Versions Compared

Old Version 7

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Warning

This section is WIP!

The following are the key features concepts available in WSO2 Enterprise Mobility Manager (EMM): Table of ContentsmaxLevel3

Mobile Device Management (MDM)

WSO2 EMM's core function to manage devices. The following features list out how WSO2 EMM manages the devices enrolled.

  • Self-service device enrollment and management with end-user EMM Console for iOS, Android, and Windows devices.
  • Integrates to enterprise identity systems for device ownership: LDAP, Microsoft AD
  • Policy-driven device and profile management for security, data, and device features (Camera, Password Policy).
  • Deploy policies over-the-air.
  • Compliance monitoring for applied policies on devices.
  • Role-based access control (RBAC) for device management.
  • Securely wipe enterprise configurations from Enterprise wipe.
  • Track locations of enrolled devices.
  • Retrieve device information.
  • Facilitate device-owner operations such as registering and unregistering devices, installing, rating, sorting mobile apps, etc.

...

 Mobile App Management

WSO2 EMM manages applications installed on the mobile devices.

  • Supports App management.
  • App approval process through a lifecycle.
  • Provision and de-provisioning apps to enrolled devices.
  • Provision apps to enrolled devices based on roles.
  • Provision apps to multiple enrolled devices per user.
  • Retrieve the list of apps.
  • Install new apps and update existing apps on iOS devices via REST APIs, enabling automation of application installation/updates for third-party systems/vendors.
  • Install Web Clips on devices.
  • Enterprise App Store.

  • Discover mobile apps through an Enterprise App Store.

  • Self-provisioning of mobile apps to devices.

  • Rating and Sorting Applications.

  • Password reset.

...

Device and Data Security

Another key area with WSO2 EMM is that it securely manages devices and data.

  • Multi-tenancy to ensure data isolation across all tenants.
  • Enforce built-in security features of passcode and encryption.
  • Encryption of data storage.
  • Device lock and reset.
  • Managed APIs to perform administrative functions.
  • Ring and GPS to locate device remotely if lost/stolen.

...

WSO2 EMM currently supports iOS, Android, and Windows devices. However, the device configuration features will vary based on the mobile OS. The device configuration features that are available for each mobile platform are illustrated as follows: 

...

Localtab
titleAndroid
Panel
borderColor#11375B
bgColor#ffffff
borderWidth1

Android device operations

The default operations that are available for Android devices are accessible for BYOD devices. The COPE devices can only carry out selected operations.If you want to enable the COPE devices to carry out more operations or if you want to limit BYOD devices from carrying out selected operations, you can do so via policies.

Info

COPE only devices need to have the the system service application installed.

The following operations can be carried on the BYOD and COPE Android devices, respectively.

OperationBYODCOPE
Lock a device-
Unlock a device that was locked via the lock operation.-
Retrieve the location of a device.-
Enable the silent profile on your own device or mute the device via the EMM server.-
Enterprise wiping a device. When this operation is executed, the device will be unregistered from EMM.-
Remove your own device lock via the EMM server.-
Change the provided passcode or lock code.-
Ring the device via the EMM server.-
Send a message to the device via the EMM server. The EMM admin can use
this device operation to send group messages or even private messages to the EMM users.		-
Carryout a factory reset on your own device via the EMM server. The user will have
to provide the PIN, which he/she entered when registering to EMM, to be able to wipe his/her device.		-
Reboot or restart your device.
Schedule firmware upgrades on the device.

Alert mechanism to report critical events 

Check for applications that your organization has made available in their app store via the app catalog application.
Install and update applications in silent mode that is without the user's confirmation via the system service application.
Schedule application installations and updates.-

Policies for Android devices

The EMM administrator can add a new policy to a preferred device type, such as BYOD, or COPE. The following policies are available for the Android platform.

PolicyDescription
Passcode policyDefine a password policy for the devices.
Restrictions

Restricts the usage of the camera and other functions. Windows only supports device restrictions on the camera.

For more information on the API to restrict function on Android devices, see below:

  • DISALLOW_ADJUST_VOLUME
  • DISALLOW_CONFIG_BLUETOOTH
  • DISALLOW_CONFIG_CELL_BROADCASTS
  • DISALLOW_CONFIG_CREDENTIALS
  • DISALLOW_CONFIG_MOBILE_NETWORKS
  • DISALLOW_CONFIG_TETHERING
  • DISALLOW_CONFIG_VPN
  • DISALLOW_CONFIG_WIFI
  • DISALLOW_APPS_CONTROL

  • DISALLOW_CREATE_WINDOWS

  • DISALLOW_CROSS_PROFILE_COPY_PASTE

  • DISALLOW_DEBUGGING_FEATURES

  • DISALLOW_FACTORY_RESET

  • DISALLOW_ADD_USER

  • DISALLOW_INSTALL_APPS

  • DISALLOW_INSTALL_UNKNOWN_SOURCES

  • DISALLOW_MODIFY_ACCOUNTS

  • DISALLOW_MOUNT_PHYSICAL_MEDIA

  • DISALLOW_NETWORK_RESET

  • DISALLOW_OUTGOING_BEAM

  • DISALLOW_OUTGOING_CALLS

  • DISALLOW_REMOVE_USER

  • DISALLOW_SAFE_BOOT

  • DISALLOW_SHARE_LOCATION

  • DISALLOW_SMS

  • DISALLOW_UNINSTALL_APPS

  • DISALLOW_UNMUTE_MICROPHONE

  • DISALLOW_USB_FILE_TRANSFER

  • ALLOW_PARENT_PROFILE_APP_LINKING

  • ENSURE_VERIFY_APPS

  • SET_SCREEN_CAPTURE_DISABLED

  • SET_STATUS_BAR_DISABLED
Encrypt storageEncrypt data on the device, when the device is locked and make it readable when the passcode is entered.

Wi-Fi

Ability to configure the Wi-Fi access on a device. WSO2 EMM provides advanced Wi-Fi configuration settings, as shown below:
  • You are able to configure the Wi-Fi settings for the WEPWPA/WPS 2PSK and 802.1 EAP security types. 
  • The 802.1 EAP security type works only for Android 4.3 and above.
  • WSO2 EMM supports the following EAP methods: PEAPTLSTTLSPWDSIM, and AKA.
  • If you want to provide the identity of the user that access the Wi-Fi through their Android device, you can provide [user] as the value for Identity and it will provide the username used by the user to enroll their Android device with WSO2 EMM. This setting is only applicable for the following EAP methods:PEAPTLSTTLS, and PWD.
 
VPNAbility to specify the VPN and per app VPN settings.
Work-Profile Configurations

Ability separate the personal and work related data on your device via the managed profile feature.

Info

For more information on how it works, see Data Containerization for Android Device.

Application restrictionsAbility blacklist and whitelist applications on the Android platform.

Information on enrolled Android devices

You are able to get the following information about an enrolled Android device via the WSO2 EMM console.

  • The battery charged percentage.
  • The internal storage information.
  • The list of installed application on the specific device.
  • The operation log information that contains the details of successful,failed and pending operations.
  • The details of the policy that is been enforced on the device and the compliance details.
  • The location of the device
Localtab
titleiOS
Panel
borderColor#11375B
bgColor#ffffff
borderWidth1

iOS device operations

The operations listed below can be carried on iOS device.

  • Lock your own device via the EMM server.
  • Receive the location of the device.
  • Enable the silent profile on your own device via the EMM server.
  • Wipe all the profiles and data, including apps provisioned via WSO2 EMM using the enterprise wipe operation.
  • Remove your own device lock via the EMM server.
  • Ring the device via the EMM server.
  • Send a message to the device via the EMM server. The EMM admin can use this device operation to send group messages or even private messages to the EMM users.
  • Set the APN configurations on a user's device. In iOS, the EMM server does not detect whether a device (i.e., iPad) has only Wifi, or whether the device has 3G and Wifi. If there is only Wifi, the APN configurations can not be pushed, and a policy violation will occur. 
  • Set the google calendar configurations on the user's device.
  • Set the LDAP account configurations on the user's device.
  • Reboot or restart your device.
  • Schedule firmware upgrades on the device.

Policies for iOS devices

The EMM administrator is able to restrict operations on iOS devices by adding a new policy . The following policies are available for the iOS platform.

PoliciesDescription

Passcode policy

Define a password policy for the devices.
RestrictionsRestricts the usage of the camera and other functions. Windows only supports device restrictions on the camera.

Wifi

Configure the Wi-Fi access on a device.

Email

Configure settings for connecting to your POP or IMAP email accounts.
AirPlayConfigure settings for connecting to AirPlay destinations.
LDAPConfigure settings for connecting to LDAP servers.
CalendarConfigure settings for connecting to CalDAV servers.
Calendar SubscriptionConfigure settings for calendar subscriptions.
APNSpecify Access Point Names ( APN ).
Cellular NetworkSpecify Cellular Network Settings on an iOS device
VPNSpecify the VPN and per app VPN settings.

Information on enrolled iOS devices

You are able to get the following information about an enrolled iOS device via the WSO2 EMM console.

  • The battery charged percentage.
  • The internal storage information.
  • The list of installed application on the specific device.
  • The operation log information that contains the details of successful,failed and pending operations.
  • The details of the policy that is been enforced on the device and the compliance details.
  • The location of the device

...

titleWindows

...

borderColor#11375B
bgColor#ffffff
borderWidth1

Windows device operations

The operations listed below can be carried on iOS device.

  • Lock your own device via the EMM server.
  • Disenroll or unregister your device from WSO2 EMM.
  • Remove your own device lock via the EMM server.
  • Change the provided passcode or lock-code.
  • Ring the device via the EMM server.
  • Carryout a factory reset on your own device via the EMM server. The user will have to provide the PIN, which he/she entered when registering to EMM, to be able to wipe his/her device.

Policies for Windows devices

The EMM administrator is able to restrict operations on Windows devices by adding a new policy. The following policies are available for the iOS platform.

PoliciesDescription

Passcode policy

Define a password policy for the devices.
RestrictionsRestricts the usage of the camera and other functions. Windows only supports device restrictions on the camera.
Encrypt storageEncrypt data on the device, when the device is locked and make it readable when the passcode is entered.

Information on enrolled Windows devices

You are able to get the following information about an enrolled Windows device via the WSO2 EMM console.

...