ManageEngine Desktop Central. Mobile Device Management User Guide



Similar documents
Building a BYOD Program Using the Casper Suite. Technical Paper Casper Suite v9.4 or Later 17 September 2014

Deploying iphone and ipad Mobile Device Management

QuickStart Guide for Mobile Device Management

iphone in Business Mobile Device Management

Architecture and Data Flow Overview. BlackBerry Enterprise Service Version: Quick Reference

QuickStart Guide for Mobile Device Management. Version 8.6

Configuration Guide. BES12 Cloud

Generating an Apple Push Notification Service Certificate for use with GO!Enterprise MDM. This guide provides information on...

ipad in Business Mobile Device Management

Mobile Device Management Solution Hexnode MDM

ios Enterprise Deployment Overview

Configuration Guide BES12. Version 12.3

Generating an Apple Push Notification Service Certificate for use with GO!Enterprise MDM. This guide provides information on...

1. What are the System Requirements for using the MaaS360 for Exchange ActiveSync solution?

Configuration Guide BES12. Version 12.2

Advanced Configuration Steps

Guide for Generating. Apple Push Notification Service Certificate

Configuration Guide. BlackBerry Enterprise Service 12. Version 12.0

A Brief Insight on IOS deployment in Education System- need for 3 rd Platform implementation in Schools

Configuration Guide BES12. Version 12.1

Mobile Configuration Profiles for ios Devices Technical Note

Cloud Services MDM. ios User Guide

PMDP is simple to set up, start using, and maintain

Generating an Apple Push Notification Service Certificate

QuickStart Guide for Managing Mobile Devices. Version 9.2

Preparing for GO!Enterprise MDM On-Demand Service

Troubleshooting BlackBerry Enterprise Service 10 version Instructor Manual

GO!Enterprise MDM Device Application User Guide Installation and Configuration for ios with TouchDown

Sophos Mobile Control Startup guide. Product version: 3

GO!Enterprise MDM Device Application User Guide Installation and Configuration for ios Devices

EMR Link Server Interface Installation

Sophos Mobile Control Startup guide. Product version: 3.5

Telstra Mobile Device Management (T MDM) Getting Started Guide

Mobility Manager 9.5. Users Guide

MaaS360 Mobile Device Management (MDM) Administrators Guide

Mobile Iron User Guide

BlackBerry Enterprise Service 10. Version: Configuration Guide

Sophos Mobile Control Installation guide

Introduction to AirWatch and Configurator

Systems Manager Cloud Based Mobile Device Management

APNS Certificate generating and installation

BlackBerry Universal Device Service. Demo Access. AUTHOR: System4u

Deploying Apple ios in Education

User Manual for Version Mobile Device Management (MDM) User Manual

Administration Guide. BlackBerry Enterprise Service 12. Version 12.0

Sophos Mobile Control SaaS startup guide. Product version: 6


BlackBerry Enterprise Service 10. Universal Device Service Version: Administration Guide

Creating an Apple APNS Certificate

How to Obtain an APNs Certificate for CA MDM


Zenprise Device Manager 6.1

Administrators Guide. Dell Wyse Cloud Client Manager. Issue: PN: Rev. C

1. Introduction Activation of Mobile Device Management How Endpoint Protector MDM Works... 5

Managing ios Devices. Andrew Wellington Division of Information The Australian National University XW11

Bell Mobile Device Management (MDM)

Sophos Mobile Control Installation guide. Product version: 3.5

Mobility Manager 9.5. Installation Guide

iphone in Business How-To Setup Guide for Users

Quick Start Guide. Version R9. English

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

Zenprise Device Manager 6.1.5

Dell Mobile Management. Apple Device Enrollment Program

How to generate an APNs Certificate to use the Apple MDM protocol via the portal

BES10 Cloud architecture and data flows

Workplace-as-a-Service BYOD Management

Business mail 1 MS OUTLOOK CONFIGURATION... 2

Vodafone Secure Device Manager Administration User Guide

Exchange ActiveSync (EAS)

Sophos Mobile Control Installation guide. Product version: 3

Deploying iphone and ipad Security Overview

Manage Mobile Devices

Sophos Mobile Control Installation guide. Product version: 3.6

Dolphin Ocean Server and Dolphin Mobile Client Installation and Configuration instructions

NotifyMDM Device Application User Guide Installation and Configuration for Windows Mobile 6 Devices

Ensuring the security of your mobile business intelligence

Kaseya 2. User Guide. Version 1.0

Systems Manager Cloud-Based Enterprise Mobility Management

When enterprise mobility strategies are discussed, security is usually one of the first topics

MaaS360 Cloud Extender

Sophos Mobile Control Administrator guide. Product version: 3

Licensing Guide BES12. Version 12.1

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

ios Deployment Simplified FileMaker How To Guide

Absolute Manage MDM. John Wu Systems Engineer

AVG Business SSO Partner Getting Started Guide

ipad Classroom Installation & Deployment Important information

MaaS360 On-Premises Cloud Extender

Mobile Device Management Version 8. Last updated:

Kaspersky Lab Mobile Device Management Deployment Guide

UP L18 Enhanced MDM and Updated Protection Hands-On Lab

Administration Guide BES12. Version 12.3

Technology Services Group Procedures. IH Anywhere guide. 0 P a g e

MaaS360 Mobile Enterprise Gateway

Sophos Mobile Control Administrator guide. Product version: 3.6

MaaS360 Mobile Enterprise Gateway

Symantec Mobile Management 7.2 SP3 MR1 Release Notes

EM L18 Managing ios and Android Mobile Devices with Symantec Mobile Management Hands-On Lab

Transcription:

ManageEngine Desktop Central Mobile Device Management User Guide

Contents 1 Mobile Device Management... 2 1.1 Supported Devices... 2 1.2 What Management Operations you can Perform?... 2 2 Setting Up MDM... 3 3 Creating APNs Certificate... 5 3.1 Creating a Certificate Signing Request (CSR)... 5 3.2 Getting CSR Signed by Zoho Corporation... 5 3.3 Uploading Signed Certificate to Apple Push Notification Portal... 6 3.4 Completing the CSR and generating APNs Certificate... 6 3.5 Upload the APNs Certificate in Desktop Central... 6 4 MDM - Device Enrollment... 7 4.1 Enrolling Devices... 7 4.2 Troubleshooting Tips... 11 5 MDM - Device Management... 12 5.1 Overview... 12 5.2 Configuration Workflow... 12 5.3 Supported Configurations... 12 5.4 Creating Configuration Profiles... 12 5.5 Modifying a Profile... 13 5.6 Creating Device Group... 13 5.7 Associating Profiles to Group... 13 5.8 Associating Profiles to Devices... 14 6 MDM - Reports... 15 1

1 Mobile Device Management Desktop Central MDM simplifies the work of administrators by using a single console to manage desktops, laptops, servers, and mobile devices. Desktop Central MDM can be used to deploy configuration settings, security commands and retrieve asset data over-the-air (OTA). 1.1 Supported Devices The current version supports managing the following ios devices running ios versions 4.0 and above iphone ipad ipod Touch. 1.2 What Management Operations you can Perform? The first version will support Over-the-Air (OTA) device configuration tasks such as Enabling Passcode Imposing Restrictions Configuring Email Enabling Exchange ActiveSync Webclips VPN and Wifi Settings Executing Security Commands like, Erasing the device data Erasing Corporate Data Clearing the Passcode Asset Information that include, Certificates Installed Profiles Installed Restriction Details Security Information Apps Inventory Device Information 2

2 Setting Up MDM Before we setup Mobile Device Management, let us first understand the architecture behind managing mobile devices over-the-air (OTA). The diagram below depicts the MDM Architecture in Desktop Central Desktop Central - Mobile Device Communication Any communication from Desktop Central to the device is routed through Apple Push Notification service (APNs) via TCP port 2195 Devices maintain a dedicated TCP connection with APNs at TCP Port 5223. When there is a live connection, APNs wakes up the device. This is a default behavior of ios devices Device communicates with Desktop Central Server for available instructions at port 8020/8383 Executes the instructions and reports back to Desktop Central Server with the status/data at port 8020/8383 For the above setup to work, the following should be done Assuming users' mobility, Desktop Central Server should be reachable via public IP address. If you are installing Desktop Central Server in the LAN, add an entry in your external router to route the requests to your public IP to the internal IP of the computer where Desktop Central 3

Server is installed. If all the devices managed are within the LAN, this requirement is not needed. Desktop Central Server should be able to reach the APNs via TCP port 2195. If you have a firewall running on the Desktop Central Server, make sure that you open up this port in addition to the default Desktop Central ports If the mobile devices connects to the internet via WiFi, you should allow them to maintain a dedicated TCP connection (outbound) with APNs at port 5223. For better security, you can restrict these connections on the IP range 17.0.0.0/8. If all the managed devices have access to cellular data network, this requirement is not needed. When you are installing Desktop Central within the LAN and routing the requests using a public IP, you should also configure the NAT Settings in Desktop Central so that all requests from Desktop Central are sent using the public IP. To configure NAT Settings, follow the steps below: 1. Select the MDM tab and click NAT Settings link available under Settings from the left pane. 2. The details of the Desktop Central Server and the ports are pre-filled based on your current setup. 3. Provide the public IP and the ports that you wish to use and Save You have now successfully set up Desktop Central to manage mobile devices. Once you have the set up ready, you have to create APNs certificate and upload it to Desktop Central server. 4

3 Creating APNs Certificate Creating APNs certificate involves the following sequence of steps: 1. Creating a Certificate Signing Request (CSR) 2. Getting CSR Signed by Zoho Corporation 3. Uploading Signed Certificate to Apple Push Notification Portal 4. Completing the CSR and generating APNs Certificate 5. Upload the APNs Certificate in Desktop Central 3.1 Creating a Certificate Signing Request (CSR) 1. Open a command prompt as an administrator on the computer where Desktop Central is installed and change directory to <Product-Install-Dir>/ManageEngine/DesktopCentral_Server/bin directory 2. Execute the bat file MdmCreateCSR.bat to create a CSR. A new window pops out, answer the following questions to create a CSR. 1. Country Name (2 letter Code): Enter a 2 letter code of your country ( for example US for United States) 2. State or Province Name (full name): Enter the name of the state or province (for example Texas) 3. Locality Name : Name of the locality (for example Dallas) 4. Organizational Name : Name of your company (for example Zoho Corp.) 5. Organizational Unit Name : Name of your department (for example Finance Department) 6. Common Name : A unique name to identify your company (for example ManageEngine) 7. Email Address : Enter the company Email address (for example contact@zohocorp.com) 8. A Challenge Password: do not enter any password; skip this step by pressing enter. Now, the CSR has been created successfully. Two files, customer.csr & CustomerPrivateKey.key will be available in your <Product-Install- Dir>/ManageEngine/DesktopCentral_Server/bin directory. 3.2 Getting CSR Signed by Zoho Corporation The next step is to get the CSR signed by Zoho Corporation. Send the CSR file that you have created above to Desktop Central Support to get it signed. The signed file will be mailed back to you. 5

3.3 Uploading Signed Certificate to Apple Push Notification Portal Warning: DO NOT use internet explorer browser to upload the signed certificate. 1. Go to https://identity.apple.com/pushcert/ (Apple Push Certificate Portal website) to create the APNs 2. Sign in using your Apple ID and password. An Apple Developer Account or Enterprise Account is not mandatory, any Apple ID or Apple Account can be used. If you do not have an Apple ID, create one from https://appleid.apple.com 3. Once logged in, choose "Create Certificate" 4. After reading terms and conditions Click Accept to proceed. 5. Upload the signed certificate that you received from Desktop Central Support. 6. A new certificate for managing the ios devices will appear in the portal. 7. Select to download the Apple signed certificate. Ensure that the correct apple signed certificate will be downloaded as MDM_Zoho Corpation_Certificate.pem. 3.4 Completing the CSR and generating APNs Certificate 1. Open a command prompt on the computer where Desktop Central is installed and change directory to <Product-Install- Dir>/ManageEngine/DesktopCentral_Server/bin directory 2. Copy the downloaded MDM_Zoho Corpation_Certificate.pem to directory <Product- Install-Dir>/ManageEngine/DesktopCentral_Server/bin 3. Execute the command to export the APNs certificate: "..\apache\bin\openssl" pkcs12 -export -out APNSCertificate.p12 -inkey customerprivatekey.key -in "MDM_ Zoho Corporation_Certificate.pem" 4. It would prompt for password. This password should be used when you import the APNs Certificate in the Desktop Central Console. Now, APNSCertificate.p12 has been successfully generated. The certificate is available under <Product-Install-Dir>/ManageEngine/DesktopCentral_Server/bin. 3.5 Upload the APNs Certificate in Desktop Central 1. Login to Manage Engine Desktop Central Web Console. 2. Go to MDM-> Settings -> APNs Certificate 3. Upload the exported APNSCertificate.p12 Certificate from <Product-Install- Dir>/ManageEngine/DesktopCentral_Server/bin and provide the password that you provided while exporting the certificate. 4. Select Save You have successfully generated the APNs certificate and uploaded to Manage Engine Desktop Central Web Console. You can start managing the devices by enrolling to Manage Engine Desktop Central MDM Server. 6

4 MDM - Device Enrollment Now that you have the set up ready and have uploaded the APNs certificate, you can now enroll the devices that have to be managed using Desktop Central. To enroll a device, a profile has to be manually installed on every managed device. The administrator can generate an enrollment request from Desktop Central, which will send an email notification to the user to install the profile on their devices. The users will be authenticated while installing the profile. The authentication can either be a unique passcode, or the users domain credentials or a combination of both. The authentication level can be configured from MDM --> Authentication and the default authentication is Unique Passcode 4.1 Enrolling Devices To enroll the mobile device, follow the steps below: 1. Click on MDM tab on the Desktop Central Console 2. Under Settings, click Enrollment 3. Click Enroll Device and specify the following: 1. Device Name - Name of the device that needs to be enrolled. 2. UDID - Unique Device Identifier. This is optional and can be left blank, if not known 3. Email address - Email address of the user who will receive the enrollment request. This is mandatory. 4. Owned By - Specify who owns the device as Corporate or Personal (BYOD) 5. Click Enroll 4. Repeat the above steps for enrolling more devices. After enrollment the User will receive an email with the authentication passcode, enrollment instructions and the link to download the profile. Users need to manually install the enrollment request, Once the device is enrolled it will be reflected in the Devices Tab in the Desktop Central MDM console under Manage Devices and Profiles. Note: You should have configured the Mail Server Settings to enable Desktop Central send enrollment requests to users via Email The users, upon receiving the enrollment requests, can enroll their device as below: 1. Users should note down the Unique Passcode. Passcode is case sensitive. 7

2. Clicking the link in the email will open a window to accept the passcode 3. User should specify the passcode received in the email and click Continue. It will validate the passcode and present a confirmation screen. Click Continue 4. Click Install to install the profile 8

5. It will display a warning message. Read and click Install 6. The profile will be installed. 9

7. Click Done to view the enrollment status The device have been successfully installed and it should now appear in Desktop Central. 10

4.2 Troubleshooting Tips Users did not receive the Enrollment Request via Email Check whether you have configured the Mail Server settings Users are unable to access the URL sent via Email Desktop Central server is not running or not accessible by the users. Check if firewall running in Desktop Central Server is blocking the communication (at port 8020/8383) If the users are outside LAN, they should be able to reach the Desktop Central Server via public IP. Check whether the NAT Settings is configured in Desktop Central (MDM --> NAT Settings) Users have installed the profile, but their devices are not seen the Desktop Central The device is not able to reach APNs. Check whether your WiFi allows communication at port 5223 If WiFi is disabled on the device, it should have access to Cellular Data network 11

5 MDM - Device Management 5.1 Overview After you enroll the devices to be managed, you can then manage them by pushing configuration from Desktop Central. Every configuration to the device is sent via a configuration profile that you create in Desktop Central 5.2 Configuration Workflow Before we get on with the steps to configure a device, it is better to understand the workflow of MDM configurations: Every configuration is sent as a profile; a single profile can include multiple configurations. Refer below for the details of configurations that you can perform using Desktop Central. The profile is then associated to a device to which the configurations have to be applied. You can create a group that contains multiple devices and can associate a profile. When you associate a profile to a group, all the devices in the group will receive the configuration. This will facilitate you to push configurations based on the user profiles/departments. 5.3 Supported Configurations With Desktop Central, you will be able to perform the following configurations to your mobile devices: Passcode - Set simple or alpha-numeric passcode to devices Restrictions - Impose restrictions on a device such as allow/restrict installing apps, use of camera, voice dialling, use of applications such as youtube, itunes, etc., backup data to icloud, etc. Wi-Fi - Configure wifi settings for devices to connect to internet/intranet VPN - Configure VPN settings to connect to the LAN from remote Email - Configure email settings to access corporate email accounts Exchange ActiveSync - Access email accounts using Microsoft Exchange LDAP - Configure LDAP settings CalDAV - To create an caldav account Subscribed Calenders - To add subscribed calenders CardDAV - To create an CardDAV account Web Clips - To create shortcuts for Web applications or Websites. 5.4 Creating Configuration Profiles 1. Select MDM tab and click Devices and Profiles from the left panel 2. Select the Profiles tab. This will list all the profiles that have been created already. 3. Click Create Profile and provide the basic information of the profile as below: 1. Name of the Profile - Unique name to identify a profile 2. Description: A brief description of a profile 3. Profile Type: Different profiles have to be created for different mobile OS-es. Select the mobile OS to which you create a profile. 4. Allow Users to Remove Profile: You can choose whether to allow users to delete this profile or not. You can also choose to authenticate a user to delete a profile. 5. Clone from: Choose an already created profile and modify. 12

4. Click Continue 5. Select the configurations list from the left pane and specify the details. You will have to save the individual configurations before you move on to the next configuration within the same profile. 6. After specifying the required configurations, click Publish Note: A published profile is not applied to any of the devices until they are associated with the devices or groups. 5.5 Modifying a Profile To modify a profile, 1. Select MDM tab and click Devices and Profiles from the left panel 2. Select the Profiles tab. This will list all the profiles that have been created already. 3. Click the Modify Profile icon from the actions column of the profile that you wish to modify and change the required configurations. You can add or remove configurations from the profile. 4. After making the required changes, click Publish Note: When a profile is modified and published, it is not applied to the devices to which they were applied before. You would need to associate the profile to the devices/groups again to apply the configurations. When the modified profile is applied to a device to which the previous version of the profile was applied, the configurations are overwritten with the new changes. If you have removed any configuration, the previous ones will be reverted from the devices. 5.6 Creating Device Group A group is a logical grouping of managed devices to which a configuration can be applied. A device can belong to multiple groups. Groups facilitate applying same configuration profiles to multiple devices. To create a group, 1. Select MDM tab and click Devices and Profiles from the left panel 2. Select the Groups tab. This will list the groups that have been created already. 3. Click Create Group and provide a name for the group. 4. Select the Group Type as ios or Android. A group cannot have devices from different OS-es. 5. From the list of available devices, select the devices you wish to add them to the group and move them to the Added Devices. 6. Click Create Group 5.7 Associating Profiles to Group 1. Select MDM tab and click Devices and Profiles from the left panel 2. Select the Groups tab 3. Select the Groups that you wish to associate to a profile and click Associate Profile 4. The Available Profiles will list all the profiles that have been published. If you have modified a profile and published, the latest version of the profile will only be listed here. Select the profiles that you wish to associate and move them to Added Profiles and Click Save Changes. 13

5.8 Associating Profiles to Devices 1. Select MDM tab and click Devices and Profiles from the left panel 2. Select the Devices tab. This will list all the devices that have been enrolled. 3. Select the devices to which you wish to associate a profile and click Associate Profile 4. The Available Profiles will list all the profiles that have been published. If you have modified a profile and published, the latest version of the profile will only be listed here. Select the profiles that you wish to associate and move them to Added Profiles and Click Save Changes. 14

6 MDM - Reports Desktop Central MDM facilitates with a wide range of reports which are listed below Apps by Devices - All the managed devices are listed by the Apps installed in it. Device With/ Without Specific Apps - devices can be sorted by verifying the availability of Apps installed in it. Devices by Model - Devices are listed by their models Devices by Passcode Type - Devices are listed by their authentication level / passcode type. Devices by Enrollment Time - Devices are listed by their time line from Enrollment Inactive Devices - All inactive devices that are enrolled will be listed. To view the reports follow the steps mentioned below 1. Click on MDM Tab 2. select Inventory section 3. By hovering the mouse over MDM Reports you will find the list of Reports available 4. Choose the report that you wanted to view 5. The generated report can be exported as.pdf,.csv or.xls format. 15

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information