| Warning |
|---|
This section is WIP! |
...
- Multi-tenancy to ensure data isolation across all tenants.
- Enforce built-in security features of passcode and encryption.
- Encryption of data storage.
- Device lock and reset.
- Managed APIs to perform administrative functions.
- Ring and GPS to locate device remotely if lost/stolen.
Mobile device features
WSO2 EMM currently supports iOS, Android, and Windows devices. However, the device configuration features will vary based on the mobile OS. The device configuration features that are available for each mobile platform are illustrated as follows:
...
| Localtab |
|---|
|
| Panel |
|---|
| borderColor | #11375B |
|---|
| bgColor | #ffffff |
|---|
| borderWidth | 1 |
|---|
| Android device operationsThe default operations that are available for Android devices are accessible for BYOD devices. The COPE devices can only carry out selected operations.If you want to enable the COPE devices to carry out more operations or if you want to limit BYOD devices from carrying out selected operations, you can do so via policies. The following operations can be carried on the BYOD and COPE Android devices, respectively. | Operation | BYOD | COPE |
|---|
| Lock a device | √ | - | | Unlock a device that was locked via the lock operation. | √ | - | | Retrieve the location of a device. | √ | - | | Enable the silent profile on your own device or mute the device via the EMM server. | √ | - | | Enterprise wiping a device. When this operation is executed, the device will be unregistered from EMM. | √ | - | | Remove your own device lock via the EMM server. | √ | - | | Change the provided passcode or lock code. | √ | - | | Ring the device via the EMM server. | √ | - | Send a message to the device via the EMM server. The EMM admin can use
this device operation to send group messages or even private messages to the EMM users. | √ | - | Carryout a factory reset on your own device via the EMM server. The user will have
to provide the PIN, which he/she entered when registering to EMM, to be able to wipe his/her device. | √ | - | | Reboot or restart your device. | √ | √ | | Schedule firmware upgrades on the device. | √ | √ | Alert mechanism to report critical events | √ | √ | | Check for applications that your organization has made available in their app store via the app catalog application. | √ | √ | | Install and update applications in silent mode that is without the user's confirmation via the system service application. | √ | √ | | Schedule application installations and updates. | √ | - |
Policies for Android devicesThe EMM administrator can add a new policy to a preferred device type, such as BYOD, or COPE. The following policies are available for the Android platform. | Policy | Description |
|---|
| Passcode policy | Define a password policy for the devices. | | Restrictions | Restricts the usage of the camera and other functions. Windows only supports device restrictions on the camera. For more information on the API to restrict function on Android devices, see below: DISALLOW_ADJUST_VOLUMEDISALLOW_CONFIG_BLUETOOTHDISALLOW_CONFIG_CELL_BROADCASTSDISALLOW_CONFIG_CREDENTIALSDISALLOW_CONFIG_MOBILE_NETWORKSDISALLOW_CONFIG_TETHERINGDISALLOW_CONFIG_VPNDISALLOW_CONFIG_WIFIDISALLOW_APPS_CONTROLDISALLOW_CREATE_WINDOWS
DISALLOW_CROSS_PROFILE_COPY_PASTE
DISALLOW_DEBUGGING_FEATURES
DISALLOW_FACTORY_RESET
DISALLOW_ADD_USER
DISALLOW_INSTALL_APPS
DISALLOW_INSTALL_UNKNOWN_SOURCES
DISALLOW_MODIFY_ACCOUNTS
DISALLOW_MOUNT_PHYSICAL_MEDIA
DISALLOW_NETWORK_RESET
DISALLOW_OUTGOING_BEAM
DISALLOW_OUTGOING_CALLS
DISALLOW_REMOVE_USER
DISALLOW_SAFE_BOOT
DISALLOW_SHARE_LOCATION
DISALLOW_SMS
DISALLOW_UNINSTALL_APPS
DISALLOW_UNMUTE_MICROPHONE
DISALLOW_USB_FILE_TRANSFER
ALLOW_PARENT_PROFILE_APP_LINKING
ENSURE_VERIFY_APPS
SET_SCREEN_CAPTURE_DISABLED
SET_STATUS_BAR_DISABLED
| | Encrypt storage | Encrypt data on the device, when the device is locked and make it readable when the passcode is entered. | Wi-Fi | Ability to configure the Wi-Fi access on a device. WSO2 EMM provides advanced Wi-Fi configuration settings, as shown below:
- You are able to configure the Wi-Fi settings for the
WEP, WPA/WPS 2PSK and 802.1 EAP security types. - The
802.1 EAP security type works only for Android 4.3 and above. - WSO2 EMM supports the following EAP methods:
PEAP, TLS, TTLS, PWD, SIM, and AKA. - If you want to provide the identity of the user that access the Wi-Fi through their Android device, you can provide
[user] as the value for Identity and it will provide the username used by the user to enroll their Android device with WSO2 EMM. This setting is only applicable for the following EAP methods:PEAP, TLS, TTLS, and PWD.
| | VPN | Ability to specify the VPN and per app VPN settings. | | Work-Profile Configurations | Ability separate the personal and work related data on your device via the managed profile feature. | | Application restrictions | Ability blacklist and whitelist applications on the Android platform. |
You are able to get the following information about an enrolled Android device via the WSO2 EMM console. - The battery charged percentage.
- The internal storage information.
- The list of installed application on the specific device.
- The operation log information that contains the details of successful,failed and pending operations.
- The details of the policy that is been enforced on the device and the compliance details.
- The location of the device
|
|
...
...
| borderColor | #11375B |
|---|
| bgColor | #ffffff |
|---|
| borderWidth | 1 |
|---|
iOS device operations
The operations listed below can be carried on iOS device.
...
...
...
Policies for iOS devices
The EMM administrator is able to restrict operations on iOS devices by adding a new policy . The following policies are available for the iOS platform.
| Policies | Description |
|---|
Passcode policy | Define a password policy for the devices. |
| Restrictions | Restricts the usage of the camera and other functions. Windows only supports device restrictions on the camera. |
Wifi | Configure the Wi-Fi access on a device. |
Email | Configure settings for connecting to your POP or IMAP email accounts. |
| AirPlay | Configure settings for connecting to AirPlay destinations. |
| LDAP | Configure settings for connecting to LDAP servers. |
| Calendar | Configure settings for connecting to CalDAV servers. |
| Calendar Subscription | Configure settings for calendar subscriptions. |
| APN | Specify Access Point Names ( APN ). |
| Cellular Network | Specify Cellular Network Settings on an iOS device |
| VPN | Specify the VPN and per app VPN settings. |
Information on enrolled iOS devices
You are able to get the following information about an enrolled iOS device via the WSO2 EMM console.
- The battery charged percentage.
- The internal storage information.
- The list of installed application on the specific device.
- The operation log information that contains the details of successful,failed and pending operations.
- The details of the policy that is been enforced on the device and the compliance details.
- The location of the device
...
...
| borderColor | #11375B |
|---|
| bgColor | #ffffff |
|---|
| borderWidth | 1 |
|---|
Windows device operations
The operations listed below can be carried on iOS device.
- Lock your own device via the EMM server.
- Disenroll or unregister your device from WSO2 EMM.
- Remove your own device lock via the EMM server.
- Change the provided passcode or lock-code.
- Ring the device via the EMM server.
- Carryout a factory reset on your own device via the EMM server. The user will have to provide the PIN, which he/she entered when registering to EMM, to be able to wipe his/her device.
Policies for Windows devices
The EMM administrator is able to restrict operations on Windows devices by adding a new policy. The following policies are available for the iOS platform.
| Policies | Description |
|---|
Passcode policy | Define a password policy for the devices. |
| Restrictions | Restricts the usage of the camera and other functions. Windows only supports device restrictions on the camera. |
| Encrypt storage | Encrypt data on the device, when the device is locked and make it readable when the passcode is entered. |
Information on enrolled Windows devices
You are able to get the following information about an enrolled Windows device via the WSO2 EMM console.
...