Endpoint Protector - Mobile Device Management
Contents
1. Location Acc racy Fine Locaton Cost Allowed Report Location Done j 12 The settings Location Accuracy Fine or Location Cost Allowed can be selected Click Done to finish the enrollment process Location Accuracy Fine Locathon Cost Allowed These two settings are described in the chapter 11 6 1 Location Accuracy Fine on Android 11 6 2 Location Cost Allowed on Android Enrolling Mobile Devices means to establish the connection for communication and management between the Endpoint Protector Appliance and your mobile devices It is the process of inviting enrolling and connecting the device with your Endpoint Protector Appliance lOS enrollment Android enrollment To enroll mobile devices it is required to have the setup for either APNS for iOS and OS X or GCM for Android as described in chapter 4 MDM Setup APNS Apple amp GCM finalized If the Setup for APNS or GCM is not finalized the Endpoint Protector Appliance will not give you access to gt Enroll Devices 39 Endpoint Protector Mobile Device Management User Manual 7 1 Different Enrollment methods are available A mobile device can be enrolled by 1 Accessing a link in the invitation E mail send to the device 2 Scanning a QR code contained in the invitation E mail for a device 3 Accessing a link contained in the invitation SMS send to the device 4 Accessing directly a link through the native web browser on the dev2. AddTrust External CA 5 30 2020 USERTrust al Certum CA Certum CA 6 11 2027 Certum EalClass 3 Public Prima Class 3 Public Primary 8 2 2028 VeriSign Class 3 Ga Class 3 Public Prima Class 3PublicPrimary 1 8 2004 VeriSign al Copyright c 1997 Copyright c 1997 Mi 12 31 1999 Microsoft Timest Gal DigiCert High Assur DigiCert High Assuran a DigiCert Enirust net Secure Enitrust net Secure Se GalEquifax Secure Cer Equifax Secure Certifi GalGlobalsign Root CA GlobalSign Root CA Import Export Remove Certificate intended purposes Learn more about certificates 134 Endpoint Protector Mobile Device Management User Manual A Welcome to the Certificate Import Wizard pops up Just click the Next button Welcome to the Certificate Import Wizard This wizard helps you copy certificates certificate trust lists and certificate revocation lists from your disk to a certificate store A certificate which is issued by a certification authority is a confirmation of your identity and contains information used to protect data or to establish secure network connections A certificate store is the system area where certificates are kept To continue dick Next 135 Endpoint Protector Mobile Device Management User Manual Browse for the Certificate file you downloaded from the Appliance Setup Wizard gt Appliance Server Certificate File to Import Specify the file you
3. Endpoint Protector 4 Copyright 2004 2013 CoSeSys Lid All nghts reserved Ready Version 4 3 0 5 Appliance To remove an app click the icon and the app will be deleted from the managed iOS device When a managed app is removed on the device the device user is not asked to confirm the removal of the app 13 Android App Management The Mobile Application Management MAM feature in Endpoint Protector for Android gives the Endpoint Protector Administrator the power to push Apps on managed Android devices The feature in the current version supports Android apps Mobile Apps can be managed under the following option Mobile Device Management gt Android App Management Welcome Logout ce eesti lela i Reporting and Administration Tool English x Q Advanced Search p3 Dashboard Mobile Device Management Android App Management Endpoint Management Android Apps es Endpoint Rights Show all departments os Title v Vendor Version Description Actions gt Endpoint Settings CoSoSys Notepad Demo CoSoSys 1 0 Content Aware Protection CAP ines solz per page Mobile Device Management Add Android App Dashboard Enroll Devices Mobile Devices MDM Policies iOS App Management Android App Management APNS Certificate Setup Apple GCM Maps Setup Google Offline Temporary Password Reports and Analysis gt ie Alerts a Directory Services amp Appliance System Maintenance Q Syste
4. Mobile Device Management B OX P u Enroll Devices Mobile Devices MDM Policies APN Cercate Se Lup Appie GCM Maps Setup Google Offline Temporary Password Reports and Analysis Dl s d 2 d gt A i System Alerts Directory Services System Maintenance System Configuration System Parameters OQ O Support 4 Reporting and Administration Tool Mobile Device Management Policies Policies Show Help R amp D Policy TestPolicy Custom Content Custom Content Devices Update Add New Duplicate Policy 10S type Applies To Show Help iOS Mobile Devices D lt iPhone iPad 1 iPhone I lt Q Search All G Save G 3 Save and Apply Android Devices Security Content Custom Content Devices Update Edit 2 Apply Create your own Create new Policy with your own settings Click on Policy to select it Double dick on Title to edit a Policy Delete The advantage of using an MDM Policy is that for a large number of devices the policy can be changed simultaneously 120 Endpoint Protector Mobile Device Management User Manual 14 1 Create a Policy for iOS OS X or Android Devices To create a new MDM Policy click on Add New and then select for what operating System the Policy should apply Choose between iOS OS X and Android Give the policy a name and a description that will help you later manage
5. Set Wifi Set Bluetooth Set Camera Refresh Status Refresh Status Refresh Status 11 10 Play Sound on Device for Android Mobile Devices gt Manage Device gt Play Sound on Device Security Policy Lock Wipe Device Settings Play Sound on Device This feature plays a sound on the device to make it easier to find it if misplaced Play Sound e The option Play Sound will make the Android device play a loud noise in order to locate a misplaced device 100 Endpoint Protector Mobile Device Management User Manual 11 11 Refresh Google Accounts for Android Mobile Devices gt Manage Device gt Refresh Google Accounts Security Policy Lock Wipe Device Settings Manage Device Play Sound on Device Refresh Devic This feature plays a sound on the device to make it This feature will easier to find it if misplaced Play Sound Refresh Google Accounts Refresh Accot This feature will refresh This feature will the list of Google Accounts the list of Phone Get Google Accounts e The option Refresh Google Accounts by clicking Get Google Accounts will receive a list of Google accounts registered with the Android device The list of Accounts is displayed under Mobile Devices gt Manage Device gt Accounts 11 12 Refresh Device Details for Android Mobile Devices gt Manage Device gt Refresh Device Details Security Policy Lock Wipe Device Settings Manage Dewice Manage WiFi Manage
6. The added contacts will be available in the Results section List of Mobile Device Management Bulk Enrollment Contacts Show all department Important Notice a Please select the Mobile Device Type and Default Profiles Protection Type when importing pasting contacts since the Enrollment Requests will contain these information If the contact contains both an E mail address and a phone number the request will be send to the E mail address Sending Enrollment Requests to the maximum accepted entries in the sending queue will take up to 1hour depending on the number of selected contacts Type E mail ios i john company com ios mark company com ios paul example com ios i dan example com 4results 20 per page Add To Sending Queue Delete Contacts Import contacts list 9 Select Mobile Device Type iOS Apple Android Unknown Profiles Protection Always Allow Removal Never Allow Removal Passphrase Required for Removal Browse for the import file No fle sdlected Download sample file Bulk Enrollment xls Sample G Upload Paste Contacts a Select Mobile Device Type iOS Apple Android Unknown Profiles Protection Always Allow Removal Never Allow Removal Passphrase Required for Removal Contacts List Maximum 500 contacts at once To add the selected contacts to the sending queue click on Add To Sending Queue button List of Mobile Device Ma
7. A simple web app run on App Engine Cloud Storage and your choice of Cloud Datastore Cloud SQL or Cloud SQL Cloud Datastore BigQuery Z Cloud Development 3 In the left menu go to APIs amp auth gt APIs Google Cloud Cc lt My Cloud Project Overview Registered apps Consent screen Notification endpoints Permissions Settings Support 4 Make sure the following three Google Services have ON status green Google Cloud Messaging for Android 19 Endpoint Protector Mobile Device Management User Manual Google Maps JavaScript API v3 Static Maps API To enable these three services toggle it to the status ON Google Developers Console lt 2014 04 04 Overview APIs amp aut APIs Credentials Consent screen Push Permissions Settings Support App Engine Compute Engine Cloud Storage Cloud Datastore Cloud SQL BigQuery CZ Cloud Development NAME BigQuery API a Google Cloud Messaging for Android m Google Cloud SQL Google Cloud Storage Google Cloud Storage JSON API Google Maps JavaScript API v3 Static Maps API Ad Exchange Buyer API Ad Exchange Seller API Admin SDK AdSense Host API AdSense Management API Analytics API Audit API Blogger API v3 Books API CalDAV API Calendar API Chrome Web Store API QUOTA o a 0 0 1 000 requests day 10 000 requests day 150 000 requests day 100 000 requests day 10 000
8. User Manual 13 4 Removing Managed Apps from Android Devices All installed Apps on an Android device are displayed in the Installed Apps tab Welcome Logout ENDPOINT 4 Reporti d Administration Tool E C qQ n Y PROTECTOR eporting an ministration 100 glish Advanced Search Dashboard Mobile Device Mobile Device Management sss Show alt departments Show all departments Endpoint Management bil E f 7 a p Endpoint Rights Name Samsung GT 19505 User Name tony Last Seen 21 March 2014 11 18 RH Endpoint Settings Type Android Phone Number 123456 IME 357506052360695 Content Aware Protection CAP ae Carrier RO ORANGE WiFiMac CC 3A 61 C3 33 81 Model No GT 19505 OS Version 4 3 Description Mobile Device Management Dashboard Locate Mobile Device Enroll Devices Current Location Strada Haiducului Mobile De ses Time 17 Mar 2014 12 23 54 Cluj Napoca 400000 MDM Policies Provider gps Romania iOS App Management gees Pi Locati Strada Haiducul revious Location ada Haiducului ANE ate Setn Arek Cluj Napoca 400000 GCM Maps Setup Google Romania ky Offline Temporary Password uf tie S _Ukraine io as Update Location il Reports and Analysis d ants oY os Location History O d Biscay Cog Map dae 2014 Sa oy Terms of Use A nets ry Directory Servi Security Policy Lock Wipe Device Settings Manage Device Apps Installed Apps Accounts Contacts Calendar Events History Results
9. Wipe gt Wipe SD Card 97 Endpoint Protector Mobile Device Management User Manual Security Policy Lock Wipe Device Settings Manage Device Manage WiFi Manage Mail Installed Apps Accounts Contacts Profiles History Lock Device Wipe Device Data Wipe SD Card Strong Password Lock Set Random Password Warning Please note that the device after Warning this feature will delete all data Pe PO executing the remote wipe is no longer connected from SD Card in the device Lock Device Screen Keep Current Password and managed by Endpoint Protector since all data including connectivity information to Endpoint Protector is erased F Including SD Card Lock e Wipe e Wipe SD Card The SD Card in an Android device can be remotely wiped using this feature To wipe the SD Card click Wipe SD Card 11 5 Device Ownership Mobile Devices gt Device Settings gt Device Ownership Security Policy Lock Wipe Dewice Settings Device Ownership Unknown Personal Company The option Device Ownership can be set to who is the rightful owner of a device Set it to Company if the company has purchased the device for the user or to Personal if the user has purchased the device and uses it for business purposes After a device is enrolled the default settings is set to Unknown 11 6 Android Device Location Settings Mobile Devices gt Device Settings gt Device Location Settings 98 Endp
10. amp Appliance Name 4 Identifier Version Short Version Last Status App Size Storage Used Management Flags Actions System Maintenance 7 100 Doors 2013 com gipnetix stages 1 43 1 43 App List Update N A NIA NIA System Configuration Aliens Space com gipnetix aliensspace 1 0 8 1 0 8 App List Update N A N A N A a System Parameters EPP Client com cososys eppciient 1 0 0 6 1 0 0 6 App List Update N A NIA NIA Galaxy 54 Sensors pl komur android galaxys4sensors 1 0 1 0 App List Update N A N A N A oO O p Hot Mod com gamenet hotmods 15 15 App List Update N A NA NA NotePad com example android notepad null null App List Update N A NIA NIA Pinterest com pinterest 244 244 App List Update N A NIA NIA Pulse com alphonso pulse 4 0 8 4 0 8 App List Update N A NIA NIA are eed ee ee ees an va AnA A m l iek lM ana ana arta BA A 2 Endpoint Protector 4 Copyright 2004 2014 CoSoSys Ltd All rights reserved Ready Version 4 4 0 3 Appliance To remove an app click the amp icon and the app will be deleted from the Android device When a managed app is removed on the device the device user is not asked to confirm the removal of the app 14 Policy Builder for iOS OSX or Android Devices The Policy Builder for iOS OS X and Android devices is located under Mobile Device Management gt MDM Policies ENDPOINT PROTECTOR ES Dashboard Endpoint Management Endpoint Rights Endpoint Settings Content Aware Protection
11. 5 0 iOS version 4 0 is not supported by the EPP MDM iOS app due to missing support for required features The EPP MDM app allows the iOS device to provide location data of the device to the Endpoint Protector Appliance in order to determine the current location of an iOS device in case it is misplaced lost or stolen To locate an iOS device the EPP MDM app is a necessity on the iOS device 28 Endpoint Protector Mobile Device Management User Manual 5 3 EPP MDM iOS App to enroll devices optional The EPP MDM App allows the iOS device to enroll as described below at iOS Mobile Device Enrollment through EPP MDM App The EPP MDM App is not required for enrollment it is simply an option to enroll in this way a device to Endpoint Protector Server 5 4 EPP MDM iOS App Device Information The EPP MDM app also detects device details and if a device was tampered with Jailbreak Status i orange Back Device Info Identification Name Jailbroken No WiFi Mac Software System Name iPhone OS System Version 6 0 Hardware Model iPhone w Lo 29 Endpoint Protector Mobile Device Management User Manual 5 5 Installing the EPP MDM iOS App The EPP MDM app for iOS is available on the Apple App Store here https itunes apple com us app epp mdm id570954584 mt 8 Downloading and installing the application can be made directly on the iOS device by accessing App Store o
12. Endpoint Protector MDM 9 9 Profile Removal Policy for iOS Devices Mobile Devices gt Manage Device gt Profile Removal Policy Security Policy Lock Wipe Device Settings Manage Device Manage WiFi Manage Mail Installed Profile Removal Policy Refresh Device Details Always Allow Removal This feature will update the displayed device information Never Allow Removal Passphrase Required for Removal Passphrase YESQXHG6 Save Get Device Details As described in the chapter 7 2 2 iOS and OS X Profile Protection Deletion Passphrase before the profiles settings on an iOS Device can be protected with a passphrase In this option the passphrase can be changed to be a different one than the one automatically generated and associated with the OTC For the full 74 Endpoint Protector Mobile Device Management User Manual description of this option please consult chapter 7 2 2 iOS and OS X Profile Protection Deletion Passphrase 9 10 Refresh Device Details for iOS Mobile Devices gt Manage Device gt Refresh Device Details Security Policy Lock Wipe Device Settings Manage Device Manage WiFi Manage Mail Installed Profile Removal Policy Refresh Device Details Always Allow Removal EN This feature will update the displayed dewice information Never Allow Removal Passphrase Required for Removal Passphrase YEBQXHG6 Save Get Device Details This function will ask the iOS devices for its latest details
13. G Save System Maintenance Q System Configuration System Parameters O Support Endpoint Protector 4 Copyright 2004 2013 CoSoSys Ltd All rights reserved Version 4 4 0 2 Appliance After entering copying the API Key and the Google Project Number press the Save button Once these steps were completed you can start enrolling Android devices to Endpoint Protector Mobile Device Management 4 2 4 How to get your Google API Key for GCM and Maps old method Visit the following Google Site Google APIs Console and login with your company Google account http code qoogle com apis console 1 If you login to the Google APIs Console for the first time you will be asked to Create project Select this option and give the project a name The Project will be given a Project Number by Google which you also need to enter in the Endpoint Protector interface as described in the next paragraph 23 Endpoint Protector Mobile Device Management User Manual ee iii v Settings v Help Sign out Google apis Start using the Google APIs console to manage your API usage Creating an APIs project will let you Use Google APIs beyond anonymous limits e Monitor API usage and control API access e Share API management with a team Create project 2 In the left menu on the Google APIs Console Site go to Services Gmail Calendar Documents Ph Google apis API Project T A Overview Team
14. VI Endpoint Protector Mobile Device Management User Manual 14 2 Assigning Devices to POiCY cccec cece cece eeeeeeeeeeeeeeeeeeaaees 121 15 Unmanage a Mobile Device Uninstall App 122 15 1 iOS and OS X Device Unmanage by Administrator over the air 122 15 1 1 iOS Uninstall Unmanage by User on Device 85 122 15 1 2 OS X Uninstall Unmanage by User on Device 123 15 2 Uninstall iOS EPP MDM app ccc eccceseeseeeeeeeeeeeeeeeeneeneenes 123 15 3 Android EPP Client App Uninstall Unmanage Android Device123 PG GeoFenNnCINO rssi rerev arinin enne NTN 128 10 1 HOW to setup a GeOreNC eC wrieereteevenseumesewnseueraneeisaeewadeunaees 129 16 2 How to deploy MDM Policies using Geofences ssssessssssess 130 17 Installing Root Certificate to your Internet BrOWSerF vescecccecccccuuccceeuuseeeeuuneeeeuaneangs 131 17 1 For Microsoft Internet Explorer cccceceeseeseeeeeeeeeeeeeees 131 17 2 FOr Mozilla FIFGTOX siocsgenecvcacengcecscune ena OLENE ON 139 18 Terms and Definitions ccceceeeacees 141 18 1 Server REALEO visdecedvsvdvevecsvesevewivdvewnstwdeswarevewewacevecevawavevs 141 18 2 Client Related 20 ccc cece ce cee ce ceeeeceueeseueesaveusaveusuvausutaunenanes 142 Lo UPPOO oror eere r rE IEE EEE E 143 20 Important Notice Disclaimer 144 In the last past years mobile devices have invaded business environments Personally owned or company owned smartpho
15. applies to IOS and OS X which allows the device to be unmanaged uninstalled The uninstallation option for iOS and OS X has to be chosen at enrollment time The MDM ID can be found in the Reporting and Administration web interface at Mobile Device Management gt Enroll Devices gt Mobile Device Management Information 42 Endpoint Protector Mobile Device Management User Manual Aw ENDPOINT A l PROTECTOR Reporting and Administration S Dashboard Mobile Device Management Enroll Devices Endpoint Management bil CS Endpoint Rights Your MDM ID is KHE Endpoint Settings ee 3 Mobile Devices Content Aware Protection wi 1 Mobile Devices Eo Mobile Device Management Enroll Mobile Devices Enroll Devices Mobile Devices 95 05 X Annle These invitations in case of an unknown device type and E mail request will include three different registration links for the different types of devices iOS OS X and Android which readily include the MDM ID and OTC In case of an unknown device type and SMS request the invitations will include two different registration links for iOS and Android which already holds the MDM ID and OTC While the MDM ID is used for all enrolled mobile devices different OTCs must be used for enrolling each mobile device The Mobile Device Management feature comes with 10 pre generated OTCs available in the Enrollment window The Request More OTC option will allow the Admini
16. either if the Endpoint Protector administrator unmanages the device or if the device user is unmanaging the device by removing the device enrollment profile e Prevent backup of the app data if this management flag is set the managed Apps associated data content will not be backed up in case the device is synced or backed up with iTunes ENDPOINT 4 PROTECTOR p3 Dashboard E Endpoint Management Ce Endpoint Rights A Endpoint Settings O Content Aware Protection Mobile Device Management Erroll Devices Moble Devices MOM Polioes IOS App Management APNS Certficate Setup Apple GCM Maps Setup Googie ty Offline Temporary Password Reports and Analysis A System Alerts GB Directory services ae Appliance System Maintenance Q System Configuration a System Parameters Support Reporting and Administration Tool Engish Q Advanced Search Mobile Device Management iOS App Management Search iTunes App Store Search Search type Using search term w County United States e Q Search App Store Search Results Select icon Title Vendor Version Description Price Category Phone iPad Actions d EPP MOM CoSoSys 10 0 6 Endpoint Protector Mobile Device Management provides complete IOS enterprise mod Free Utibes S S Manage 105 Apps App Information the EPP MOM Description Endpoint Protector Mobile Device Management provides complete iOS enterprise mobility management for smal and medium szed businesses and ent
17. phone number and e mail CoSoSys will use this information only for validation purposes and it will not imply subscribing to any newsletter or sharing it with any third party Once the request was processed and approved the feature will be enabled by the CoSoSys Team A notification will be sent to the provided e mail address and the trial period for the feature will be activated Please make sure your Firewall will have domains cososys com and endpointprotector com whitelisted for you to receive all communication A yearly subscription can be purchased to further use all the functionalities of the Mobile Device Management feature For Endpoint Protector Mobile Device Management to be able to manage your mobile iOS OS X and Android devices the communication between the devices and the Endpoint Protector Appliance over an internet connection is vital Management actions need to arrive at your device either by a data connection like 3G in case of an iPhone or over an internet connection if the device does not have a data connection like an iPad with Wi Fi only an Android tablet or a MacBook For the management actions to arrive at the device the actions are sent using for iOS and OS X devices the Apple Push Notification Service short APNS and for Android devices the Google Cloud Messaging Service short GCM To simplify the setup of your Endpoint Protector MDM service the Endpoint Protector Cloud is communicating between your Endpoint
18. 31 r iPhone ClearPasscode O Executed 19 October 2012 16 30 iPhone GetinstalledPackages O Executed 19 October 2012 16 30 iPhone ProfileList O Executed 19 October 2012 16 30 ms iPhone VoiceRoaming CommandFormatError 19 October 2012 16 30 n iPhone MailSettings wo Error 19 October 2012 16 30 Gms iPhone WifiSettings QO Executed 19 October 2012 16 28 Tm iPhone MailSettings Error 19 October 2012 16 28 Phone WifiSettings Error 19 October 2012 16 28 mE iPhone GetDevicelnfo Q Executed 19 October 2012 16 26 iPhone GetDeviceinfo Q Executed 19 October 2012 16 24 15results 50 per page 81 Endpoint Protector Mobile Device Management User Manual 9 24 History Location Mobile Devices gt History Location The History Location tab shows a list of the last ten locations of the iOS device Although these locations are also displayed in other tabs this list provides a faster and a better overview Security Policy Lock Wipe Device Settings Manage Device Manage Wifi Manage Mail Exchange ActiveSync Manage VPN Manage Cellular Settings Apps Installed Apps Profiles History History Location Results Location Location Time Provider Latitude Longitude Pho mbe Actio T S m oe i SS S ass e ee a se ee eS a ss SS Tee Le Teann a a ae Te ee a os a Dece mme m Fma m SSS Dec ee S See ee oo n ae ee e S
19. 9 2 4 Security and Privacy ReStrictions ccccccssssceeesneeneeenneeees 69 9 2 5 Content Rating Restrictions casicn cst cdeceecasdastecucdancsoeacirnceeaes 69 9 2 6 1OS7 RestrictiOnS sssssannnnnnnnnnnnnnnnnnnnnnuunnnnnnnnnnnnuunnnnnnno 70 III Endpoint Protector Mobile Device Management User Manual 9 2 7 Supervised Device ReEStrictiONS cccceeeseeeeeeeeeeeeeeeeenenes 70 9 3 Remote iOS Lock Of Device oo icc eccccccce eee eee e cena eeeeeeeeennnes 70 9 4 Remote iOS Device Wipe Device NUKe cccecceusesseueeneenes 71 9 5 iOS Disable Device Password PaSSCOdC cceceeceeueeeeeeeeues 72 9 0 DEVICS OWE SIND serssrsrs sens uees seneeeenninaneee ENSTANS 72 9 7 Voice Roaming on iOS resencesecasaeesceneneosnenccensesosesndeenenenseends 72 g0 Da ROaMING ON 10 gt ararasan a EE 73 9 9 Profile Removal Policy for iOS Devices cccccceeeeeeeeeeeeenees 73 9 10 Refresh Device Details TOF JOS ausisriesenssriesenecedeessesedantanainuan 74 9 11 Refresh App List for JOS s sessssssessnnsnennnsnnnnsnsnnnrensnsnrnnnnns 74 JAL aed APD ONO e 75 9 13 Refresh Profile List on iOS ssssssnssnnnnnannnnnsnnnnnssnnnnnnsnnnnn 75 9 14 Profiles on iOS Devices Information s s ssessssssressrrssrrssrsns 75 9 14 1 Remove Profile from iOS Device ssssssssssssrrnsrrssrsnrrsrrens 76 J1 Manage WIF ON TOS rorrinrarn tipinin nin nn ONEN ERER EENDEN EAE 76 9 15 1 Wipe Wi fi SOLEMN O St caniannseetes seaaunenas
20. API Access Billing Reports Quotas 3 Make sure the following two Google Services have ON status green e Google Cloud Messaging for Android e Google Maps API vs To enable these two services toggle it to the status ON Google will ask you to agree to their Terms of Service End User License Agreement 24 Endpoint Protector Mobile Device Management User Manual Gmail Calendar Documents Photos Sites Groups Search More w SS oe Se Google apis API Project v All 51 Active 2 Inactive 48 Google Cloud Platform Overview S All services Services Select services for the project Service Status Notes API Access Billing o ad Google Cloud Messaging for Android eo fk Reports Google Maps API v3 fk Courtesy limit 25 000 requests day Pricing Quotas 4 You can now locate your API key in the left menu on the Google APIs Console Site under API Access gt Simple API Access gt API key The API key has the following format Example API key ExamplE6 7 QWuu26 5j6WEEfWaqgqYYouW1408 7 Google apis API Project v API Access Overview To prevent abuse Google places limits on API requests Using a valid OAuth token or API key allows you to exceed anonymous limits by connecting requests back to your project Services Authorized API Access API Access OAuth 2 0 allows users to share specific data with you for example a contact lists while keeping their usernames passwords and other ae informatio
21. Adobe Reader is the free trusted leader for reliably viewing and IT V Y EAE 4results 10 per page 112 Endpoint Protector Mobile Device Management User Manual 12 4 Pushing Apps to iOS Devices The list of Managed Apps is available when viewing the details about any managed iOS device in the tab Apps Be ENDPOINT 4 ae PROTECTOR Reporting and Administration Tool Engish X Q Dashboard n Show all departments r Endpoint Management Re Endpoint Rights ome Damo Pati mint ser Nene ast Seen 15 April 2013 11 24 Endpoint Settings amp Tyee 10S mone Nu wer 99000134 O Cinnt Anara Srehecinn lode Pad2 7 smer Orange Romania fiMec 4c8479 4 K MD540HC gt Verse 612 ia Mobile Device Management Enrol Devices Locate Mobile Device Mobile Devices Strada Haiducului MOM Polices me or 2 519 Cluj Napoca 05 App Management arovider Network Romania APNS Certficate Setup Apple GOM Maps Setup Googe wi Offline Temporary Password Reports and Analysis A System Alerts L A Directory Services a PENIS Security Policy Lock WWipe Device Settings Manage Device Manage Wii Manage Mall Profies History i Push Apps System Maintenance Status icon Vendor Version Descripti ric Code egory Flag Phone Q System Configuration v WhatsApp Messenger Whats App inc 287 WhatsApp Messenger s a cross puttorm smartphone messenger currently o99uUSD oie Soci Networking J A s a System
22. Apps Installed Apps Profiles History VPN Settings Connection Name Demo VPN Auth type Password Proxy Settings Manual Connection Type LZTP Server Username Provider Custom Account Name Password Proxy Type None Password Proxy Server Route all traffic E Proxy Server Port Shared Secret Proxy Settings Auto Proxy Server URL Apply O The Endpoint Protector Administrator can apply VPN settings to an iOS device This can be used for iOS devices to automatically deploy and use company VPN settings and policies without having to manually add the settings on the device 9 19 Manage APN settings on iOS The Access Point Name APN defines the network path for all cellular data connectivity You can view or edit the APN for cellular data services on iPhone or iPad if your device uses a SIM card and you carrier allows you to edit the Access Point Name Security Policy Lock Wipe Device Settings Manage Device Manage Wifi Manage Mail Manage VPN Manage APN Apps Installed Apps Profiles History APN Settings Access Point Name Access Point Username Access Point Password Access Point Proxy Proxy Server Port To change the settings on the target device complete the required fields You ll have to provide a name access point username and password and proxy server if needed Pressing Apply will push the cellular settings to the device 79 Endpoint Protector Mobile Device Management User
23. Delete A Manage Hide Delete Device 59 Endpoint Protector Mobile Device Management User Manual The Manage Device option allows the Administrator to separately manage an already enrolled device and enforce different settings to the device such as security settings specifically for the selected device The Hide option once selected will remove the mobile device from the list without deleting the mobile device history or uninstalling unmanaging the device A hidden device can be added again to the list of mobile devices by selecting the Show Hidden Devices gt Yes gt Apply Filter option from the available Filter option Filter Name Phone Number Show Hidden Devices yes i 5 Reset QO Apply filter The Delete option once selected by the Administrator will delete a device and the corresponding history and logs from Endpoint Protector Appliance We recommend not to Delete a device not before it was unmanaged To unmanage a device please check the section 15 Unmanage a Mobile Device in this manual Note We recommend using the Hide option instead of deleting the mobile device in order to keep the mobile device history for later auditing 60 Endpoint Protector Mobile Device Management User Manual 8 1 Mobile Device Status Mobile Devices gt Filter v Results Type Name Description Ownership Username Model Carrier Phone Number OSVersion Status Actions Phone Se unknown Iph
24. Endpoint Protector Mobile Device Management User Manual 4 1 Setup of APNS for iOS and OS X 4 1 1 What is an Apple APNS Certificate and why do I need it In order to use the MDM features provided for iOS or OS X an Apple Push Notification Service short APNS certificate is required by Apple Inc Receipt of the Apple issued and signed certificate is up to Apple Inc own discretion What is Apple APNS It is a certificate that is signed by Apple to clearly identify what iOS or OS X devices are communicating with your Endpoint Protector Appliance in order to be sure that only your company own devices receive commands from Endpoint Protector MDM _ mme m M aw CONFIG f Actions Responses Endpoint Protector Endpoint Protector MDM MDM Cloud Service available as Virtual or Hardware Appliance a or Amazon Web Services EC2 APNS Apple Push Notification Service x CONFIG I a ax lt a m wee ee M 9 Endpoint Protector Mobile Device Management User Manual 4 1 2 How to generate your Apple APNS Certificate The APNS Certificate can be generated in just a few simple steps from the Mobile Device Management APNS Certificate Setup Apple ENDPOINT 4 PROTECTOR Reporting and Administration Tool Engish p3 Dashboard Mobile Device Management APNS Certificate Enrollment Information gl Endpoint Management p Endpoint Rights To use
25. Mail In Play Sound on Device Refresh Device Details This feature plays a sound on the device to make t f This feature will read current device details easier to find it if misplaced Play Sound Get Device Details amp This function will ask the Android devices for its latest details and display them in the Mobile Device Information section This function is particularly useful if all device information is not displayed after enrollment 11 13 Refresh App List for Android Mobile Devices gt Manage Device gt Refresh App List 101 Endpoint Protector Mobile Device Management User Manual Security Policy Lock Wipe Device Settings Manage Device Manage WiFi Manage Mail Installed Apps Accounts Contacts Profiles History Play Sound on Device Refresh Device Details Refresh App List This feature plays a sound on the device to make itt This feature will read current device details This feature will update the list of installed apps easier to find it if misplaced Note Results are displayed inside the Installed Apps tab Play Sound i Get Device Details amp This function by clicking Get App List will ask the Android device for a list of all the apps installed on the Android device The list of all installed Apps is shown in Endpoint Protector MDM at Mobile Devices gt Installed Apps 11 14 Manage Calendar Events Through this feature it is possible to manage the Calendar Events on an Android device The list
26. Manage VPN Apps Installed Apps Profiles History Results Name Identifier Version Short Version Last Status App Size Storage Used Management Flags Actions Adobe Reader com adobe Adobe Reader 73784 10 5 2 Managed 18 81 MB 420 KB J A O Angry Birds com rovio angrybirdsfree 1 5 1 1 5 1 Managed 124 82 MB 8 KB J AN O EPP MDM com cososys EPPMDM 1 0 0 6 0 1 Managed 536 KB 296 KB J A O iBooks com apple iBooks 1523 3 1 Managed 53 5 MB 8 KB NWA O TED com ted TED 2028 2100 Managed 23 27 MB 8 KB NWA O 5results 50 per page Installed Apps on managed iOS devices can be pushed uninstalled and managed in different ways as described in the chapter 12 Mobile Application Management MAM for iOS 9 13 Refresh Profile List on iOS Mobile Devices gt Manage Device gt Refresh Profile List Wanage Device Manage WiFi Manage Mail Installed Apps Accounts Contacts Profiles History Refresh Device Details Refresh App List Refresh Profile List This feature will update the displayed device information This feature will update the list of installed apps This feature will update the list of installed profiles Note Results are displayed inside the Installed Apps taj Note Results are displayed inside the Profiles tab Get Device Details G Get Application List Refresh List The Profile List of an iOS device will show you what profiles are currently installed on the device The list of installed profiles is shown here Mobile Devices
27. Mobile Device Management features for iOS devices it is required that you follow the steps below for the setup and agree and comply to the Apple License Terms for Mobile Device Management MDM from step 2 below Endpoint Settings Step 1 Fill in this form below with your company information for a CSR Content Aware Protection CoSoSys as authorized MDM vendor will sign for you a Certificate Signing Request CSR in this step You will need this in the next step when contacting Apple Mobile Device Management Mare me Company Name Your Company Enroll Devices i Mobile Devices E mail your email yourcompany com SE Country United States APNS Certificate Setup Apple State or Province Name New York GCM Maps Se Google e Location City New York City Offline Temporary Password Download signed CSR Reports and Analysis Step 2 Request your signed certificate for APNS from Apple A System Alerts Apple will sign the certificate for your company to be used with Apple Push Notification Services APNS and will link the certificate to your Apple ID EJ Directory Services 7 Visit this dedicated Apple website for this here https identity apple com pushcert log in with your Apple ID and follow the steps to obtain your certificate for APNS At this step provide Apple with the certificate you have downh System Maintenance Tie A System Configuration Step 3 Upload certificate signed by Apple a KETTE IE Upload now the sign
28. Mobile Devices MOM Pobcies 05 App Management APIS Certificate Setup Apple GCM Maps Setup Googe Offline Temporary Password Reports and Analysis AAN System Alerts 4l Add selected Apps GBB directory services Manage 10S Apps a Appliance A OS icon Titie Vendor Version Description Price Codes Category flags iPhone o e System Maintenance WhatsApp Messen WhatsAge inc 287 WhatsApp Messenger is a cross platform smartphone messenger currently 099 USD on Social Networking va R ger Q System Configuration LJ iBooks Apple inc 31 Books s an amazing way to download and read books Boots ncludes t free Book s Y u System Parameters a EPP MDM CoSoSys 1 0 06 Endpoint Protector Mob e Device Management provides complete 0S eme Free Utilities v VY a A Adobe Reader Adobe Systems inc 10 5 2 Adobe Reader is the free trusted leader for reliably viewing and Free Business v4 VY O on 4resuits 10 per page Endpoint Protector 4 Copyright 2004 2013 CoSoSys Lid Al rights reserved Ready Version 4 3 0 5 Appliance 109 Endpoint Protector Mobile Device Management User Manual Management Options for this App Remove app when MDM profile is removed Prevent backup of the app data W m The options for managed Apps are e Remove app when MDM profile is removed if this management flag is set the managed App and all its associated data content with it will be removed if the iOS device becomes unmanaged
29. PTT TTT Password TETTI Use SSL Use SSL a Use incoming password Disable Address Syncing E Use only in Mail T Apply O The Endpoint Protector Administrator can apply E Mail settings to an iOS device This can be used for iOS devices to automatically use company e mail accounts and settings without having to manually add the settings on the device 9 16 1 Wipe E mail Settings E mail Profile can be removed to wipe company E Mail Content and Settings while personal E mail accounts and content remain untouched 9 17 Exchange Active Sync Mobile Devices gt Exchange Active Sync Security Policy Lock Wipe Device Settings Manage Device Manage Wifi Manage Mail Exchange ActiveSync Exchange ActiveSync Settings General Settings Domain Settings Account Name ae ee Domain i Exchange Host e User oe Prevent Move E Email Address Disable Recent Mail Syncing E Email Password Use only in Mail app E Past Days of Mail to Sync Use SSL E Apply a 78 Endpoint Protector Mobile Device Management User Manual The Endpoint Protector Administrator can apply Exchange Account settings to an iOS device This can be used for iOS devices to automatically use company e mail accounts and settings without having to manually add the settings on the device 9 18 Manage VPN on iOS Mobile Devices gt Manage VPN Security Policy Lock Wipe Device Settings Manage Device Manage Wifi ManageMail Manage VPN
30. Parameters 9 o TED TED Conferences 21 Riveting taks by remarkable people free to the word The offical ree Educabon wr Support wo iBooks Appie inc 31 Boots is an amazing way to downbad and read books Books nckades t Free Book wy io EPP MOM CoSoSys 1006 Endpoint Protector Mobile Device Management provides complete OS ente ree Utities J A AS v Adobe Reader Adobe Systems inc 10 52 Adobe Reader is te free trusted kader for relably viewing and ee Busness J A v Sresutts Sol per pagel A Push at selected apps Add more Apps to thes ist Endpoint Protector 4 Copyright 2004 2013 CoSeSys Lid All nghts reserved Ready Version 4 3 0 5 Appliance Only Apps that have been added to the Managed App Catalog are displayed in this tab To push an app to a managed device click the icon A message will show that the app has been pushed to the device After the app has been pushed to the device the user is prompted to install the app and to provide the iTunes account password associated with the device App Installation The server his apr cee borne meee Cancel Install Apps can also be pushed from MDM policies Manage Apps tab 113 Endpoint Protector Mobile Device Management User Manual 12 4 1 Update Managed Apps Changing Settings In case a newer version of an app is available you can update it using the same steps as when pushing a new app to a managed device In case an update is pushed the user will
31. Profiles on iOS and OS X against uninstallation When an iOS or OS X device is enrolled it receives first an enrollment profile which is responsible for the communication between the device and the Endpoint Protector Appliance This enrollment profile is not protected against uninstallation but all additional profiles attached to the enrollment profile can be protected against uninstallation This means the restriction profile cannot be uninstalled from the device without a passcode that is protecting it but the enrollment profile can be uninstalled which also will uninstall the restriction profile The Profile Protection options are c Profiles Protection Always Allow Removal t Always Allow Removal Sang pvever Allow Removal ____ Passphrase Required for Removal li Always Allow Removal which allows the user to remove a profile at any time Never Allow Removal which allows removal of the profiles only through the Endpoint Protector Appliance Administrator Passphrase Required for Removal which allows the device user to delete the profile after entering the passphrase for deletion A practical example to illustrate this fact better is the following An iPhone is enrolled and the administrator applies the companies security policy for restrictions disabling FaceTime for example and WiFi Settings as a profile and protects it with a profile protection The user of the device wants to uninstall the restrict
32. Protector Appliance the Administration and Management Server and the Apple and Google Services with your devices Mobile devices respond directly to Endpoint Protector MDM Cloud Service APNS Apple Push Notification Service GCM Google Cloud Messaging Actions dures leoh Endpoint Protector Endpoint Protector MDM MDM Cloud Service available as Virtual or Hardware Appliance or Amazon Web Services EC2 Notifications 6 Endpoint Protector Mobile Device Management User Manual For the communication to work between your mobile devices and Endpoint Protector it is required that you setup the APNS and GCM settings as described in the following steps 3 1 Supported Operating Systems and devices The supported mobile device operating systems are e iOS7 iPhone and iPad iOS6 iPhone and iPad iOS5 iOS4 e OS X 10 9 1 e Android 2 2 Codename Froyo or newer versions A list of supported Android mobile devices is not provided due to the large number of devices from different manufacturers In general Android devices with Android Operating version 2 2 and newer are supported 4 MDM Setup APNS Apple amp GCM Google Android Before you can use the Endpoint Protector MDM features for iOS OS X and Android different settings are required for you to make The following steps describe the steps and settings needed to be able to communicate between your mobile devices and Endpoint Protector 8
33. Vendor Version Description System Maintenance EPP MDM CoSoSys 1 0 0 6 Endpoint Protector Mobile Device Management provides com System Configuration 2 Y 1result 10 per page a System Parameters O Support 106 Endpoint Protector Mobile Device Management User Manual 12 1 Adding Apps to your Managed Apps Catalog To add Apps search for the App in the iTunes App Store directly in the Endpoint Protector interface 12 1 1 Searching for Apps Searching for Apps is possible by entering the name of the App or by directly entering the App ID of an App e g the App ID for the EPP MDM iOS App is id570954584 The App ID is stated in the URL of an app when viewing the app details in a web browser e g https itunes apple com us app epp mdm 1d570954584 For either type of search select Using search term or Using iTunes App ID i a j Reporting and Administration Tool p3 Dashboard Endpoint Management p Endpoint Rights H Endpoint Settings Content Aware Protection Select Icon Title Vendor Version Description m Mobile Device Management a EPP MDM CoSoSys 1 0 0 6 Endpoint Protector Mobile Device Management provides complete iOS enterprise mob Enroll Devices Mobile Devices MDM Policies iOS App Management APNS Certificate Setup Apple GCM Maps Setup Google lJ Offline Temporary Password Reports and Analysis S Alerts A System Add selected Apps
34. X devices To manage a device after an APNS certificate expires requires re enroll of the iOS or OS X device 12 Endpoint Protector Mobile Device Management User Manual Note We recommend performing these steps on a Safari or Mozilla Firefox browser Use of Internet Explorer for this step is known to cause the process to fail 1 In the Endpoint Protector Administration Interface go to Mobile Device Management and select APNS Certificate Setup Apple setup 2 Renew your APNS Certificate before it expires by checking the expiration date as mentioned in the interface 3 Follow the same steps as you have in the initial enrollment process Click on the Download signed CSR to get the Code Signing Request CSR file signed by CoSoSys Save it on your computer 4 In a different browser window Firefox or Safari browser not Internet Explorer open the following link to the Apple Push Certificates Portal https identity apple com pushcert 5 Login to the Apple Push Certificates Portal using your Apple ID previously used to request an APNS Certificate and follow the steps provided there 6 Click Renew iTunes Support Apple Push Certificates Portal Certificates for Third Party Servers Create a Cerificate Service Vendor Expiration Date Status Mobile Device Management CoSoSys SRL Feb 21 2013 Active Revoking or allowing this certificate to expire will require existing devices to be re enrolled wit
35. and display them in the Mobile Device Information section 9 11 Refresh App List for iOS Mobile Devices gt Manage Device gt Refresh App List Manage Device Manage WiFi Manage Mail Installed Apps Accounts Contacts Profles History Refresh Device Details Refresh App List This feature will update the displayed device information This feature will update the list of installed apps ama Note Results are displayed inside the Installed Apps tab Get Device Details s Get Application List This function by clicking Get Application List will ask the iOS device for a list of all the apps installed on the iOS device The list of all installed Apps is shown in Endpoint Protector MDM at Mobile Devices gt Installed Apps If the user installs a new application the list of the installed apps will be updated next time when the administrator will request the list of apps by pressing the Get Application List button 75 Endpoint Protector Mobile Device Management User Manual 9 12 Installed Apps on iOS Mobile Devices gt Installed Apps The List of Apps installed on the iOS device lets the Administrator see what apps users have installed on their devices The list of apps installed on a device can be requested from the iOS device and updated though the option Get Application List as described in chapter 9 11 Refresh App List for iOS Security Policy Lock Wipe Device Settings Manage Device Manage Wifi Manage Mail
36. as described in chapter 10 8 Refresh App List for iOS X 88 Endpoint Protector Mobile Device Management User Manual Security Policy Lock Wipe Device Settings Manage Device Manage Wifi Manage Mail Manage VPN Installed Apps Profiles History Results Name Identifier Vereion Short Vereion Laet Statue App Size Storage Ueed Management Flage Actione S0onPaletteServer com apple SO0onPalettelM 1 1 0 1 1 0 App List Update 2 56 MB N A N A ABAssistantService com apple ABAssistantService 8 0 8 0 App List Update 1 72 KB N A N A Activity Monitor com apple ActivityMonitor 10 9 0 10 9 0 App List Update 10 88 MB N A N A AddPrinter com apple print add 9 0 9 0 App List Update 1 88 MB N A NIA AddressBookManager com apple AddressBook abd 8 0 8 0 App List Update 32 63 KB NIA N A AddressBookSourceSync com apple AddressBookSourceSync 8 0 8 0 App List Update 51 78 KB NIA NIA AddressBookUriForwarder com apple AddressBook UriForwar der 8 0 8 0 App List Update 251 5 KB NWA NWA AirPlayUlAgent com apple AirPlayUlAgent 2 0 2 0 App Liet Update 55 47 KB NIA NIA AirPort Base Station Agent com apple AirPortBaseStationAgent 2 2 22 App List Update 130 15 KB N A N A AirPort Utility com apple airport airportutility 6 3 2 6 3 2 App List Update 48 11 MB N A N A 295 results 10 per page n lt 12345 gt nm 10 10 Refresh Profile List on OS X Mobile Devices gt Manage Device gt Refresh Profile List Security Policy Lock Wipe Device Settings Manage Device Man
37. enrollment of iOS OS X and Android devices is similar in many ways There are different enrollment options for each mobile device type available The first two options allow the sending of E mail and SMS based invitation requests to mobile devices invitations which include short instructions on the steps required for the end users of the device to perform The sending of E mail invitations can be performed by clicking on the Send E mail request button while the SMS based invitation can be performed by clicking on the Send SMS Request button The Bulk Enrollment feature allows the administrator to send mass enrollment requests with just a few clicks The administrator must create a contact list either by pasting it into the contacts list field or by importing it After the contacts are added either way they will be shown in the interface and with the Add to sending queue button the Bulk Enrollment process can be started and the invitations will be sent to all contacts more on Bulk Enrollment at paragraph 7 2 10 In order to ensure that a mobile device is properly and securely enrolled there are two keys required during the enrollment process MDM ID which uniquely identifies your Endpoint Protector Appliance Server OTC One Time Code which allows only the invited devices to be enrolled on your Endpoint Protector Appliance Server The OTC will expire after one use Uninstallation Passphrase
38. iBeacon iBeacon Endpoint Protector 4 Copyright 2004 2014 CoSoSys Ltd All rights reserved United ga Kingdom Ireland Portugal Spain S Description Desc France f Norway 4 d Denmark j Netherlands Belgium g TES dy Slovakia y A7 Yy ustria 5 4 Hungary VS Croatia Italy Latitude 46 78193734154486 46 7812074408658 46 437856895024225 English Finland f Estonia Latvia Lithuaniar w Belarus ASSN aan Ukraine a Moldova to Romania V Serbia Dy Sg pa Bulgaria n f Greece Welcome Logout Q alurkey Advanced Search f oe Longitude 23 591242790353135 23 591845214432396 25 875002145767212 Actions BO EKE EKE TE m r Ready Version 4 4 0 4 129 Endpoint Protector Mobile Device Management User Manual 16 1 How to setup a GeoFence Setting up the virtual perimeter is simple and intuiteve To navigate on the map follow these steps 1 Select the hand icon 2 Click and drag the map to the desired location 3 Zoom in and out using the mouse scroll To add a GeoFence follow these steps 1 Select the shape icon 2 Click to place the nodes that define the perimeter To save and edit a GeoFence follow these steps 1 Click inside the above defined perimeter to edit and save details 2 Click on a node to delete or remove it from the map 3 Click on the Remove fr
39. includes already the MDM ID and OTC to enroll the device Or if the e mail is received with a desktop e mail client the user can scan the containing QR Code in the e mail which includes already the MDM ID and OTC or access the included URL by typing it in the browser on the mobile device Below is shown an enrollment invitation e mail on an iOS device To CoSoSys SRL gt Mobile Device Enrollment Request 20 Oktober 2012 12 38 ee coe a Efa Hello BE ft e GCG In case the e mail invitation is sent to an unknown device type it is important that the user chooses the proper device type from the available link options for iOS OS X and Android devices 48 Endpoint Protector Mobile Device Management User Manual 7 2 6 SMS Enrollment Invitation iOS Android The device user should receive the enrollment invitation SMS on the actual device and access the included URL which includes already the MDM ID and OTC to enroll the device through the native browser of the device In case of iOS it has to be accesses using Safari on the iPhone or iPad Below is shown an enrollment invitation SMS on an iOS device ai orange Messages 1837 Edit Call FaceTime Add Contact Text Message 17 07 2012 12 17 Enroll for iOS Device Management https cloud endpointprot ia iOS eid E Note SMS Enrollment is not available for OS X 49 Endpoint Protector Mobile Devi
40. is also required to view store device locations history for Android and iOS devices in the Locate Mobile Device View of Endpoint Protector using Google Maps KH Endpoint Settings Step 1 Obtain API key from Google Content Aware Protection CAP a Visit the following Google Site Google APIs Console and login with your company Google account m Mobile Device Management b If you login to this Google Site for the first time you will be asked to Create project Select this option Dashboard aaa c Make sure the following Google Services have ON status green Google Cloud Messaging for Android Google Maps API v3 and Static Maps API To enable these Services Google will ask you to agree to their Terms of Service End User License Agreement Mobile Devices d You can now locate your API key in the left menu on the Google Site under API Access gt Simple API Access gt API key MDM Policies iOS App Management Step 2 Enter Google API key APNS Certificate Setup Apple GCM Maps Setup Gooale Please enter the API key you have located at API Access gt Simple API Access gt API key ky Srne VELT pi E rd Google API Key ExamplE67QWuu26 5j6WEEAWagqYYouW 1408 7 Reports and Analysis Step 3 Enter Google Project Number A Alerts Please enter the Google Project Number you have located at Google APIs Console gt Overview gt Project Summary gt Project Number EJ Directory Services Google Project Number 112233445566 amp Appliance
41. is lost or stolen We recommend setting a complex password in the security policy in order to have maximum protection Earlier Android devices with older versions of Android do not offer this functionality 95 Endpoint Protector Mobile Device Management User Manual 11 2 Request Storage Encryption The administrator can request the Android device s owner user to encrypt the storage of the device by pressing Enable Encryption Security Policy Lock Wipe Device Settings Manage Device Apps Installed Apps Accounts Contacts Calendar Events History Set Security Policy Device Password Current Security Policy Password Quality No requirement Password O Request Device Encryption Password Quality No requiremer Min Password Length 0 m Min Password Length 0 Max Time To Lock sec 0 Max Time To Lock sec 0 Max Failed Password Retries 0 Max Failed Password Retries 0 Ask User to change password F Device Encryption Request false Device Encryption Status ENCRY Wifi Status Wifi is enabled Bluetooth Status Bluetooth state Apply Set Password Enable Encryption A message on the device will request the encryption The request must be accepted then the encryption type must be chosen quick or normal The encryption can be started only if the following requirements are met e Complex password to be set e At least 80 battery remaining on the device After these steps the encryption will start and the
42. lial Allow popups on Safari m Allow unmanaged docs in managed Apps E Password History 0 _ _ Allow Passbook while device locked i Safari fraud warning Lal Allow OTA PKI updates E Grace Period minutes 0 Allow sync while roaming F iCloud Limit ad tracking E Max Failed Password Retries 0 Allow voice dialing E Allow iCloud backup Supervised Devices Restrictions Allow In App Purchase Allow iCloud document sync lal Allow AirDrop m Enable Disable E im iia E Require Tunes Store password F Allow photo stream laj Allow Account Modification Allow multiplayer gaming im Allow shared photo streams la Allow App Cellular Data Changes E Allow adding Game Center friends F Security and Privacy a Allow user generated Siri content T Allow sending diagnostic data L Allow changes to Find My Friends E Allow untrusted TLS certificate m Allow Host Pairing F Force encrypted backups E Allow iBookstore E Content Rating Allow Game center m Allo licit content a ee E Allow iMessage E Allow App Removal E G Save as Back After you made the settings to the Policy click Save Note If you select iOS7 and newer as your Operating System version but actually the devices Operating System is older than iOS6 the iOS7 Restrictions and Supervised Devices Restrictions won t be sent to the device 121 Endpoint Protector Mobile Device Management User Manual 14 2 Assigning Devices to Policy After yo
43. profiles will be updated next time when the administrator will request the list of profiles by pressing the Get Profiles List button as described in paragraph 10 10 10 11 1 Remove Profile from OS X Device From here the Endpoint Protector Administrator can also perform the remove action of a profile by clicking on Remove Profile If a profile e g a 89 Endpoint Protector Mobile Device Management User Manual Restriction Profile is removed the associated restrictions from the iOS device are removed In case the Administrator want to unmanage a device the Enrollment Profile needs to be removed After removing the enrollment profile the device is no loger managed 10 12 Manage WiFi on OS X Mobile Devices gt Manage WiFi WiFi Settings Service Set Identifier Demo Enterprise Settings Proxy Settings Manual Auto Join Accepted EAP Types Username Hidden Network TLS Password Encryption Type WPAMWPAZ e TTLS Proxy Server WiFi Password TTT TTT LEAF Proxy Server Port Enterprise Wifi E PEAP Proxy Settings Auto Proxy Type None e EAP FAST Proxy Server URL PAC EAP SIM EAP FAST Use PAC Provisioning PAC Provisioning PAC Anon Inner entity PAP Authentication Username Per Connection Password User Password Outer Identity Apply law The Endpoint Protector Administrator can apply wireless network WiFi settings to an OS X device This can be used for OS X devices to automatically
44. requests day 50 000 requests day 10 000 requests day 10 000 requests day 1 000 requests day 1 000 000 requests day 100 000 requests day 1 000 requests day S 3 S w o ON ON ON ON ON OFF OFF OFF OFF OFF OFF OFF OFF OFF gt 20 Endpoint Protector Mobile Device Management User Manual 5 In the left menu go to Credentials Create a new key When prompted choose the Server key option UO Google e velopers Console s lt 2014 04 04 OAuth Compute Engine and App Engine Learn more OAuth 2 0 allows users to share specific data with you for Client ID apps googleusercontent com Overview eas example contact lists while keeping their usernames Email address developer qserviceaccount com APIs amp auth passwords and other information private Download JSON APIs Learn more Credentials CREATE NEW CLIENT ID Consent screen Push Public API access Permissions Use ofthis key does not require any user action or consent does not grant access to any account Support information and is not used for authorization e aatale CREATE NEW KEY Settings App Engine Compute Engine Cloud Storage Cloud Datastore Cloud SQL BigQuery 4 Cloud Development 6 Press Create leaving the Accept requests from these server IP addresses field blank Create a server key and configure allowed IPs This key should be kept secret on your se
45. the Device Administrator role from Device Settings To uninstall the EPP Client App follow these steps 1 Go to Settings on your Android device and select Security i ih Settings Location S rvices a Language and input g Back up and reset Syaieim gaa LOCK amp Date and time 124 Endpoint Protector Mobile Device Management User Manual 2 In Security select Device administrators and click on it a a izi Security Passwords Make passwords visible fevice sdenivinalion Device administrators Yer or deable derar acinesinaions Credential starage Trusted credentials Install from device storage Clear credentials 3 Select EPP Device Admin and click Deactivate hs k al 16 21 e na Device abirunistraiors ih Device acdhmimnistaior Pi iga EWE EPP Device Admin EPF Mihi Cliera re EPF Device Admin Erase all data Change the screen unlock password St password rules Monitor ecreen unlock attempts Leck r t Deactivate 4 A pop up will appear saying that the EPP Server will be notified To continue click OK A message saying EPP Client Device Admin disabled will appear a HY rpi Pe ii ith Device achministadors ot ES EPP Device Admin EPP Server will be notified Copied to lipkesarnd i EPP Gima Derice Adir digehledi i 125 Endpoint Protector Mobile Device Management User M
46. to any supported and managed IOS device For details how to push the EPP MDM App to an iOS devices check section 12 4 Pushing Apps to iOS Devices The Android Endpoint Protector MDM Client app is a free app for Android and available on the Google Play Marketplace here The Android EPP Client app is MANDATORY for use of Endpoint Protector MDM with Android devices The EPP MDM app for Android is compatible with Android devices using Android Version 2 2 Codename Froyo or newer The Android EPP Client app allows the Android device to provide Endpoint Protector MDM with management rights It also offers location data of the device to the Endpoint Protector Appliance in order to determine the current location of an Android device in case it is misplaced lost or stolen The Android EPP Client App is required for enrollment of an Android mobile device to an Endpoint Protector Appliance 32 Endpoint Protector Mobile Device Management User Manual 6 4 Install EPP Client App on Android and Enrolling Android Device After receiving the enrollment invitation E Mail or SMS click on the link provided in the E Mail or SMS 1 Choose to open the link with the default browser on your Android device Complete action using Dolphin Browser Beta a 4 Internet In this case screenshot above the choice for native browser is the option Internet not the Dolphin or any other browser that might be installed on your Android d
47. used on an Android device To retrieve the list of Accounts on the device the Endpoint Protector Administrator can request the list by clicking Get Accounts under the option Mobile Devices gt Manage Devices gt Refresh Accounts 11 18 History of Android Device Actions Mobile Devices gt History In the History tab a record of actions send to an Android device are saved and the corresponding results is shown as well The result can be executed error failed or pending 104 Endpoint Protector Mobile Device Management User Manual Htc_europe HTC Wildfire S A510e SetMaximumTimeToLock O Success 24 October 2012 15 09 Htc_europe HTC Wildfire S A510e SetMaximumFailedPasswordsForWipe OQ Success 24 October 2012 15 09 Htc_europe HTC Wildfire S A510e SetPasswordMinimumLength QO Success 24 October 2012 15 09 Htc_europe HTC Wildfire S A510e SetPasswordQuality QO Success 24 October 2012 15 09 Htc_europe HTC Wildfire S A510e AskUserChangePassword O Success 24 October 2012 15 05 Htc_europe HTC Wildfire S A510e GetContacts Q Success 24 October 2012 15 05 Htc_europe HTC Wildfire S A510e GetAccounts O Success 24 October 2012 15 04 Htc_europe HTC Wildfire S A510e GetGoogleAccounts O Success 24 October 2012 15 04 Htc_europe HTC Wildfire S A510e GetinstalledPackages QO Success 24 October 2012 15 04 Htc_europe HTC Wildfire S A510e GetDevicelnfo QO Success 24 October 2012 15 04 11 19 Manage WiFi Manage Mail Profiles on Android Mobile Devi
48. want to import Note More than one certificate can be stored in a single file in the following formats Personal Information Exchange PKCS 12 PFX P12 Cryptographic Message Syntax Standard PKCS 7 Certificates P7B Microsoft Serialized Certificate Store SST Learn more about certificate file formats 136 Endpoint Protector Mobile Device Management User Manual In the Certificate Store window select Place all certificates in the following store radio button cevtnponWans O Certificate stores are system areas where certificates are kept Windows can automatically select a certificate store or you can specify a location for the certificate 0 Automatically select the certificate store based on the type of certificate Certificate store Trusted Root Certification Authorities Learn more about certificate stores 137 Endpoint Protector Mobile Device Management User Manual Another Completing the Certificate Import Wizard pops up Just click the Finish button Cerificate port Wiad Completing the Certificate Import Wizard The certificate will be imported after you cick Finish You have specified the following settings oe eae Trusted Root Certifice Content Certificate File Name C Wsers Anca Deskt 138 Endpoint Protector Mobile Device Management User Manual A Security Warning window pops up Just click Yes You are about to install a certificate from a ce
49. 11 16 Get CONTACTS ON ANOTrOIQ sssrinin nspa a 103 11 17 Get Accounts OM ANGTOId rsrsiarsrnnannn a 103 11 18 History of Android Device ACtiOnS s ssssesessrnerensrrsrnas 103 11 19 Manage WiFi Manage Mail Profiles on Android 104 12 Mobile Application Management MAM for LO e E E E 105 12 1 Adding Apps to your Managed Apps Catalog sseeeee 106 LZ dais Sear Child TO PODS scccrccearcnnnevncemntecppoes ENA TEE Enit 106 12 1 2 Adding Apps to Managed Apps Catalog ccccceeeeeeeeeeees 107 12 1 3 Adding Enterprise Apps to Managed Apps Catalog 107 12 2 Editing App Management ODtiOns cccceeee cece ee ee eeeeeeees 108 12 3 Managed PAd ADDS scdcuatpacds cuneate scesadouee irereetauanteteguandeens 110 12 4 Pushing Apps to iOS Devices wi ccecceceecseuseueeneeuseusenseueenes 112 12 4 1 Update Managed Apps Changing Settings eeee 113 12 5 Removing Managed Apps from iOS DeVICES cceeeeeeeeeeees 114 13 Android App Management 0008 115 13 1 Adding Apps to your Managed Apps Catalog 0eeeeee 116 13 2 Editing App Management OPtions ccccccsseesseneceeeeseeeuens 116 13 3 Pushing Apps to Android Devices Lo cceccecvecseuneuvenseunensenss 117 13 4 Removing Managed Apps from Android Devices 55 118 14 Policy Builder for iOS OSX or Android DOC Se E 119 14 1 Create a Policy for iOS OS X or Android Devices 120
50. Administrator should send another request for removal Due to the Androids Operating System in the current scenario the App cannot be forcefully unistalled 103 Endpoint Protector Mobile Device Management User Manual 11 16 Get Contacts on Android Mobile Devices gt Contacts The tab Contacts Lists all contacts that are saved in the address book of an Android device To retrieve the list of contacts on the device the Endpoint Protector Administrator can request the list by clicking Get Contacts under the option Mobile Devices gt Manage Devices gt Refresh Contacts Security Policy Lock Wipe Device Settings Manage Device Manage WiFi Manage Mail Installed Apps Accounts Contacts Profiles History Play Sound on Device Refresh Device Details Refresh App List This feature plays a sound onthe device to make it This feature will read current device details This feature will update the list of installed apps easier to find i if misplaced Note Results are displayed inside the Installed Apps tab Play Sound Get Device Details e Get App List Refresh Google Accounts Refresh Accounts Refresh Contacts This feature will refresh This feature will refresh This feature will refresh the list of Google Accounts the list of Phone Accounts the list of Contacts Get Google Accounts G Get Accounts Get Contacts G 11 17 Get Accounts on Android Mobile Devices gt Accounts The tab Accounts Lists all accounts
51. CM and Maps new method April 2014 Visit the following site Google Cloud Console and login with your company Google account https cloud google com console Note The old method can still be used by those who prefer it over the new When you log in with your Google account to the console you have the option to revert to the old style To set up GCM with the old method see paragraph 4 2 4 and 4 2 5 Google Welcome to the new Google Cloud Console Prefer the old console Go back Dismiss Projects PROJECT ID REQUESTS ERRORS CHARGES 1 If you login to the Google Cloud Console for the first time you will be asked to CREATE PROJECT Select this option and give the project a name Google Cloud Console gmail com Sign out Projects Billing API Project 0 0 0 00 18 Endpoint Protector Mobile Device Management User Manual 2 The Project will be given a Project Number by Google which you need to enter in the Endpoint Protector interface as described in the next paragraph Google Developers Console s lt 2014 04 04 Project ID vocal honor 540 Project Number Estimated charges this month 0 00 Overview APIs amp auth Permissions Settings Welcome Not sure what to do next Support Get started with App Engine Mobile Backend Starter Compute Engna i A ready to deploy general purpose cloud backend with Android and iOS client libraries Cloud Storage F Photofeed Java sample app
52. DEVICE ertificate Setup e DDOE MANAGEMENT by ENDPOINT PROTECTOR Offline Temporary Password Reports and Analysis iD Enable Feature _ System Alerts Gs w Directory Services i 3 System Maintenance Q System Configuration ad System Parameters O Support Endpoint Protector 4 Copyright 2004 2012 CoSoSys Ltd All rights reserved No Background Tasks Version 4 1 0 2 4 Endpoint Protector Mobile Device Management User Manual 2 1 Activation of Mobile Device Management Feature Mobile Device Management comes as an optional feature with Endpoint Protector that requires a yearly based separate subscription based on the number of protected mobile devices By default the feature appears as deactivated inside the Endpoint Protector Reporting and Administration interface The Mobile Device Management feature requires an internet connection for the Endpoint Protector Appliance The feature can be enabled by simply selecting the Mobile Device Management option from the left side menu and clicking on the Enable Feature button Activating this feature will require a working Internet connection on Endpoint Protector Server Appliance Additionally the initiator of the activation request will have to provide several company details such as Company Name Contact Person Name and Contact Details which will be sent to the Endpoint Protector Licensing Server including Company name Contact Person Contact Details
53. Device Management User Manual 7 After the installation you will see a message indicating the installation is finished Click Done to complete the final steps for your Android device enrollment 8 Go to Applications on your Android device There locate the EPP Client and start it ks ie ith Applicaton d Dg i ES File Explorer Evernote Facebook Fruit Ninja Free Fima al Dinie mamiy 36 Endpoint Protector Mobile Device Management User Manual 9 After the EPP Client starts you need to fill in your Name and your Phone Number If the device has no phone number provide your mobile number for the Administrator to easier link your device with you as a user Click Next after you completed the fields F ENDPOINT fe ims prorecton Meat Cancel 10 Now the question regarding device administration will appear which needs to be confirmed by clicking Activate ih Activate device administrator re EPP Device Admm Erase all data Change the sereen unlock password Copied to clighaard Activate Attention By not enabling this option the Android mobile device cannot be remotely administrated managed 37 Endpoint Protector Mobile Device Management User Manual 11 Now you will see the message EPP Client Successfully registered to Google GCM or C2DM This means that your Android device is now enrolled ENDPOINT iit mm ie oa oe 4
54. ENDPOINT PROTECTOR cososyvs I Endpoint Protector Mobile Device Management User Manual Table of Contents L INtrOCGUCTION cc cece cec cee eaeceueeuueuueuusausauneans 1 1 1 What is Endpoint Protector ccccccccseeseeeeeeeeseeeetseneeneeneeges 2 2 Activation of Mobile Device Management 3 2 1 Activation of Mobile Device Management Feature ccceeees 4 3 How Endpoint Protector MDM Works 5 3 1 Supported Operating Systems and CeVICES ccccceeeeeeeeeees 6 4 MDM Setup APNS Apple amp GCM Google A alaipe a p eeN E 7 4 1 Setup of APNS for iOS and OS X sesssoxseexssexseexsdexseersdorseorsdoess 8 4 1 1 What iis an Apple APNS Certificate and why do I need it 8 4 1 2 How to generate your Apple APNS Certificate cceeeees 9 4 1 3 Renew an Apple APNS Certificate before expiration 11 4 2 Setup of GCM for Android s ssssesesssssrensrrnrensrrnrnnsrrerrnnnnne 16 4 2 1 What is GCM Google Cloud Messaging and why I need it 16 4 2 2 How to get your Google API Key for GCM and Maps new method AGW 20 E D E ee we oes vegas acd E E E E eyes eae rinas 17 4 2 3 Entering Google API Key and Project Number in Endpoint Protector new Meth d ee osa cceec tana tepannenateniese tinerea eini 21 4 2 4 How to get your Google API Key for GCM and Maps old method 22 4 2 5 Entering Google API Key and Project Number in Endpoint Protector old method sc cetesticces
55. GB Directory Services amp Appliance System Maintenance Manage 10S Apps os Icon Title v Vendor Version Description EPP MDM CoSoSys 1 0 0 6 Endpoint Protector Mobile Device Management provides complete iOS ente eA System Configuration a System Parameters O Support 1result 10 per page Endpoint Protector 4 Copyright 2004 2013 CoSoSys Ltd All rights reserved 107 Endpoint Protector Mobile Device Management User Manual 12 1 2 Adding Apps to Managed Apps Catalog To add an App to your Managed Apps Catalog select the App from the Search Results and click Add selected Apps s SAOTECTOR 4 Reporting and Administration Tool Engish Coo a EJ Dashboard Mobile Device Management iOS App Management E Endpoint Management Senrch Wunes Agp Stave Ce Endpoint Rights Search Search type Using search term w County United States iz Q Search App Store Endpoint Settings oO Content Aware Protection Select icon Tithe Vendor Version Description Price Category iPhone iPad Actions fb Mobile Device Management ed b EPP MOM CoSoSys 1 0 06 Endpoint Protector Mobie Device Management provides complete 1OS enterprise mob Froe Utities Y v Erroll Devices Mobile Devices MOM Poloes ICS App Management APNS Certficate Setup Apple GCM Maps Setup Google Offline Temporary Password Reports and Analysis Directory Services Appliance System Maintenance Q System Configuration
56. Here you can find a list of terms and definitions that are encountered throughout the user manual Appliance Appliance refers to the Endpoint Protector Appliance which is running the Endpoint Protector Server Operating System Databases etc Computers refers to PC s workstations thin clients notebooks which have Endpoint Protector Client installed Devices refers to a list of known mobile devices ranging from iPhones iPads and MacBooks to Android Smartphones and tablets Groups can be groups of devices users or computers Grouping any of these items will significantly help the server administrators to easily manage rights and settings for them Departments an alternative way to Groups to organize main entities devices users or computers which involves also the administrators of Endpoint Protector Mobile Device Management MDM a set of software and services that allow organizations to closely monitor manage and secure employees mobile devices regardless of the different mobile service providers and mobile operating systems being used BYOD acronym that stands for Bring Your Own Device which refers to the new trend adopted by employees to take their own personal devices to work and directly interface to the corporate network 142 Endpoint Protector Mobile Device Management User Manual Apple APNs Certificate stands for Apple Push Notification Service and it is a certificate signed by Appl
57. Hot News Copyright 2012 Apple Inc All rights reserved Terms of Use Privacy Policy 14 Endpoint Protector Mobile Device Management User Manual 8 Download now the Certificate from the Apple Push Certificates Portal to your computer iTunes Support Apple Push Certificates Portal Certificates for Third Party Servers Service Vendor Expiration Date Status Mobile Device Management CoSoSys SRL Feb 21 2013 Active Revoking or allowing this certificate to expire will require existing devices to be re enrolled with a new push certificate About Apple Push Certificates Portal Create and manage push certificates that enable your third party server to work with the Apple Push Notification Service and your Apple devices Learn more about Mobile Device Management MDM push certificates created in the iOS Developer Enterprise Program have been migrated to the Apple Push Certificate Portal Learn more about MDM push certificate migration Shop the Apple Online Store 1 S00 MY APPLE visit an Apple Retail Store or find a reseller Apple Info Site Map Hot News RSS Feeds ID Contact Us Copyright 2012 Apple Inc All rights reserved Terms of Use Privacy Policy 15 Endpoint Protector Mobile Device Management User Manual 9 The APNS certificate from the previous step has to be uploaded to the Endpoint Protector My Endpoint Protector MDM Setup Step 3 Upload certificate signed by Apple Upload no
58. Management User Manual 7 2 9 Android Device Enrollment To enroll an Android mobile device a Google Account is required to be previously setup by the user on the device This is usually done when the user receives a new device and starts using it Additionally an Internet connection is mandatory for the communication between Endpoint Protector Appliance and the Android device At least a 3G data connection is recommended to allow the communication with Google and Endpoint Protector Appliance and the transmission of the mobile device information Once the user has received the invitation and clicked on the included link a confirmation page will be displayed in his browser auto filled with the MDM ID and OTC keys These steps are described in detail in chapter 6 4 Install EPP Client App on Android and Enrolling Android Device 7 2 10 Bulk Enrollment Bulk enrollment allows the administrator to send enrollment invitations to a large number of devices at the same time through contacts list Welcome Logout p ENDPOINT i Reporti aeee English l Q lisi PROTECTOR eporting an ministration 100 ng ba Advanced Search p3 Dashboard Mobile Device Management Enroll Devices Show all departments Endpoint Management bil 7 A al E es Endpoint Rights Your MDM ID is A Endpoint Settings Cry 0 Mobile Devices Content Aware Protection CAP g 0 Mobile Devices Mobile Device Management Enroll Mobile Devices Das
59. Manual 9 20 Manage Cellular Settings on Supervised iOS 7 devices Cellular data is used for data communication in cellular networks It doesn t affect your ability to make or receive phone calls or to use Wi Fi networks for Internet connectivity Security Policy Lock Wipe Device Settings Manage Device Manage Wifi Manage Mail Manage VPN Manage Cellular Settings App Lock Apps installed Apps Profiles History Cellular Settings Configuration Name Authentication Type None Access Point Username Access Point Password Access Point Proxy Proxy Server Port To change the settings on the target device complete the required fields You ll have to provide a name the authentication type access point username and password and proxy server if needed Pressing Apply will push the cellular settings to the device 9 21 App Lock on Supervised iOS 7 devices The App Lock feature can be used to lock a device so only one application which will be set from the server can run on it This feature is only available on Supervised iOS 7 devices Security Policy Lock Wipe Device Settings Manage Device Manage Wifi Manage Mail Manage VPN Manage Cellular Settings App Lock Apps Installed Apps Profiles History App Lock Payload App Lock Options App Lock User Options App identifier EPP MDM Disable Touch Allow VoiceOver adjustments Set Options E Disable Device Rotation Allow Zoom adjustments Set User Options E Disabl
60. OINT 4 PROTECTOR Fel Dashboard El Endpomt Management ee Endpoint Rights A Endpoint Settings O Content Aware Protection f amp Mobile Device Management APNG Certificate Setup 05 F ser Naty C2M Google Maps Setup Cluj Napoca R omania ty Offline Temporary Password Calculating Unknown fi Reports and Analysis A System Alerts Directory Services System Maintenance udji Dna e System Configuration a System Parameters Reporting and Administration Tool Phone ype 10S Modet iPhone31 Modal No MCGOZRR sst Seen 19 October 2012 17 38 Manage Device Manage WF ManageMal InstaledApps Accounts Contacts Profies History Clear Password No more password required Set Restriction Policy This festure wE reset the current device pasawordto Alk be empty hence the device can be unlocted without d Dewce Functhonatty Max Famed Password Retres Endpoint Protector 4 Copynght 2004 2012 CoSoSys Lid Al rights reserved Ready Version 4201 The main three rows are the following three e Device Information displays all important device related details from mobile device name model type and OS to carrier related details such as carrier name user phone number and user name Not all information will be available all the time since the information available depends on the device and the operating system e Locate Device displays on the included map the previous and the current location of the
61. Results are displayed inside the Installed Apps tab Note Results are display Never Allow Removal Passphrase Required for Removal Passphrase 4WGSOMYM Save Get Device Details Get Application List As described in the chapter 7 2 2 iOS and OS X Profile Protection Deletion Passphrase before the profiles settings on an OS X Device can be protected with a passphrase In this option the passphrase can be changed to be a different one than the one automatically generated and associated with the OTC For the full description of this option please consult chapter 7 2 2 iOS and OS X Profile Protection Deletion Passphrase 87 Endpoint Protector Mobile Device Management User Manual 10 7 Refresh Device Details for OS X Mobile Devices gt Manage Device gt Refresh Device Details Security Policy Lock Wipe Device Settings Manage Device Manage Wifi Manage Mail Manage VPN Installed Apps Profiles History Profile Removal Policy Refresh Device Details Refresh App List Refresh Profile List Always Allow Removal f This feature will update the displayed device information This feature will update the list of installed apps This feature will update t Note Results are displayed inside the Installed Apps tab Note Results are display Never Allow Removal Passphrase Required for Removal Passphrase AWGSOMYM Save Get Application List a This function will ask the OS X devices for its latest details and display
62. SS 10 results 50 x per page For each operating system iOS OS X and Android different Device Management features are supported and available For OS X the different management settings are stored as different profiles One OS X device can have multiple profiles stored on it Enforcing the use of a password passcode is the most important feature on any device company or individually owned Protecting access to data on the device is the first task to protect your OS X devices Security Policy Lock Wipe Device Settings Set Password Security Policy Manage Device Manage Wifi Manage Mail FileVault 2 Disk Encryption Manage VPN Installed Apps Profiles History Disk Encryption Status Simple Value Alphanumeric Password Min Password Length Min Number Of Complex Chars Max Password Age days Max Time To Lock minutes Password History Grace Period minutes Set Settings File Vault of Disable Defer Encryption E Prompt user for missing info Create a personal recovery key a Display the recovery key to the user EJ Use KeyChain for institutional recovery key Output Path Username Password Notice This operation can take a long time to complete Set Settings Encryption Status Personal Recovery Key Institutional Recovery Key Disabled Not Defined Not Defined Refresh 83 Endpoint Protector Mobile Device Management
63. SY Tentative Default No overlaps Easter Sunday 5 May 2013 2 00 6 May 2013 2 00 UTC JS Tentative Default No overlaps Easter Sunday 20 April 2014 2 00 21 April 2014 2 00 UTC SY Tentative Default No overlaps Dormition of the Holy Virgin 15 August 2013 2 00 16 August 2013 2 00 UTC SY Tentative Default No overlaps 11 15 Mobile Devices gt Installed Apps Installed Apps on Android The List of Apps installed on the Android device lets the Administrator see what apps users have installed on their devices The list of apps installed on a device can be requested from the Android device and updated though the option Get App List as described in chapter 11 13 Refresh App List for Android Security Policy Lock Wipe Device Settings Manage Device Manage WiFi Manage Mail Installed Apps Accounts Contacts Profiles History Last Status Actions Name Identifier Version Short Version 3 results sofe per page In future versions of Endpoint Protector MDM more features for managing apps on Android devices will be introduced is He The Endpoint Protector Administrator can send an action to the Android device Removing Installed Apps on Android and ask the device to remove the app from the device By clicking the Remove App button the request is sent to the device The Android device will now show the user that the device is supposed to be removed The user can oppose removal and simply deny this In this case the
64. User Manual 10 1 1 Password Passcode Setting on OS X Device Mobile Devices gt Security Policy gt Set Password Security Policy The following Settings can be applied for the password passcode settings for an OS X device e Simple Value Example Password could be 1221 e Alphanumeric Password Example could be 123A e Min Password Length Minimum number of digits e Min Number Of Complex Chars Minimum number of complex characters Complex characters are for example amp etc e Max Password Age days Number of days for which a user can use the same password After that the user is requested to change the password to a new password e Max Time To Lock minutes If the OS X device is not used the device will lock request password to access again after set number of minutes e Password History When a new password is set a new password is required For example if set to two it means that after changing the password the user cannot reuse a previously used password until he has set two new passwords in the meantime e Grace Period minutes Means the time a user has to make a change to the password or to initially set a password after the device receives the security policy 10 1 2 OS X Device Hardware Encryption When the password code for an OS X device is set the OS X device is automatically using it s built in hardware encryption in order to protect data on the device in case it is lost or stolen We
65. aa revious Location ada Haiducului Denmark gt a Apple i United e SF APNS Certificate Setup i Cluj Napoca 400000 rz Kingdom ah gt j S Belarus GCM Maps Setup Google Romania Ireland ah 7 ky Offline Temporary Password g Poland y 5 EGermany 5 gmana o i W ROS Ukraine u triaj W Update Location m Reports and Analysis A Alerts France 6 47 gt of u A ojo Bay t lt Location History Biscay _ Italy Map data 2014 Google INEGI Terms of Use TJ Directory Services Security Policy Lock Wipe Device Settings Manage Device Apps Installed Apps Accounts Contacts Calendar Events History Android Apps amp Appliance F Title v Vendor Version Description Actions D System Maintenance CoSoSys Notepad Demo CoSoSys 1 0 PS Q System Configuration GE System Parameters O Support 1result 50 per page sJ Push all selected apps Add more Apps to this list Endpoint Protector 4 Copyright 2004 2014 CoSoSys Ltd All rights reserved Ready Version 4 4 0 3 Appliance Only Apps that have been added to the Android App Management tab are displayed To push an app to a managed device click the 7 icon A message will show that the app has been pushed to the device Multiple applications can be sent by pressing the Push all selected apps button Apps can also be pushed from Android policies Manage Apps tab 118 Endpoint Protector Mobile Device Management
66. age VPN Security Policy Lock VWipe Device Settings Manage Device Manage Wifi Manage Mail Manage WPN Installed Apps Profiles History VPN Settings Connection Name Authentication Type Password Proxy Settings Manual Connection Type LZ1P Server Username Provider Custom Account Name Password Proxy Type None Password Proxy Server Route all traffic E Proxy Serwer Port Secret Proxy Settings Auto Proxy Server URL Apply lal The Endpoint Protector Administrator can apply VPN settings to an OS X device This can be used for OS X devices to automatically deploy and use company VPN settings and policies without having to manually add the settings on the device 91 Endpoint Protector Mobile Device Management User Manual 10 15 History of OS X Devices Actions Mobile Devices gt History In the History tab a record of actions sent to an OS X device are saved and the corresponding results are shown as well The result can be executed error failed or pending For each operating system iOS OS X and Android different Device Management features are supported and available For Android the different management settings are enforced by the EPP Client on the Android device Enforcing the use of a password passcode is the most important feature on any device company or individually owned Protecting access to data on the device is the first task to protecting your Android devices Security Policy Loc
67. age Wifi Manage Mail Manage VPN Installed Apps Profiles History Profile Removal Policy Refresh Device Details Refresh App List Refresh Profile List Always Allow Removal This feature will update the displayed device information This feature will update the list of installed apps This feature will update the list of installed profiles Note Results are displayed inside the Installed Apps tab Note Results are displayed inside the Profiles tab Never Allow Removal Passphrase Required for Removal E Passphrase 4WGSOMYM Save Get Device Details m Get Application List The Profile List of an OS X device will show you what profiles are currently installed on the device The list of installed profiles is shown at Mobile Devices gt Profiles 10 11 Profiles on OS X Devices Information Mobile Devices gt Profiles Security Policy Lock Wipe Device Settings Manage Device Manage Wifi Manage Mail Manage VPN Installed Apps Profiles History Results Profile Name v Profile Description Profile Identifier Actions Endpoint Protector Endpoint Protector Enrollment Profile com endpointprotector cloud 63 Q 1result 50 per page The profiles installed on an OS X Device are listed in the Profiles tab There are two types of profile the main Enrollment Profile and the restriction profiles The type of profile is shown in the Profile Description column If a new profile is installed on the device the list of the installed
68. aged Apps Vv Grace Period minutes Allow screen capture v Safari fraud warning Allow OTA PKI updates W Max Failed Password Retries Allow Passbook while device locked W iCloud Limit ad tracking Wi Allow sync while roaming W Allow iCloud backup E Allow voice dialing V Allow iCloud document sync Vi Allow In App Purchase V Allow photo stream v Require iTunes Store password W Allow shared photo streams 7 Allow multiplayer gaming v Security and Privacy Allow adding Game Center friends W Allow sending diagnostic data Fi Allow untrusted TLS certificate v Force encrypted backups v Content Rating Allow explicit content v Set Settings Clear Password Set Settings 66 Endpoint Protector Mobile Device Management User Manual 9 1 1 Password Passcode Setting on iOS Device Mobile Devices gt Security Policy gt Set Security Policy The following Settings can be applied for the password passcode settings for an iOS device e Simple Value Example Password could be 1221 e Alphanumeric Password Example could be 123A e Min Password Length Minimum number of digits e Min Number Of Complex Chars Minimum number of complex characters Complex characters are for example amp etc e Max Password Age days Number of days for which a user can use the same password After that the user is requested to change the password to a new password e Max Time To Lock minutes If iOS device is not
69. al https identity apple com pushcert Step 2 Request your signed certificate from Apple for APNS Apple will sign the certificate for your company to be used with Apple Push Notification Services APNS and will link the certificate to your Apple ID Visit this dedicated Apple website for this here https identity apple com pushcert log in with your Apple ID and follow the steps to obtain your certificate for APNS In this step provide Apple with the certificate you have downloaded in step 1 above 4 Login to the Apple Push Certificates Portal using your Apple ID and follow the steps provided there 5 Click Create a Certificate and agree to the Apple Terms of Use 6 Select your signed CSR downloaded at step 2 and click Upload to the Apple Push Certificates Portal that you saved on your computer In just a few moments your certificate will be available for download 7 Download now the Certificate from the Apple Push Certificates Portal to your computer 8 The APNS certificate from the previous step has to be uploaded to the Endpoint Protector MDM Setup Step 3 Upload certificate signed by Apple Upload now the certificate you received signed from Apple in step 2 above to cloud endpointprotector com in order to enable Mobile Device Management for i05 After the upload was successfully performed your setup for the Endpoint Protector Mobile Device Management is finalized for iOS and OS X You can now start en
70. ance will also be notified about the removal of the Android EPP Client App The Geofencing feature provides the option to define a virtual perimeter on a geographic area using a location based service This provides a better management of MDM Policies that apply only in a specific area ENDPOINT PROTECTOR Dashboard Goa Endpoint Management Endpoint Rights Endpoint Settings Content Aware Protection Scanning Data At Rest Mobile Device Management Dashboard Enroll Devices Mobile Devices MDM Policies Geofencing iOS App Management Android App Management Android vCard Management APNS Certificate Setup Apple GCM Maps Setup Google Offline Temporary Password Reports and Analysis Alerts Directory Services Appliance System Maintenance System Configuration a System Parameters CUE AALE 4 m rr Reporting and Administration Tool N ow Geofences To navigate on the map Select the hand icon Click and drag the map zoom in and out by scrolling etc To add a GeoFence Select the shape icons Click to place the nodes that define the perimeter To save amp edit a GeoFence Click inside the defined GeoFence to edit and save details Click on a node to delete or move it on the map Click the Remove from Map button to remove GeoFence from the map Available Map Features Results Type Name v Geofence vis a vis Cososys GeoFence iBeacon iBeacon Intersection
71. anual 5 Now go to the Application menu on your Android device and locate EPP Client in the list of Applications Click on EPP Client ih Applicat Dean boa Ci Settings Pi af Sound Elenvental im Display ee ae OOK 6 Power s ving 400KB ES File Explorer storage Evernote Batte ry HIR Facebook i ae Applications Personal 7 Fruit Ninja Free s evine mamar Accounts and syne 6 Click on Force stop and confirm the warning with OK a App mif Per EPP Client lorepe F N Force stop ADOKE JOGKE If you force stop an app it may at ot LS CAUSE errors 0 000 i 0 i K i l i 126 Endpoint Protector Mobile Device Management User Manual 7 Now select Clear data ki j 16 8 App into Pee EPP Client Uranatall JUURE 3096ER 0 O0B 4 DOKE Gear data 8 Now click Uninstall and confirm with OK the question if EPP Client Should be uninstalled h App info EPP Client ee EPP Client Uiranatall 390KB 30GEE J OUB 127 Endpoint Protector Mobile Device Management User Manual 9 A message will indicate Uninstall finished that the EPP Cient was now uninstalled from the Android device Click OK and the process is finalized es u FP EPP Client Uninstall finished Attention Although the uninstallation can be performed by the user the Endpoint Protector Appli
72. ar Device Refresh App List apps on the mobile device s A Osx Manage l Display the list of currently set profiles S abe ee Refresh Profile List the mobile device Osx Manage Refresh Google Display the list of currently set Google rs Device Accounts e mail accounts on the mobile device Manage Display the list of all currently set e Device Refresh Accounts mail accounts on the mobile device Manage Display the list of all current contacts Device Refresh Contacts saved on the mobile device i Installed Shows the list of installed apps after a Apps Installed Apps selecting the Refresh Apps List option a Remove Removes the selected application from Installed Installed Apps the list of installed apps and uninstalls iv Apps the application from the mobile device Shows the list of e mail accounts after Accounts Accounts selecting the Refresh Accounts i Refresh Google Accounts option Shows the list of contacts after Contacts Contacts selecting the Refresh Contacts option 4 s s Shows the list of set profiles after OSY Profiles Profiles selecting the Refresh Profile List option Osx History History Logs all device activity i 9 Manage iOS Devices For each operating system iOS OS X and Android different Device Management features are supported and available For iOS the different management settings are stored as different profiles One iOS device can have multiple profiles stored on it Fida Security Set
73. ate Setup Apple Method 2 Send an SMS request containing enrollment invitation link GCM Maps Setup Google Method 3 On Mobile Device visit in web browser https cloud endpointprotector com mobile php register AOS ky Offline Temporary Password Android Method 1 Send E mail request link containing the customized EPP Client installation package Method 2 Send SMS request link containing the customized EPP Client installation package Reports and Analysis Method 3 On Mobile Device visit in web browser https coud endpointprotector com mobile php register android Send E mail Request Send SMS Request A System Alerts One Time Codes a EJ Directory Services System Maintenance Results o System Confi guration Code Uninstall Passphrase Show Actions E tttttttt N a System Parameters Xx O soon S anaes N sea N a TEN N z tttttttt N p tttttttt N sesesese N 12 results 10 per page dial a 2 el View Invitations Sent View Available OTC Request More OTC Endpoint Protector 4 Copyright 2004 2012 CoSoSys Ltd All rights reserved Ready Version 4 2 0 1 In the Enrollment window under Mobile Device Management Information the MDM ID corresponding to your appliance is displayed which will be further used as a parameter for enrolling mobile devices Additionally one can check the exact number of mobile devices enrolled at that moment 41 Endpoint Protector Mobile Device Management User Manual The
74. be prompted to update the app In case of paid apps no new redemption code is consumed during this process App Update The server cloud endpointprotector com is about to update the app TED from the App Store nena Cancel Update 114 Endpoint Protector Mobile Device Management User Manual 12 5 Removing Managed Apps from iOS Devices All installed Apps on a managed iOS device are displayed in the tab Installed Apps SR OTEGTOR 7 Reporting and Administration Tool Engish vit QJ T7 Dashboard g Endpoint Management Re Endpoint Rights Name Demo iPad mini User Name Last Seen 15 April 2013 11 24 5 4 E nt Settings Tyee iOS Prone Nummer wer 9900013 Q Model Pad2 7 Comer Orange Romania WhiMec 4 6079 Descrpoan Node Ne MD540HC OS Verson 6 12 fb Mobile Device Management Enrol Devices MOM Policies OS Aap APNS Certficate Setup Apple GOMMaps Setup Googe Offline Temporary Password BBS Reports and Analysis Ay sytem nans GB oreco Secs Bea Arriance Systeam Maintenance s Name kienttier Version Short Version Last Status App Size Storage Used Management Flags Actions Q System Configuration Angry Birds com rovio angrybida tree 1st 151 Managed 124 82 uB BKB BA e a EE AEE EPP MDU com cososys EPPMDM 1006 on Managed 596 KB 296 KB DA e O Support Books com appie Books 1523 u Managed 53 5 48 86KB WA e Teo comted TED 2028 2100 Managed 23 27 MB BKB WA e 4resums 50l per page
75. bile Device Management User Manual 9 2 Restrictions Restrictions Profile on iOS Mobile Devices gt Security Policy gt Set Restriction Policy In order to use an iOS according to a company policy the Endpoint Protector Administrator can choose what options features to allow to be used on the iOS device or to be disabled Disabling an option feature will result in the option feature being disabled from the iOS device A practical example would be for the Administrator to disable the use of FaceTime After the restriction policy is received by the iOS device the FaceTime app icon and all FaceTime related options under Settings are removed see screenshots below The iOS device user has no option anymore to access or use the FaceTime feature SIEISE SS SESS All C Applications iOS 7 Restritions Device Functionality Allow YouTube Allow fingerprint for unlock Allow installing apps Allow iTunes Allow Lock Screen Control Center Allow Siri Allow Safari Allow Lock Screen Notifications Allow Siri while device locked Allow Satari Auto Fill Allow Lock Screen Today View Allow use of camera Allow javascript on Safari Allow managed docs in unmanaged Apps Allow popups on Safari Allow unmanaged docs in managed Apps Allow screen capture Safari fraud warning Allow OTA PKI updates Allow Passbook while device locked Cloud Limit ad tracking Allow sync while roaming Allow iCloud backup Allow voice dialing Allow iCloud docum
76. ce Management User Manual 7 2 7 iOS and OS X Mobile Device Enrollment over URL Attention Enrollment of iOS devices should be done through the Safari browser on your iOS device or the iOS EPP MDM app from the App Store Using other web browsers to enroll your iOS device is not supported The enrollment of an iOS or OS X device requires a working Internet connection Wi Fi or 4G 3G 2G A 3G data connection is recommended for mobile devices This way the communication with the Apple Servers can be performed and the information about the mobile device can be further transmitted to the Endpoint Protector Appliance Server Once the user has received the invitation and clicked on the included link a confirmation page will be displayed in his browser auto filled with the MDM ID and OTC keys mi orange 12 19 9 93 tab cloud endpointprotecto Googe ENDPOINT Mobile Device PROTECTOR Management a p 2 M B After clicking on the Connect button the user receives an Endpoint Protector profile for download which must be further installed on his mobile device 50 Endpoint Protector Mobile Device Management User Manual cloud endpointprotecto m Authentication Step Completed ras OE 2 aaa wu UV INV LAE Add ALAA AE lt Ane The user has to click on Endpoint Protector Profile to continue The Profile has been generated at this step and is ready for installation N
77. ces gt Manage WiFi Mobile Devices gt Manage Mail Mobile Devices gt Profiles The tabs Manage WiFi Manage Mail and Profiles have no functionality associated with them for Android and show No Results This function is currently only supported for iOS devices The Mobile Application Management MAM feature in Endpoint Protector for iOS gives the Endpoint Protector Administrator the power to push Apps from the App store on managed iOS devices The feature in the current version supports paid and free apps listed on iTunes App Store The feature supports paid and free apps listed on iTunes App Store and enterprise apps that are developed in house Mobile Apps can be managed under the following option Mobile Device Management gt iOS App Management wh ENDPOINT 4 l ee PROTECTOR Reporting and Administration Tool a5 Dashboard Endpoint Management Se Se ee Cs Endpoint Rights Search Search type Using search term x County United States Q Search App Store Endpoint Settings fs Search Results Content Aware Protection Select Icon Title Vendor Version Description Mobile Device Management E ais EPP MDM CoSoSys 1 0 0 6 Endpoint Protector Mobile Device Ma Enroll Devices Mobile Devices iOS App Management GCM Maps Setup Google lJ Offline Temporary Password P Reports and Analysis A System Alerts Add selected Apps ry Directory Services Manage 10S Apps a Appliance os Icon Title v
78. connect to a WiFi access point without having to manually add the settings on the device 10 12 1 Wipe Wi fi Settings Wi Fi Profile can be removed to wipe company Wi Fi Settings while personal Wi Fi content remains untouched 10 13 Manage Mail on OS X Mobile Devices gt Manage Mail 90 Endpoint Protector Mobile Device Management User Manual Security Policy Lock Wipe Device Settings Manage Device Manage Wifi Manage Mail Manage VPN Installed Apps Profiles History E mail Settings Account Description Demo User Incoming Mail Outgoing Mail Account Type IMAP E mail Server pop company c Emal Server smtp company IMAP Path Prefix imap company Port Port User Display Name Demo User Username demo compan Username demo compan E mail Address demo compan Auth Type sis x Auth Type None x Allow Move Password PETT Password eee Use SSL Use SSL E Use incoming settings P Use incoming password 7 Disable Address Syncing a Use only in Mail app E Apply O The Endpoint Protector Administrator can apply E Mail settings to an OS X device This can be used for OS X devices to automatically use company e mail accounts and settings without having to manually add the settings on the device 10 13 1 Wipe E mail Settings E mail Profile can be removed to wipe company E Mail Content and Settings while personal E mail accounts and content remain untouched 10 14 Manage VPN on OS X Mobile Devices gt Man
79. count Modification Allow App Cellular Data Changes Allow User Generated Siri Content Allow changes to Find My Friends Allow Host Pairing Allow iBookstore Allow Game center Allow iMessage Allow App Removal Remote iOS Lock of Device Mobile Devices gt Lock Wipe gt Lock Device Security Policy Lock Wipe Device Settings M Lock Device Lock Device Screen Keep Current Password 71 Endpoint Protector Mobile Device Management User Manual The iOS device can be remotely locked Clicking Lock will remotely lock the device screen and require a password entry to unlock the screen The current password is kept in this case if the device is remotely locked The remote lock of a device works also in case of a device that has a SIM card and the SIM card has been removed from the device As long as the device has a working internet connection in this case over Wi Fi the remote locking of the device will still work as long as the lock command can reach the device On Supervised iOS 7 devices it is possible to show a message and a phone number when locking the screen For the message and phone number to appear the device must have a previously set password Security Policy Lock Wipe Device Settings Manage Device Manage Wifi Manage Mail Manage VPN Manage Cellular Settings AppLock Apps installed Apps Profiles History Lock Device Wipe Device Data Lock Device Screen Keep Current Password Warning Please note tha
80. cription Enterprise Application Reports and Analysis App Identifier com cososys epp Dummy App2 Dum App Link https 192 168 0 63 store com css y Alerts Add selected Apps Spari Phone amp iPad E Add Enterprise App w Directory Services Management Flags None zl amp Appliance Mesage t Apps Add Enterprise iOS App y System Maintenance OS Icon Title v Vendor Version Description Price Codes Category Flags iPhone iPad Actions 2 System Configuration ga EPP MDM CoSoSys 1 0 0 7 Endpoint Protector Mobile Device Management provides complete iOS ente Free Utilities SY SY 1result 10 perpage d System Parameters O Support Endpoint Protector 4 Copyright 2004 2013 CoSoSys Ltd All rights reserved Version 4 4 0 1 Appliance 2 2 12 2 Editing App Management Options Managed Apps options can be modified by selecting Edit App ENDPOINT 4 l j ink i E PROTECTOR Reporting and Administration Tool ngish _ Q Dashboard Mobile Device Management iOS App Management Show all departments Endpoint Management h m te Endpoint Rights Search Search type Using search term w County United States Q Search App Store Ue e t ndpoint Settings Q Content Aware Protection Select kon Title vendor Version Description Price Category iPhone Pad Actions ia Mobile Device Management EPP MDM CoSoSys 1 0 06 Endpoint Protector Mobile Device Management provides complete 10S enterprise mob Free Utiities vi S Enroll Devices
81. d the Content Aware Protection module scans all possible exit points and ensures that no critical data leaves the company network either by transfers to removable media or directly via e mail file sharing applications or to the cloud 2 Activation of Mobile Device Management The Mobile Device Management feature enables administrators to remotely control and enforce strong security policies on iOS OS X Apple and Android devices Through options such as remote data wipe device tracking and blocking it offers enhanced protection against data theft and data loss considerably reducing the risks that come with the increase of mobility in today s business environment ENDPOINT 4 Welcome tt Logout ate PROTECTOR Reporting and Administration Tool Engish Q p3 Dashboard Mobile Device Management Configure Feature Endpoint Management es Endpoint Rights A Endpoint Settings Content Aware Protection Show all departments Mobile Device Management With Mobile Device Management MDM in Endpoint Protector you can add another level of security to protect your valuable data Keeping control over iOS and Android devices that are used within or outside your network is critical Mobile Device Management Start your free 30 day trial of Mobile Device Management in Endpoint Protector today and test it with up to 10 mobile devices or get your subscription immediately Enroll Devices Mobile Devices Bee eo MOBILE
82. dated device details can be viewed Note Due to the differences existing between the iOS OS X and Android platforms some of the MDM features might not be available for all OS 63 Endpoint Protector Mobile Device Management User Manual 8 1 1 Available Options The table below shows the available MDM options for Android and iOS mobile Devices More options will be made available updated with each version update Tab MDM Option Description OS Support Device Allows to define the owner of the me Settings Device Ownership device Personal Company or Unknown amp feex Allows to deactivate the Voice Roaming Device oe ee Voice Roaming service for the mobile device Carrier settings dependent Device Data R Allows to deactivate the Data Settings abe ee ar Roaming service for the mobile device Allows to set additional parameters for Device Device Location the locating option Location Accuracy Settings Settings Fine amp Location Cost Allowed for a more accurate mobile device locating Remotely locks the user mobile device Lock Wipe Lock Device with or without resetting the user s i password Remotely deletes all device data Additionally the data stored on the SD Card can be deleted as well by checking s Osy the Include SD Card option Lock Wipe Wipe Device Data Lock Wipe Wipe SD Card Remotely deletes all data stored on the ie SD Card Security Cu
83. device at the time of the last request By selecting the Update Location option the current location will be displayed on the map while the Location History option will allow the Administrator to view the previous locations of the mobile device For iOS only the current location is available of the device For Android all location options are available while for OS X there is no location information available Please remember iOS and Android both require for location information the EPP MDM app to be installed on the device e Device Management Tabs includes separate tabs containing the available MDM options for remote device and data managing Detailed Features are described in the following paragraphs 62 Endpoint Protector Mobile Device Management User Manual For each of the available Mobile Device Management options a status bullet is displayed indicating the returned result of a selected executed operation heal Red indicates that the requested operation has failed O Green indicates that the requested operation was successfully performed s Yellow indicates that the requested operation is in pending mode A practical example is when you click on Refresh Device Details The bullet will turn yellow and stay for a few seconds in the yellow color until the request has been sent to the device and the device has answered to the Endpoint Protector Appliance Then the status is changed to green and in this case the up
84. device cannot be used until the encryption is finished Note The data on the SD Cards will not be encrypted 11 3 Remote Android Lock of Device Mobile Devices gt Lock Wipe gt Lock Device Security Policy Lock Wipe Device Settings T Lock Device Strong Password Lock Set Random Password Lock Device Screen Keep Current Password The Android device can be remotely locked Clicking Lock will remotely lock the device screen and require a password entry to unlock the screen 96 Endpoint Protector Mobile Device Management User Manual The device can be locked with the current password being kept Lock Device Screen Keep Current Password or alternatively be locked with a random password if selected Strong Password Lock Set Random Password The remote lock of a device works also in case of a device that has a SIM card and the SIM card has been removed from the device As long as the device has a working internet connection in this case over Wi Fi the remote locking of the device will still work as long as the lock command can reach the device 11 4 Remote Android Device Wipe Device Nuke Mobile Devices gt Lock Wipe gt Wipe Device Data Security Policy Lock Wipe Device Settings Manage Device Manage WiFi Manage Mail Installed Apps Accounts Contacts Profiles History Lock Device Wipe Device Data Wipe SD Card Strong Password Lock Set Random Password Warning Please note that t
85. dpoint Protector Mobile Device Management User Manual The option Voice Roaming can be set to allow a device to have voice roaming enabled while outside of range of the default cellular network This setting can in some cases also bed dependent on the cellular network provider It might be required depending on the cellular subscription if voice roaming has to be activated first for the subscription before it can be enabled or disabled through Endpoint Protector 9 8 Data Roaming on iOS Mobile Devices gt Device Settings gt Data Roaming Security Policy Lock Wipe Device Settings Manage Device Manage WiFi Manage Mail Installed Apps Accounts Contacts Profiles Hisi Device Ownership Voice Roaming Data Roaming Unknown This feature will enable disable voice roaming on This feature will enable disable data roaming on the E the mobile device mobile device Personal Mote This option is carrier dependent meaning that the carrier has to make the change of this setting Enable Disable E Company Enable Disable E Save Apply O Apply The option Data Roaming can be set to allow a device to have data roaming enabled while outside of range of the default cellular network This setting can in some cases also be dependent on the cellular network provider It might be required depending on the cellular subscription if data roaming has to be activated first for the subscription before it can be enabled or disabled through
86. e Management User Manual The Find My Mac PIN password protects the wiped device After the device is wiped it will be locked and cannot be used unless the PIN is entered Note All data on the device will be permanently lost It cannot be recovered after a remote wipe Use this feature with caution and only as a last resort as all existing user s data will be wiped 10 5 Device Ownership Mobile Devices gt Device Settings gt Device Ownership Security Policy Lock Wipe Device Settings Manage Device Manage Wifi Manage Mail Manage VPN Installed Apps Profiles History Device Ownership Unknown Personal Company The option Device Ownership can be set to who is the rightful owner of a device Set it to Company if the company has purchased the device for the user or to Personal if the user has purchased the device and uses it for business purposes After a device is enrolled the default settings is Unknown 10 6 Profile Removal Policy for OS X Devices Mobile Devices gt Manage Device gt Profile Removal Policy Security Policy Lock Wipe Device Settings Manage Device Manage Wifi Manage Mail Manage VPN Installed Apps Profiles History Profile Removal Policy Refresh Device Details Refresh App List Refresh Profile List Always Allow Removal f This feature will update the displayed device information This feature will update the list of installed apps This feature will update t Note
87. e Volume Buttons Allow Invert Colors adjustments Disable Ringer Switch Allow Assistive Touch adjustments Disable Sleep Wake Button Disable Auto Lock Enable VoiceOver Enable Zoom Enable Invert Colors Enable Assistive Touch Enable Speak Selection Enable Mono Audio Apply O If the list of existing applications on the device was never updated on the server it is a must to press the Get App List button from the Manage Device section as explained in paragraph 9 11 otherwise there will be no application listed in the App Identifier dropdown However it is recommended to use Get App List each time before the App Lock feature is used to refresh the available apps 80 Endpoint Protector Mobile Device Management User Manual After interrogating the device for the available apps it is possible to set some further options which will define the usability of the application Finally pressing the Apply button will enforce the App Lock on the device 9 22 Installed Apps Mobile Devices gt Installed Apps A list of applications already installed on an iOS device can be seen in the Installed Apps tab The list includes apps pushed through Endpoint Protector as well as apps installed directly from the mobile device Security Policy Lock Wipe Device Settings Manage Device Manage Wifi Manage Mail Exchange ActiveSync Manage VPN Manage Cellular Settings Apps Installed Apps Profiles History History Location R
88. e or can be created in the Paste Contacts section Import contacts list Select Mobile Device Type iO5 Apple A Android A Unknown Profiles Protection Always Allow Removal F Never Allow Removal F Passphrase Required for Removal Browse for the import file No file selected Download sample file Bulk Enrollment xls Sample e Upload Paste Contacts Select Mobile Device Type iOS Apple Android F Unknown Profiles Protection Always Allow Removal F Never Allow Removal 0 Passphrase Required for Removal Contacts List Maximum 500 contacts at once Example Admin admin example com 9975419782627 John Doe john company com 004975419782627 Mark mark internal Jane Doe 4975419 782627 It is possible to paste up to 500 contacts at once The required format is name separated with semicolon the E mail separated with semicolon the Telephone Number Example John A john company com country_prefix XXXXXX Please note that a Bulk Enrollment xls Sample file with a few examples inside is available for downloading Regardless of the way the contacts list is created the mobile device type and profile protection must be selected otherwise a wrong enrollment link might be sent Choose Unknown at Select Mobile Device Type if the devices to which the invitations will be sent are not just of one type iOS OS X or Android 56 Endpoint Protector Mobile Device Management User Manual
89. e that enables the management of iOS and OS X devices by IT Administrators using available MDM software Provisioning refers to the process of providing mobile device users with appropriate access to all necessary enterprise resources and enforcement of company policies Enrollment for mobile devices it refers to the setup process for enabling Mobile Device Management for a specific mobile phone or tablet 18 2 Client Related Endpoint can be a Personal Computer a Workstation you use at the office ora Notebook An endpoint can call and be called It generates and terminates the information stream Client refers to the client user who is logged in on a computer and who facilitates the transaction of data Rights applies to computers devices groups users and global rights it stands for privileges that any of these items may or may not possess Online computers refers to PC s Workstations and or Notebooks which have Endpoint Protector Client installed and are currently running and are connected to the Endpoint Protector server Connected devices are devices which are connected to online computers Events are a list of actions that hold major significance in Endpoint Protector There are currently 17 events that are monitored by Endpoint Protector Connected the action of connecting a device to a computer running Endpoint Protector Client Disconnected the action of safely removing a device from a co
90. ecneneasassavinosescqcasencarenusadoneeieeconeeunr 25 4 2 6 Google C2DM ssssssesssssnssrsrrnrerrnnsrrenrnrsrenrrrenrrnrenrnrrrena 26 5 iOS EPP MDM App ccecececcecececeeeececaeees 27 5 1 EPP MDM iOS App Supported iOS Versions cc cecseceeeeeneenes 27 5 2 EPP MDM iOS App to locate deviceS ccc cccccceeneeseuneusenseueenes 27 5 3 EPP MDM iOS App to enroll devices Optional cccceeeeee 28 5 4 EPP MDM iOS App Device Information ccceeeeeeeeeeeeeeees 28 5 5 Installing the EPP MDM iOS A piwesseeeerenesewesiaesneninaaewensnecs 29 5 6 Allow Location Services for EPP MDM iOS App ccceeeeee 30 5 7 Pushing and Managing EPP MDM App to iOS Devices 30 II Endpoint Protector Mobile Device Management User Manual 6 Android Endpoint Protector MDM Client App31 6 1 EPP MDM Android Client App Supported Versions 008 31 6 2 The Android EPP Client App cc ccccecsecseuseueeusuueureuseuseusenss 31 6 3 EPP Client Android App to enroll devices cccceeeeeeeeneeeaes 31 6 4 Install EPP Client App on Android and Enrolling Android Device32 7 Enrolling Mobile D VICES cccceeeeeeeeees 38 7 1 Different Enrollment methods are available ceeeeaees 39 7 2 Mobile Device Enrollment grcceccevscessacrewensenseccssnstcucssscesnsncns 40 7 2 1 iOS and OS X Enrollment and Profile Protection 43 7 2 2 iOS and OS X Profile Protection Deletion Pa
91. ecting Edit App or they can be deleted by pressing the Delete button Show all departments Mobile Device Management Android App Management Android Apps os Title v Vendor Version Description Actions CoSoSys Notepad Demo CoSoSys 1 0 ye result 50 per page _ Add Android App 117 Endpoint Protector Mobile Device Management User Manual 13 3 Pushing Apps to Android Devices The list of Managed Apps is available when viewing the details about any managed Android device in the Apps tab Welcome Logout Qe ENDPOINT 4 i ini i E vy PROTECTOR Reporting and Administration Tool nglish Q Advanced Search pa Dashboard Mobile Device Management Android App Management Show all departments Endpoint Management Mobile Device Inf ti es Endpoint Rights Name Samsung GT 19505 User Name tony Last Seen 24 March 2014 11 18 RH Endpoint Settings A Type Android Phone Number 123456 IME 357506052360695 kai Content Aware Protection CAP Modat Carrier RO ORANGE WiFi Mac CC 3A 61 C3 33 B1 Model No GT 19505 OS Version 4 3 Description Mobile Device Management Dashboard Locate Mobile Device Enroll Devices Mobile Devi Current Location Strada Haiducului r i YW PPE Time 17 Mar 2014 12 23 54 Cluj Napoca 400000 piano a Map Satellite MDM Policies Provider gps Romania D e DA a iOS App Management yp ee gt Android App Management s MEINE 7
92. ed e Ask User to change password Checking this option will prompt the device user to change from current password to a new password To apply the password Policy to the device make the selection and click Apply 94 Endpoint Protector Mobile Device Management User Manual 11 1 2 Device Password Mobile Devices gt Security Policy gt Device Password Security Policy 3 Lock Wipe Device Settings Manage Device Manage WiFi Manage Mail aled Apps Accounts Contacts Profiles History Set Security Policy Current Security Policy Password Quality Alphanumeric f Password Password Quality No requirement Min Password Length 5 i Min Password Length 0 Max Time To Lock sec 60 Max Time To Lock sec 0 Max Failed Password Retries 10 gt Max Failed Password Retries 0 Ask User to change password O Apply Set Password Refresh The Administrator can set a password and send it to the Android device This is helpful in case a user has forgotten the device password or the device screen does not accept user input and the device password has to be changed or set to zero To apply the device password to the device make the selection and click Set Password 11 1 3 Android Device Hardware Encryption When the password passcode for an Android device which has Android Version 4 is set the Android device is automatically using its build in hardware encryption in order to protect data on the device in case it
93. ed certificate you received from Apple at step 2 above to doud endpointprotector com in order to enable Mobile Device Management for iOS O Support Browse for APNS certificate signed by Apple Upload Endpoint Protector 4 Copyright 2004 2012 CoSoSys Ltd All rights reserved Note We recommend performing these steps on a Safari or Mozilla Firefox browser Use of Internet Explorer for this step is known to cause the process to fail 1 In the Administration Interface go to Mobile Device Management and select APNS Certificate Setup Apple where you have to complete the enrollment for the Apple Push Notification Certificate 2 Fill in the required details and click on the Download signed CSR to get the Code Signing Request CSR file signed by CoSoSys Save it on your computer Step 1 Fill in this form below with your company information for a CSR CoSoSys as authorized MDM vendor will sign for you a Certificate Signing Request CSR in this step You will need this in the next step when contacting Apple All fields are mandatory Company Name Your Company E mail your email yourcompany com Country United States State or Province Name New York Location City New York City Download signed CSR 10 Endpoint Protector Mobile Device Management User Manual 3 In a different browser window Firefox or Safari browser not Internet Explorer open the following link to the Apple Push Certificates Port
94. ent sync Allow In App Purchase Allow photo stream Require iTunes Store password Allow shared photo streams Allow multiplayer gaming Security and Privacy Allow adding Game Center friends Allow sending diagnostic data Allow untrusted TLS certificate Force encrypted backups Content Rating Allow explicit content Set Settings B 68 Endpoint Protector Mobile Device Management User Manual ull orange i orange iCloud gt iCloud 5 Mail Contacts Calendars gt Mail Contacts Calendars gt Notes gt Notes gt Reminders gt Reminders gt Sy Phone gt Sg Phons N oO Messages gt 3 Messages gt Eta Maps gt FaceTime 4 Safari gt fon Maps gt Safari gt UW fai iTunes amp Ann Stores gt i I Left image FaceTime disabled missing by policy Right image FaceTime enabled without policy 9 2 1 The following iOS features can be restricted e Allow installing apps e Allow Siri o Allow Siri while device locked e Allow use of camera e Allow FaceTime e Allow screen capture making screenshots feature holding home button and ON OFF button to capture screen e Allow Passbook while device locked e Allow sync while roaming e Allow voice dialing e Allow In App Purchase e Require iTunes Store password e Allow multiplayer gaming e Allow adding Game Center friends 69 Endpoint Protector Mobile Device Management User Man
95. erprises It Offers your IT department the ability to easily enroll iOS devices provision them make sure the proper searity policy is established and enfor Vendor CoSoSys Version 1 0 0 6 Endpoint Protector 4 Copyright 2004 2013 CoSoSys Lid Al rights reserved Version 4 3 0 5 Appliance 110 Endpoint Protector Mobile Device Management User Manual 12 3 Managed Paid Apps Paid Apps require purchasing license keys through the Apple Volume Purchase Program The licenses which Apple calls Redemption Codes can be purchased here https tunes a le com This option is available in the Endpoint Protector interface only for paid apps when selecting Edit App under the point Import Redemption Codes After redemption codes have been purchased from Apple they need to be introducted through copy pasting the redeption codes into the Endpoint Protector interface under the option Edit App gt Import Redemption Codes ENDPOINT 4 PROTECTOR Dashboard E Endpoint Management Ce Endpoint Rights A Endpoint Settings 2 Content Aware Protection Mobile Device Management Erroll Devices Mobile Devices MOM Polces 10 App Management APNS Certificate Setup Apple GCMMaps Setup Googie Offline Temporary Password E Reports and Analysis A System Alerts Directory Services Ed Ppiionce System Maintenance Q System Configuration a System Parameters Support Reporting and Administratio
96. ertificate file you downloaded from the Appliance Setup Wizard gt Appliance Server Certificate gt and install the Certificate Click the Certificate Error button just next to the IE address bar as shown By clicking the Certificate Error button a pop up window appears Just click the View certificates in that pop up window Another pop up Certificate window will appear with three tabs namely General Details and Certification Path Select the General tab and then click Install Certificate button or go to Tools gt Internet Options gt Content gt Certificates Content Parental Controls Control the Internet content that can Parental Controls be viewed Content Advisor Ratings help you control the Internet content that can be viewed on this computer H Enable a F Se ttings Certificates m Use certificates for encrypted connections and identification dear SS state certcates AutoComplete 2 AutoComplete stores previous entries on webpages and suggests matches for you Feeds and Web Slices Feeds and Web Slices provide updated content from websites that can be read in Internet Explorer and other programs 133 Endpoint Protector Mobile Device Management User Manual From the Certificates list select Trusted Root Certification Authorities and click on the Import button Issued To Issued By Expiratio GalAddTrust External
97. essaging for Android and Static Maps API To enable these two Services Google will ask you to agree to their Terms of Service End User License Ai Reports and Analysis A System Alerts EJ Directory Services System Maintenance Q System Configuration a System Parameters Google API Key ExamplE67QWuu26 5j6WEEAW qgqY YouW 1408 7 Save API key Step 3 Enter Google Proiect Number Please enter the Google Project Number you have located at Google APIs Console gt Overview gt Project Summary gt Project Number Google Project Number Save Project Number O Support After entering copying the API Key click Save API Key Now enter the Google Project Number and click Save Project Number After completing these steps you can start enrolling Android devices to Endpoint Protector Mobile Device Management 26 Endpoint Protector Mobile Device Management User Manual 4 2 6 Google C2DM C2DM for Android is not supported by Endpoint Protector anymore The EPP MDM iOS app is a free app for iOS available on the Apple App Store The EPP MDM app is compatible with iPhone and iPad It is an optional app and not a necessity for use of Endpoint Protector MDM for iOS The EPP MDM app has two functions one to locate the device and second to use the app optionally also as a way to enroll an iOS device to Endpoint Protector Mobile Device Management The EPP MDM app for iOS supports iOS version 7 0 6 0
98. esults Name Identifier Version Short Version Last Status App Size Storage Used Management Flags Actions AutoMD com AutoMDTest iPhone 24 0 1 7 4 Not Managed 23 88 MB 16 KB NIA eggmon com mozzet eggmon 3 05 NIA Not Managed 30 13 MB 16 KB NWA EPP MDM com cososys EPPMDM 1 0 0 8 1 1 Managed 872 KB 272 KB J A O OnyxBeacon com onyxbeacon OnyxBeacon 1 4 1 0 0 Not Managed 2 8 MB 16 KB NWA RiffFree com learntomaster guitarrifffree 43 43 Not Managed 18 98 MB 16 KB NWA Scan com qrcodecity scan 370 2 2 Not Managed 9 94 MB 1 93 MB NWA ScanLife com scanbuy ScanLife 48 2 NWA Not Managed 29 63 MB 1 19 MB NWA Taxi Driver com OTA TaxiDriver 1 3 1 1 3 1 Not Managed 9 95 MB 16 KB WA 8 results 50 x per page 9 23 History of iOS Devices Actions Mobile Devices gt History In the History tab a record of actions sent to an iOS device are saved and the corresponding results are shown as well The result can be executed error failed or pending Security Policy Lock Wipe Device Settings Manage Device Manage WiFi Manage Mail Installed Apps Accounts Contacts Profiles History Results Mobile Device Action Status Result Message Event Time v iPhone WifiSettings Error 19 October 2012 16 58 E iPhone VoiceRoaming CommandFormatError 19 October 2012 16 35 iPhone MailSettings QO Executed 19 October 2012 16 34 Tm iPhone VoiceRoaming CommandFormatError 19 October 2012 16 32 iPhone WifiSettings O Executed 19 October 2012 16
99. ettings Manual Auto Join Accepted EAP Types Username Hidden Network TLS Password Encryption Type WPA WPA2 TILS Proxy Server WiFi Password eecceceees LEAF Proxy Server Port Enterprise Wifi E pear Proxy Settings Auto Proxy Type None e EAPFAST Proxy Server URL EAP SIM Accepted EAP Types Use PAC Provisioning PAC Provisioning PAC Anon Inner Identity PAP Username Per Connectio n Password User Password Outer ldentity Apply Q The Endpoint Protector Administrator can apply wireless network WiFi settings to an iOS device This can be used for iOS devices to automatically connect to a WiFi access point without having to manually add the settings on the device 77 Endpoint Protector Mobile Device Management User Manual 9 15 1 Wipe Wi fi Settings Wi Fi Profile can be removed to wipe company Wi Fi Settings while personal Wi Fi content remains untouched 9 16 Manage Mail on iOS Mobile Devices gt Manage Mail Security Policy Lock Wipe Device Settings Manage Device Manage WiFi Manage Mail Installed Apps Accounts Contacts Profiles Histc Mail Settings Account Description Demo User Incoming Mail Outgoing Mail Account Type IMAP Mail Server pop company c Mail Server emtp company IMAP Path Prefix imap company Port Port User Display Name Demo User Username demo compan Username emo company Email Address emo company Auth Type None Auth Type None Allow Move Password
100. evice 2 The web browser will open the enrollment site that already includes your registration data consisting of an MDM ID and your One Time Code OTC a httpe cloud endpoi Me ie a ENDPOINT sible Device Click Connect to proceed 33 Endpoint Protector Mobile Device Management User Manual 3 In the next step the device user has to click on the Endpoint Protector Client link Then a download of the EPP Client App will start fee https ichoud endpow ENDPOINT obey Devoe ENDPOINT ibe Devoe Endogint Protector Client 4 The download of the eppclient apk name of the EPP Client Android app download file should finish rather fast depending on your data connection speed since the eppclient apk is small ra Screenshot captured eppchent apk 34 Endpoint Protector Mobile Device Management User Manual 5 Locate now the eppclient apk in the download folder on your device Inherit dovada o Today p appolieri apk ir Lou reo pros Why f LN m se Lasi month Sort by size 6 Click on the eppclient apk and select Install The EPP Client will start to install itself on the Android device FP EPP Client Do you wani to imstall ths application Allow thas application to Your location Pio Ti i ahi of Network communication l ini p ih Your personal information Storage nodil erie image 35 Endpoint Protector Mobile
101. gt Profiles 9 14 Profiles on iOS Devices Information Mobile Devices gt Profiles Security Policy Lock Wipe Device Settings Manage Device Manage WiFi Manage Mail Installed Apps Accounts Contacts Profiles History Results Profile Name v Profile Description Profile Identifier Endpoint Protector Endpoint Protector Enrollment Profile com endpointprotector cloud 1result 50 per page 76 Endpoint Protector Mobile Device Management User Manual The profiles installed on an iOS Device are listed in the Profile tab The Profiles installed on an iOS Device are always the enrollment Profile and possible restriction or other profiles The type of profile is shown in the Profile Description column 9 14 1 Remove Profile from iOS Device From here the Endpoint Protector Administrator can also perform the remove action of a profile by clicking on Remove Profile If a profile e g a Restriction Profile is removed the associated restrictions from the iOS device are removed In case the Administrator want to unmanage a device the Enrollment Profile needs to be removed After removing the enrollment profile the device is no loger managed 9 15 Manage WiFi on iOS Mobile Devices gt Manage WiFi Security Policy Lock Wipe Device Settings Manage Device Manage WiFi Manage Mail Installed Apps Accounts Contacts Profiles History WiFi Settings Service Set Identifier DemoSSID Enterprise Settings Proxy S
102. h a new push certificate About Apple Push Certificates Portal Create and manage push certificates that enable your third party server to work with the Apple Push Notification Service and your Apple devices Learn more about Mobile Device Management MDM push certificates created in the iOS Developer Enterprise Program have been migrated to the Apple Push Certificate Portal Learn more about MDM push certificate migration Shop the Apple Online Store 1 800 MY APPLE visit an Apple Retail Store or find a reseller Apple Info Site Map Hot News RSS Feeds Contact Us Copyright 2012 Apple Inc All rights reserved Terms of Use Privacy Policy 13 Endpoint Protector Mobile Device Management User Manual 7 After clicking Renew you are prompted to upload the Code Signing Request CSR from the previous step 3 that you saved on your computer Select your signed CSR and click Upload to the Apple Push Certificates Portal In just a few moments your certificate will be renewed and you see the Expiration date is updated iPhone iTunes Support Apple Push Certificates Portal Renew Push Certificate Enter your Certificate Signing Request signed by your third party server vendor to renew the following push certificate Service Mobile Device Management Vendor CoSoSys SRL RSS Feeds Contact Us Shop the Apple Online Store 1 SO00 MY APPLE visit an Apple Retail Store or find a reseller Apple info Site Map
103. han Wifi otherwise the communication between the EPP Server and the Android devices will not be possible 11 8 Manage Bluetooth This feature will enable or disable the Bluetooth on the Android device 99 Endpoint Protector Mobile Device Management User Manual Security Policy Lock Wipe Device Settings Manage Device Apps Installed Apps Accounts Contacts Calendar Events History Device Ownership Device Location Settings Wifi Blootooth Camera Settings Unknown E Location Accuracy Fine This feature will disable or enable Wifi This feature will disable or enable Bluetooth This feature will disable or enable the Camera Personal Location Cost Allowed E Disable wifi E Disable Bluetooth ETER Company Set Wifi Set Bluetooth Set Camera Save Save Refresh Status Refresh Status Refresh Status 11 9 Manage Camera on Android This feature can disable the camera of the Android device Security Policy Lock Wipe Device Settings Manage Device Apps Installed Apps Accounts Contacts Calendar Events History Device Ownership Device Location Settings Wifi Blootooth Camera Settings Unknown Location Accuracy Fine This feature will disable or enable Wifi This feature will disable or enable Bluetooth This feature will disable or enable the Camera Personal Location Cost Allowed Disable Wifi Disable Bluetooth Disable Camera O Company
104. hboard Enroll Devices i05 Apple Optionally you can scan the QR Code for your device type then enter the OTC Mobile Devices Method 1 Send E mail request containing enrollment invitation link MDM Policies Method 2 Send an SMS request containing enrollment invitation link iOS App M t Method 3 On Mobile Device visit in web browser https doud endpointprotector com mobile php register ios eid SKFM 1556 APNS Certificate Setup Apple hakui GCM Maps Setup Google Method 1 Send E mail request link containing the customized EPP Client installation package Method 2 Send SMS request link containing the customized EPP Client installation package kg Offline Temporary Password Method 3 On Mobile Device visit in web browser https doud endpointprotector com mobile php register android eid SKFM1556 P Reports and Analysis A Alerts iOS Apple Android EJ Directory Services X Send E mail Request s Send SMS Request ta Appliance One Time Codes System Maintenance Results eA System Configuration Code Uninstall Passphrase Show Requested at Actions System Parameters HOKZF rererere 4 December 2013 10 41 87ZY7 Sanana 4 December 2013 10 41 O Sunu HSAVF sesseese 4 December 2013 10 41 82QU7 4 December 2013 10 41 Endpoint Protector 4 Copyright 2004 2013 CoSoSys Ltd All rights reserved Ready Version 4 4 0 2 Appliance 55 Endpoint Protector Mobile Device Management User Manual Contacts list can be imported from an xls fil
105. he device after Warning this feature will delete all data executing the remote wipe is no longer connected from SD Card in the device to and managed by Endpoint Protector since all data including connectivity information to Endpoint Protector is erased Lock Device Screen Keep Current Password E including SD Card Wipe SD Card The Android device can be remotely wiped A remote wipe will erase all data on the device and reset the device to its factory default To remotely wipe a device click Wipe and a confirmation message will ask to proceed if you are sure you want to remotely wipe the device Additionally to wiping the data on the actual device the option to Include SD Card can be selected to also wipe the data on an SD Card in the device After a remote wipe the device is unmanaged No more connection between the Android device and Endpoint Protector is possible after the remote wipe The remote wipe of a device works also in case of a device that has a SIM card and the SIM card has been removed from the device As long as the device has a working internet connection in this case over Wi Fi the remote wipe of the device will still work as long as the wipe command can reach the device Note All data on the device will be permanently lost It cannot be recovered after a remote wipe Use this feature with caution and only as a last resort 11 4 1 Android Remote Wipe of SD Card Mobile Devices gt Lock
106. ice and completing the Endpoint Protector ID and OTC fields a For iOS devices the link is https cloud endpointprotector com mobile php register iQOS b For OS X devices the link is https cloud endpointprotector com mobile php register OSX c For Android devices the link is https cloud endpointprotector com mobile php register android 5 Downloading and installing the EPP MDM app on an iOS OS X or Android device and completing the Endpoint Protector ID and OTC fields Attention Enrollment of iOS and OS X devices should be done through the Safari browser on your iOS and OS X device Other browsers are not supported For Android devices enrollment should be done through the native web browser on the device 40 Endpoint Protector Mobile Device Management User Manual 7 2 Mobile Device Enrollment To be able to manage mobile phones and tablets each device must be enrolled by going to Mobile Device Management gt Enroll Devices option Welcome tt Logout ipl i Reporti d Administration Tool Engli Q N Y PROTECTOR eporting an ministration 100 glish y Advanced Search p3 Dashboard Mobile Device Management Enroll Devices Show all departments Endpoint Management bil p f x Ee X Endpoint Settings rel 3 Mobile Devices Content Aware Protection E m Mobile Device Management Enroll Mobile Devices a 105 05 X Apple Method 1 Send E mail request containing enrollment invitation link APNS Certific
107. icy Lock Wipe Device Settings Manage Device Apps Installed Apps Accounts Contacts Calendar Events History Results Title v Calendar Event Start Event End Timezone Whole Location Description Alarm Status Visibility Overlap Act Name Day Set The Three Holy Hierarchs 30 January 2014 1 00 31 January 2014 1 00 UTC SY Tentative Default No overlaps The Three Holy Hierarchs 30 January 2015 1 00 31 January 2015 1 00 UTC SY Tentative Default No overlaps The Restoration of Democracy 24 July 2013 2 00 25 July 2013 2 00 UTC SY Tentative Default No overlaps The Ochi day 28 October 2014 1 00 29 October 2014 1 00 UTC SY Tentative Default No overlaps Synaxis of the Mother of God 26 December 2014 1 00 27 December 2014 1 00 UTC SY Tentative Default No overlaps Polytechneio 17 November 2013 1 00 18 November 2013 1 00 UTC SY Tentative Default No overlaps Polytechneio 17 November 2014 1 00 18 November 2014 1 00 UTC uf Tentative Default No overlaps New Year s Day 1 January 2015 1 00 2 January 2015 1 00 UTC SY Tentative Default No overlaps Labor Day May Day 1 May 2013 2 00 2 May 2013 2 00 UTC SY Tentative Default No overlaps Labor Day May Day 1 May 2014 2 00 2 May 2014 2 00 UTC SY Tentative Default No overlaps Good Friday 18 April 2014 2 00 19 April 2014 2 00 UTC AS Tentative Default No overlaps First entry 8 January 2014 7 00 8 January 2014 3 00 Europe Athens Tentative Default No overlaps Epiphany 6 January 2015 1 00 7 January 2015 1 00 UTC
108. ill be sent via e mail Sending all the invitations might take up to one hour depending on the number of selected contacts 57 Endpoint Protector Mobile Device Management User Manual To view the pending enrollments click on the Check Sending Queue link List of Mobile Device Management Bulk Enrollment Contacts Show all departments A G Added selected contacts 2 in total to the Sending Queue A Current Sending Queue contains 2 entries maximum is 50 Check Sending Queue Important Notice idi Please select the Mobile Device Type and Default Profiles Protection Type when importing pasting contacts since the Enrollment Requests will contain these information If the contact contains both an E mail address and a phone number the request will be send to the E mail address Sending Enrollment Requests to the maximum accepted entries in the sending queue will take up to 1 hour depending on the number of selected contacts m Results rm All Type Contact E mail Phone Actions o Paul C paul example com 07 4 00000Kx S4 is F Dan D dan example com 0740X y its 2results 20 per page Add To Sending Queue Delete Contacts Import contacts list a Select Mobile Device Type iOS Apple Android Unknown Profiles Protection Always Allow Removal Never Allow Removal Passphrase Required for Removal Browse for the import file No file selected Download sample fi
109. in the next step when contacting Apple APNS Certificate Setup Apple All fields are mandatory GCM Maps Setup Google Company Name Customer Ltd kg Offline Temporary Password E mail customer customer com Reports and Analysis Country United States State or Province Name NY A System Alerts Location City NYC EJ Directory Services i Download signed CSR D System Maintenance Step 2 Request your signed certificate for APNS from Apple o System Configuration a System Parameters som Apple will sign the certificate for your company to be used with Apple Push Notification Services APNS and will link the certificate to your Apple ID Visit this dedicated Apple website for this here https identity apple com pushcert log in with your Apple ID and follow the steps to obtain your certificate for APNS At this step provide Apple with the certificate y Step 3 Upload certificate signed by Apple Upload now the signed certificate you received from Apple at step 2 above to coud endpointprotector com in order to enable Mobile Device Management for iOS Browse for APNS certificate signed by Apple Upload Endpoint Protector 4 Copyright 2004 2013 CoSoSys Ltd All rights reserved The APNS certificate can be renewed in just a few simple steps from the Mobile Device Management APNS Certificate Setup Apple in Endpoint Protector Note If your APNS certificate expires or is revoked it will result in unmanaged iOS and OS
110. ions profile to be able to use FaceTime To do that the user is required to enter a passcode which he doesn t know only the Endpoint Protector administrators The user still could uninstall the enrollment profile without a passcode but in case he does that also all his other profiles and settings are deleted along with it meaning company WiFi settings etc 44 Endpoint Protector Mobile Device Management User Manual 7 2 2 iOS and OS X Profile Protection Deletion Passphrase The passphrase for deletion of Profiles on iOS and OS X devices is by default generated randomly if during the invitation enrollment process the Endpoint Protector Administrator who sends the invitation to the device sets the Profile Protection option to Passphrase Required for Removal The automatically generated passphrase can be found in the Endpoint Protector Reporting and Administration web interface under Mobile Device Management gt Enroll Devices gt One Time Codes gt Uninstall Passphrase show After clicking on show the Passphrase is shown that corresponds to the devices enrollment OTC In case the device user needs this passphrase the administrator can give it to the user over the phone for the user to enter during deleting of a profile The administrator can locate the Passphrase after clicking View Invitations Sent and locating the OTC used by the device for enrollment m Mobile Device Management PF m e LA Resul
111. k Wipe Device Settings Manage Device Manage WiFi Manage Mail Installed Apps Accounts Contacts Profiles History Set Security Policy Device Password Current Security Policy Password Quality Alphanumeric A Gf Password Password Quality No requirement Min Password Length Min Password Length 0 Max Time To Lock sec i Max Time To Lock sec 0 Max Failed Password Retries Max Failed Password Retries 0 Ask User to change password Apply Set Password Refresh The current Security Policy if any will be shown on under Current Security Policy 93 Endpoint Protector Mobile Device Management User Manual 11 1 1 Password Passcode Setting on Android Device Mobile Devices gt Security Policy gt Set Security Policy The following Settings can be applied for the password passcode settings for an Android device e Password Quality The following settings can be chosen from o No requirement o Any o Numeric o Alphabetical o Alphanumeric o Complex e Min Password Length Minimum number of digits e Max Time To Lock seconds If Android device is not used the device will lock request password to access again after set number of seconds e Max Failed Password Retries Means the number a user can enter a wrong password until the device will wipe all data and reset itself In case of reset the device is wiping its entire data and is reset to a factory default All data on the device is erased and cannot be recover
112. l System Parameters O Support os icon Title Vendor Version Description Price Codes Category Flags iPhone iPad Actions de EPP MDM CoSeSys 1 0 06 Endpoint Protector Moble Device Management provises complete IOS ente Free Unies Wr y v4 BO Tresult 10l per page Endpoint Protector 4 Copyright 2004 2013 CoSoSys Lid Al rights reserved Version 4 3 0 5 Appliance 12 1 3 Adding Enterprise Apps to Managed Apps Catalog You can add applications developed in house by clicking on the Add Enterprise App button Welcome Logout Sida a Reporting and Administration Tool Engish 1 Q a n pis PROTECTOR ones 2 Advanced Search Dashboard Mobile Device Management iOS App Management Show all departments gll Endpoint Management Search iT App St a es Endpoint Rights Search Search type Using search term Country United States I Q Search App Store A Endpoint Settings Content Aware Protection CAP Select Icon Title Vendor Version Description Price Mobile Device Management m ga EPP MDM CoSoSys 1 0 0 7 Endpoint Protector Mobile Device Management provides complete iOS enterprise mob Free Enroll Devices Mobile Devices MDM Policies iOS App Management APNS Certificate Setup Apple GCM Maps Setup Google Offline Temporary Password Reports and Analysis As Alerts Add selected Apps Add Enterprise App EJ Directory Services Manage iOS Apps Appliance System Maintenance OS ic
113. le Bulk Enrollment xls Sample G Upload Paste Contacts a a smrtan e A iNS Annde A ndrnid A l inknnwn Note Contacts to which the invitations were already sent will no longer be available in the interface 8 Managing Mobile Devices The list of enrolled mobile devices and their status is available under Mobile Device Management gt Mobile Devices Welcome tt Logout ate ENDPOINT 4 eo Engish PROTECTOR Reporting and Administration Tool Q 2carch Dashboard nt M t B Endpoint Management Fiter te Endpoint Rights Results Endpoint Settings Type Name Description Ownership Username Model arrier Phone Number j OS Versi on ee Actions O Content Aware Protection company iphones 1 MOSOIRA 6 0 Registered 19 October 2012 17 38 A unknown padt 1 MB292LL 5 0 1 Regsstered 19 October 2012 17 32 m Mobile Device Management unknown s2 Samsung GT 9100 403 Regustered 19 October 2012 12 23 a Con fi ve Kant ee results S0 per page Mobile Devices MOM Fores APNS Certificate Setup 105 C20M Google Maps Setup y Offline Temporary Password B Reports and Analysis System Maintenance Q System Configuration d System Parameters Endpoint Protector 4 Copynght 2004 2012 CoSoSys Lid Al nghts reserved Ready Version 420 1 To manage a specific device select it from the list by right clicking on the device name and choose one of the available actions Manage Device edit Hide Show and
114. m Configuration a System Parameters O Support Endpoint Protector 4 Copyright 2004 2014 CoSoSys Ltd All rights reserved Ready Version 4 4 0 3 Appliance 116 Endpoint Protector Mobile Device Management User Manual 13 1 Adding Apps to your Managed Apps Catalog To add Apps in the Catalog push the Add Android App button and complete the required fields The administrator must make the application available on the internet if it isn t already then the corresponding link must be entered in the App Link field Welcome Logout bg ENDPOINT 4 PROTECTOR Dashboard Edit Android App Show all departments Endpoint Management AA es Endpoint Rights Ti Reporting and Administration Tool English X Advanced Search CoSoSys Notepad Demo Endpoint Settings piana ciie Content Aware Protection CAP Mobile Device Management Version Identifier App Link Description 1 0 com cososys cosonotepad http fiveupdate endpointprotector com CosoNotePadDemo apk APNS Certificate Setup Apple GCM Maps Setup Google Offline Temporary Password Reports and Analysis Alerts B gt iE Directory Services ta Appliance System Maintenance Q System Configuration System Parameters O Support Endpoint Protector 4 Copyright 2004 2014 CoSoSys Ltd All rights reserved Ready Version 4 4 0 3 Appliance 13 2 Editing App Management Options Managed Apps can be modified by sel
115. me feature or just want to leave us general comment we would love to hear from you Your input is much appreciated and we welcome any input to make computing with portable devices safe and convenient 20 Important Notice Disclaimer Security safeguards by their nature are capable of circumvention CoSoSys cannot and does not guarantee that data or devices will not be accessed by unauthorized persons and CoSoSys disclaims any warranties to that effect to the fullest extent permitted by law 2004 2014 CoSoSys Ltd Endpoint Protector My Endpoint Protector are trademarks of CoSoSys Ltd All rights reserved Windows is registered trademark of Microsoft Corporation Android is registered trademark of Google Inc Macintosh Mac OS X iOS MacBook are trademarks of Apple Corporation All other names and trademarks are property of their respective owners
116. ment Profile the device status as described in chapter 8 1 Mobile Device Status will change to MobileProfileRemoved To unmanage an iOS device the Endpoint Protector Enrollment Profile on an iOS mobile device must be removed Go to Device Settings gt General and select the Endpoint Protector Profile The next displayed window will contain the option to Remove Endpoint Protector from the mobile device Attention Although the uninstallation can be performed by the user the Administrator will also be notified about the removal of the Endpoint Protector Enrollment Profile 123 Endpoint Protector Mobile Device Management User Manual 15 1 2 OS X Uninstall Unmanage by User on Device To unmanage an OS X device the Endpoint Protector Enrollment Profile on an OS X mobile device must be removed Go to System Preferences gt Profiles and select the Endpoint Protector Profile and choose to remove it Attention Although the uninstallation can be performed by the user the Administrator will also be notified about the removal of the Endpoint Protector Enrollment Profile 15 2 Uninstall iOS EPP MDM app To uninstall the EPP MDM iOS app the user of the iOS device can uninstall it by pushing the EPP MDM app icon for two seconds and then deleting the app by clicking x 15 3 Android EPP Client App Uninstall Unmanage Android Device To uninstall EPP Client App on an Android Mobile Device the user needs to disable
117. mputer running Endpoint Protector Client Enabled refers to devices the action of allowing a device access on the specified computer s group s or under the specified user s Disabled refers to devices the action of removing all rights from the device making it inaccessible and therefore unusable File delete a file located on a portable device has been deleted In case additional help such as the FAQs or e mail support is required please visit Our Support website directly at You can also write an e mail to our Support Department under the Contact Us tab from the Support module Welcome tt Logout Pa ENDPOINT 4 l l PROTECTOR Reporting and Administration Tool Engish v Q pa Dashboard Endpoint Management Se Cs Endpoint Rights Sender E mail Endpoint Settings D Subject O Content Aware Protection Content m Mobile Device Management ky Offline Temporary Password Reports and Analysis A System Alerts Directory Services Send D System Maintenance Q System Configuration a System Parameters O Support User Manual AD Deployment Guide Contact Support Endpoint Protector 4 Copyright 2004 2012 CoSoSys Ltd All rights reserved Advanced Search administrator cososys com Please describe here your problem or your suggestions Ready Version 4 1 0 2 One of our team members will contact you in the shortest time possible Even if you do not have a problem but miss so
118. n Tool No Results 2 Make Codes Avainbie Endpoint Protector 4 Copyright 2004 2013 CoSoSys Lid Al rights reserved WhatsApp Messenger WhatsApp Messenger is a cross platform smartphone messenger arrently av WhatsApp Inc 28 7 0 99 USD Welcome Logout Agvaeced Search afable for Phone and af other smartphones The appication utiizes push notifications to instantly get messages from friends colleagues and family Swatch from SMS to Reedy Verson 4 3 0 5 Appliance 111 Endpoint Protector Mobile Device Management User Manual After adding the redemption codes click Save The saved redemption codes will be listed under Edit App gt Redemption Codes Welcome Logout ENDPOINT 4 y eee ahs PROTECTOR Reporting and Administration Tool Engish X Q Adve ed Search Dashboard Show all departments E Endpoint Management Description WhatsApp Messenger amp a cross platform smartphone messenger currently avaiable for Phone and al other smartphones The applicaton utiizes push notifications to instantly get messages from friends colleagues and family Svatch from SMS to g exchange messages pictures audio notes and video mes Ce Endpoint Rights vencer Whatsapp Inc veran 2 8 7 Pr EOP Settings Price 0 99 USD Content Aware Protection au Mobile Device Management EEEE tis ini z D Erroll Devices Prevent backup of the app data v A Mobie Devices MOM Poloes Import Redemption Codes 105 App Managemen
119. n private A single project may contain up to 20 client IDs epo Learn more Quotas Create an OAuth 2 0 client ID Simple API Access Use API keys to identify your project when you do not need to access user data Learn more Key for server apps with IP locking Generate new key API key Edit allowed IPs IPs Any IP allowed Delete key Activated on Jun 13 2013 2 38 AM Activated by you Create new Server key Create new Browser key Create new Android key Create new iOS key 5 On the Google APIs Console Site in API Access gt Simple API Access gt you can also add referrers that are allowed to use your API keys and we recommend you to add the following two Do this by clicking on the right side next to the API key on Edit allowed referrers and add there in separate lines cloud endpointprotector com endpointprotector com 6 Copy the Google API key as described in the next step in the Endpoint Protector interface 25 Endpoint Protector Mobile Device Management User Manual 4 2 5 Entering Google API Key and Project Number in Endpoint Protector old method After you have obtained your Google API Key please enter it together with the Google Project Number in the Endpoint Protector Interface The Google Project Number you find on the Google APIs Console Site under gt Overview gt Project Number Google apis MDM CoSoSys Dashboard Overview Services Project Summary Service Sta
120. n the device and entering EPP MDM in the search bar The search result will show you EPP MDM by CoSoSys Click on the button FREE followed by INSTALL APP After that the EPP MDM app will be downloaded and installed on your device To start the EPP MDM app simply locate it on your iOS device home screen and click to start it ulill orange 10 51 1 m ae i oon ees s SS gt gt gt Messages Calendar Videos _ 238 Weather Passbook n PR 4 4 P 10 2 9 d S O Reminders Clock Game Center Newsstand m e 7 EPP MDM Camera PESA 30 Endpoint Protector Mobile Device Management User Manual 5 6 Allow Location Services for EPP MDM iOS App After starting the EPP MDM iOS app the user will be asked EPP MDM would like to use your current location The user has to select OK to allow Location Services If this setting is not made correctly to allow the iOS EPP MDM app will not be able to report location information This setting can be checked on the iOS device in the following location iOS device home screen gt Settings gt Privacy gt Location Services Location Services have to be set to ON and for the EPP MDM set to ON as well Next to the ON a small compass needle icon is shown as well alllorange gt 13 26 T ee m Privacy Location Services EPP MDM E 5 7 Pushing and Managing EPP MDM App to iOS Devices The EPP MDM App can be pushed and managed
121. nagement Bulk Enrollment Contacts Show all departments A Important Notice a Q Please select the Mobile Device Type and Default Profiles Protection Type when importing pasting contacts since the Enrollment Requests will contain these information If the contact contains both an E mail address and a phone number the request will be send to the E mail address Sending Enrollment Requests to the maximum accepted entries in the sending queue will take up to 1 hour depending on the number of selected contacts Results a AN Type Contact E mail Phone Actions v John A john company com 0740000 4 iris Fd Mark B mark company com 07 400000 yi is ial Paul C paul example com 07 4 00000K Sa iris a Dan D dan example com 07400000 ole 4results 20 per page Add To Sending Queue Delete Contacts Import contacts list sa Select Mobile Device Type iOS Apple Android Unknown Profiles Protection Always Allow Removal Never Allow Removal Passphrase Required for Removal Browse for the import file ae d Download sample file Bulk Enrollment xls Sample G Upload Paste Contacts a Select Mobile Device Type iOS Apple Android Unknown Profiles Protection Always Allow Removal Never Allow Removal Passphrase Required for Removal Contacts List Maximum 500 contacts at once In case both e mail and telephone number is given the enrollment invitation w
122. nd outside the companies walls Welcome Guest Login SROTECTOR M Reporting and Administration Tool English OOO trong DLH Mobile Device Management _ _ _ le nn nn _ _ cecilia nnn TnTn tenner needed T 3 wir nd af M ant O a P orcemen a nforcen t Data Loss Prevention Device Control Content Aware Protection Mobile Device Managment Endpoint Protector comprises three separate modules which used together ensures the next generation security of your endpoints e Mobile Device Management closely controls and monitors the entire mobile device fleet through dedicated MDM policies protecting sensitive company data while permitting a degree of freedom on what concerns the stored personal information Once integrated in a company or enterprise network it ensures a highly secure working environment for companies adopting and using the BYOD model e Device Control enforces strong security policies for controlling and closely monitoring all portable storage device use inside the company network Once deployed inside companies networks the Device Control modules reduces the risks of data loss and data theft through unauthorized use of removable and mobile devices through USB etc e Content Aware Protection allows defining custom content aware policies for a detailed inspection detection and reporting of all sensitive content transfers outside the secured network Once enable
123. nding E Mail or SMS Enrollment Invitation iOS OS X Android Sending E Mail or SMS enrollment invitations is made through the option Enroll Devices Send E mail Request x To Subject Mobile Device Enrolment Request Mobile Device Type iOS Apple C t Profiles Protection Always Allow Removal Always Allow Removal nni pever Allow Removal ___Passphrase Required for Removal Entering E Mail and Phone numbers require attention to the correct format and selecting the device type if Known in this step is of advantage due to a lesser chance that the user will select the wrong option For iOS and OS X devices in the device enrollment step as previously described it is important to set the Profile Protection settings 7 2 4 SMS Enrollment Number Format iOS Android When sending SMS enrollment invitations it is essential to send them using the correct number format The correct number format is 401112345678 Country code followed by area code and number No or zeroes are required in front of the country code At all time a country code is required in case of US or Canadian numbers it is a 1 for Germany it is 49 etc Note SMS Enrollment is not available for OS X 47 Endpoint Protector Mobile Device Management User Manual 7 2 5 E Mail Enrollment Invitation iOS OS X Android The device user can receive an enrollment invitation on the actual device and access the included URL which
124. nes and tablets are used on a daily basis by employees to store and have access to their company e mails sales reports etc everywhere they go The wide adoption of the BYOD Bring Your Own Device model by companies worldwide led to the use of more personal mobile devices by employees for storing business information together with private data such as photos and music This trend raised new issues for IT administrators which are faced now with the challenge of protecting sensitive company data not only inside the secured company network but also everywhere it is taken on mobile company endpoints At the same time a separation and close monitoring of company information from personal data must be imposed To face the security challenges by the increase mobility in business environments Mobile Device Management by Endpoint Protector enables a complete control and detailed monitoring over the use of mobile devices both inside and outside corporate environments allowing employees to have a secure access to both corporate and private data wherever they are and on whatever device they are using without business critical information getting compromised 2 Endpoint Protector Mobile Device Management User Manual 1 1 What is Endpoint Protector Endpoint Protector is a complete Data Loss Prevention solution for companies networks of all sizes enabling a detailed control over removable mobile storage media and mobile devices both inside a
125. of the existing events can be requested by pushing the Get Calendar Info and Get Calendar Events buttons Security Policy Lock Wipe Device Settings Manage Device Apps Installed Apps Accounts Contacts Calendar Events History Play Sound on Device Refresh Device Details Refresh App List Refresh Calendars This feature plays a sound on the device to make it This feature will read current device details This feature will update the list of installed apps This feature will refresh the list of Calendars easier to find it if misplaced Note Results are displayed inside the Installed Apps tab Play Sound i Get Device Details i Get App List Refresh Google Accounts Refresh Accounts Refresh Contacts Refresh Calendar Events This feature will refresh the list of Google Accounts This feature will refresh the list of Phone Accounts This feature will refresh the list of Contacts This feature will refresh the list of Calendar Events Get Google Accounts Get Accounts m Get Contacts m Get Calendar Events The administrator will see the events in the Calendar Events section In the screenshot below we did not push the Get Calendar Info button so only the Calendar Events are listed note that the Calendar Name field is empty If we would push the button afterwards the Calendar Name field would also get completed 102 Endpoint Protector Mobile Device Management User Manual Security Pol
126. oint Protector Mobile Device Management User Manual Note All data on the device will be permanently lost It cannot be recovered after a remote wipe Use this feature with caution and only as a last resort 9 5 iOS Disable Device Password Passcode Mobile Devices gt Security Policy gt Clear Password No more password required The option Clear Password No more password required will disable the password passcode requirement for the iOS device Unlocking the device screen will be possible without a password entry 9 6 Device Ownership Mobile Devices gt Device Settings gt Device Ownership Security Policy Lock Wipe Device Settings The option Device Ownership can be set to who is the rightful owner of a device Set it to Company if the company has purchased the device for the user or to Personal if the user has purchased the device and uses it for business purposes After a device is enrolled the default settings is set to Unknown 9 7 Voice Roaming on iOS Mobile Devices gt Device Settings gt Voice Roaming Security Policy Lock Wipe Device Settings Manage Device Manage WiFi Manage Mail Ins Device Ownership Voice Roaming Unknown f This feature will enable disable voice roaming on i the mobile dewice Personal a Mote This option is carrier dependent meaning that the carrier has to make the change of this setting Company Enable Disable E Save B 73 En
127. oint Protector Mobile Device Management User Manual Security Policy Lock Wipe Device Settings Manage Device Manage WiFi Manage Mail Ins Device Ownership Device Location Settings Unknown T Location Accuracy Fine Personal f Location Cost Allowed Company Save These settings impact the acuaracy of the location data used to locate an Android device 11 6 1 Location Accuracy Fine on Android The setting Location Accuracy Fine unchecked relies on data from WiFi or triangulation Checked Location Accuracy Fine will rely on GPS data 11 6 2 Location Cost Allowed on Android The setting Location Cost Allowed will send location data even if device is outside of the regular network 11 7 Manage Wifi This feature will enable or disable the Wifi on the Android device Security Policy Lock Wipe Device Settings Manage Device Apps installed Apps Accounts Contacts Calendar Events History Device Ownership Device Location Settings Wifi Blootooth Camera Settings Unknown __ Location Accuracy Fine This feature will disable or enable Wifi This feature will disable or enable Bluetooth This feature will disable or enable the Camera Personal Location Cost Allowed Company E Disable Wifi Disable Bluetooth E Disable Camera Set Bluetooth Set Camera Refresh Status Refresh Status Note Make sure that you have a valid internet connection other t
128. om Map button to remove GeoFence from the map 4 Click the Save Geofence Data to save the virtual perimeter Remove from Map Save Geofence Data When a Geofence has been created there are several details that are displayed to provide a better insight like Latitude and Longitude There is also an optional Description field recommended for a better management of the area and setting that apply to it Be Name GeoFence Description Moscone Center Center Latitude 37 78369 134876604 Center Longitude 122 40145558171207 Encoded path streFvoajVz fAf Go a Remove from Map A 130 Endpoint Protector Mobile Device Management User Manual 16 2 How to deploy MDM Policies using Geofences Once the virtual perimeter has been defined pushing specific settings through Geofencies can be done from the MDM Policies Mobile Device Management Policy Device Type Policy Device Type 2 ios Policy Information Policy Name Policy Description iOS Version i056 and older 6 i057 and newer Supervised Devices No F Yes MSecunty Policy Device Settings Se paar Manage Apps Rama Enable Available GeoFences Type Name Description Geofence GeoFence test Geofence GeoFence 2 results 50 per page Save e Back Delete All off the settings previously defined in the Security Policy Device Se
129. on Title v Vendor Version Description Price Codes Category Flags iPhone iPad Actions 2 system Configuration g EPP MDM CoSoSys 1 0 0 7 Endpoint Protector Mobile Device Management provides complete iOS ente Free Utilities 4 4 RO 1result 10 z per page a System Parameters Support Endpoint Protector 4 Copyright 2004 2013 CoSoSys Ltd All rights reserved Ready Version 4 4 0 1 Appliance 108 Endpoint Protector Mobile Device Management User Manual You will have to enter the required ENDPOINT PROTECTOR 4 Reporting and Administration Tool Mobile Device Management iOS App Management details in the pop up window Welcome Logout English x Show all departments Endpoint Management onp a es Endpoint Rights Search Search type Using search term Country United States Q Search App Store Vx Endpoint Settings A P g Search Results a i Content Aware Protection CAP Select I Title Vendor Version Description Price Category iPhone iPad Acti Mobile Device Management C fi EPP MDM CoSoSys 1 0 0 7 Endpoint Protector Mobile Device Management provides complete iOS enterprise mo Free Utilities SY SY o Enroll Devices FEA Mobile Devices Add Enterprise i0S App as MDM Policies iOS App Management Title CoSoSys Enterprise App 105 App Management APNS Certificate Setup Apple Vendor Cososys Ltd 7 GCM Maps Setup Google Venue 1 0 0 0 E Offline Temporary Password porary Des
130. one3 1 MC603RR imme 5 1 1 20 October 2012 11 57 TA U Samsung GT 19100 unknown Samsung GT 9100 gt 4 0 3 20 October 20128 51 PAD Pad unknown Ipad1 1 MB292LL 5 0 1 Al Phne company lphone3 1 MC603RR _ 6 0 19 October 2012 17 38 TA DJ 4results 50 per page In the column Status the current mobile device status is shown if Know to Endpoint Protector Registered means the device is currently managed and Endpoint Protector MDM can communicate with the device Applies to both iOS and Android devices MobileProfileRemoved means the device is no longer managed Either the device user has directly on the device removed the Enrollment Profile or the Endpoint Protector Administrator has remotely removed the Enrollment Profile from the device to unmanage it Applies to iOS devices DeviceAdminDisabled means the device is no longer managed Either the device user has directly on the device removed the EPP Client app or the Endpoint Protector Administrator has remotely removed the EPP Client app from the device to unmanage it Last Seen is the time and date when the device has last time communicated with the Endpoint Protector MDM 61 Endpoint Protector Mobile Device Management User Manual Selecting the Manage Device option for a mobile device will open the Manage Device page containing different options to manage the selected device and to view information about it ae ENDP
131. onnection is secure Normally when you try to connect securely sites will present trusted identification to prove that you are going to the right place However this site s identity can t be verified What Should I Do If you usually connect to this site without problems this error could mean that someone is trying to impersonate the site and you shouldn t continue Technical Details I Understand the Risks From the above screenshot This Connection is Untrusted choose I Understand the Risks Click Add Exception Security Warning window pops up 140 Endpoint Protector Mobile Device Management User Manual Just click Get Certificate button and then the Confirm Security Exception button Add Security Exception A You are about to override how Firefox identifies this site Legitimate banks stores and other public sites will not ask you to do this Server Location Certificate Status This site attempts to identify itself with invalid information Wrong Site Certificate belongs to a different site which could indicate an identity theft Unknown Identity Certificate is not trusted because it hasn t been verified by a recognized authority Permanently store this exception PE E E ETE Al Endpoint Protector Reporting and Ad lt gt fr le 38 coge e E Welcome Guest Login ENDPOINT 4 PROTECTOR Reporting and Administration Tool English v
132. ote The profile is valid from this point on for two 2 hours If the enrollment process is at this point interrupted for more than two hours the enrollment process has to be repeated from the start Next the user must click on the Install button for the installation of the Endpoint Protector Profile Ji aiye Cancel Install Profile Endpoint Protector CoSoSys Description Endpoint Protector Enrollment Profile Signed endpointprotector com Received 04 04 2012 Contains Certificate Mobile Device Management More Details In case the iOS or OS X device has already a passcode password set to access the device the user is asked to access the passcode password in order to confirm installation 51 Endpoint Protector Mobile Device Management User Manual Once the Endpoint Protector Profile was successfully installed the mobile device will be displayed inside the Mobile Devices List from the Endpoint Protector Web based Reporting amp Administration Interface and it now available for the administrator to manage it 7 2 8 iOS Mobile Device Enrollment through EPP MDM App To enroll using the EPP MDM iOS app from the Apple App Store the user has to install the app on the iOS Device After installing the EPP MDM iOS app as described before in 5 5 Installing the EPP MDM iOS App the user has to click Query enrollment status n at_Orange gt ENDPOINT Mobile Device PROTECTOR Management Quer
133. ou l CREATE NEW KEY gt you Compute Engine Edit allowed IPs Regenerate key Delete Cloud Storage Cloud Datastore Cloud SQL BigQuery Cloud Development 8 Copy the Google API key as described in the next paragraph in the Endpoint Protector interface 4 2 3 Entering Google API Key and Project Number in Endpoint Protector new method After you have obtained your Google API Key please enter it together with the Google Project Number in the Endpoint Protector Interface The Google Project Number you find on the Google Cloud Console Site under Projects gt Overview gt Project Number paragraph 4 2 2 step 2 The Server API Key you find on the Google Cloud Console Site under Projects gt New Project gt APIs amp auth gt Credentials gt Key for server applications paragraph 4 2 2 step 7 22 Endpoint Protector Mobile Device Management User Manual Add them at Mobile Device Management gt GCM Maps Setup Google Welcome Logout pAg ENDPOINT i Reporting and Administration Tool a gt Ni v PROTECTOR eporting an ministration 100 glis k Advanced Search p3 Dashboard Mobile Device Management Configure Feature Show all departments Endpoint Management ind m QS Endpoint Rights oo ae a T ie as Note To use Mobile Device Management features for Android devices it is required that you provide an API key from Google Mobile Device Management for Android will not work without these settings This API key
134. ps Profiles History Wipe Device Data Warning Please note that the device after executing the remote wipe is no longer connected to and managed by Endpoint Protector since all data including connectivity information to Endpoint Protector is erased The OS X device can be remotely locked and a PIN can be set Clicking Lock will remotely lock the device screen and the user will have to enter the PIN to unlock it The PIN must be a four 4 digit number 10 4 Remote OS X Device Wipe Device Nuke Mobile Devices gt Lock Wipe gt Wipe Device Data Security Policy Lock Wipe Device Settings Manage Device Manage Wifi Manage Mail Manage WFN Installed Apps Profiles History Lock Device Wipe Device Data Lock Device Screen Warning Please note that the device after executing the remote wipe is no longer connected Lock PIN to and managed by Endpoint Protector since all data including connectivity information to Endpoint Protector is erased Find My Mac PIN Lock The OS X device can be remotely wiped A remote wipe will erase all data on the device and reset the device to its factory default To remotely wipe a device click Wipe and a confirmation message will ask to proceed if you are sure you want to remotely wipe the device After a remote wipe the device is unmanaged No more connection between the OS X device and Endpoint Protector is possible after the remote wipe 86 Endpoint Protector Mobile Devic
135. ption ssssssssssssnrssrernrnrrnrrennrrrrnne 95 11 3 Remote Android Lock of DeviCe ssssssssssssrrsrrsrrsrrsrrsrenne 95 11 4 Remote Android Device Wipe Device Nuke sssssssssessreress 96 11 4 1 Android Remote Wipe of SD Card s sssssssrssrsrrererrsrensse 96 Ee DEVICE OWNEI SID watawedxancuseexandausener uanensndvewiwendwanesendcancuges 97 11 6 Android Device Location Settings cccceccsscecsenereeeeseeeuens 97 11 6 1 Location Accuracy FING on Android scinicescecscencsenivcanievaveraes 98 11 6 2 Location Cost Allowed on Android s ssssssssssssessrssressrens 98 11 7 Manage Wifi cc cece cece eee e ee eee ee ee eaeeeeesaeeeeesaaeeeesaneeeeaaas 98 Tse Manage BIET sconniasecensdenedaaedeuecenniauseueecuuecuineeeecennaesent 98 V Endpoint Protector Mobile Device Management User Manual 11 9 Manage Camera on Android cccccceeee eens seen eee e eee eeeeeeeenaas 99 11 10 Play Sound on Device for Android ccavsesaestaczscimasaineeneicaas 99 11 11 Refresh Google Accounts for Android ccccceeeeeeeeeeeees 100 11 12 Refresh Device Details for Android sssssssssssrssresrrssns 100 11 13 Refresh App List for Android ssssessssssssssrrerrrrrrrsrene 100 11 14 Manage Calendar Events ccccsscccssssseeneeuuureeeeeennsesees 101 11 15 Installed Apps on Android ssssssssssssssnsnrensrnnrnrererenas 102 11 15 1 Removing Installed Apps on Android ssssessssesssssssss 102
136. recommend setting a complex password in the security policy in order to have maximum protection 10 2 File Vault 2 Disk Encryption on OS X With FileVault 2 you can encrypt the contents of you entire drive to help keep your data secure using XTS AES 128 encryption 84 Endpoint Protector Mobile Device Management User Manual Security Policy Lock Wipe Device Settings Manage Device Manage Wifi Manage Mail Manage VPN Installed Apps Profiles History Set Password Security Policy FileVault 2 Disk Encryption Disk Encryption Status Simple Value File Vault i Encryption Status Disabled Alphanumeric Password Defer Encryption Personal Recovery Key Not Defined Min Password Length Prompt user for missing info institutional Recovery Key Not Defined Min Number Of Complex Chars Create a personal recovery key Max Password Age days Display the recovery key to the user Max Time To Lock minutes Use KeyChain for institutional recovery key Password History Output Path Grace Period minutes Username Password Notice This operation can take a long time to complete Set Settings Set Settings Refresh Here are some guidelines on how to use the FileVault 2 Disk Encryption The first step is to change the File Vault dropdown to On Enable status Then there are a few options that can be selected below Let s take a walk through these buttons and see what each one means Defer Encr
137. rolling iOS and OS X devices by sending invitations to them either by E Mail or SMS or through the other supported enrollment methods as described in the following paragraph 7 Enrolling Mobile Devices 11 Endpoint Protector Mobile Device Management User Manual 4 1 3 Renew an Apple APNS Certificate before expiration The Apple APNS certificate must be renewed periodically with Apple before its expiration date to avoid losing control over the managed iOS and OS X devices or having to re enroll all devices Please check the expiration date of your APNS certificate in the Endpoint Protector interface ENDPOINT 4 PROTECTOR Reporting and Administration Tool p3 Dashboard Mobile Device Manaaement APNS Certificate Enrollment Endpoint Management an Endpoint Rights RH Endpoint Settings G Your Apple APNS Certificate is already enrolled and it will expire on 12 Mar 2014 10 48 38 Content Aware Protection Your APNS certificate must be renewed with Apple before its expiration date Renewing it in time does not require you to re enroll devices Note if your APNS certificate expires is revoke or you create a new certificate each device will have to be re enrolled amp Mobile Device Management Enroll Devi Step 1 Fill in this form below with your company information for a CSR Mobile Devices MDM Polici CoSoSys as authorized MDM vendor will sign for you a Certificate Signing Request CSR in this step You will need this
138. rrent Security Displays the security settings applied at i J a J Policy Policy that moment Security FileVault 2 Disk Encrypts the content of the disk ER Policy Encryption automatically Allows defining additional password settings such as minimum password E Set Security Policy length password quality max time to Policy lock max number of password retries before wipe Security Ask User To Change Enforces the user to define a new p Policy Password password r Security Resets any existing password for the Policy Clear Password ee epee Securit Resets any existing password and Policy y Device Password allows defining remotely a different 6 password for the mobile device 64 Endpoint Protector Mobile Device Management User Manual Keeps a track of the last passwords ae Password History used and doesn t allow setting them as a Policy new passwords Security Enforces the user to define a new a Policy Password Age password after a certain time period s Osx Gacur Enforces the user to define a new li y Grace Period password after the grace period is over J Policy counted in minutes Manage Play Sound on Activates a song on the device which a Device Device will play for a predefined period of time Manage Refresh Device Updates the device details displayed e Device Details under Device Information r Manage Display the list of currently installed o
139. rtification authority CA claiming to represent CoSoSys LTD Endpoint Protector CA Windows cannot validate that the certificate is actually from CoSoSys LTD Endpoint Protector CA You should confirm its origin by contacting CoSoSys LTD Endpoint Protector CA The following number will assist you in this process Thumbprint shal ECF18C78 BSFEF644 OFAFB85C D1991CBA 12DD6D05 Warning If you install this root certificate Windows will automatically trust any certificate issued by this CA Installing a certificate with an unconfirmed thumbprint is a security risk If you click Yes you acknowledge this risk Do you want to install this certificate You have now successfully installed the Certificate Close the Internet Explorer browser and try accessing the Endpoint Protector Administration and Reporting Tool IP address again m P Ba x Endpoint Protector Report X Welcome Guest Login STE ATOR Reporting and Administration Tool English 139 Endpoint Protector Mobile Device Management User Manual 17 2 For Mozilla Firefox Open the Browser Open Endpoint Protector Administration and Reporting Tool IP address Your Appliance static IP Address example https 192 168 0 201 Untrusted Connection e _ a e 29 Googie _ This Connection is Untrusted You have asked Firefox to connect securely to 192 168 0 166 but we can t confirm that your c
140. rver Every API request is generated by software running on a machine that you control Per user limits will be enforced using the address found in each request s userIp parameter if specified If the userIp parameter is missing your machine s IP address will be used instead Learn more Accept requests from these server IP addresses One IP address or subnet per line Example 192 168 0 1 172 16 0 0 16 2001 db8 1 or 2001 db8 64 21 Endpoint Protector Mobile Device Management User Manual 7 YOu can now locate your API key under the Key for server applications section The API key has the following format Example API key ExamplE6 7 QWuu26 5j6WEEfWaqgqYYouW1408 7 Google Developers Console e lt 2014 04 04 OAuth Compute Engine and App Engine Learn more OAuth 2 0 allows users to share specific data with you for Client ID apps qgoogleusercontent com eriew example contact lists while keeping their usernames Email address developer gserviceaccount com APIs amp auth passwords and other information private Download JSON APIs L earn more Credentials CREATE NEW CLIENT ID Consent screen Push Public API access Key for server applications Permissions Use of this key does not require any user action or consent does API key Settings not grant access to any account ip Support information and is not used for z ANY LE ATERN authorization ye Activation date Apr 4 2014 1 31 AM Learn more App Engine Activated
141. sneex suepenee sgn mates siemens 77 9 16 Manage Mail ON JOS sasssrisisrsveisiarosiiainrsraia anasaini Z7 9 16 1 Wipe E mail Settings ssssssussssnssnsnnnnnnrnnrnnsnrnnsnrnnsnrnnnns 77 9 17 Exchange Active SynC ssssssssssssssneneuunnsnrunnnsneuennsnenrunnnen 77 Oe Os Manage VPN OM IO Surrssrissirugignsi suinn eset Gren ceeveen 78 9 19 Manage APN se ttings ON 10 Secaveseucenscovecessossesececareconsencesers 78 9 20 Manage Cellular Settings on Supervised iOS 7 devices 79 9 21 App Lock on Supervised iOS 7 CGe VICES ccccceeeeeeeeeeeneeeeeees 79 9 22 Installed APPS cceccntenncew uaiavanusaiaudcusatuune ues ueqtauteaseeeueedsnee 80 9 235 HIStory of IOS DEVICES ACTIONS ivccsasaiscasarsvavasnseiunsentaiansenens 80 O24 ASTON LOCAU O Mercina aa aa a N a aa 81 10 Manage OSX DeviceS asssesssssssssssrsn 82 10 1 Security Settings Security Profile on OS X v wwecsessecseueeneenes 82 10 1 1 Password Passcode Setting on OS X DeVICE cc cece eee 83 10 1 2 OS X Device Hardware Encryption sssssssssssssrsssnessrrrsens 83 10 2 File Vault 2 Disk Encryption on OS X sasasesessssnsnsrrnrrrnrnrsrns 83 IV Endpoint Protector Mobile Device Management User Manual 10 2 1 DISK Encryption Status wc sccccicaccienstsiratesesssvepsiadedieisanennneses 85 10 3 Remote LOCK Of Device ssssssssssssssrssresnrnnrrrnrrnrrrnrrnrernrene 85 10 4 Remote OS X Device Wipe Device NUK ccccceceenseueeneenes 85 10 5 Device O
142. ssphrase 44 7 2 3 Sending E Mail or SMS Enrollment Invitation i1OS OS X Android 46 7 2 4 SMS Enrollment Number Format iOS Android 46 7 2 5 E Mail Enrollment Invitation IOS OS X Android 47 7 2 6 SMS Enrollment Invitation iOS Android s ssssssssssssess 48 7 2 7 iOS and OS X Mobile Device Enrollment over URL 49 7 2 8 iOS Mobile Device Enrollment through EPP MDM App 51 7 2 9 Android Device Enrollment ccccccccecceceeeeeeeeeeeeeeeesenees 54 7 2 10 Bulk Enrollment ssssssssssssnnsnnrnsnnnrrnrenrrnnrnrrnnrnrrnrrnrennan 54 8 Managing Mobile DeviceS sssssssesesrerssn 58 Ost MODIG DEVICE SCEUS seinri e EEE N EE EA ES 60 8 1 1 Available Options sssesssssnssrsrnsnrsrrnrrnrernerrsnrnrrrenrrrrerene 63 9 Manage iOS Devices sssssasnssnsnnsnnsnnnns 65 9 1 Security Settings Security Profile ON 1OS cccccsseeeneen nes 65 9 1 1 Password Passcode Setting on IOS Device 66 9 1 2 Clear Passcode No more password required 05 66 9 1 3 iOS Device Hardware Encryption ccccccsssssccssseeneeenneeees 66 9 2 Restrictions Restrictions Profile on iOS ccccecseeesseeeneennees 67 9 2 1 The following iOS features can be restricted c eeee eee ees 68 9 2 2 The following Applications can be restricted ccseeeeeeeees 69 9 2 3 iCloud restrictions Photo stream restrictions e se00 69
143. strator to generate more OTCs Once an E mail or SMS based invitation request is sent an OTC will be automatically assigned to the user requesting the enrollment of his device and it will be automatically removed from the list of available One Time Codes To verify which OTC was assigned to each device and user the administrator can click on the View Sent Invitations button which will displayed a list of all used OTCs with the corresponding e mail addresses and or phone numbers where they were sent to The View Available OTC allows the administrator to return to the list of unassigned OTCs The third enrollment method allows the end user to directly enroll his mobile phone through the Endpoint Protector Cloud Service which can be accessed at two separate links one for each supported mobile device operating system This option requires the user to previously receive the MDM ID and OTC keys from the administrator In this case the administrator must reserve one OTC from the list for the user making the request either by e using the Reserve right click menu option S 43 Endpoint Protector Mobile Device Management User Manual This operation will remove the selected OTC from the list of the available OTCs and move it to the list of already sent invitations 7 2 1 iOS and OS X Enrollment and Profile Protection When an iOS or OS X device is enrolled the Administrator has the option to protect the policy settings called
144. t APNS Certficate Setup Apple For paid adds please purchase Redemption Codes from the Apple Volume Purchase Program Copy the codes here GCM Maps Setup Googie Offline Temporary Password BBS Reports and Analysis A System Alerts GBB Directory services Ea Arnione System Maintenance Q System Configuration s System Parameters O Support 10 results S0 per page 2X Make Codes Avatabie Delete Selected Codes Endpoint Protector 4 Copyright 2004 2013 CoSoSys Lid Al rights reserved Ready Version 43 0 5 Appliance All redemption codes show their status either as available or used in case they have been used meaning a code was used when a paid app was pushed to a device which did not alreay have this paid app installed Additionally the number of total and still available not yet consumed redemption codes is shown in the column Codes in the list of Managed iOS Apps In the example below 10 10 meaning ten of ten codes are available Manage 10S Apps os Icon Title v Vendor Version Description Flags iPhone Pad Actions WhatsApp Messenger WhatsApp Inc 28 7 WhatsApp Messenger is a cross platform smartphone messenger currently J MN lt gR aw iBooks Apple Inc 3 1 iBooks is an amazing way to download and read books iBooks includes t SY SY gR G EPP MDM CoSoSys 1 0 0 6 Endpoint Protector Mobile Device Management provides complete iOS ente IN vy RO A Adobe Reader Adobe Systems Inc 10 5 2
145. t the device after executing the remote wipe is no longer connected to and managed by Endpoint Protector since all data Phone Number including connectivity information to Endpoint Protector is erased Message Wipe m 9 4 Remote iOS Device Wipe Device Nuke Mobile Devices gt Lock Wipe gt Wipe Device Data Security Policy Lock Wipe Device Settings Manage Device Manage WiFi Manage Mail Installed Apps Lock Device Wipe Device Data Lock Device Screen Keep Current Password Warning Please note that the device after executing the remote wipe is no longer connected to and managed by Endpoint Protector since all data including connectivity information to Endpoint Protector is erased Lock The iOS device can be remotely wiped A remote wipe will erase all data on the device and reset the device to its factory default To remotely wipe a device click Wipe and a confirmation message will ask to proceed if you are sure you want to remotely wipe the device After a remote wipe the device is unmanaged No more connection between the iOS device and Endpoint Protector is possible after the remote wipe The remote wipe of a device works also in case of a device that has a SIM card and the SIM card has been removed from the device As long as the device has a working internet connection in this case over Wi Fi the remote wipe of the device will still work as long as the wipe command can reach the device 72 Endp
146. them in the Mobile Device Information section 10 8 Refresh App List for OS X Mobile Devices gt Manage Device gt Refresh App List Security Policy Lock Wipe Device Settings Manage Device Manage Wifi Manage Mail Manage VPN Installed Apps Profiles History Profile Removal Policy Refresh Device Details Refresh App List Refresh Profile List Always Allow Removal This feature will update the displayed device information is feature will update the list of installed apps This feature will update th Note Results are displayed inside the Installed Apps tab Note Results are displaye Never Allow Removal Passphrase Required for Removal Passphrase 4NGSOMYM Save Get Device Details This function by clicking Get Application List will ask the OS X device for a list of all the apps installed on the OS X device The list containing all installed applications will be shown at the Installed Apps section If the user installs a new application the list of the installed apps will be updated next time when the administrator will request the list of apps by pressing the Get Application List button 10 9 Installed Apps on OS X Mobile Devices gt Installed Apps The List of Apps installed on the OS X device lets the Administrator see what apps users have installed on their devices The list of apps installed on a device can be requested from the OS X device and updated through the option Get Application List
147. tings Security Profile on iOS Enforcing the use of a password passcode is the most important feature on any device company or individually owned Protecting access to data on the device is the first task to protecting your iOS devices Security Policy Lock Wipe Device Settings Manage Device Manage Wifi Manage Mail Manage VPN Manage Cellular Settings Apps Installed Apps Profiles History Set Security Policy Clear Password No more password required f Set Restriction Policy Simple Value E This feature will reset the current device password to FAIN C Applications iOS 7 Restritions be empty hence the device can be unlocked without i i i Alphanumeric Password entering a password Device Functionality Allow YouTube V Allow fingerprint for unlock v Min Password Length Allow installing apps V Allow iTunes V Allow Lock Screen Control Center 7 Min Number Of Complex Chars Allow Siri W Allow Safari V Allow Lock Screen Notifications v Max Password Age days Allow Siri while device locked V Allow Safari Auto Fill V Allow Lock Screen Today View Vv Max Time To Lock minutes Allow use of camera W Allow javascript on Safari V Allow managed docs in unmanaged Apps F Password History Allow FaceTime v Allow popups on Safari v Allow unmanaged docs in man
148. ts MDM Policies 3 APNS Certificate Setup Apple Code Uninstall Passphrase Show Actions GCM Maps Setup Google N ky Offline Temporary Password N R Reports and Analysis mm 4 N A S N ystem Alerts gt lt N 9 Directory Services N lt N System Maintenance Sienuis solis ime Q System Configuration W View Invitations Sent View Available OTC Request More OTC Svstem Parameters 45 Endpoint Protector Mobile Device Management User Manual The Passphrase can also be set by the administrator manually under the option Mobile Device Management gt Mobile Devices gt Select Device gt Manage Device gt Profile Removal Policy gt Bee Om amp Mobile Device Management Enroll Devices Mobile Devices MDM Policies APNS Certificate Setup Apple GCM Maps Setup Google Offline Temporary Password Reports and Analysis System Alerts Directory Services System Maintenance System Configuration system Parameters Support Locate Mobile Device Current Location Time 22 Oct 2012 10 34 35 Provider WA Calculating Previous Location Calculating Unknown Security Policy Lock Wipe Device Settings Manage Device M Profile Removal Policy Refresh Device Always Allow Removal This feature will up Never Allow Removal Passphrase Required for Removal Fassphrase PASSREMOVE Save 46 Endpoint Protector Mobile Device Management User Manual 7 2 3 Se
149. ttings Manage Device Manage WiFi and Manage Apps tabs will apply to that specific Geofence 17 Installing Root Certificate to your Internet Browser 17 1 For Microsoft Internet Explorer Open Endpoint Protector Administration and Reporting Tool IP address Your Appliance static IP Address example https 192 168 0 201 If there is no certificate in your browser you will be prompted with Certificate Error page like the screenshot below E Certificate Error Naviga on Blo Windows Internet Explorer x Gz Bing x 2e p D mb Pager Safetyy Toos yy Favorites B Cathicats Error eae Blocked ti gt There is a problem with this website s security certificate The security certificate presented by this website was not issued by a trusted certificate authority The security certificate presented by this website was issued for a different website s address Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server We recommend that you close this webpage and do not continue to this website Click here to close this webpage Continue to this website not recommended More information gt Internet Protected Mode Off fa 100 132 Endpoint Protector Mobile Device Management User Manual Continue your navigation by clicking x Continue to this website not recommended Now go to the C
150. tus Team Name TDC X Google Cloud Messaging for Android WIE No known issues API Access Billing G Google Maps API v3 Ii No known issues Reports Project ID emr Quotas Owners SSS you Current charges Click here to administer your billing settings Add them at Mobile Device Management gt GCM Maps Setup Google ENDPOINT ia a English vE PROTECTOR Reporting and Administration Tool nglis feo Dashboard Mobile Device Management Configure Feature Sho al Endpoint Management Inf t es Endpoint Rights Note To use Mobile Device Management features for Android devices it is required that you provide an API key from Google Mobile Device Management for Android will not work without these settings This API key is also required t S locations history for Android and iOS devices in the Locate Mobile Device View of Endpoint Protector using Google Maps A Endpoint Settings Step 1 Obtain API key from Google Content Aware Protection a Visit the following Google Site Google APIs Console and login with your company Google account amp Mobile Device Management b If you login to this Google Site for the first time you will be asked to Create project Select this option Enroll Devices Mobile Devices MDM Policies d You can now locate your API key in the left menu on the Google Site above under API Access gt Simple API Access gt API key c Make sure the following two Google Services have ON status green Google Cloud M
151. u created an MDM Policy you can assign devices to the policy by selecting them under Policy OS type Applies To Policies i Show Help R amp D Policy TestPolicy Android Devices Creal Custom Content Custom Content security Content ov Devices Update Custom Content Click on Devices Update Double cli Add New Duplicate Eg Edit Policy i05 type Applies To i Show Help F iPad 1 iPhone q Search E al amp amp 3 Save and Apply You can save your selection of devices by clicking Save The Save option is not yet applying the settings from the policy to a device Only after you click Apply or Save and Apply the policy will be applied to the devices included in the policy In case that a mobile device must no longer be remotely managed controlled Endpoint Protector the user depending on rights and Endpoint Protector Administrator can uninstall unmanage the mobile device The uninstall unmanage process for Android and iOS OS X mobile devices is different To unmanage an iOS or OS X device the Endpoint Protector Enrollment Profile on the iOS OS X device has to be removed The Endpoint Protector Administrator can remove the profile by following the removal of profile information described in paragraph 9 14 1 iO0S 10 11 1 OS X To unmanage a device it is important that the Endpoint Protector Enrollment Profile is removed After removing of the Enroll
152. ual 9 2 2 The following Applications can be restricted Restrict YouTube App native iOS YouTube Since YouTube is not part of iOS 6 anymore this feature is only supported for iOS 4 and iOS 5 Allow iTunes Allow Safari Allow Safari Auto Fill Allow javascript on Safari Allow popups on Safari Safari fraud warning 9 2 3 iCloud restrictions Photo stream restrictions iCloud is a service where almost all data on an iOS device is uploaded to Apple Servers Some companies might choose to restrict the use of iCloud due to regulatory requirements compliance requirements data protection concerns or Simply privacy concerns Allow iCloud backup Allow iCloud document sync Allow photo stream Allow shared photo streams Disallow photo stream can cause loss of data that was part of photo stream 9 2 4 Security and Privacy Restrictions Allow sending diagnostic data Allow untrusted TLS certificate Force encrypted backups when backing up iOS device to a computer 9 2 5 Content Rating Restrictions Allow explicit content 70 Endpoint Protector Mobile Device Management User Manual 9 2 6 iOS7 Restrictions Allow fingerprint for unlock Allow Lock Screen Control Center Allow Lock Screen Notifications Allow Lock Screen Today View Allow managed docs in unmanaged Apps Allow unmanaged docs in managed Apps Allow OTA PKI updates Limit ad tracking 9 2 7 Supervised Device Restrictions Ba Allow AirDrop Allow Ac
153. used the device will lock request password to access again after set number of minutes e Password History When a new password is set a new password is required For example if set to two it means that after changing the password the user cannot reuse a previously used password until he has set two new passwords in the meantime e Grace Period minutes Means the time a user has to make a change to the password or to initially set a password after the device receives the security policy e Max Failed Password Retries Means the number a user can enter a wrong password until the device will wipe all data and reset itself In case of reset the device is wiping its entire data and is reset to a factory default All data on the device is erased and cannot be recovered 9 1 2 Clear Passcode No more password required Using the option Clear Passcode the current device password will be set to be empty hence the device can be unlocked without entering a password This feature can be helpful in case the device is damaged and a password cannot be entered through the device itself 9 1 3 iOS Device Hardware Encryption When the password code for an iOS device is set the iOS device is automatically using its built in hardware encryption in order to protect data on the device in case it is lost or stolen We recommend setting a complex password in the security policy in order to have maximum protection 67 Endpoint Protector Mo
154. w the certificate you received signed from Apple in step 2 above to cloud endpointprotector com in order to enable Mobile Device Management for i05 After the upload was successfully performed your APNS renewal for the Mobile Device Management is finalized Please check if the expiration date of the APNS certificate in Endpoint Protector My Endpoint Protector was updated to the renewed date 16 Endpoint Protector Mobile Device Management User Manual 4 2 Setup of GCM for Android To use Mobile Device Management features for Android devices it is required that you provide an API key from Google This API key is also required if you want to see device locations using Google Maps for Android and iOS devices in the Locate Mobile Device View of Endpoint Protector 4 2 1 What is GCM Google Cloud Messaging and why I need it In order to use the MDM features provided for Android a GCM API Key Google Cloud Messaging for Android is required GCM is necessary to establish communication between an Android mobile device and Endpoint Protector and issuance to you is up to Google Androids own discretion For more info about Google Cloud Messaging for Android please refer to http developer android com quide google gcm index html For more info about Google Maps API please refer to https developers google com maps 17 Endpoint Protector Mobile Device Management User Manual 4 2 2 How to get your Google API Key for G
155. wnership 1 cee ccecee eee e eee teeeeeeeeeeeeeeeeeeesgeeeetseggeneenes 86 10 6 Profile Removal Policy for OS X Devices ceccceenueeenneeeuees 86 10 7 Refresh Device Details for OS X raiccnsssmiscnemmincrremedearsemnsnanns 87 t0 6 Refresh APP LISE for OS X iunossiprersoniiin O 87 10 9 Installed Apps on OS X nasssssssssssssssnsnsnnanannnnsnnnnnnnnnnnenrnrnnne 87 10 10 Refresn Prone Lisl ON OS X secssicavnnrrsesennardentneesiantnn evans 88 10 11 Profiles on OS X Devices Information ceeeeeee ee 88 10 11 1 Remove Profile from OS X Device sssssssssssrrsrrssrersrens 88 10 12 Manage WIF on OS Xisssiissiesosisisiveneneani a a 89 10 12 1 Wipe Wi fi SettingS ssssssssssssnssnsunsnnsnsnennennnnrnnenrnnns 89 10 13 Manage Mail on OS X snssassssssssnnsrsnrnnsnsnrnrrnrrrnrererenena 89 10 13 1 Wipe E mail Settings ssssssesssrensnrsrrrrrrrnrrrrerrnrrrrnnne 90 10 14 Manage VPN on OS Xmitwevnsaniencravtwensdtas inane vewanweet erases 90 10 15 History of OS X Devices ACt ONS sssessssssesensrrnrensrrrrnas 91 11 Manage Android DeviceS ssssssssesss 92 11 1 Security Settings Security Profile on Android ssssesssssse 92 11 1 1 Password Passcode Setting on Android Device 93 11 1 2 Device PASSWOl C cstacasvertendasessssenvarseneavectensusestsecotestarseuses 94 11 1 3 Android Device Hardware Encryption ccccceeeeeeeeeeeees 94 11 2 Request Storage Encry
156. y enrollment status gt Location Info gt Device Info gt What is EPP MDM The app is now checking if the iOS device is already enrolled with Endpoint Protector Mobile Device Management If the device is not enrolled yet the following message will appear The device doesn t appear to be enrolled If the device is enrolled already it will appear 52 Endpoint Protector Mobile Device Management User Manual Device enrolled wi orange w orange a ENDPOINT Mobile Device PROTECTOR Management The device doesn t appear to be enrolled You may enroll your device Device enrolled gt with your MDM ID and an OTC Location Info gt Device Info gt Enroll Device What is EPP MDM Left image device not enrolled yet Right image device is already enrolled In case the device is not enrolled yet click Enroll Device to continue i orange Enroll Device MDM ID OTC Provide the MDM ID MDM ID is located as described before 7 2 and an OTC One Time Code that is provided by the Endpoint Protector Administrator and click Connect 53 Endpoint Protector Mobile Device Management User Manual Server ID OTC Enrolled at 11 Okt 2012 After a device is successfully enrolled the Device enrolled status displays the MDM ID Server ID and OTC used along with the date when the device was enrolled 54 Endpoint Protector Mobile Device
157. your devices easier Policies are based on device operating system Make the settings for the policy you require For each operating system different options are available to be set in the policy Add a new Policy Show all departments a Policy Device Type iOS Android Policy Information aii Policy Name Test MDM Policy Policy Description Test MDM Policy description iOS Version iOS6 and older iOS7 and newer Supervised Devices No Yes Security Policy Device Settings Manage Device Manage WiFi Manage Apps Set Security Policy Clear Password No more password required Set Restriction Policy Simple Value E This feature will reset the current device passwordto All a be empty hence the device can be unlocked without MEA a are Alphanumeric Password entering a password Device Functionality Applications iOS7 Restrictions Min Password Length 0 Allow installing apps E Allow YouTube E Allow fingerprint for unlock T Allow Siri F Allow iTunes J Allow Control Center on Lock Screen T Min Number Of Complex Chars 0 Enable Disable o Allow Siri while device locked ia Allow Safari Allow Lock Screen Notifications m Max Password Age days 0 Allow use of camera E Allow Safari Auto Fill Allow Lock Screen Today View E Max Time To Lock minutes 0 Allow FaceTime F Allow javascript on Safari E Allow managed docs in unmanaged Apps T Allow screen capture
158. yption it will defer the encryption until the current user of the Mac will log out Prompt user for missing info in case the administrator did not set the Password it will prompt the user to complete on the device the missing info Create a personal recovery key FileVault will create a personal key that can be used in case the user password on the device is lost or forgotten and access is needed to the FileVault encryption Display the recovery key to the user Before starting the encryption the recovery key will be shown to the user so the user can Save it note it somewhere Use Keychain for institutional recovery key An institutional key will be created and saved at Library Keychains FileVaultMaster keychain Output Path the location on the device where the personal recovery key will be saved Username must be an existing user that is already created on the target device Password the password for the user 85 Endpoint Protector Mobile Device Management User Manual 10 2 1 Disk Encryption Status FileVault 2 Disk Encryption also has a Status field where it is possible to find information such as the Encryption Status if the Personal Recover Key was defined or not and if the Institutional Recovery Key was defined or not 10 3 Remote Lock of Device Mobile Devices gt Lock Wipe gt Lock Device Security Policy Lock Wipe Device Settings Manage Device Manage Wifi Manage Mail Manage VPN Installed Ap
Download Pdf Manuals
Related Search