - - + The Google Cloud to Device Messaging (C2DM) push notification service is used to alert device users about the availability of new resources in the Enterprise App Store or other required device user actions. Page 32 of 40
Athena for System Center Manager Mobile Platform Native Manager 2007 capability Native Manager 2012 capability Athena-enabled extensions for Manager 2007 and Manager 2012 Android 2.2 and newer Windows Phone 7 Specify and invoke all native Android policies Simplified Enrollment with Active Directory Integration Extended hardware and software inventory - Supported Exchange ActiveSync policies can be specified and deployed from the Manager N/A as there is no native Manager client for Windows Phone 7. console. N/A as there is no native Manager client for Windows Phone 7. + Athena enables an administrator to specify and invoke the native Android policies directly from the Manager console (no Exchange ActiveSync required). Note: A summary of supported Android 2.2 policies in is included in Appendix A Android 2.2 Policies. + Device user downloads Athena agent from Windows Phone 7 Market, inputs credentials (username, password and domain) to automatically bring the device under management. - - + Upon enrollment, Athena reports extended hardware and software inventory including installed applications, policies, memory, battery, and network information. Administrators can use this information to determine if a device is compliant (e.g. a required password policy is in force on the device) and whether action should be taken to notify the device user or whether specific policies should be distributed to the device. Athena also periodically reports this information to the Manager database. Page 33 of 40
Athena for System Center Manager Mobile Platform Native Manager 2007 capability Native Manager 2012 capability Athena-enabled extensions for Manager 2007 and Manager 2012 Windows Phone 7 Find my phone and location history Remote wipe - Full Self-service software distribution via Enterprise Mobile Library - - + Device users can choose to enable Athena to periodically report the device s current location to Manager. A breadcrumb trail of past locations is maintained in the Manager database. remote wipe action can be implemented through Exchange ActiveSync from the Manager console. Athena enables a device wipe command to be issued directly from Manager to a remote device (Exchange ActiveSync is required). - - + Included with the Athena device management extensions is an Enterprise Mobile Library repository where enterprise resources such as applications, files, videos, links to other corporate resources, etc. can be stored for access by device users. Page 34 of 40
Athena for System Center Manager Mobile Platform Native Manager 2007 capability Native Manager 2012 capability Athena-enabled extensions for Manager 2007 and Manager 2012 Windows Phone 7 BlackBerry 4.3 and newer Specify and invoke all native Windows Phone 7 policies Bootstrap - Supported Exchange ActiveSync policies can be specified and deployed from the Manager N/A as there is no native Manager client for BlackBerry. console. N/A as there is no native Manager client for BlackBerry. Athena enables an administrator to specify and invoke the native Windows Phone 7 policies directly from the Manager console (Exchange ActiveSync is required). Note: A summary of supported Windows Phone 7 policies is included in Appendix A Windows Phone 7 Policies. + Athena s on-device agent can be downloaded and automatically installed by browsing with Pocket Internet Explorer to a secure portal hosted within the Enterprise. Alternately, the Athena agent can be deployed by the BlackBerry Enterprise Server. Device Discovery - - + The Athena device management extensions for Manager enable automatic discovery of BlackBerry smartphones with the on-device Athena agent. Smartphone hardware and software inventory Smartphone network information - - +Athena reports hardware, software, and device health information to Manager. This information includes platform/processor details, display, memory, power, and installed applications details. - - +Athena reports detailed information about the smartphone s WLAN and WWAN connections. Page 35 of 40
Athena for System Center Manager Mobile Platform Native Manager 2007 capability Native Manager 2012 capability Athena-enabled extensions for Manager 2007 and Manager 2012 BlackBerry 4.3 and newer Remote Control - - + Athena s remote control functionality is optimized for operation across low bandwidth, congested, high latency networks. Up to eight helpdesk personnel can concurrently remote control the same smartphone. This feature simplifies collaboration in diagnosing and repairing problems with remote smartphones. Video and macro recording are also available. Remote access to smartphone modules Remote access to smartphone network information Remote access to system information - - + Athena enables remote access to view module details, and to install or remove modules from the smartphone. - - + Athena provides live access to view detailed information about the remote smartphone s network connection(s). - - + Athena provides live access to view detailed information about the remote smartphone s system information. Remote access functions are operational over all wireless connections - - + The Athena Tunnel Service provides a secure, robust smartphone-initiated HTTPS communications link. The Athena Tunnel Service enables the Athena Interactive Support functions to operate across all wired, wireless, or cradled connections. Page 36 of 40
Athena for System Center Manager Appendix A Policies ios Policies Accounts Exchange ActiveSync IMAP/ POP email VPN Wi-Fi LDAP CalDAV CardDAV Subscribed calendars Policies Require passcode Allow simple value Require alphanumeric value Passcode length Number of complex characters Maximum passcode age Time before auto-lock Number of unique passcodes before reuse Grace period for device lock Appendix A Page i
Athena for System Center Manager Number of failed attempts before wipe Control Profile removal by user Restrictions App installation Camera Screen capture Automatic sync of mail accounts while roaming Voice dialing when locked In-application purchasing Require encrypted backups to itunes Explicit music and podcasts in itunes Allowed content ratings for movies, TV shows, apps Safari security preferences YouTube itunes Store App Store Safari Other settings Certificates and identities Web Clips APN settings Appendix A Page ii
Athena for System Center Manager Android 2.2 Policies Lock now Reset password Set maximum failed passwords for wipe Set maximum inactivity time to lock Set password minimum length Set password quality Wipe data 1 Password expiration (number of days) 2 Password history (max number of past passwords stored) 2 Password complex characters required 2 Data Encryption 2 Notes: 1 - Wipes user data on device; does not wipe memory (SD) card 2 - Android 3.0 required Appendix A Page iii
Athena for System Center Manager Windows Phone 7 Policies Password required Set minimum password length Set maximum failed passwords for wipe Set maximum inactivity time to lock Allow simple password Password expiration (number of days) Password history (max number of past passwords stored) Disable removable storage Disable infrared data connections Disable desktop sync Block remote desktop Block internet sharing Wipe Data Appendix A Page iv