Presentation is loading. Please wait.

Presentation is loading. Please wait.

MaaS360 MDM for iOS, Android & Windows Phone 7

Published byBritney Charles Modified over 6 years ago

Similar presentations

Presentation on theme: "MaaS360 MDM for iOS, Android & Windows Phone 7"— Presentation transcript:

1 MaaS360 MDM for iOS, Android & Windows Phone 7
MaaS360 e-Learning Portal – Course 2

2 Agenda – MaaS360 MDM for iOS, Android & WP7
iOS Basics Requirements, APNS, Enrollment Process Communication Workflow Device View – iOS Attributes & Actions Android Basics Requirements, Enrollment Options & Process Device View – Android Attributes & Actions WP7 Basics Device View – WP7 Attributes & Actions Troubleshooting Basics

3 MaaS360 MDM for iOS

4 iOS MDM Requirements iOS Operating System Version: 4.x and higher
APNS Certificate APNS - Apple Push Notification Service APNS Certificate (MaaS360 helps automate this process): Authentication by Apple Provider can send notifications One Time Activity – one certificate for all iOS devices Port 5223 Port 5223 Provider Notification APNS Cloud Notification

5 MaaS360 APNS Certificate Creation Workflow
Generate a new APNS certificate: Enter your Corporate Apple ID: Do not use your personal ID. Download the CSR (signed by Fiberlink). You will get an as well.

6 MaaS360 APNS Certificate Creation Workflow
Sign into Apple Push Cert Website: Accept Terms, upload CSR, download certificate(.pem), logout: Upload certificate, enter password and complete the APNS Process:

7 Manual APNS Certificate Creation
Mac OS X workstation or Windows Server with Administrative permissions. Prepare a Certificate Signing Request Sign the CSR with MaaS360 Upload prepared CSR to Apple Push Cert Website Export the signed certificate Complete the CSR Request Export the APNS Certificate with a Password Upload to MaaS360 Reference: APNS_Certificate_Guide_Detailed.pdf

8 iOS Device Enrollments - Options
Over-The-Air (OTA) Session Based Enrollment: One Time Passcode based authentication: Unique Enrollment URL & Password for each request URL Format : ( 7 day shelf live, supports de-activation Bulk Enrollment Option Available Active Directory Requires Cloud Extender (Microsoft AD / LDAP support) Same Self Enrollment URL URL Format : ( Two Factor Authentication (2FA) Combination of both Passcode and AD. Corporate ID: Defaults to Account Number (7 digits) Customizable (Manage >> Configure Device Enrollment Settings) One Word, all lower case (preferably) Enrollment URL is case sensitive

9 iOS Device Enrollments - Workflow
Device Enrollment Process Device initiates enrollment using Web Browser (Safari) Enrollment URL: Sent via , SMS (can be sent to separate if corp is not configured on the device yet) Enrollment Passcode: Sent for Passcode authentication / 2FA Passcode only in , not SMS’ed (Security Reasons) Enrollment Steps Authentication License Agreement MaaS360 Standard Customer Agreement (Optional, if configured) MDM Profile Configuration MaaS360 App for iOS Installation (from iTunes App Store)

10 iOS Device Enrollment Process in Action
SMS Steps Auth EULA Profile Install

11 iOS Device Enrollment Process in Action
Profile Description Profile install Prompt Profile Capabilities - Warning Key Pair Generation Profile Install Completed

12 iOS App (MaaS360 for iOS) MaaS360 for iOS App:
Not required for enrollment, but does drive key features App Functionality: Jailbreak detection Last Known Location Action Document Management Send Message Action Mobile Expense Management Device Attribute & Log Collection MaaS360 for iOS installation: Part of enrollments, app distribution is best practise User will install (iTunes access/account required) User will run MaaS360 Accept location services & notifications

13 iOS Communication Flow
Notification APNS Cloud MaaS360 Admin Notification HTTPs TCP Port 443 Customer Devices APNS TCP Port 5223 Port 443: Device Policy Delivery Device Action Delivery Device Attribute Collection Device Heartbeat Apps & Docs Port 5223: (need to be opened on Corp FW & Proxy) iOS Device Notification Wake up message Device reports back to MaaS360 to download action commands.

14 iOS Device Attributes Summary Hardware Inventory Network Information
Summary of Hardware, OS & Compliance Information Hardware Inventory Detailed Hardware Inventory, Custom Attributes Network Information Location Information Location History can be enabled from here (global) Security & Compliance Certificates Identity certificate generated during enrollment Software Installed App Distributions Documents Downloaded Mobile Data Usage(if Mobile Exp Mgmt is enabled) In Network and Roaming Usage Change History Service Activations, Custom Attribute changes Action History Audit history for all actions on the device

15 iOS Actions Refresh Device Information
Last Known Location (requires app) Send Message (requires app) Lock Device Reset Device Passcode Selective Wipe (Restrict Device) Removes wifi, vpn, profiles if pushed through policy Device can still be managed Normally setup as an automated action on compliance failure Wipe Device Change iOS Policy Change Plan (if MEM is enabled) Distribute App Remove iOS Control (Removes overall management) Hide Device Record ** To be used as last resort ** Change Rule Set

16 MaaS360 MDM for Android

17 Android Requirements Android OS Version : 2.2 or higher Gmail account:
MaaS360 App for Android access on Google Play C2DM (Cloud to Device Messaging) access Similar to APNS Notifications in the iOS world On enrollment, MaaS360 App tries to register for C2DM

18 Android Device Enrollments - Options
Agent Based Enrollment: One Time Passcode based authentication: Unique Enrollment URL & Password for each request URL Format : ( 7 day shelf live, supports de-activation Bulk Enrollment Option Available Active Directory Requires Cloud Extender (Microsoft AD / LDAP support) Same Self Enrollment URL URL Format : ( Two Factor Authentication (2FA) Combination of both Passcode and AD. Corporate ID: Defaults to Account Number (7 digits) Customizable (Manage >> Configure Device Enrollment Settings) One Word, all lower case (preferably) Enrollment URL is case sensitive

19 Android Device Enrollments - Workflow
Device Enrollment Process Device initiates enrollment using Web Browser Enrollment URL: Sent via , SMS (can be sent to separate if corp is not configured on the device yet) Enrollment Passcode: Sent for Passcode authentication / 2FA Passcode only in , not SMS’ed (Security Reasons) Enrollment Steps Download Agent from Google Play Authentication License Agreement MaaS360 Standard Customer Agreement (Optional, if configured) Accept as Device Administrator

20 Android Enrollment Process in Action
Web Enrollment Steps Auth Install from Google Play

21 Android Enrollment Process in Action
Enrolled EULA Activate Device Administrator

22 Android Communication Flow
Notification C2DM Cloud MaaS360 Admin Notification HTTPs TCP Port 443 Customer Devices C2DM TCP Port 5228, 80,443 Port 443: Device Policy Delivery Device Action Delivery Device Attribute Collection Device Heartbeat Apps & Docs Port 5228: (need to be opened on Corp FW & Proxy) Used to download the App from Google Play

23 Android Device Attributes
Summary Summary of Hardware, OS & Compliance Information Hardware Inventory Operating System Network Information Location Information Location History can be enabled from here (global) Security & Compliance Software Installed Running Services List of open running services App Distributions Documents Accessed Mobile Data Usage(if Mobile Exp. Mgmt. is enabled) In Network and Roaming Usage MaaS360 Services Agent Version, Client ID Change History Service Activations, Custom Attribute changes Action History Audit history for all actions on the device

24 Android Actions Refresh Device Information Locate Device Send Message
Lock Device Reset Device Passcode Selective Wipe (Restrict Device) Removes wifi, vpn, profiles if pushed through policy Device can still be managed Normally setup as an automated action on compliance failure Wipe Device Change Android Policy Change Plan (if MEM is enabled) Distribute App Remove Android Control Removes overall management Hide Device Record ** To be used as last resort ** Change Rule Set

25 MaaS360 MDM for WP7

26 Windows Phone 7 (WP7) MDM Requirements
Agent Based MDM for Window Phone 7.5 (Mango) Microsoft Push Notification Service (MPNS): Client registers for MPNS Return URI to MaaS360 Actions via MPNS

27 WP7 Device Enrollments - Options
Over-The-Air (OTA) Session Based Enrollment: One Time Passcode based authentication: Unique Enrollment URL & Password for each request URL Format : ( 7 day shelf live, supports de-activation Bulk Enrollment Option Available Active Directory Requires Cloud Extender (Microsoft AD / LDAP support) Same Self Enrollment URL URL Format : ( Two Factor Authentication (2FA) Combination of both Passcode and AD. Corporate ID: Defaults to Account Number (7 digits) Customizable (Manage >> Configure Device Enrollment Settings) One Word, all lower case (preferably) Enrollment URL is case sensitive

28 WP7 Device Enrollments - Workflow
Device Enrollment Process Device initiates enrollment using Web Browser Enrollment URL: Sent via , SMS Enrollment Passcode: Sent for Passcode authentication / 2FA Passcode only in , not SMS’ed (Security Reasons) Enrollment Steps Download Agent from Microsoft App Marketplace Authentication License Agreement MaaS360 Standard Customer Agreement (Optional, if configured) Allow Location Detection & MS Push Notification

29 WP7 Device Enrollment Process in Action
Start Download Auth EULA Steps

30 WP7 Device Enrollment Process in Action
Allow Location Detection Allow MS Push Notifications Enrolled

31 WP7 Communication Flow MaaS360 Port 443: Customer Devices
Notification MPNS Cloud MaaS360 Admin Notification HTTPs TCP Port 443 Customer Devices TCP Port 443 Port 443: Device Policy Delivery Device Action Delivery Device Attribute Collection Device Heartbeat Apps & Docs WP7 Device Notification

32 WP7 Device Attributes Summary Hardware Inventory Network Information
Summary of Hardware, OS & Network Information Hardware Inventory Basic Hardware Inventory, Custom Attributes Network Information Carrier Information Location Information Location History can be enabled from here (global) MaaS360 Services Agent Version, MS Push Notification Status Change History Service Activations, Custom Attribute changes Action History Audit history for all actions on the device

33 WP7 Actions Supports App Management MDM ActiveSync
Refresh Device Information Send Message App Specific Message, not SMS Last Known Location Remove WP7 Control Removes overall management Hide Device Record ** To be used as last resort ** Change Rule Set ActiveSync ActiveSync for Policy Management Merged record for Block, Remote Wipe Supports App Management

34 Troubleshooting Basics

35 Troubleshooting Basics
Common problem areas / questions from customers. Cause of issue Resolution / Work-around

36 Common Questions/Problems/Resolutions
Enrollment Request SMS does not reach the device Possible Reasons and Resolutions Device is not allowed to receive SMS / SMS service is off for the device tariff. (Roaming?) Enable SMS for the tariff or on the device No Network Make sure you ask if device got mobile coverage Is Voice Roaming allowed? Note: SMS is not required for enrollment, passcode will always be in

37 Common Questions/Problems/Resolutions
Enrollment URL cannot be accessed from the device Possible Reasons and Resolutions URL IS CASE SENSITIVE Http(s) is blocked with current network connection Device is connected to wifi and internet connection is in some way restricted (proxy, filtering ?) Device is connected via private APN with restrictions applied Check if you can reach other URLs from the device Try another network connection Safari must be used for iOS Accept Cookies must be set to “From Visited” under Settings -> Safari on the device The enrollment will will inform the user if cookies are off

38 Common Questions/Problems/Resolutions
Enrollment Authentication Fails Possible Reasons and Resolutions Typo in the One Time Passcode Make sure user got the correct one time passcode Make sure the one time passcode is not expired AD Authentication Error Typo/Wrong Domain Cloud Extender setup needs to be checked Combined AD and One Time Passcode Start with making sure OTP is correctly typed in. Second step is to check Cloud Extender setup. Check Manage -> Manage Enrollment Requests for errors as well

39 Common Questions/Problems/Resolutions
Cannot find/download Android App in the Market Possible Reasons and Resolution Country is blocking the market or device has a custom ROM with no Market installed Install the market Verify the device is on Android version 2.2 or higher We have restrictions on the app to not be found if under 2.2 Some generic tablets run a 1.6 which cannot be enrolled Ensure you can access the market from the device Ensure you can find other apps

40 Common Questions/Problems/Resolutions
Enrollment fails after successful Authentication This is usually seen on iOS if the main MDM profile comes down but none of the policy payloads Possible Reasons and Resolutions For iOS/Android port is blocked (TCP 5223)/ (TCP 5228) Make sure your network connection allows this communication to the internet. Wireless routers may block this traffic Internal Proxy servers can also block it Try another connection with the device (3G internet, other DSL based WIFI or free WIFI. HTTPs communication to the internet is blocked. Can be the same reasons as above. Try to disable Wireless if the device is connected to a wifi connection in parallel.

41 Common Questions/Problems/Resolutions
Most of the Problems will happen during the initial setup of a customer account and enrolment (~90%) There are still issues that may come up during operation like: Actions are not applied Possible Reasons Network communication errors (see earlier slides) Try to disable WIFI if the device is connected to a wifi connection in parallel.

42 Thank You Questions ?

Download ppt "MaaS360 MDM for iOS, Android & Windows Phone 7"

Similar presentations

Mobile Device Protocol Sunil Vallamkonda 11/19/2012.

Mobile Device Protocol Sunil Vallamkonda 11/19/2012.
Copyright © 2012 AirWatch, LLC. All rights reserved. Proprietary & Confidential. Mobile Content Strategies and Deployment Best Practices.

Copyright © 2012 AirWatch, LLC. All rights reserved. Proprietary & Confidential. Mobile Content Strategies and Deployment Best Practices.
IBM Endpoint Manager for Mobile Devices Mobile Device Management

IBM Endpoint Manager for Mobile Devices Mobile Device Management
Sophos Mobile Control SophSkills Session Name: Thomas Lippert – Product Management DPG Date: 17-Feb-2011.

Sophos Mobile Control SophSkills Session Name: Thomas Lippert – Product Management DPG Date: 17-Feb-2011.
Services Course Windows Live SkyDrive Participant Guide.

Services Course Windows Live SkyDrive Participant Guide.
Avaya – Proprietary. Use pursuant to the terms of your signed agreement or Company policy. idEngines® Avaya Identity Engines And Mobile Device Management.

Avaya – Proprietary. Use pursuant to the terms of your signed agreement or Company policy. idEngines® Avaya Identity Engines And Mobile Device Management.
Desktop Central Managing Desktops, Servers & Devices Romanus Prabhu R Technical Account Manager LinkedIn : romanus.prabhu.

Desktop Central Managing Desktops, Servers & Devices Romanus Prabhu R Technical Account Manager LinkedIn : romanus.prabhu.
Sophos Mobile Control. Tablets on the rise 2 Trends 3 75% of 157 polled companies encourage employee owned smart phones and tablets to access corporate.

Sophos Mobile Control. Tablets on the rise 2 Trends 3 75% of 157 polled companies encourage employee owned smart phones and tablets to access corporate.
Module 10: Troubleshooting Network Access. Overview Troubleshooting Network Access Resources Troubleshooting LAN Authentication Troubleshooting Remote.

Module 10: Troubleshooting Network Access. Overview Troubleshooting Network Access Resources Troubleshooting LAN Authentication Troubleshooting Remote.
Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.

Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.
Protect your data Enable your users Unify Your Environment DevicesAppsData Help organizations enable their users to be productive on the devices they.

Protect your data Enable your users Unify Your Environment DevicesAppsData Help organizations enable their users to be productive on the devices they.
Management lifecycle summary Mobile Device Management with Windows Intune or 3 rd Party tools Simplified and flexible device enrollment, using.

Management lifecycle summary Mobile Device Management with Windows Intune or 3 rd Party tools Simplified and flexible device enrollment, using.
Protect your data Enable your users Unify Your Environment DevicesAppsData Help organizations enable their users to be productive on the devices they.

Protect your data Enable your users Unify Your Environment DevicesAppsData Help organizations enable their users to be productive on the devices they.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Exchange Exchange Connecter with Configuration Manager Configuration Manager with Intune Protect and Manage Devices and Infrastructure.

Exchange Exchange Connecter with Configuration Manager Configuration Manager with Intune Protect and Manage Devices and Infrastructure.
Managing Client Access

Managing Client Access
Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.

Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.
Howard A. Carter III Senior Consultant Microsoft Consulting Services

Howard A. Carter III Senior Consultant Microsoft Consulting Services
Your storage on the ground; Your files in the cloud.

Your storage on the ground; Your files in the cloud.
70-284 MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.

Similar presentations

Ads by Google