The Admin Console records all administrative actions taken within the console and any device events sent to or received from devices and stores them in the Event Log. Administrators can view these events by using the Event Log dashboard, which can be accessed by navigating to Administration ► Event Log.
MDM tracks all events that occur in the Admin Console and on managed devices, and presents this data on both this primary event log, and on the device-‐specific event log found in the Device Control Panel.
Administrators can select from the views on the left in order to view Device Events or Console Events.
From the dashboard, administrators can filter and/or sort events in a number of ways, including:
• Severity
• Date Range
• Device Friendly Name
• Source of event
• Category
• Event
The administrator can further track device events through the following actions available on this view:
1. Click [Refresh Data] to instantly update the Event Log.
2. With certain even types, administrators can also view more detailed event data by clicking the Event Data link in the right-‐hand column.
3. Type an event keyword into the Search Filter to filter the event log according to a type of event (for example, security events).
4. Additionally, the administrator can configure Syslog integration on the Syslog settings page (located in Configuration ► System Settings ► Admin ► Event Log).
End-User Self-Service
The Self-‐Service Portal allows end-‐users to remotely monitor and manage their smart devices. The Self-‐
Service Portal gives administrators the ability to view relevant device information for any of their enrolled devices and to perform remote actions such as clear passcode, lock device, or device wipe.
Enabling the Self-‐Service Portal
End-‐users of iOS and Android devices can access the Self-‐Service Portal directly from their device.
• Allowing managed devices to access the Self-‐Service Portal simplifies the administrative experience by allowing end-‐users to:
o View important compliance information.
o Download optional profiles.
o Manage multiple devices on one device from the Self-‐Service Portal.
For end-‐users to access the Self-‐Service Portal from their device, the administrator must first deploy a Web Clip (iOS) or bookmark (Android) profile containing the Self-‐Service Portal web-‐based application URL.
For Android Devices:
1. Navigate to Profiles & Policies ► Profiles.
2. Select [Add].
3. Enter in Basic Profile Information in the General Settings.
4. Select the device platform.
5. Name the profile.
For Example: Self-‐Service Portal Web Clip for iOS Devices.
6. Specify root location groups to manage the profile and be assigned the profile.
7. You may also specify User Groups to which to deploy the profile.
8. Select the Web Clip (iOS) or Bookmark (Android) icon on the left sidebar.
9. Enter in the Profile Information.
For iOS Devices:
1. Navigate to System Settings ► Device ► Agent Setting.
2. Check the Self-‐Service Enabled box.
• Label – The text displayed beneath the Web Clip icon on an end-‐user’s device.
o For example, Self-‐Service Portal.
• URL – The URL that the Web Clip will display.
o This field supports lookup values so that the administrator can more easily configure the custom SSP URL.
• Removable – Check the box to allow the end-‐user to remove the SSP web clip.
• Icon − To add a custom icon, select a graphic file in .gif, .jpg, or .png format.
o For best results, provide a square image no larger than 400 pixels on each side and less than 1 MB in size when uncompressed. The graphic will be automatically scaled and cropped to fit, if necessary and converted to .png format. Web clip icons are 104 x 104 pixels for devices with a Retina display or 57 x 57 pixels for all other devices.
3. When complete, click [Save and Publish] to immediately send the profile to all appropriate devices.
Privacy Settings NOTE: Access to information and Remote Actions in the Self-‐Service Portal is
determined by both Privacy settings (Configuration ► System Settings ► Device► General► Privacy) and Role settings (Users ► Admin Accounts). If multiple settings are in place, the strictest policy is enforced.
Retiring a Device
In the event that a device must be removed from mobile device management, there are several possible methods to unenroll the device from different sources.
• Automatic Unenrollment – The Compliance Engine can be configured so that when devices do not comply with Application or Device compliance policies, they are automatically unenrolled from mobile device management.
• Administrative Unenrollment – Administrators can also unenroll devices over the air in one of two ways:
o The administrator may manually perform an Enterprise Wipe from the Device Dashboard page or the Device Details page.
o An administrator may also set up the MDM environment to automatically perform an
Enterprise wipe on the devices of deactivated users. The administrator must first make sure the Default Action for Inactive Users is set to Enterprise Wipe Currently Enrolled Devices. This can be done from the Enrollment page (Configuration ► System Settings
► Device ► General ► Enrollment). Once this has been configured:
§ The admin can manually deactivate users by navigating to Administration ► User Accounts, checking the user accounts, and then clicking the Deactivate link at the top. This will unenroll all devices under that user.
§ If AD/LDAP has been integrated with the MDM environment, any users that are deactivated/removed from AD/LDAP will automatically be deactivated from the MDM environment, thus causing their device(s) to be automatically unenrolled.
o End-‐User Unenrollment – If an end-‐user decides to opt out of corporate mobile device management, then they can initiate the unenrollment process from their own devices.
Although the process is different for each manageable platform, the general process involves removing the administrative privileges of MDM and removing any agents from the device.