CA Mobile Device Management 2014 Q1 Getting Started

Similar documents
CA Cloud Service Delivery Platform

CA Spectrum and CA Embedded Entitlements Manager

CA Mobile Device Management. How to Create Custom-Signed CA MDM Client App

CA Cloud Service Delivery Platform

CA Workload Automation Agent for Microsoft SQL Server

CA VPN Client. User Guide for Windows

CA Change Manager Enterprise Workbench r12

Upgrade Guide. CA Application Delivery Analysis 10.1

CA Performance Center

CA Nimsoft Monitor. Probe Guide for Performance Collector. perfmon v1.5 series

CA Nimsoft Service Desk. Compatibility Matrix

CA APM Cloud Monitor. Scripting Guide. Release 8.2

CA Nimsoft Monitor. Probe Guide for URL Endpoint Response Monitoring. url_response v4.1 series

Architecture and Data Flow Overview. BlackBerry Enterprise Service Version: Quick Reference

CA Service Desk Manager - Mobile Enabler 2.0

CA NetQoS Performance Center

CA Nimsoft Service Desk

CA Process Automation

CA Unified Infrastructure Management Server

Unicenter NSM Integration for BMC Remedy. User Guide

CA Nimsoft Monitor. Probe Guide for Cloud Monitoring Gateway. cuegtw v1.0 series

CA Nimsoft Monitor. Probe Guide for Active Directory Response. ad_response v1.6 series

CA Technologies SiteMinder

CA Nimsoft Monitor. Probe Guide for CA ServiceDesk Gateway. casdgtw v2.4 series

CA Clarity Project & Portfolio Manager

CUSTOMER SAP Afaria Overview

CA Clarity PPM. Connector for Microsoft SharePoint Release Notes. v2.0.00

CA SMF Director. Release Notes. Release

How To Install Caarcserve Backup Patch Manager (Carcserver) On A Pc Or Mac Or Mac (Or Mac)

Connector for CA Unicenter Asset Portfolio Management Product Guide - On Premise. Service Pack

CA Nimsoft Monitor. Probe Guide for Microsoft Exchange Server Response Monitoring. ews_response v1.1 series

CA Cloud Service Delivery Platform

CA Spectrum. Microsoft MOM and SCOM Integration Guide. Release 9.4

CA Clarity PPM. Connector for Microsoft SharePoint Product Guide. Service Pack

CA Spectrum and CA Service Desk

Unicenter Patch Management

CA Clarity Project & Portfolio Manager

Configuration Guide BES12. Version 12.2

Configuration Guide. BES12 Cloud

CA Nimsoft Monitor. Probe Guide for Java Virtual Machine Monitoring. jvm_monitor v1.4 series

CA Desktop Migration Manager

Mobile Time Manager. Release 1.2.1

Configuration Guide BES12. Version 12.3

CA Performance Center

Configuration Guide BES12. Version 12.1

CA Unified Infrastructure Management

Configuration Guide. BlackBerry Enterprise Service 12. Version 12.0

CA Single Sign-On r12.x (CA SiteMinder) Implementation Proven Professional Exam

CA Workload Automation Agent for Remote Execution

Chapter 1: How to Configure Certificate-Based Authentication

Administration Guide. BlackBerry Enterprise Service 12. Version 12.0

etrust Audit Using the Recorder for Check Point FireWall-1 1.5

CA Nimsoft Monitor. Probe Guide for Internet Control Message Protocol Ping. icmp v1.1 series

CA Nimsoft Monitor. Probe Guide for Lotus Notes Server Monitoring. notes_server v1.5 series

CA Identity Manager. Glossary. r12.5 SP8

Chapter 1: How to Register a UNIX Host in a One-Way Trust Domain Environment 3

CA Nimsoft Unified Management Portal

CA Unified Infrastructure Management

CA Unified Infrastructure Management

CA ARCserve Backup for Windows

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

CA Nimsoft Monitor. Probe Guide for iseries System Statistics Monitoring. sysstat v1.1 series

BrightStor ARCserve Backup for Linux

CA SiteMinder. Web Agent Installation Guide for IIS 12.51

CA Cloud Storage for System z

Advanced Configuration Steps

CUSTOMER Installing SAP Afaria

CA Nimsoft Monitor. Probe Guide for DNS Response Monitoring. dns_response v1.6 series

Troubleshooting BlackBerry Enterprise Service 10 version Instructor Manual

Enterprise Mobility Management Migration Migrating from Legacy EMM to an epo Managed EMM Environment. Paul Luetje Enterprise Solutions Architect

CA Clarity PPM. Business Objects Universe Developer Guide. v

CA SiteMinder. Directory Configuration - OpenLDAP. r6.0 SP6

Unicenter Service Desk

Unicenter TCPaccess FTP Server

Mobility Manager 9.5. Installation Guide

CA Clarity PPM. Resource Management User Guide. v

CA Clarity PPM. Demand Management User Guide. v

Intuit Field Service Management. Interacting with the Dispatcher User Guide. Interacting with the Dispatcher -- User Guide 1

Managing BlackBerry Enterprise Service 10 version 10.2

BrightStor ARCserve Backup for Windows

Sophos Mobile Control Installation guide. Product version: 3.5

CA RiskMinder. Java Developer's Guide. r3.1

CA SiteMinder. Web Agent Installation Guide for IIS. r12.5

QMX ios MDM Pre-Requisites and Installation Guide

CA Clarity Project & Portfolio Manager

CA Workload Automation Agent for Databases

CA ARCserve Replication and High Availability

CA SiteMinder. SDK Overview. r6.0 SP6/6.x QMR 6. Second Edition

Sophos Mobile Control Super administrator guide. Product version: 3

BES10 Cloud architecture and data flows

CA Spectrum and CA Performance Center

CA Clarity PPM. Project Management User Guide. v

Intuit Field Service Management ES

Dell Enterprise Reporter 2.5. Configuration Manager User Guide

CA Nimsoft Monitor. Probe Guide for E2E Application Response Monitoring. e2e_appmon v2.2 series

CA Nimsoft Monitor. Probe Guide for Apache HTTP Server Monitoring. apache v1.5 series

Building a BYOD Program Using the Casper Suite. Technical Paper Casper Suite v9.4 or Later 17 September 2014

Arcserve Cloud. Arcserve Cloud Getting Started Guide

Mobility Manager 9.5. Users Guide

Web Admin Console - Release Management. Steve Parker Richard Lechner

Transcription:

CA Mobile Device Management 2014 Q1 Getting Started

This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation ) is for your informational purposes only and is subject to change or withdrawal by CA at any time. This Documentation is proprietary information of CA and may not be copied, transferred, reproduced, disclosed, modified or duplicated, in whole or in part, without the prior written consent of CA. If you are a licensed user of the software product(s) addressed in the Documentation, you may print or otherwise make available a reasonable number of copies of the Documentation for internal use by you and your employees in connection with that software, provided that all CA copyright notices and legends are affixed to each reproduced copy. The right to print or otherwise make available copies of the Documentation is limited to the period during which the applicable license for such software remains in full force and effect. Should the license terminate for any reason, it is your responsibility to certify in writing to CA that all copies and partial copies of the Documentation have been returned to CA or destroyed. TO THE EXTENT PERMITTED BY APPLICABLE LAW, CA PROVIDES THIS DOCUMENTATION AS IS WITHOUT WARRANTY OF ANY KIND, INCLUDING WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NONINFRINGEMENT. IN NO EVENT WILL CA BE LIABLE TO YOU OR ANY THIRD PARTY FOR ANY LOSS OR DAMAGE, DIRECT OR INDIRECT, FROM THE USE OF THIS DOCUMENTATION, INCLUDING WITHOUT LIMITATION, LOST PROFITS, LOST INVESTMENT, BUSINESS INTERRUPTION, GOODWILL, OR LOST DATA, EVEN IF CA IS EXPRESSLY ADVISED IN ADVANCE OF THE POSSIBILITY OF SUCH LOSS OR DAMAGE. The use of any software product referenced in the Documentation is governed by the applicable license agreement and such license agreement is not modified in any way by the terms of this notice. The manufacturer of this Documentation is CA. Provided with Restricted Rights. Use, duplication or disclosure by the United States Government is subject to the restrictions set forth in FAR Sections 12.212, 52.227-14, and 52.227-19(c)(1) - (2) and DFARS Section 252.227-7014(b)(3), as applicable, or their successors. Copyright 2014 CA. All rights reserved. All trademarks, trade names, service marks, and logos referenced herein belong to their respective companies. Getting Started 2

Table of Contents About CA Mobile Device Management... 6 CA MDM Architecture... 7 Understanding CA MDM Server... 10 Understanding CA MDM Components... 11 Understanding Policies, Groups, and Devices... 13 How CA MDM Enrollment Works... 14 Enrolling Devices in Management... 15 Enrollment Policies... 15 Enrollment Codes... 15 Device Enrollment with CA MDM Enterprise Application... 16 Device Enrollment with Enrollment Codes... 17 Device Enrollment with Self-Service Portal... 17 Device Enrollment with Custom Installations... 18 CA MDM Application Source and Enrollment Options... 18 Device Reenrollment... 19 Types of Tenants... 21 Types of Groups... 22 Types of Policies... 23 Enrollment Policies... 23 Session Policies... 24 Getting Started 3

Configuration Policies... 24 Application Policies... 24 Getting Started 4

Getting Started Getting Started with CA Mobile Device Management provides an overview of the basic capabilities. About CA Mobile Device Management CA MDM Architecture Understanding CA MDM Server Understanding CA MDM Components Understanding Policies, Groups, and Devices How CA MDM Enrollment Works Types of Tenants Types of Groups Types of Policies Getting Started 5

About CA Mobile Device Management CA Mobile Device Management (MDM) is an enterprise solution for securing and managing the following features: The Mobile users Devices Applications Content (data) with your enterprise policies Getting Started 6

CA MDM Architecture CA Mobile Device Management (CA MDM) uses a distributed architecture. The distributed architecture provides complete functionality and enterprise-grade security while managing mobile devices and computers. The CA MDM architecture uses: The enterprise network behind your firewall for components that require the highest security. The DMZ for proxy components. The public entities in the Internet for publicly available services, such as commercial application markets. CA MDM Architecture Internet, DMZ, and Enterprise Network Getting Started 7

The typical environment of the CA MDM deployment has the following components: Internet consists of the end-user devices and public entities. The CA MDM devices include user devices, such as smartphones and computers that CA MDM manages. Devices have an installed application or have a native capability that CA MDM uses to interact. Devices connect to the CA MDM Servers or their proxies using HTTP and SSL. Public entities and services include the entities that support device management and features, such as: The Apple Push Notification Service (APNS) for managing ios devices. A commercial application market for CA MDM application policies. Getting Started 8

DMZ consists of the relay or proxy servers. The servers enforce firewall rules. The servers receive a device communication before relaying it to a CA MDM Server in the enterprise network. For CA MDM Access Control for Email, the email proxy server hosts the access control filter. The access control filter allows or blocks incoming requests that are based on access control policy information from CA MDM. We recommend using the relay servers in the DMZ to increase the enterprise network security. Enterprise network specifies the CA MDM component servers and the email network. The component servers and the email network require connectivity to the CA MDM Server, and sometimes to the database. When relay servers are configured for CA MDM components, CA MDM Servers receive an incoming communication from the relay servers. You can consolidate some or all CA MDM Server components onto fewer servers, or onto a single server. If the CA MDM devices are within the enterprise network, configure them to make direct connections to CA MDM Servers. Getting Started 9

Understanding CA MDM Server The CA MDM Server is central to CA MDM operations. The CA MDM Server has no user interface. The CA MDM Server settings and features are available through the CA MDM Administrator Console which is a web application. The CA MDM Server can operate as a single standalone server, or as multiple servers in a server farm. The CA MDM Server communicates with the CA MDM database and other components or devices as necessary. Standalone CA MDM Server is a single-server operating as the only CA MDM Server in the CA MDM environment. The server has a one-to-one relationship with the CA MDM database. CA MDM Server farm is the multiple servers operating together in a CA MDM environment. The servers have a many-to-one relationship with the CA MDM database. A server farm includes one master CA MDM Server and one or more farm servers. Getting Started 10

Understanding CA MDM Components The CA MDM Administrator, database, and server components support the CA MDM Server for operations. The supporting components are as follows: CA MDM Administrator Console provides an interface for CA MDM Server, CA MDM uses role-based access policies to control user rights. Rights are associated with functions in the user interface and with individual tenants. Use CA MDM Administrator to: Define the roles for CA MDM Administrator users. Defines the server configuration. Monitor the system activity. Manage CA MDM devices, groups, and policies. CA MDM administrator, the individual specifies the person who installs and operates the CA MDM product. CA MDM database stores the procedures, configuration properties, device, group, and policy data, and all message and activity logging. For CA MDM Server components, access to the database is either direct or indirect through the CA MDM Server. CA MDM supports Microsoft SQL as the database. Certificate authority supports the enrollment of ios devices or to facilitate the certificate provisioning for an application onboarding. You can also select the Certificate Authority profiles in embedded SCEP requests in the Android and ios Configuration Policies. Certificate authority definitions are assigned to the enrollment and package servers. Enrollment server retrieves enrollment policies and starts the enrollment process for devices requesting enrollment. For ios, the enrollment server also delivers management payloads. The enrollment server is required for handheld device enrollment and ios operations. Self-Service portal lets users enroll their device in CA MDM, and let users view their device information and issue commands. The portal is optional for the enrollment and allows users to install application policies with support from the Package server. acts as a proxy for HTTP and HTTPS connections from the Relay server Internet to a CA MDM component server. The component server includes CA MDM Server or enrollment server. The relay server is optional, but recommended for an increased enterprise network security. Getting Started 11

Package server serves CA MDM application packages to devices (for application policy). For application onboarding, serves certificates and device provisioning data to third-party applications. The portal package server does not serve commercial applications to devices. Email server checks the CA MDM Server for current access control policies. The CA MDM Server delivers the access control policy information to the email proxy in the DMZ. For CA MDM Access Control for hosted email, email hosting is on the Internet. The email hosting does not include an email server in the enterprise. For CA MDM Access Control for local email, an optional feature, the server hosts the access control PowerShell service. Getting Started 12

Understanding Policies, Groups, and Devices Managing your devices with policies is the core of device management. CA MDM uses groups and policies for device management. CA MDM Policy-Group-Device Relationship Policies are linked to groups and are indirectly linked to devices through their common relationship with groups. When devices are enrolled in the management, enrollment policies are applied to the devices. An enrollment policy defines group links for an enrolling device. Groups are linked to devices and policies. Groups are containers for devices. In CA MDM, groups are similar to using groups and organizational units to simplify network resource management in IT operations. You can define group-device links in an enrollment policy or after a device is enrolled. You can also define a group that is composite of multiple groups. Define group links are based on the manual selection for the following devices: The individual devices. Dynamic selection of devices that are based on device attributes. Dynamic selection of devices that are based on user groups for users who have devices. are linked to groups during the enrollment and are implicitly linked to Devices policies through their common relationship with groups. Getting Started 13

How CA MDM Enrollment Works Contents Enrolling Devices in Management Enrollment Policies Enrollment Codes Device Enrollment with CA MDM Enterprise Application Device Enrollment with Enrollment Codes Device Enrollment with Self-Service Portal Device Enrollment with Custom Installations CA MDM Application Source and Enrollment Options Device Reenrollment Install the CA MDM application directly on a device. The device is configured to connect to the CA MDM Server through an enrollment code. The enrollment code is created as part of the CA MDM Server enrollment policy. If you did not use an enrollment policy to provision the device, configure the device settings after the CA MDM installation. CA MDM supports Android, BlackBerry, ios, and the Windows Phone devices. To enroll a device using CA MDM enterprise application, follow these steps: Access the CA MDM Self-Service portal (SSP) by using: A browser on the enrolling device. From a personal computer. Use an enrollment code that the administrator sends to the device. Within SSP, download the CA MDM application for the enrolled device and obtain an enrollment code. For each device type, SSP is associated to the CA MDM Server enrollment policy. To complete the device enrollment process, enter the enrollment code into the CA MDM application. Once you enter the enrollment code, the application connects the device to CA MDM enrollment server, or its relay server proxy. To enroll an ios device download: CA MDM ios application from the Apple App Store. Getting Started 14

A custom-signed CA MDM ios app from SSP (if set up by the CA MDM system administrator). Enrolling Devices in Management To enroll devices in management, use enrollment policies, enrollment codes, CA MDM applications, and the CA MDM Self-Service Portal. All users must install the CA MDM application. The availability and use of the other enrollment tools varies by device type. Enrollment Policies The Enrollment policies let you define provisioning details for devices that you enroll in CA MDM. Create enrollment policies for all device types. Policies vary based on the device type. Policies include: The Enrollment codes Enrollment URLs Custom client naming The CA MDM connection address Group assignments Values for substitution variables, such as for the user name or email address Default channel Signed or unsigned the CA MDM application Enrollment Codes The Enrollment codes simplify connecting a device to CA MDM for an enrollment. The enrollment codes are available for Android, ios, Blackberry devices, and Windows Phone devices. The Enrollment codes are short codes that are easy to enter on the CA MDM application on a device. The Enrollment codes can be communicated to users directly or can be obtained from the CA MDM Self-Service Portal. The user interface and the provisioning details you defined in the enrollment policy drives the rest of the interaction. When you create enrollment policies, create one or more enrollment codes. Each code has its own attributes for an optional expiration date, use with Self-Service Portal, and its enabled or disabled state. Getting Started 15

The enrollment code for Windows Phone consists of a URL. This code is automatically generated when you create an enrollment policy for Windows Phone. The users can get the URL directly from the administrator or they can get it from the Self-Service Portal. Device Enrollment with CA MDM Enterprise Application The End users install the CA MDM application directly on the device. The device can be configured to connect to CA MDM Server through an enrollment code. The enrollment code is created as part of a CA MDM Server enrollment policy. If you did not use an enrollment policy to provision the device, configure the device settings directly after installation. CA MDM supports the following device types: Android BlackBerry ios Windows Phone Device The following steps describe a general overview of how users enroll their devices using a CA MDM enterprise application: Access the CA MDM Self-Service Portal using the browser on the enrolling device. You can access SSP from personal computer, or by administrators sending enrollment codes to devices. Within the portal, download the CA MDM application for the device type you are enrolling. Once you download the CA MDM application, obtain the enrollment code of a device for entry on the device. The portal is tied to a CA MDM Server enrollment policy for each device type. Based on the device type, the policy configuration allows you to download the CA MDM application from within the portal. The portal also provides an enrollment code. To complete the device enrollment process, enter enrollment code into the CA MDM application that is installed on the device. After you enter an enrollment code in the CA MDM app on the device, the app contacts a public URL shortening service to get an expanded address, then connects to that address. The expanded address is used for the following purpose: To connect a device to a CA MDM enrollment server, or its relay server proxy. To enroll in device management with the CA MDM Server. Windows Phone uses the enrollment code URL, obtained from the Self-Service Note: Portal, to enroll the device. During the enrollment, the CA MDM application is silently installed on the device. Getting Started 16

ios device end users can download the CA MDM from: Apple App Store The Custom-signed CA MDM application portal Device Enrollment with Enrollment Codes To connect a device to CA MDM and enroll in the management, open the CA MDM application and enter enrollment code. CA MDM contacts a PublicURL shortening service for the expanded address and connects to that address. The expanded address connects a device to the CA MDM enrollment server, its relay server, or enrolls in the management. Open the CA MDM application for the following device types: For the device types that support enrollment codes. When you do not use CA MDM Self-Service Portal. The enrollment codes are supported on Android, ios, BlackBerry, and Windows Phone devices. Device Enrollment with Self-Service Portal For device types that support the CA MDM Self-Service Portal, visit the portal. To get the CA MDM application and enrollment code, visit the portal. To connect to CA MDM and enroll in the management, open the CA MDM application and enter an enrollment code. The SSP portal is supported for Android, ios, Blackberry, and Windows Phone devices. The portal experience varies for the end users by device type: Android, ios specifies access to SSP for a device or a personal computer. The Portal includes a link to the appropriate commercial market for installing CA MDM and provides an enrollment code. ios (version 7 or higher) - access the portal from the enrolling device and click the enroll. Access the portal from a personal computer to activate the enrollment code URL in the portal, then enter the URL in the native web browser (Safari) on the device. BlackBerry specifies access to SSP for enrolling a device or a personal computer. The portal includes a link to install or download the CA MDM application from the CA MDM enrollment policy. The portal provides an enrollment code. Getting Started 17

Windows Phone access the portal from the enrolling device or from a personal computer. Activate the enrollment code URL on the portal, access company apps on the device and provide the enrollment URL and other details. The enrollment URL connects to the discovery service, which in turn contacts the enrollment service for enrollment and authentication. After an end user enters an enrollment code in the application, the application contacts a public URL shortening service. The public URL gets an expanded address and then the application connects to that address. The expanded address is for connecting a device to the following servers. The CA MDM enrollment server Relay server proxy To enroll in the management. Device Enrollment with Custom Installations You can create custom installations for the CA MDM application that users can install directly on devices. To enroll the device, configure the CA MDM application to connect to the CA MDM Server. If you do not define a server address in the enrollment policy, configure the device after installation. Custom installations are supported on the following device types: BlackBerry For BlackBerry, the user opens the application and performs the following tasks: Windows Cancel the enrollment code prompt Define the configuration To enroll for a device management, initiate a connection to the CA MDM enrollment server, or its relay server proxy. For Windows, the user opens the application, perform the following tasks: Define the configuration To enroll for a device management, initiate a connection to the CA MDM Server, or its relay server proxy. CA MDM Application Source and Enrollment Options The summary tables describe the CA MDM application sources and enrollment options for different device types. Key: Getting Started 18

Android Android BB BlackBerry ios ios Win Phone Windows Phone Win- Windows Application Sources Android BB ios Win Win Phone Application from Commercial Market NA NA NA Application from Enrollment Policy NA NA NA Custom-signed Enterprise Application NA NA NA Enrollment Options Android BB ios Win Win Phone Enrollment with Enrollment Codes NA Enrollment with Self-Service Portal NA NA Enrollment with Custom Installations (REMOVE) NA Device Reenrollment Restart management for a device with the same server without hard resetting the device. Reenrollment helps you resolve the following scenarios, which vary by device type: Need for the user to reenter user prompts. The device has been hard reset. Reinstallation of the CA MDM application. To have access to a CA MDM Self-Service Portal management, user can reenroll over the portal. The device in an unapproved state is approved for a device management. Getting Started 19

The device in an unapproved state is approved for a device management. Change a tenant of a device. Changes to the server address, such as the CA MDM Server, enrollment server, or relay server. Getting Started 20

Types of Tenants A tenant is an entity that is defined within the CA MDM environment. A tenant has associated devices, groups, policies, and server configuration. Using the tenants lets you perform the following tasks: Separate devices and operations for different hosting customers. Enterprise divisions. Other entities as appropriate for your operations. The system includes a predefined system tenant and any non-system tenants you add. System tenant defines the predefined tenant with a name that matches the server name. Consider these items about the system tenant: The System tenant is the only tenant unless you add extra tenants. The tenant name matches the server name that you defined during the installation. The system tenant is a valid tenant for devices, groups, policies, server configuration, and all operations. Its policies are shared across all other defined tenants. From another tenant, you can use system tenant policies but cannot edit system tenant policies. The system tenant has access to all server configuration properties. The system tenant is the only tenant that can add extra tenants. Non-system Tenant Consider the following items about the non -system tenants: They are valid tenants for devices, groups, policies, some server configuration, and all operations. They have access to a limited set of server configuration properties. They rely on system tenant configuration settings for all other configuration properties. When using a non -system tenant, system tenant policies are available for use, but not for editing. System tenant policies are identified in a non -system tenants policy list by italic font. Getting Started 21

Types of Groups Various group types are available that leverage to manage the portfolio devices. Within the CA MDM, devices and policies are linked to groups. Group association establishes security and governance of a device. The four types of groups are: Static includes a device that you select manually. Membership changes for the following points: When you add a device to the group. When you delete a device from the group or from CA MDM. Dynamic includes the devices that are included in a device view. Membership changes automatically based on changes to the results of the view. User includes the devices that are associated with users included in a user group. The user group includes the Windows users groups of the CA MDM Server, LDAP groups, or NT domain groups. The device members change as user group membership changes. Membership changes automatically based on changes to the selected groups. Composite includes one or more CA MDM groups. Getting Started 22

Types of Policies Contents Enrollment Policies Session Policies Configuration Policies Application Policies To enroll and manage devices, use policies for a device management. In the CA MDM Administrator, the Policy page is the main page for policy-focused tasks. Policies let you perform the following actions: Provision and enroll devices for a device management. Define device settings Secure devices and data Collect inventory Distribute software Collect device activity data for managing expenses. The following types of policies are available that allow you to enroll and manage different applications, devices, and channels. Application Policies Configuration Policies Enrollment Policies Session Policies Enrollment Policies The enrollment policies automate enrolling a device in the management with initial settings. Based on a device type, an enrollment policy defines the device features. The device features include devices connection address, device ID, and whether the device uses CA MDM Access Control for Email. The enrollment policy prompts the user to collect the user information. The enrollment policy adds a device to groups for extra and ongoing management. Getting Started 23

The enrollment policies are always in a published state. To unpublish an enrollment policy, edit the policy and disable or delete its enrollment codes. Session Policies Session policies select the channels for devices to run. Channels include scripted events and logic to perform tasks on the devices like file transfers and registry updates. For one or more device types in a single policy, you can run the channel script using session policies. Some device types let you select a schedule for running the session channels. The session channels are created and managed on the CA MDM Channel Administrator. Session channels are created as a standalone Windows application on the CA MDM master server. Configuration Policies Configuration policies define the device settings and options, and collect device inventory and device activity expense management data. Application Policies The application policies define commercial and enterprise application packages for ios and Android devices. The policies determine which applications are available for devices to browse and install. Getting Started 24

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information