Clud Services MDM Device Management Admin Guide 10/27/2014
CONTENTS Device Management... 2 Overview... 2 Dashbard Navigatin... 2 Dynamic Device List... 5 Device Cntrl Panel... 7 Device Infrmatin Menu... 8 Remte Actins Menu... 15 Device Search... 16 Device Details... 20 Device Infrmatin... 21 Device Activity... 26 Cnfiguratin... 26 Device Details Management... 27 Administratin Event Lg... 29 BYOD Cnfiguratin Best Practices... 34 Keep in Mind... 35 1
Device Management is ne f nine sectins f the verall Admin Guide fr Mbile Device Manager. The fllwing is the cmplete list f MDM Admin Guide cmpnents: MDM Overview and Setup Device Management Prfile Management Gefencing Applicatin Management Cntent Management Email Management Telecm Management Reprts and Alerts DEVICE MANAGEMENT OVERVIEW Smart device management is centralized in the Admin Cnsle. Frm the cnsle, the administratr is able t leverage the fllwing MDM features: Custmize cmprehensive asset tracking in the frm f real- time device data acrss the mbile fleet, regardless f device type, carrier, r lcatin. Navigate an interactive dashbard f mbile and telecm data t help the rganizatin make mre infrmed decisins based n actual mbile telecm usage. Perfrm remte actins n devices. Generate a custm library f reprts. Enable practive alerts fr bth users and administratrs when predetermined threshlds are reached. The fllwing sectins describe hw administratrs can leverage the specific pages within the Admin Cnsle t effectively and efficiently manage smart devices. DASHBOARD NAVIGATION The Dashbard page centralizes smart device mnitring by giving administratrs high- level views f their entire fleet f mbile devices with the ability t drill dwn t the individual device level. T access the Dashbard page, navigate t Dashbards Dashbard. 2
Administratrs can see an verview f graphics and statistics fr a particular lcatin grup, an entire device fleet, r quickly lcate infrmatin n a specific device by clicking the Friendly Name highlighted in blue. Lcatin Grup Sidebar The Lcatin Grup Sidebar n the left f the screen allws administratrs t view devices belnging t specific lcatin grups, as well as all f its children grups. Administratrs can als use the Search field t find specific lcatin grups: Expandable Tree Structure Find lcatin grups and shw lineage frm parent t children grups. Search Bx Search fr specific lcatin grups by name, partial name, r keywrd. Expand / Cllapse Feature Fully expand r cllapse the lcatin grup hierarchy. Pin Feature Pin the lcatin grup sidebar back nt the Dashbard sidebar. Dashbard Views There are als several views available frm the Dashbard page, which enable administratrs t view entire listings f devices based n each f the fllwing metrics: Asset Tracking View devices based n wnership type, platfrm, and last seen metrics. Device Cmpliance View devices based n their device rules cmpliance status, passcde plicy cmpliance, and data encryptin status. Enrllment Status View devices and track the cmplete enrllment lifecycle frm registratin t end- f- life, as well as identify devices that are pending a device wipe. Email Management View status f devices that attempt t gain crprate email access thrugh the Secure Email Gateway. Telecm Raming View devices with a raming telecm status. 3
Advanced Views There are als several Advanced views available that give administratrs the ability t view entire listings f devices based n each f the metrics listed belw: Device Grups View all devices, statistics (i.e., ttal number f devices per grup and percent f devices in that grup), and ther infrmatin explained in greater depth in Device Grups. Graphical Prtlets The Graphical Prtlets n the Dashbard page prvide relevant statistics, as well as an easy way t select a grup f devices accrding t a number f categries. Fr example, the Asset Tracking default screen graphically represents Device Ownership, Platfrms, and Last Seen data abve the grid. The tw icns in the right crner f the graphical representatin bx when clicked, they display data graphically r in a textual table. T tggle between graphical and textual representatin f data, d the fllwing: Click the Pie Chart icn t view the data graphically (pie r bar chart). Click the Data Grup icn t view data in a textual table. While in textual mde, click any Data Grup and the grid belw begins t relad and display the infrmatin based n that specific data grup. This feature is nly available in this mde. 4
DYNAMIC DEVICE LIST The Dynamic Device List n the Dashbard page cntains a flexible list f devices and assciated metrics that pertain t each view: There are several ways fr an administratr t select, rder, identify, find, filter (etc.) specific devices frm the Dynamic Device List page: Select any f the Available Views. Fr example, graphical, r textual tables shwn abve the grid. Click any f the Data Grups frm the Graphical Prtlets. Fr example, when in textual table frmat, click any line item t display data. Click any f the Clumn Categries t re- srt the list. Fr example, clicking Last Seen re- srts the grid t either the ldest r latest seen devices. On the tp, right side f the grid, there are fur mre icns that prvide additinal srt, search, exprt, and display tls that perfrm in the fllwing ways: Change any ne f the three graphical (e.g., pie chart) representatins f data (prtlets) abve the grid frm graphical t a textual table and the result is the Filter drp- dwn changes t represent yur selectin, as shwn in the examples belw: Enter in the Filter Grid field any keywrd and then press <Enter>. The result is the grid re- srts and nly displays thse devices that cntain the keywrd(s) yu entered, as shwn in the example belw: 5
Click the Refresh icn t display the default Available Clumns layut and all device data based n any search criteria in the Filter drp- dwn and Filter Grid field, as shwn belw: Click the Exprt All icn and the data in the grid exprts int an Excel spreadsheet, as shwn in the example belw: Click the Hide Chart icn t hide all graphical and textual table prtlet data, s that nly the grid displays. Click the Tls icn t display Available Clumns, which yu can use t custmize device data that displays in the grid. The example belw displays when in the Asset Tracking view. The Available Clumns change depending n the Dashbard view selected. 6
DEVICE CONTROL PANEL Leverage the Device Cntrl Panel, available frm the Dashbard page, t view detailed infrmatin r perfrm remte actins n individual devices. T pen the Device Cntrl Panel, lcate an individual device n the Dashbard page by using any f the available search tls, and select it. The verlaid Device Cntrl Panel windw displays: The Device Cntrl Panel cntains tw primary menus: A Device Infrmatin menu t view detailed infrmatin and statistics. A Remte Actins menu t perfrm administrative actins ver the air. NOTE: Infrmatin and actins in the Device Cntrl Panel are subject t availability accrding t privacy settings and platfrm cmpatibility. 7
DEVICE INFORMATION MENU The Device Infrmatin menu shws detailed infrmatin related t each f the listed categries. Summary The Summary sectin shws hardware, MDM, encryptin, passcde cmpliance, and ther general infrmatin. Hardware Displays device hardware infrmatin. Security Displays cmprmised device and encryptin level data. Passcde Displays if a passcde is present and whether r nt it meets the passcde requirements. Netwrk Displays netwrk infrmatin, such as SIM Card and raming status. Prfiles Displays all prfiles and prvides prfile installatin status. Certificates Displays installed certificates, as well as expiratin r near expiratin status. Applicatins Displays the number f apps currently installed n the device. Cntent Displays a cnfigurable view f repsitries and cntent. Cmpliance The Cmpliance view shws the cmpliance status f the device, including the name and level f all cmpliance plicies in effect. The administratr can als see the current level f cmpliance actins and the next level f actin that will be perfrmed if the device cntinues t be nn- cmpliant. 8
Prfiles The Prfiles sectin shws all f the MDM prfiles that have been sent t the device and the status f each prfile. Status Displays the prfile installatin status: Installed Pending install Nt installed Pending remval Remved Blcked (by a Cmpliance Plicy) Failed fr latest versin NOTE: Prfile installatin is blcked due t Cmpliance Settings. A failed status is reprted when the installed prfile is ut- f- date. Type Displays the prfile type: autmatic, ptinal, r interactive. Lcatin Grup Displays the lcatin grup t which the prfile is assigned. Actins Enables remte installatin r remval f the prfile. 9
Apps The Apps sectin displays all applicatins that have been installed n the device. NOTE: Infrmatin availability is subject t privacy settings as specified in Cnfiguratin System Settings Device General Privacy. Please nte the fllwing field descriptins: Status Displays the prfile installatin status: Installed Pending install Nt installed Pending remval Remved Blcked (by a Cmpliance Plicy) Type Displays the prfile type: autmatic, ptinal, r interactive. Actins Enables remte installatin r remval f the prfile. NOTE: Applicatin installatin is blcked due t Cmpliance Settings. 10
Cntent Only applicable t devices equipped with the Cntent Lcker. The Cntent sectin displays infrmatin abut the cntent available in the Secure Cntent Lcker. All Cntent Displays infrmatin abut all available cntent. Active Tap the gray circles t make the dcument available (left/green) r nt available (right/red). Type Displays the dcument frmat; hver ver the icn t display the frmat type. Name Displays the dcument name as it appears bth in the Admin Cnsle and in the Secure Cntent Lcker. Strage Displays the server n which the cntent is stred. Descriptin Prvides a brief dcument descriptin. Assignment Displays the grup t which the dcument is assigned. Effective/Expiratin Shws the date the dcument expires. Last Mdified Displays the date and time that the dcument was last mdified. Dwnlad Type There are tw ptins fr deplyment type: On Demand End- user must dwnlad dcument. Autmatic Dcument is autmatically dwnladed t the end- user's device. Installed/Assigned Displays the rati f devices that have installed the assigned dcument. Actins Prvides the ability t install r delete cntent. Batch Status Displays the successfully upladed cntent r if it is experiencing errrs. Settings The Settings sectin displays infrmatin n device settings. Categries Shws the file system fr the cntent. Cntent Repsitry Links t repsitries and displays dcument wnership. User Strage Shws the amunt f strage available t and used by each device. 11
Certificates The Certificates sectin shws all f the certificates currently stred n the device, and prvides basic supprting infrmatin. NOTE: ios devices shuld always shw at least ne current certificate fr the MDM identity certificate issued during enrllment. User The User sectin shws user- specific infrmatin including Name, Status, Username, Email, Grup, Email Username, Security Type, and Cntact Number. It als displays a list f all devices that the user has enrlled. NOTE: Infrmatin availability is subject t privacy settings as specified in Cnfiguratin System Settings Device General Privacy. 12
GPS The GPS sectin shws the GPS crdinates f the device. The default display is Last Knwn, which is the mst recently received crdinates. T view GPS crdinates ver a select perid f time: 1. Select the time span t view GPS crdinates frm the Perid drp- dwn menu. 2. Click [Search]. The search results return the entire available GPS crdinate trail (breadcrumbs) ver the requested perid. 3. Click the Play Sund icn t play a sund n a lst device t facilitate lcatin. NOTE: Infrmatin availability is subject t privacy settings as specified in Cnfiguratin System Settings Device General Privacy. 13
Event Lg The Event Lg cntains a cmprehensive lg f all interactins between the Admin Cnsle and the device. The administratr can further track device events thrugh the fllwing actins available n this view: 1. Click [Refresh Data] t instantly update the Event Lg. 2. Enter an event keywrd int the Search Filter t filter the event lg accrding t a type f event. Example: Security Events 3. Click the [Exprt All] buttn t exprt all events as a.csv file. The administratr can als view all cnsle and device events in the Administratin Event Lg, r integrate with Syslg n the Syslg settings page (lcated in Cnfiguratin System Settings Admin Event Lg). Nte the fllwing imprtant Event Lg fields: Severity Ranks the event severity level based n the event definitin. Surce Shws the surce f the event. Example: Server Event Prvides a brief categrizatin/summary f the event. Examples f events might include: MDM Enrllment Cmplete Install Prfile Requested Security Infrmatin Refused 14
REMOTE ACTIONS MENU With the Remte Actins menu administratrs can perfrm any f the listed actins n the selected device ver- the- air. Device Query Place a manual request fr remte devices t send the cnsle a cmprehensive set f MDM infrmatin. This immediate request verrides the timed device check- ins. Clear Passcde Clear the passcde n remte devices. This is leveraged when end- users frget passcdes r becme lcked ut f devices. Send Message Send different types f messages t devices ver- the- air. Email Send remte emails t any address n prperly cnfigured SMTP settings. SMS Send remte SMS text messages t any phne number with an SMS service accunt with CellTrust and prperly cnfigured credentials. Push Ntificatins Push ntificatins are available fr Apple ios, Andrid, and Windws Phne 8 devices t prvide faster cmmand respnse time frm the cnsle, and migratin frm clud t deprecated device management. Send APNs messages t ios device end- users that have the Agent installed, displaying the message bdy in the ntificatin. Implement Ggle Clud t Device Messaging fr Andrid devices enrlled in MDM. Send Micrsft Push Ntificatin messages t Windws Phne 8 device end- users enrlled in MDM that have the Cmpany Hub App installed. 15
Lck Device Lck the device, requiring the device user t unlck the device with the apprpriate passcde fr cntinued use. Enterprise Wipe Remve the device frm MDM by un- enrlling and selectively wiping all f the Enterprise data cntained n the device thrugh MDM prfiles, plicies and internal applicatins. ios devices are able t remve the Agent. Device Wipe Perfrm a full wipe f the device. Wiping the device remves all data, email, prfiles, and MDM capabilities and the phne returns t a factry default state. Prir t the wipe, a device wnership cnfirmatin message serves as a security precautin; a key cde is a requirement fr perfrming the device wipe. NOTE: Device Wipe is subject t privacy settings as specified in Cnfiguratin System Settings Device General Privacy. Find Device Make a set f audible ntificatin tnes in ios devices, which facilitate device lcatin by end- users. Enable/Disable SD Card Remtely enable r disable the SD card n the device. Enfrce Device Encryptin Encrypt internal strage in devices withut encrypting the remvable strage card. DEVICE SEARCH The Device screen is divided int three tpics. Each tpic is discussed in the fllwing sectins. Device Search Left Panel Lcatin Grup Click the drp- dwn arrw t view the devices belnging t that lcatin grup and all child lcatin grups. Saved Criteria Click the drp- dwn arrw t select the last saved search criteria. This can save yu time when yu need t frequently perfrm the same search. 16
Platfrm Click ne r mre f the checkbxes t select the type f device fr which yu want t search in the grid. Mdel Click the drp- dwn arrw t select the Mdel f the device based n the Platfrm yu selected. If yu chse mre than ne Platfrm, this feature is grayed ut and n lnger available. Ownership Click any ne f the fur checkbxes t define wh wns the device. It is recmmended t leave Undefined unchecked, s that ther cnsle features are available t yu when managing that device. 17
Advanced Search Click Advanced Search and the windw belw displays: Click ne r mre f the 13 available checkbxes t custm define an advanced Cnsle search. Fr every checkbx selected, a respected field appears in which t enter search infrmatin, keywrds, etc. Click [Search] t find devices that match the advanced search criteria. The advanced search displays all the devices that match the search criteria in the grid. Device Search - Tp Panel The tp panel f the screen displays a bar with the fllwing features: Management Management Hver ver t display a Lck Device and Enterprise Wipe drp- dwn windw. Select a line item frm the grid by clicking its checkbx, and then d the fllwing: 1. Select Lck Device t cmpletely disable that device. 2. Select Enterprise Wipe t remve all crprate data frm that device. Supprt Supprt Hver ver t display a Send Message and GPS drp- dwn windw. Select a line item frm the grid by clicking its checkbx, and then d the fllwing: 1. Select Send Message t email Custmer Supprt regarding that device. 2. Select GPS t find where that device is lcated. Fr mre infrmatin, see Device Details. 18
Admin Admin Hver ver t display a Change Lcatin Grup and Delete Device drp- dwn windw. Select a line item frm the grid by clicking its checkbx, and then d the fllwing: 1. Select Change Lcatin Grup t mve that device t a different lcatin grup. 2. Select Delete Device t remve that device frm MDM. Advanced Advanced Hver ver t display a Warm Bt and Prvisin Nw drp- dwn windw. Select a line item frm the grid by clicking its checkbx, and then d the fllwing: 1. Select Warm Bt t remtely rebt that device. 2. Select Prvisin Nw t perfrm a number f cnfiguratins fr that device. Device Search - Main Panel There are 11 clumn headings acrss the tp f the grid: Last Seen Friendly Name C/E/S User First Name l Last Name l Email Platfrm OS Mdel Display Name Srted Fields Click any f these headings, as shwn in the figure abve t quickly rerganize device infrmatin based n yur selectin. Grid Search Click in this field and enter any search wrds, such as device Friendly Name, Display Mdel, etc., as shwn belw, and then press the <Enter> key t filter the device infrmatin that displays in the grid. Yu can use keywrds (e.g., Grup) and find all ccurrences f line items in the grid that cntain that keywrd (e.g., Atlanta Grup, Radilgy Grup, etc.). 19
DEVICE DETAILS View device details t track detailed device infrmatin and quickly access user and device management actins. There are tw ways t view the Device Details: 1. Click the Friendly Name f the device in the device dashbard. 2. When the Device Cntrl Panel displays, click the name again. OR use any f the available search tls t search fr an individual device: OR 3. Frm the search results, click the Blue Friendly Name f the individual device t pen the Device Details page: 4. Many f the Device Details are identical t the infrmatin in the Device Cntrl Panel. Fr infrmatin n the Security, Prfiles, Apps, Certificates, r Event Lg views, please refer t the Device Cntrl Panel sectin. 5. Click the different Device Details n the left side f the Device Details page t view individual device details accrding t the categries described belw. 20
DEVICE INFORMATION The Device Infrmatin view displays by default when the Device Details page pens (it is als the General tab under Device Details). Use the navigatin bar n the left t access additinal device infrmatin. ios and Andrid devices ffer different tabs in this bar. General Frm this view, administratrs can see several general statistics abut the current device, including: Device Enrllment, Cmpliance, Last Seen, and Enrllment Date Platfrm/Mdel/OS Device Ownership/Device Categry Organizatin Grup/Lcatin Phne number (when available and subject t privacy settings as specified in Cnfiguratin System Settings Device General Privacy) Serial Number/UDID/Asset Number Pwer Status/Strage Capacity/Physical Memry/Virtual Memry 21
Apps The Apps tab displays apps that are currently installed n the device. Certificates Identify device certificates by name and issuant. This tab als prvides infrmatin abut certificate expiratin. Cmpliance Display the status, plicy name, date f the previus and next cmpliance check, and the actins already taken n the device. Cntent (ios) Prvide a cnfigurable view f cntent, and allws administratrs t view cntent n individual devices. This tab displays the Status, Type, Name, Pririty, Deplyment, Last Update, and date and time f views, and prvides a tlbar fr administrative actin (install r delete cntent). Lcatin Select the Lcatin tab under Device Details t view current lcatin r lcatin histry f a device. This shws the GPS crdinates f the device (subject t privacy settings as specified in System Settings Device General Privacy). Last Knwn, the default, displays the mst recently received crdinates. T view GPS crdinates ver a select perid f time: 1. Select the time perid fr which yu wuld like t view GPS crdinates frm the Perid drp- dwn menu. 2. Click [Search]. The search results return the entire available trail (breadcrumbs) f GPS crdinates ver the requested perid. 22
Netwrk T view the current netwrk status f a device, select the Netwrk tab under Device Details. Prfiles Display the prfiles n a device. Device Restrictins (ios) T shw the Device Restrictins view, select Restrictins under Device Details. Frm here, administratrs can see all f the security restrictins that have been placed n the device thrugh the use f restrictins prfiles. This infrmatin is rganized int fur separate views: Device, Apps, Ratings, and Passcde. Device The Device tab displays all restrictins in effect fr the device frm a generic system- wide level. They are nt limited in scpe t individual applicatins r prfiles like the ther restrictins tabs. 23
Apps The Apps tab shws the deplyed applicatin restrictins fr the device. Allw use f YuTube will remve the YuTube applicatin frm the device s that end- users cannt use it. Allw use f itunes Music Stre and Allw explicit music and pdcasts limit these specific features frm within the itunes applicatins. Allws use f Safari, Enable Autfill, Frce Fraud Warning, Enable JavaScript, Enable Plugins, Blck pp- ups, and Accept Ckies all apply t the Safari web brwser applicatin. Ratings The Ratings tab shws all the restrictins that determine cntent cntrl f mvies, TV shws, and apps frm itunes and the App Stre. If cntent filtering is applied, nly specific media that has a lwer age rating will be permitted fr dwnlad. Passcde The Passcde tab shws all the current settings f the passcde plicy that has been prvisined t the device. Security Shw the security status n the device. 24
Telecm The Telecm sectin prvides details abut: Calls Ttal number f minutes used and detailed call lgs. Call lgs include call time, duratin, directin (incming r utging), phne number, carrier infrmatin, and raming status. NOTE: Phne numbers and carrier details are nly available in Andrid devices. Data Ttal cellular data usage n the mbile device, including daily lgs fr data sent/received. Messages Ttal SMS/MMS messages that are sent and received (Andrid nly) and detailed message lgs. NOTE: Infrmatin prvided is subject t privacy settings as specified in Cnfiguratin System Settings Device General Privacy). User (Andrid nly) Click this tab t access details abut the user f a device, as well as the status f the ther devices enrlled t this user. 25
DEVICE ACTIVITY Alerts T view all f the alerts that have been triggered by the current device, select Alerts under Device Activity. Frm here, administratrs can see specific alerting details fr Severity, Pririty, Attribute, Value, Duratin, Alert Date, and Creatin Plicy. CONFIGURATION Attachments T attach images, dcuments, r links that are relevant t the device, select Attachments under Cnfiguratin. There are three views in the attachments tab: Images, Dcuments, and Links. These categries are nly used within the Grup ID t help administratrs rganize attachments. Examples f relevant device infrmatin administratrs may want t include in this area include: Cpies f supprt tickets regarding the device. Screen shts frm the device. Device supprt dcumentatin. 26
DEVICE DETAILS MANAGEMENT The Device Details Management menu is lcated underneath the device friendly name n the Device Details page. This menu prvides shrtcuts t quickly manage bth the device and the user accunt assciated with the device. Mve yur muse ver Query, Management, Supprt, r Admin t see the drp- dwn menu management ptins. Query The Query menu allws the administratr t request infrmatin frm the device. Click the categry t send a query t the device. Select Query All t request all f the categries, r send individual queries fr the fllwing device infrmatin: Device infrmatin Security Prfiles Apps Certificates Management The Management menu allws the administratr t instantly perfrm the fllwing remte device actins: Clear Passcde Clear the passcde n the remte device. Lck Device Lck the device, requiring the end- user t unlck with a passcde fr cntinued device use. Enterprise Wipe Remve the device frm MDM by un- enrlling and selectively wiping all enterprise data. Device Wipe Perfrm a full wipe f the device. Set Raming Enable r disable the vice and data raming ptins. NOTE: Refer t the Remte Actins sectin fr further explanatin f the first fur ptins. 27
Supprt The Supprt menu prvides ptins t instantly perfrm the fllwing remte device actins n supprted devices: Send Message Allw administratrs t send email, SMS, r push ntificatins t devices ver- the- air. Find Device Frce ios devices t make a set f audible ntificatin tnes t help end- users can lcate their devices. Remte View Prvide a remte view f select BlackBerry and Windws Mbile devices and applicatins. The capture buttn takes screenshts t preserve any issues and errrs. Request Device Check In Send a message t the device requesting a check- in with the Agent. File Manager Brwse the Andrid device file tree, creates flders and uplads r dwnlads files remtely. Remte Cntrl Remtely cntrl Windws Mbile and BlackBerry devices. NOTE: Refer t the sectin n Remte Actins fr further explanatin f the first three ptins. Admin The Admin menu allws administratrs t instantly edit the fllwing device and user settings: Change Lcatin Grup Edit the end- user s lcatin grup. Edit Device Edit the fllwing device settings: Friendly Name Device Ownership type Device Grup Device Categry Delete Device Delete a device, as well as any infrmatin created fr that device, frm MDM. Enrll Enrll the device in MDM. Advanced Clud Messaging (CM) prvides the ability t securely cmmunicate internally with devices. This functinality supprts rund trip request- reply messages, ne- way push ntificatins with cnfirmatins, and direct cmmunicatin channel interactins withut using queues, durability n demand, and flexibility via cnfiguratin. In this menu, yu have the fllwing ptins: Start CM Click t start Clud Messaging. Stp CM Click t stp Clud Messaging. 28
ADMINISTRATION EVENT LOG The Admin Cnsle recrds all administrative actins taken within the cnsle and any device events sent t r received frm devices and stres them in the Event Lg. Administratrs can view these events by using the Event Lg dashbard, which can be accessed by navigating t Administratin Event Lg. MDM tracks all events that ccur in the Admin Cnsle and n managed devices, and presents this data n bth this primary event lg, and n the device- specific event lg fund in the Device Cntrl Panel. Administratrs can select frm the views n the left in rder t view Device Events r Cnsle Events. Frm the dashbard, administratrs can filter and/r srt events in a number f ways, including: Severity Date Range Device Friendly Name Surce f event Categry Event The administratr can further track device events thrugh the fllwing actins available n this view: 1. Click [Refresh Data] t instantly update the Event Lg. 2. With certain even types, administratrs can als view mre detailed event data by clicking the Event Data link in the right- hand clumn. 3. Type an event keywrd int the Search Filter t filter the event lg accrding t a type f event (fr example, security events). 4. Additinally, the administratr can cnfigure Syslg integratin n the Syslg settings page (lcated in Cnfiguratin System Settings Admin Event Lg). 29
End-User Self-Service The Self- Service Prtal allws end- users t remtely mnitr and manage their smart devices. The Self- Service Prtal gives administratrs the ability t view relevant device infrmatin fr any f their enrlled devices and t perfrm remte actins such as clear passcde, lck device, r device wipe. Enabling the Self- Service Prtal End- users f ios and Andrid devices can access the Self- Service Prtal directly frm their device. Allwing managed devices t access the Self- Service Prtal simplifies the administrative experience by allwing end- users t: View imprtant cmpliance infrmatin. Dwnlad ptinal prfiles. Manage multiple devices n ne device frm the Self- Service Prtal. Fr end- users t access the Self- Service Prtal frm their device, the administratr must first deply a Web Clip (ios) r bkmark (Andrid) prfile cntaining the Self- Service Prtal web- based applicatin URL. 30
Fr Andrid Devices: 1. Navigate t Prfiles & Plicies Prfiles. 2. Select [Add]. 3. Enter in Basic Prfile Infrmatin in the General Settings. 4. Select the device platfrm. 5. Name the prfile. Fr Example: Self- Service Prtal Web Clip fr ios Devices. 6. Specify rt lcatin grups t manage the prfile and be assigned the prfile. 7. Yu may als specify User Grups t which t deply the prfile. 8. Select the Web Clip (ios) r Bkmark (Andrid) icn n the left sidebar. 9. Enter in the Prfile Infrmatin. 31
Fr ios Devices: 1. Navigate t System Settings Device Agent Setting. 2. Check the Self- Service Enabled bx. Label The text displayed beneath the Web Clip icn n an end- user s device. Fr example, Self- Service Prtal. URL The URL that the Web Clip will display. This field supprts lkup values s that the administratr can mre easily cnfigure the custm SSP URL. Remvable Check the bx t allw the end- user t remve the SSP web clip. Icn T add a custm icn, select a graphic file in.gif,.jpg, r.png frmat. Fr best results, prvide a square image n larger than 400 pixels n each side and less than 1 MB in size when uncmpressed. The graphic will be autmatically scaled and crpped t fit, if necessary and cnverted t.png frmat. Web clip icns are 104 x 104 pixels fr devices with a Retina display r 57 x 57 pixels fr all ther devices. 3. When cmplete, click [Save and Publish] t immediately send the prfile t all apprpriate devices. Privacy Settings NOTE: Access t infrmatin and Remte Actins in the Self- Service Prtal is determined by bth Privacy settings (Cnfiguratin System Settings Device General Privacy) and Rle settings (Users Admin Accunts). If multiple settings are in place, the strictest plicy is enfrced. 32
Retiring a Device In the event that a device must be remved frm mbile device management, there are several pssible methds t unenrll the device frm different surces. Autmatic Unenrllment The Cmpliance Engine can be cnfigured s that when devices d nt cmply with Applicatin r Device cmpliance plicies, they are autmatically unenrlled frm mbile device management. Administrative Unenrllment Administratrs can als unenrll devices ver the air in ne f tw ways: The administratr may manually perfrm an Enterprise Wipe frm the Device Dashbard page r the Device Details page. An administratr may als set up the MDM envirnment t autmatically perfrm an Enterprise wipe n the devices f deactivated users. The administratr must first make sure the Default Actin fr Inactive Users is set t Enterprise Wipe Currently Enrlled Devices. This can be dne frm the Enrllment page (Cnfiguratin System Settings Device General Enrllment). Once this has been cnfigured: The admin can manually deactivate users by navigating t Administratin User Accunts, checking the user accunts, and then clicking the Deactivate link at the tp. This will unenrll all devices under that user. If AD/LDAP has been integrated with the MDM envirnment, any users that are deactivated/remved frm AD/LDAP will autmatically be deactivated frm the MDM envirnment, thus causing their device(s) t be autmatically unenrlled. End- User Unenrllment If an end- user decides t pt ut f crprate mbile device management, then they can initiate the unenrllment prcess frm their wn devices. Althugh the prcess is different fr each manageable platfrm, the general prcess invlves remving the administrative privileges f MDM and remving any agents frm the device. 33
BYOD CONFIGURATION BEST PRACTICES An increasing number f crpratins are implementing BYOD prgrams, and it is easy t cnfigure MDM settings t take int accunt device wnership type when deplying prfiles, restrictins, cmpliance plicies, and ther imprtant settings. The fllwing cnfiguratins are recmmended fr BYOD deplyments: Assign Prfiles and Plicies by Ownership Type Leverage the Ownership field when specifying the assignment criteria fr applicatins, prfiles, cntent, and cmpliance plicies t ensure that emplyee- wned devices receive fewer restrictins than crprate- dedicated devices. Cnfigure Privacy Settings Cnfigure the Privacy settings (System Settings Device General Privacy) t prtect the persnal data f yur emplyees: Cnfigure MDM t Nt Cllect user Infrmatin and Telecm data fr persnal devices. 34
Disable the ability t issue a full device wipe n persnal devices: Islate Crprate Cntent Use the Secure Cntent Lcker t islate and prtect crprate cntent n persnal devices. The fllwing settings enfrce maximum restrictins fr cntent: Allw Online viewing nly Frce encryptin Disable Open in Email Disable Open in Third Party Applicatin KEEP IN MIND Befre perfrming remte actins n a device, take int accunt the device wnership type. The administratr may als want t use privacy settings (specified in Cnfiguratin System Settings Device General Privacy) and rle permissins (specified in Users Admin Accunts Rles) t restrict lwer- tier administratr access t emplyee- wned device data. 35