Cloud Services
10/27/2014
MDM
CONTENTS
Systems Overview ... 2
Solution Overview ... 2
System Requirements ... 3
Admin Console Overview ... 4
Logging into the Admin Console ... 4
Admin Console Overview ... 4
Navigation Overview ... 5
My Favorites ... 5
Profiles and Policies: Profiles ... 6
Profiles and Policies: Compliance ... 6
Profiles and Policies: Certificates ... 6
Profiles and Policies: WinMo Provisioning ... 7
Catalog ... 7
Content ... 8
Administration – User and Admin Accounts ... 8
Administration – Event Log ... 9
Device ... 10
Configuration – System Settings ... 10
Advanced ... 11
Setting Up Your MDM Environment ... 12
Overview ... 12
Advanced Device Settings ... 12
App Management ... 12
Content Management ... 12
Email Management ... 12
Enabling iOS MDM Support ... 13
Admin Accounts ... 13
Language Management ... 14
Activating Language Packs ... 14
Selecting and Changing Language ... 15
MDM Overview and Setup is one of nine sections of the overall Admin Guide for Mobile Device
Manager. The following is the complete list of MDM Admin Guide components: • MDM Overview and Setup
• Device Management • Profile Management • Geofencing • Application Management • Content Management • Email Management • Telecom Management • Reports and Alerts
SYSTEMS OVERVIEW
SOLUTION OVERVIEW
Your hosting provider offers complete mobility management by enabling organizations to easily leverage and secure the latest mobile device technology by providing a comprehensive cross-‐platform solution for mobile device management.
From the Admin Console, administrators can manage any mobile device from anywhere in the world.
SYSTEM REQUIREMENTS
The following system requirements should be met before using the Mobile Device Manager (MDM) solution. Supported Browsers • Internet Explorer 8+ • Firefox 3.x+ • Google Chrome 11+ • Safari 5.x
Comprehensive platform testing has been performed to ensure functionality while using these Web browsers. The Admin Console may still function in non-‐certified browsers.
Supported Devices
• Android versions 2.2 and above • Blackberry versions 5 and above • iOS versions 4.0 and above • Mac OSX 10.7+
• Symbian OS ^3 and S60
• Windows Mobile 5/6 and Windows CE 4/5/6 • Windows Phone 7 and 7.5 Mango
• Windows Phone 8
ADMIN CONSOLE OVERVIEW
LOGGING INTO THE ADMIN CONSOLE
MDM provides administrators with an Admin Console URL, username, and password. If you do not have this information, please contact Customer Support. Once you have the appropriate credentials, log into the Admin Console:
1. Navigate to the provided URL.
2. Enter the provided username and password.
ADMIN CONSOLE OVERVIEW
Manage, monitor, and secure your Enterprise's devices in the Admin Console.
Menu
NAVIGATION OVERVIEW
To the right of the Menu drop-‐down, is the Add drop-‐down. Hovering over it displays five selections that allow you to quickly access options needed to add applications, policy, content, profiles, or devices. All of these options are available from the Menu drop-‐down. This drop-‐down just gives you one-‐click access to those frequently used options.
MY FAVORITES
Use the My Favorites section to create bookmarks within MDM to your most frequently used Menu items.
Dashboard
The Dashboard page is used to manage and monitor devices from top-‐level groups down to individual devices.
Reports and Alerts
The Reports page allows administrators to generate custom reports about the status of their smart device fleet, configure automatic report subscriptions, and store common reports for future usage. Administrators can also create unique alert policies to provide immediate notification when a device is compromised or enters an unfavorable status.
PROFILES AND POLICIES: PROFILES
The Profiles page allows administrators to create, edit, and remove all of the corporate profiles that are sent over-‐the-‐air to their smart device fleet. These profiles allow for devices to automatically receive corporate data such as Wi-‐Fi connections, passcode and restrictions policies, corporate email and calendars, the App Catalog, and other custom data.
PROFILES AND POLICIES: COMPLIANCE
The Compliance page is where administrators can designate rich security policies for their device fleet so that specific actions can take place when devices fail to meet compliance rules. There are many types of compliance rules that can be selected, but the rules can be divided into three categories —
Application Rules, Device Rules, and Email Rules.
PROFILES AND POLICIES: CERTIFICATES
The Certificates page is where administrators can view a list of all certificates available to devices managed by the Admin Console, determine the status of a certificate, when it expires, and other useful information, as well as revoke a certificate.
PROFILES AND POLICIES: WINMO PROVISIONING
The WinMo Provisioning page is where administrators can provision and create custom variables used to manage Windows Mobile devices from the Admin Console.
CATALOG
The Catalog page provides a centralized interface for administrators to recommend public applications and deploy internal applications to their smart device fleet, view purchases and licenses, create Software Development Kit (SDK) profiles for applications and gather analytics on all applications managed by the Admin Console.
CONTENT
The Content Management pages allow administrators to upload and manage content for secure deployment to the smart device fleet using the Secure Content Locker.
ADMINISTRATION – USER AND ADMIN ACCOUNTS
The User Accounts and Admin Accounts pages provide tools for developing a smart device fleet that is managed by the Admin Console.
• The User Accounts page is used to add, modify, or delete device users.
• The Admin Accounts page is used to add, modify, or delete administrators who use the Admin Console to manage the device fleet.
ADMINISTRATION – EVENT LOG
The Event Log pages allow administrators to view logs that are generated by devices and the Admin Console. The Event Log tracks all history of device and console activity. Use the drop-‐down menus at the top of the page to sort logs based on date, severity, category types, and Admin Console modules.
DEVICE
The Device Search and Bulk Management pages allow you to quickly locate one or more devices or manage groups of devices by name, platform, group, or other criteria. Device Search also provides the administrator with features like Warm Boot, finding a device using GPS, Device Wipe, etc.
CONFIGURATION – SYSTEM SETTINGS
ADVANCED
The Advanced page gives the administrator the ability to edit advanced options, including language settings, custom field definitions, and device groups.
SETTING UP YOUR MDM ENVIRONMENT
OVERVIEW
There are a few administrative items created by default by MDM (from the Control Panel to AirWatch) when you first provision the system via the Hosted Control Panel:
• Location Groups to define the different areas of your corporate hierarchy that manages and utilizes MDM.
• Admin Accounts to provide Admin Console access to all of the administrators of the smart device fleet.
• User Accounts to associate corporate users with their managed devices
ADVANCED DEVICE SETTINGS
You can configure settings for device enrollment, device restrictions, and console privacy. In addition, you can add a name to a device to recognize it easily, including language settings, custom field
definitions for the look up fields, and device groups in the Advanced pages.
APP MANAGEMENT
You can view, manage, push, recommend the public applications, and deploy internal or purchased applications to your device over-‐the-‐ air.
CONTENT MANAGEMENT
You can configure the content such that it can be accessed in online or offline modes by the devices based on the device ownership, Location Groups. You can also enable EIS integration to provide users direct link to folders, network drives, or even SharePoint directories containing various documents to upload into the Secure Content Locker.
EMAIL MANAGEMENT
You can restraint corporate email access for both managed and unmanaged devices. The initial configuration is now complete.
ENABLING IOS MDM SUPPORT
Run this wizard by navigating to System Settings ► Device ► iOS ► APNs for MDM.
• The Apple Push Notification service (APNs) is used to allow MDM to securely communicate to devices over-‐the-‐air (OTA).
• Each organization needs their own APNs certificate to ensure a secure mechanism for their devices to communicate across Apple’s push notification network.
MDM uses your APNs certificate to send notifications to your devices when the administrator requests information or during a defined monitoring schedule.
ADMIN ACCOUNTS
Management of the smart device fleet often requires several administrators to have access to the Admin Console and it may be necessary to add or remove administrative accounts. The Admin Console provides an easy way to create and manage multiple administrative accounts. (The default admin account is automatically created by your hosting provider upon purchase of the service.)
LANGUAGE MANAGEMENT
The Admin Console can display in a variety of languages, which allows you to add additional Language Packs, edit phrases that are used in a specific language, and change the language for only one user, if necessary, while leaving the language unchanged for all other users.
ACTIVATING LANGUAGE PACKS
To add an additional language pack to the Admin Console, browse to Advanced ► Language
Management.
1. Select Language Activation.
2. Choose the language pack you would like to add and press the arrow button to add it to the
Active Locales list.
SELECTING AND CHANGING LANGUAGE
The Admin Console allows the language to be set both for a specific user and/or a specific location. 1. To change the language for the user, navigate to Menu ► Admin Accounts.
2. On the Add/Edit User page, change the Locale to the desired language.
3. Save changes, log off, and log back in to display the new language.
LOCALIZATION EDITOR
The Localization Editor is used to edit specific words or phrases that do not translate properly to the desired language.
1. Browse to Menu ► Language Management. The Localization Editor displays by default.
2. Choose the Locale you wish to edit and click [Search].
3. Find the word or phrase that is incorrect and click the Actions menu. 4. Select [Create Override].
5. Make the desired changes and save to apply the language override.
KEEP IN MIND...
Pay close attention to Location Group hierarchy when creating and editing admin accounts. It is important to enable permissions at the highest Location Group needed in order to ensure the administrator has the proper editing capabilities.
• The selected Location Group is always displayed in the upper left-‐hand corner of the Admin Console.
There are three pieces of information that is automatically sent by the hosting provider when the user is added (and when the device is registered):
• MDM Enrollment URL (provided by your hosting service), which is the same URL that you use to access the Admin Console.
