Endpoint Protector - Mobile Device Management - User Manual
Contents
1. Security Policy Lock Wipe Device Settings Manage Device Manage Wifi Manage Mail Manage VPN Manage Cellular Settings Apps Installed Apps Profiles History Set Security Policy Clear Password No more password required Set Restriction Policy Simple Value E This feature will reset the current device password to All E Applications iOS 7 Restritions be empty hence the device can be unlocked without z x X Alphanumeric Password entering a password Device Functionality Allow YouTube V Allow fingerprint for unlock v Min Password Length Allow installing apps Allow iTunes V Allow Lock Screen Control Center m Min Number Of Complex Chars Allow Siri W Allow Safari W Allow Lock Screen Notifications V Max Password Age days Allow Siri while device locked V Allow Safari Auto Fill Allow Lock Screen Today View Max Time To Lock minutes Allow use of camera W Alow javascript on Safari V Allow managed docs in unmanaged Apps m Password History Allow FaceTime v Allow popups on Safari V Allow unmanaged docs in managed Apps W Grace Period minutes Allow screen capture W Safari fraud warning Allow OTA PKI updates W Max Failed Password Retries Allow Passbook while device locked v iCloud Limit ad tracking W Allow sync while roaming V Allow iCloud backup v Allow voice dialing Iv Allow iCloud document sync v Allow In App P2. Enroll Device Device Info gt What is EPP MDM Left image device not enrolled yet Right image device is already enrolled 54 Endpoint Protector Mobile Device Management User Manual In case the device is not enrolled yet click Enroll Device to continue Enroll Device Request MDM Profile MDM ID OTC Provide the MDM ID MDM ID is located as described before 7 2 and an OTC One Time Code that is provided by the Endpoint Protector Administrator and click Connect Server ID OTC Enrolled at 11 Okt 2012 After a device is successfully enrolled the Device enrolled status displays the MDM ID Server ID and OTC used along with the date when the device was enrolled 55 Endpoint Protector Mobile Device Management User Manual 7 2 9 Android Device Enrollment To enroll an Android mobile device a Google Account is required to be previously setup by the user on the device This is usually done when the user receives a new device and starts using it Additionally an Internet connection is mandatory for the communication between Endpoint Protector Appliance and the Android device At least a 3G data connection is recommended to allow the communication with Google and Endpoint Protector Appliance and the transmission of the mobile device information Once the user has received the invitation and clicked on the included link a confirmation page will be displayed in his browser auto
3. Apply Set Password Refresh The Administrator can set a password and send it to the Android device This is helpful in case a user has forgotten the device password or the device screen does not accept user input and the device password has to be changed or set to zero To apply the device password to the device make the selection and click Set Password 10 1 3 Android Device Hardware Encryption When the password passcode for an Android device which has Android Version 4 is set the Android device is automatically using its build in hardware encryption in order to protect data on the device in case it is lost or stolen We recommend setting a complex password in the security policy in order to have maximum protection Earlier Android devices with older versions of Android do not offer this functionality 86 Endpoint Protector Mobile Device Management User Manual 10 2 Remote Android Lock of Device Mobile Devices gt Lock Wipe gt Lock Device Security Policy Lock Wipe Device Settings Lock Device Strong Password Lock Set Random Password Lock Device Screen Keep Current Password The Android device can be remotely locked Clicking Lock will remotely lock the device screen and require a password entry to unlock the screen The device can be locked with the current password being kept Lock Device Screen Keep Current Password or alternatively be locked with a random password if s
4. Certificate stores are system areas where certificates are kept Windows can automatically select a certificate store or you can specify a location for the certificate Automatically select the certificate store based on the type of certificate Certificate store Trusted Root Certification Authorities Learn more about certificate stores 119 Endpoint Protector Mobile Device Management User Manual Another Completing the Certificate Import Wizard pops up J ust click the Finish button Certificate Import Wizard Completing the Certificate Import Wizard The certificate will be imported after you cick Finish You have specified the following settings diene eee Trusted Root Certifice Certificate C Wsers Anca Deskt 120 Endpoint Protector Mobile Device Management User Manual A Security Warning window pops up Just click Yes You are about to install a certificate from a certification authority CA claiming to represent CoSoSys LTD Endpoint Protector CA Windows cannot validate that the certificate is actually from CoSoSys LTD Endpoint Protector CA You should confirm its origin by contacting CoSoSys LTD Endpoint Protector CA The following number will assist you in this process Thumbprint shal ECF18C78 BSFEF644 OFAFB85C D1991CBA 12DD6D05 Warning If you install this root certificate Windows will automatically trust any certificate issued by this
5. Android Devices The Policy Builder for IOS and Android devices is located under Mobile Device Management gt MDM Policies ENDPOINT 4 TIAN NN Weel PROTECTOR epor ng an ministration too eS Dashboard Mobile Device Management Policies gl Endpoint Management Poi p Endpoint Rights Show Help gt Endpoint Settings R amp D Policy TestPolicy Android Devices Create your own Content Aware Protection Custom Content Custom Content Security Content Create new sh with your own settings im Mobile Device Management Devices Update Custom Content Click on Policy to select it Grol Devices Devices Update Mobile Devices Double click on Title to edit a MDM Polices i Policy APNo Cer oncale oep ADpic a GCM Maps Setup Google Add New Duplicate Edit Delete ty Offline Temporary Password E Reports and Analysis Policy 10S type Applies To gt Show Help System Alerts l Jml iOS Mobile Devices rJ Directory Services k 0 gt smiPhone fe System Maintenance E Pad 1 z 7 iPhone z Q System Configuration a System Parameters O Support Q Search g F Al G Save G Save and Apply 1 Apply The advantage of using an MDM Policy is that for a large number of devices the policy can be changed simultaneously 105 Endpoint Protector Mobile Device Management User Manual 12 1 Create a Policy for IOS or Android Devices To create a new MDM Policy click on Add New and then select for what op
6. Get Device Details QO Get Application List Refresh List The Profile List of an iOS device will show you what profiles care currently installed on the device The list of installed profiles is shown here Mobile Devices gt Profiles 9 14 Profiles on IOS Devices Information Mobile Devices gt Profiles Security Policy Lock Wipe Device Settings Manage Device Manage WiFi Manage Mail Installed Apps Accounts Contacts Profiles History Results Profile Name v Profile Description Profile Identifier Endpoint Protector Endpoint Protector Enrollment Profile com endpointprotector cloud 1result 50 per page The profiles installed on an iOS Device are listed in the Profile tab The Profiles installed on an iOS Device are always the enrollment Profile and possible restriction or other profiles The type of profile is shown in the Profile Description column 9 14 1 Remove Profile from iOS Device From here the Endpoint Protector Administrator can also perform the remove action of a profile by clicking on Remove Profile If a profile e g a Restriction Profile is removed the associated restrictions from the iOS device are removed In case the Administrator want to unmanage a device the Enrollment Profile needs to be removed After removing the enrollment profile the device is no loger managed 79 Endpoint Protector Mobile Device Management User Manual 9 15 Manage WIFI on iOS Mobile Device
7. Regardless of the way the contacts list is created the mobile device type and profile protection must be selected otherwise a wrong enrollment link might be sent Choose Unknown at Select Mobile Device Type if the devices to which the invitations will be sent are not just of one type iOS or Android 57 Endpoint Protector Mobile Device Management User Manual The added contacts will be available in the Results section Lit ol Mobile Device Management Bulk Emallimeni Contacts Show oli depe brevet Taree tact Herbig C7 Please select the Mobike Device Type and Default Profiles Protecton Type when imporingipasting contacts since the Enrolment Requests will contain these information GF if the contact contains both on Emal address and a phone number the request veil be send bo te Emal address T Sending Enredisent Requests te the mandmum accepted entries in the sending quese wil take up te 1 heur depending on the number off selected contacts 4resums f perpage add To Sending Queve GI Diek Contacts Import contacts let Sebect Mobile evite Type Prolil Protection Breese for Cee omgrert fee Downie came fle amp Ustad Paste Contacts Select Mobile bevie Pype Prafiles Protecting C Ari Mees Akm BeSova M Hee Akm hemoral Beana Me fle siekeecteed Gut Corodreent ols tampe gt Linineae Pasa aoe Reged fa Bemari OS appie F Anie 5 Urinen Amari Abow Rema H
8. Set Settings 69 Endpoint Protector Mobile Device Management User Manual ao iCloud gt cs iCloud gt Mail Contacts Calendars gt Mail Contacts Calendars gt EF Notes gt Notes gt J Reminders gt Reminders gt Phone gt Phone gt Messages gt Messages gt ie Maps gt FaceTime Safari gt x Maps gt Safari gt _ eal iTunes amp Ann Stores gt E a Left image FaceTime disabled missing by policy Right image FaceTime enabled without policy 9 2 1 The following iOS features can be restricted e Allow installing apps e Allow Siri o Allow Siri while device locked e Allow use of camera e Allow FaceTime e Allow screen capture making screenshots feature holding home button and ON OFF button to capture screen e Allow Passbook while device locked e Allow sync while roaming e Allow voice dialing e Allow In App Purchase e Require iTunes Store password e Allow multiplayer gaming e Allow adding Game Center friends 70 Endpoint Protector Mobile Device Management User Manual 9 2 2 The following Applications can be restricted Restrict YouTube App native iOS YouTube Since YouTube is not part of iOS 6 anymore this feature is only supported for iOS 4 and iOS 5 Allow iTunes Allow Safari Allow Safari Auto Fill Allow javascript on Safari Allow popups on Safari Safari fraud warning 9 2 3 ICloud restrictions Photo stream restrict
9. User Manual The Passphrase can also be set by the administrator manually under the option Mobile Device Management gt Mobile Devices gt Select Device gt Manage Device gt Profile Removal Policy O Se Be ia Mobile Device Management Enroll Devices MOM Policies APNS Certificate Setup Apple GCM Maps Setup Google Offline Temporary Password Reports and Analysis System Alerts Directory Services System Maintenance System Configuration System Parameters support Locate Mobile Device Current Location Time 22 Oct 2012 10 34 35 Provider WA Calculating Previous Location Calculating Unknown Security Policy Lock Wipe Device Settings Manage Device in Profile Removal Policy Refresh Device I Always Allow Removal This feature will up Never Allow Removal Pasephrase Required for Removal a Pasephrase PASSREMOVE pave 47 Endpoint Protector Mobile Device Management User Manual 7 2 3 Sending E Mail or SMS Enrollment Invitation iOS Android Sending E Mail or SMS enrollment invitations is made through the option Enroll Devices Send E mail Request x To Subject Mobile Device Enrollment Request Mobile Device Type iOS Apple g t Profiles Protection Always Allow Removal Always Allow Removal Send pever Allow Removal Passphrase Required for Removal Entering E Mail and Phone numbers require attention to the correct format and select
10. gt Certificates Parental Controls Control the Internet content that can Parental Controls be viewed Content Advisor Ratings help you control the Internet content that can be viewed on this computer Certificates Use certificates for encrypted connections and identification d Cearssistate Certificates Publishers AutoComplete 2 AutoComplete stores previous entries Settings on webpages and suggests matches for you Feeds and Web Slices Feeds and Web Slices provide updated Settings content from websites that can be read in Internet Explorer and other programs 115 Endpoint Protector Mobile Device Management User Manual From the Certificates list select Trusted Root Certification Authorities and click on the Import button Trusted Root Certification Authories Issued To Issued By Expiratio Friendly Name AddTrust External AddTrust External CA 5 30 2020 USERTrust e Certum CA Certum CA 6 11 2027 Certum _lClass 3 Public Prima Class 3 Public Primary 8 2 2028 VeriSign Class 3 Ga Class 3 Public Prima Class 3 Public Primary 1 8 2004 VeriSign CalCopyright c 1997 Copyright c 1997 Mi 12 31 1999 Microsoft Timest Gal DigiCert High Assur DigiCert High Assuran 11 10 2031 DigiCert a lEntrust net Secure Entrust net Secure 5e 5 25 2019 Entrust a JEquifax Secure Cer 8 22 2018 GeoTrust LalGlobalsign Root
11. 3 E ed i PROTECTOR Reporting and Administration Tool English v Data Loss Prevention Device Control Content Aware Protection Mobile Device Managment Endpoint Protector comprises three separate modules which used together ensures the next generation security of your endpoints e Mobile Device Management closely controls and monitors the entire mobile device fleet through dedicated MDM policies protecting sensitive company data while permitting a degree of freedom on what concerns the Stored personal information Once integrated in a company or enterprise network it ensures a highly secure working environment for companies adopting and using the BYOD model e Device Control enforces strong security policies for controlling and closely monitoring all portable storage device use inside the company network Once deployed inside companies networks the Device Control modules reduces the risks of data loss and data theft through unauthorized use of removable and mobile devices through USB etc e Content Aware Protection allows defining custom content aware policies for a detailed inspection detection and reporting of all sensitive content transfers outside the secured network Once enabled the Content Aware Protection module scans all possible exit points and ensures that no critical data leaves the company network either by transfers to removable media or directly via e mail file sharing applications or to the cloud 2 Activ
12. 9 10 Refresh Device Details for IOS Mobile Devices gt Manage Device gt Refresh Device Details Security Policy Lock Wipe Device Settings Manage Device Manage WiFi Manage Mail Installed Profile Removal Policy Refresh Device Details Always Allow Removal a This feature will update the displayed device information Never Allow Removal Passphrase Required for Removal Passphrase YE8OXHGS Save Get Device Details e This function will ask the iOS devices for its latest details and display them in the Mobile Device Information section This function is particularly useful if all device information is not displayed after enrollment 9 11 Refresh App List for IOS Mobile Devices gt Manage Device gt Refresh App List Manage Device Manage WiFi Manage Mail Installed Apps Accounts Contacts Profles History Refresh Device Details Refresh App List This feature will update the displayed device information This feature will update the list of installed apps Note Results are displayed inside the Installed Apps tab Get Device Details Get Application List This function by clicking Get App List will ask the iOS device for a list of all the apps installed on the iOS device The list of all installed Apps is shown in Endpoint Protector MDM at Mobile Devices gt Installed Apps 77 Endpoint Protector Mobile Device Management User Manual 9 12 Installed Apps on iOS Mobile Devices gt Installed Apps
13. E 2 Accessing a link in the invitation E mail send to the device Scanning a QR code contained in the invitation E mail for a device Accessing a link contained in the invitation SMS send to the device Accessing directly a link through the native web browser on the device and completing the Endpoint Protector ID and OTC fields a For iOS devices the link is https cloud endpointprotector com mobile php register iOS b For Android devices the link Is https cloud endpointprotector com mobile php register android Downloading and installing the EPP MDM app on an iOS or Android device and completing the Endpoint Protector ID and OTC fields Attention Enrollment of iOS devices should be done through the Safari browser on your iOS device Other browsers are not supported For Android devices enrollment should be done through the native web browser on the device 41 Endpoint Protector Mobile Device Management User Manual 7 2 Mobile Device Enrollment To be able to manage mobile phones and tablets each device must be enrolled by going to Mobile Device Management gt Enroll Devices option ENDPOINT 4 PROTECTOR Dashboard g Endpoint Management aS Endpoint Rights A Endpoint Settings Content Aware Protection m Mobile Device Management APNS Certificate Setup Apple GCM Maps Setup Google Offline Temporary Password Reports and Analysis A System Alerts M Directory Services System Maint
14. Endpoint Management te Endpoint Rights Serdhi Search es Ubiegacaech berm m Counsty Liked Sinira zal Q Search np Store F i gA Epot Settings Search Results 2 Content aware Protection CAP a ee vendor varsiin Daacnpion Prce b Matile Device Mananement F g ppp aa CoBoSya TART Endpoint Protector Mabie Dever Manapemeri prion rempietp WII onterprinn mee Fine Fadl fevers Mobla Deviis MOM Polner APNG Cerbfcase betua Aggie oh Mags Setup Googe GBS Mors r 7 Directory Services fi Appliance Manage 5 Appt Syse Membenarice OS icon Tite Vemjio Version Descomipion Price Codes Caiegory Pigs iPhone iPad Acoons eN System Configuration B EPP kiih CeSety 100 Eadponi Pretecter Mobis Device Uesagemenl provides compitie iS rie Free utkir at lt Fe Trecult g par page a Sytem Parameters G en Endpoint Protection 4 Copyright 2004 2013 Caoga Lea Al ngina ibni Ready Vernon a 401 Appliance 97 Endpoint Protector Mobile Device Management User Manual You will have to enter the required details in the pop up window gt u FoF gt E ICF ENDPOINT PROTECTO DasnDoar Endpoint Management Search Hones App Store Endpawit Rights we Search type Endpoint Seturgs 2 Search Results Contest Aware Protecbos CAP Sewct L Ties Mobily Device Management r g EPP MOM Grol Devices Motte Devices MOM Poko as Now Marae n 80 APNG Certficate Setup Apple OMA Sein iGooge 4 R Mobily D
15. Endpoint Protector Mobile Device Management User Manual 10 6 Play Sound on Device for Android Mobile Devices gt Manage Device gt Play Sound on Device Security Policy Lock Wipe Device Settings aage Device Play Sound on Device Refresh Dev This feature plays a sound on the device to make it his feature w easier to find it if misplaced Play Sound The option Play Sound will make the Android device play a loud noise in order to locate a misplaced device 10 7 Refresh Google Accounts for Android Mobile Devices gt Manage Device gt Refresh Google Accounts Security Policy Lock Wipe Device Settings Manage Device Play Sound on Device Refresh Devic This feature plays a sound onthe device to make t This feature will easier to find it if misplaced Play Sound i Refresh Google Accounts Refresh Accot This feature will refresh This feature will the list of Google Accounts the list of Phone Get Google Accounts e The option Refresh Google Accounts by clicking Get Google Accounts will receive a list of Google accounts registered with the Android device The list of Accounts is displayed under Mobile Devices gt Manage Device gt Accounts 90 Endpoint Protector Mobile Device Management User Manual 10 8 Refresh Device Details for Android Mobile Devices gt Manage Device gt Refresh Device Details Security Policy Lock Wipe Device Settings Manage Device Manage WiFi Manage Mail Ins P
16. The tabs Contacts and Accounts have no functionality associated with them for iOS and show No Results This function is currently only supported for Android devices For each operating system iOS and Android different Device Management features are supported and available For Android the different management settings are enforced by the EPP Client on the Android device Enforcing the use of a password passcode is the most important feature on any device company or individually owned Protecting access to data on the device is the first task to protecting your Android devices Security Policy Lock Wipe Device Settings Manage Device Manage WiFi Manage Mail Installed Apps Accounts Contacts Profiles History Set Security Policy Device Password Current Security Policy Password Quality Alphanumeric A Gf Password Password Quality No requirement Min Password Length Min Password Length 0 Max Time To Lock sec i Max Time To Lock sec 0 Max Failed Password Retries Max Failed Password Retries 0 Ask User to change password Apply Set Password Refresh The current Security Policy if any will be shown on under Current Security Policy 84 Endpoint Protector Mobile Device Management User Manual 10 1 1 Password Passcode Setting on Android Device Mobile Devices gt Security Policy gt Set Security Policy The following Settings can be applied for the password passcode settings for an A
17. the MDM features might be available only for one OS 64 Endpoint Protector Mobile Device Management User Manual 8 1 1 Available Options The table below shows the available MDM options for Android and iOS mobile Devices More options will be made available updated with each version update Tab MDM Option Description OS Support Device Allows to define the owner of the device Settings Device Ownership Personal Company or Unknown a Allows to deactivate the Voice Roaming Device Setti Voice Roaming service for the mobile device Carrier ettings dependent Device Data R Allows to deactivate the Data Roaming Settings AEE AA service for the mobile device Allows to set additional parameters for Device Device Location the locating option Location Accuracy i t Settings Settings Fine amp Location Cost Allowed for a more accurate mobile device locating Remotely locks the user mobile device Lock Wipe Lock Device with or without resetting the user s iv password Remotely deletes all device data Additionally the data stored on the SD iw J Card can be deleted as well by checking the Include SD Card option Lock Wipe Wipe Device Data i i Remotely deletes all data stored on the Lock Wipe Wipe SD Card d ii SD Card Security Current Security Displays the security settings applied at i j Policy Policy that moment i Allows defining additional password settings such
18. 2 2 OS Profile Protection Deletion Passphrase The passphrase for deletion of Profiles on iOS devices is by default generated randomly tf during the invitation enrollment process the Endpoint Protector Administrator who sends the invitation to the device sets the Profile Protection option to Passphrase Required for Removal The automatically generated passphrase can be found in the Endpoint Protector Reporting and Administration web interface under Mobile Device Management gt Enroll Devices gt One Time Codes gt Uninstall Passphrase show After clicking on show the Passphrase is shown that corresponds to the devices enrollment OTC In case the device user needs this passphrase the administrator can give it to the user over the phone for the user to enter during deleting of a profile The administrator can locate the Passphrase after clicking View Invitations Sent and locating the OTC used by the device for enrollment ml Mobile Device Management m es mT MDM Policies APNS Certificate Setup Apple Uninstall Passphrase Show Actions GCM Maps Setup Google ky Offline Temporary Password N NI E Reports and Analysis F A System Alerts N NI Directory Services N N S Maint PREM Martatance Sresults 50 per page Q System Configuration View Invitations Sent View Available OTC Request More OTC u Svstem Parameters 46 Endpoint Protector Mobile Device Management
19. ACcaunt project Vied 5 You can now locate your API key under the Server Key section The API key has the following format Example API key ExamplE67QWuu26 5j6WEEfWqgqYYouW1408 7 Google Cloud Const g My Cloud Project My App Web Application Ute he controls below bo set up your applteblons aulbonzalon credentials Whall you select depends on the type of dala your applicalon needs lo access Oduth 2 0 Client IO Comiticoie md Sores Chud Cimtaatore Dec 5 2017 9 16 AM ACTMATLO ir gmail com you Erowaer Kay Abbess dita thal comes horm a bowser ard hl a ool aesocted wiih an 6 On the Google Cloud Console Site in Projects gt APIs amp auth gt Registered apps gt Server Key gt ALLOWED IP ADDRESSES you can also add IP addresses that are allowed to use your API keys and we recommend you to add the following two cloud endpointprotector com endpointprotector com 7 Copy the Google API key as described in the next step in the Endpoint Protector interface 21 Endpoint Protector Mobile Device Management User Manual 4 2 3 Entering Google API Key and Project Number in Endpoint Protector new method After you have obtained your Google API Key please enter it together with the Google Project Number in the Endpoint Protector Interface The Google Project Number you find on the Google Cloud Console Site under Projects gt Overview gt Project Number Google Cloud Console lt My Cloud Project Project
20. CA Sian Root 1 28 2028 GlobalSign EE T Certificate intended purposes Learn more about certificates 116 Endpoint Protector Mobile Device Management User Manual A Welcome to the Certificate Import Wizard pops up J ust click the Next button C merae e Welcome to the Certificate Import Wizard This wizard helps you copy certificates certificate trust lists and certificate revocation lists from your disk to a certificate store A certificate which is issued by a certification authority is a confirmation of your identity and contains information used to protect data or to establish secure network connections A certificate store is the system area where certificates are kept To continue dick Next 117 Endpoint Protector Mobile Device Management User Manual Browse for the Certificate file you downloaded from the Appliance Setup Wizard gt Appliance Server Certificate File to Import Specify the file you want to import File name Browse Note More than one certificate can be stored in a single file in the following formats Personal Information Exchange PKCS 12 PFX P12 Cryptographic Message Syntax Standard PKCS 7 Certificates P7B Microsoft Serialized Certificate Store SST 118 Endpoint Protector Mobile Device Management User Manual In the Certificate Store window select Place all certificates in the following store radio button
21. Disable E Company Enable Disable E Save Apply S The option Data Roaming can be set to allow a device to have data roaming enabled while outside of range of the default cellular network This setting can in some cases also be dependent on the cellular network provider It might be required depending on the cellular subscription if data roaming has to be activated first for the subscription before it can be enabled or disabled through Endpoint Protector MDM 75 Endpoint Protector Mobile Device Management User Manual 9 9 Profile Removal Policy for IOS Devices Mobile Devices gt Manage Device gt Profile Removal Policy Security Policy Lock Wipe Device Settings Manage Device Manage WiFi Manage Mail Installed Profile Removal Policy Refresh Device Details Always Allow Removal This feature will update the displayed device information Never Allow Removal Passphrase Required for Removal Passphrase YE8QXHG6 Save Get Device Details As described in the chapter 7 2 2 iOS Profile Protection Deletion Passphrase before the profiles settings on an iOS Device can be protected with a passphrase In this option the passphrase can be changed to be a different one than the one automatically generated and associated with the OTC For the full description of this option please consult chapter 7 2 2 iOS Profile Protection Deletion Passphrase 76 Endpoint Protector Mobile Device Management User Manual
22. Sytem Configuration Code Dmna tad Pasaphrate Show Requesied al Acbons a Sytem Parameters HTF mrn 4 Deceorter 2012 1041 erry s var 4 Oecerter J0 1011 Support HSAVF tanen 4 Decemeer 20131041 B27 oumeomse 4 Decemeer 2013 10 41 Undpcant Protector 4 Copyright 7004 201 CaSeSye Lid Ad rights cemerved Ready Verson 4402 Apphance 56 Endpoint Protector Mobile Device Management User Manual Contacts list can be imported from an xls file or can be created in the Paste Contacts section Import contacts list Profiles Protection Always Allow Removal F Never Allow Removal Passphrase Required for Removal Browse for the import file Mo fle selected Download sample file Bulk Enrollment xls Sample 6 Upload Paste Contacts Select Mobile Device Type K iOS Apple E Android F Unknown Profiles Protection Always Allow Removal Never Allow Removal A Passphrase Required for Removal Contacts List Maximum 500 contacts at once Example Admin admin example com 4975419782627 John Doe john company com 004975419782627 Mark mark internal Jane Doe 4975419782627 It is possible to paste up to 500 contacts at once The required format is name separated with semicolon the E mail separated with semicolon the Telephone Number Example John A john company com country_prefix XXXXXX Please note that a Bulk Enrollment xls Sample file with a few examples inside is available for downloading
23. The List of Apps installed on the iOS device lets the Administrator see what apps users have installed on their devices The list of apps installed on a device can be requested from the iOS device and updated though the option Get App List as described in chapter 9 11 Refresh App List for iOS Breuls Heme Identifier Veruaon Short Versio ami St ipo Sine ionge Deed himagement Mags Actions Adobe Reader com adobe Adobe Famdar Tan raged MLN Mo 420 Jt e Angry Bide cam een angrybirdallbne pst 154 Wanig EEIT BKS Je H EPE LEHA fom temiri Ea anagem ht KE 7a Boi Hoa Eois comasple Eonia 1523 ai Managed 535 UB BKB T Ee TO com ied TED ne 7100 Marini 2327 UB EKA na De Gresutis sof eer pagel Installed Apps on managed iOS devices can be pushed uninstalled and managed in different ways as described in the chapter 11 Mobile Application Management MAM for iOS 78 Endpoint Protector Mobile Device Management User Manual 9 13 Refresh Profile List on iOS Mobile Devices gt Manage Device gt Refresh App List Wanage Device Manage WiFi Manage Mail Installed Apps Accounts Contacts Profiles History Refresh Device Details Refresh App List Refresh Profile List This feature will update the displayed device information This feature will update the list of installed apps This feature will update the list of installed profiles Note Results are displayed inside the Installed Apps taj Note Results are displayed inside the Profiles tab
24. device can be remotely wiped using this feature To wipe the SD Card click Wipe SD Card 88 Endpoint Protector Mobile Device Management User Manual 10 4 Device Ownership Mobile Devices gt Device Settings gt Device Ownership Security Policy Lock Wipe Device Settings Device Ownership Unknown Personal Company The option Device Ownership can be set to who is the rightful owner of a device Set it to Company if the company has purchased the device for the user or to Personal if the user has purchased the device and uses it for business purposes After a device is enrolled the default settings is set to Unknown 10 5 Android Device Location Settings Mobile Devices gt Device Settings gt Device Location Settings Security Policy Lock Wipe Device Settings Manage Device Manage WiFi Manage Mail Ins Device Ownership Device Location Settings Unknown a Location Accuracy Fine Personal Location Cost Allowed Company These settings impact the acuaracy of the location data used to locate an Android device 10 5 1 Location Accuracy Fine on Android The setting Location Accuracy Fine unchecked relies on data from WIFI or triangulation Checked Location Accuracy Fine will rely on GPS data 10 5 2 Location Cost Allowed on Android The setting Location Cost Allowed will send location data even if device Is outside of the regular network 89
25. A Moble Devices MOM Polices Import Redemption Codes 10S Apo Management Certicale f j For paid adds please purchase Redemption Codes form the Apple Volume Purchase Program Copy the codes here GCM Maps Setup Googie Copy Redemption Codes Offline Temporary Password Reports and Analysis A System Alerts Directory Services E ance System Maintenance Q System Configuration a System Parameters Q swrn vaiabie results 50 per page Make Codes Avatable Dolet Selected Codes Endpoint Protector 4 Copyright 2004 2013 CoSoSys Lid Al nghts reserved Ready Version 45 0 5 Appliance All redemption codes show their status either as available or used in case they have been used meaning a code was used when a paid app was pushed to a device which did not alreay have this paid app installed Additionally the number of total and still available not yet consumed redemption codes is shown in the column Codes in the list of Managed iOS Apps In the example below 10 10 meaning ten of ten codes are available Manage W Apps k lon take Vendir eo tn Derwece plea Fiag iPhone ad Achim g fs WhaisApp Messenger Whassapp ine ZEB WhanSpes Weege a CTE UT pranphsne mesenger curenty es wa Fe a Rooks Apie hi aM Baka ib an Amating way to download and read broke Broke meudad t wi Fe g EPP MEA Cases 008 Enapaint Proiecies Mishie Devies Management procties complete DS cate Dt ow lt EG a Adote Amatir Agbe Spalena
26. Access gt APT key Offline Temporary Password BB Reports and analysis Step 3 Enter Google Project Number A Alerts ease enter the Googie Project Number you harer located at Googie APIs Comdie gt Queries gt Project Summary Project tumber Q directory Services Bed ance S Se System Maintenance Q System Conhg avon W system Parameters oe Endpoint Protector 4 Copyright 2004 2013 CeSoSys Lis Adrights reserved Version 4 4 0 2 Appaance After entering copying the API Key and the Google Project Number press the Save button After completing these steps you can start enrolling Android devices to Endpoint Protector Mobile Device Management 22 Endpoint Protector Mobile Device Management User Manual 4 2 4 How to get your Google API Key for GCM and Maps old method Visit the following Google Site Google APIs Console and login with your company Google account http code google com apis console 1 If you login to the Google APIs Console for the first time you will be asked to Create project Select this option and give the project a name The Project will be given a Project Number by Google which you also need to enter in the Endpoint Protector interface as described in the next paragraph Gmail Calendar Documents Photos Sites Groups Search More v ee ev Settings v Help Sign out Google apis Start using the Google APIs console to manage your API usage Creating an APIs pro
27. Administration Tool Mobile Device Management iOS App Management iPhone Flags 7 Engish Phone Versen 4 07 Pad Act Pad Actoms nd Apphance Show all departments Manage 10S Apps OS con Title e B WhatsApp Messenger J ss iBooks a EPP MDM Cad Adobe Reader esults 10 per pagel Endpoint Protector 4 Copyright 2004 2013 CoSoSys Lid Al rights reserved CoSoSys Apple nc CoSoSys Adobe Systems inc Version 287 31 10 06 105 2 Version Description Price Category 1006 Endpoint Protector Monde Device Management provides Complete 0S enterprise mob Free Utilities Descripton Price Codes Category WhalsApp Messenger is a cross platform smemtphone messenger CurnenDy 099 USO on Socis Networking ooks s an amazing way to download and read books Books nchades t Free Sock Endpoint Protector obie Device Management provides complete iOS ente Free Utities Adobe Reader is the free trusted leader for reliably viewing and Free Business Phone Pad Actions m S flags iPhone a a a5 v v lt v vi Ready Version 4 3 0 5 Appliance 98 Endpoint Protector Mobile Device Management User Manual Remove app when MDM profile is removed J Prevent backup of the app data he The options for managed Apps are e Remove app when MDM profile is removed if this management flag is set the managed App and all its associated data content with it will be removed if the iO
28. Alloy hes ppplicalion le Your location ul Wetwork communication a Your personal ivflarrantiac Storage moui HFI 36 Endpoint Protector Mobile Device Management User Manual 7 After the installation you will see a message indicating the installation is finished Click Done to complete the final steps for your Android device enrollment 8 Go to Applications on your Android device There locate the EPP Client and start it i oh Appl iGitnans i ES File Explorer 2 Bsus 7 Lal f Facebook BA ajan Sra Free 37 Endpoint Protector Mobile Device Management User Manual 9 After the EPP Client starts you need to fill in your Name and your Phone Number If the device has no phone number provide your mobile number for the Administrator to easier link your device with you as a user Click Next after you completed the fields ENDPOINT GB orecron Your Name 071452365 ters Lance j J l Lange 10 Now the question regarding device administration will appear which needs to be confirmed by clicking Activate i DTEPTTH fet Bctivate device admira Tey all EPP Device Armin Erase all data E me i nadie Oo le Change the scereen unlock password a Lp eel amp 1 levmieni mrj fu AO Ste Attention By not enabling this option the Android mobile device cannot be remotely administrated managed 38 End
29. CA Installing a certificate with an unconfirmed thumbprint ts a security risk If you click Yes you acknowledge this risk Do you want to install this certificate You have now successfully installed the Certificate Close the Internet Explorer browser and try accessing the Endpoint Protector Administration and Reporting Tool IP address again p Bexla Endpoint Protector Report Welcome Guest Login pAg ENDPOINT 4 aake aie et PROTECTOR Reporting and Administration Tool English 121 Endpoint Protector Mobile Device Management User Manual 14 2 For Mozilla Firefox Open the Browser Open Endpoint Protector Administration and Reporting Tool IP address Your Appliance static IP Address example https 192 168 0 201 at G 2 Google This Connection is Untrusted You have asked Firefox to connect securely to 192 168 0 166 but we can t confirm that your connection is secure Normally when you try to connect securely sites will present trusted identification to prove that you are going to the nght place However this site s identity can t be verified What Should I Do If you usually connect to this site without problems this error could mean that someone is trying to impersonate the site and you shouldn t continue Technical Details I Understand the Risks From the above screenshot This Connection is Untrusted choose Understand the Risks Click Add Excep
30. ENDPOINT PROTECTOR A User Manual Version 1 0 0 7 cososys I Endpoint Protector Mobile Device Management User Manual Table of Contents L I MtrOCGUCTION 2 cece cece eee ce eee eeeeeeeeeeeetaaees 1 1 1 What is Endpoint Protector s seseseserererersrnrnrsrsrerererrrrrrrrne 2 2 Activation of Mobile Device Management 3 2 1 Activation of Mobile Device Management Feature sacs 4 3 How Endpoint Protector MDM Works 5 3 1 Supported Operating Systems and deVICES c cece ce eeee eee ees 6 4 MDM Setup APNS Apple amp GCM Google ANOTOI sacgaveedeaceeseadavedaecseuenaanacneneeteenees 7 4 1 Setup of APNS for iOS cesearscucsecenrancensnnarsoneanaroeareoersnaceranennss 8 4 1 1 What is an Apple APNS Certificate and why do I need it 8 4 1 2 How to generate your Apple APNS Certificate 05 9 4 1 3 Renew an Apple APNS Certificate before expiration 12 4 2 Setup of GCM for Android s sesesesererersrsrsrsrersrrrrrrrrrrrrrrne 17 4 2 1 What is GCM Google Cloud Messaging and why I need it 17 4 2 2 How to get your Google API Key for GCM and Maps new method Novanm or 20L a e E EEE EEE E 18 4 2 3 Entering Google API Key and Project Number in Endpoint Protector new MetNOO i rriarerrin ien EEEE a 21 4 2 4 io to get your Google API Key for GCM and Maps old method 4 2 5 Entering Google API Key and Project Number in Endpoint Protector old INGEMNO
31. F 1082 Adecell Feaderl a tht ted FUADA Wager foe Ebaby Veina atl De ow ait re dresuts abe pat page 101 Endpoint Protector Mobile Device Management User Manual 11 4 Pushing Apps to IOS Devices The list of Managed Apps is available when viewing the details about any managed iOS device in the tab Apps Waloome Logoat i ieai Reporting and Administration Tool Engish Q Ea Dashboard El Endpoint Management Mobile Device Ink Re Endpoint Rights lame Demo iPad mini ser Name ast Seen 15 April 2013 44 24 aA Endpoint Settings Tyee OS Mone Mure wer 99000134 Gaam Avaya Paan inde Pad2 7 ene Orange Romania MWiMec 4c6079 4 W MDS40HC 5 Verse 612 i Mobile Device Management Errol Devices Locate Mobile Device Matie Devices MOM Poles Stada Haiducului Cluj Nap O5 App Management Romania APNS Certificate Setup Apple GOM Maps Setup Googe i Offline Temporery Password i Reports and Analysis A System Alerts L Directory Services a PERNES SearityPoicy Lock WWipe Device Settings Manage Device Manage Wii Manage Mai f Srofies History ir Push Apps System Moentenance Status icon ie Vendo Version Description rie ade egory lag iPhone iP Actions e System Configuration WhatsApp Messenger WhatsApp inc 257 YhatsApp Messenger amp a cross patiorm smartphone messenger currently a uso ano Socis Networki J a Ps E4 a System Parameters Yu vo TD TED Conteresce
32. G s cssceeuscctescacemraiosacecieguaseeetawenanersentanesesneee 24 4 2 6 Google C2ZDM scccssoverentsenacntesnwaneescedatdenatsaaes bacxecneesacenga was 25 5 10S EPP MDM APP c cece cece eee eee eeeees 26 5 1 EPP MDM iOS App Supported iOS VerSIONS 00eee cece ees 26 5 2 EPP MDM iOS App to locate G VICES ccc cece eee eeeee eee eeeeenes 27 5 3 EPP MDM iOS App to enroll devices optional 008 27 5 4 EPP MDM iOS App Device Information cccceee cece eee eeees 28 5 5 Installing the EPP MDM iOS BOD wcasnecsuvesaucsnsecearennesaesensccnea 29 5 6 Allow Location Services for EPP MDM iOS App 50006 30 5 7 Pushing and Managing EPP MDM App to iOS Devices 30 II Endpoint Protector Mobile Device Management User Manual 6 Android Endpoint Protector MDM Client App32 6 1 EPP MDM Android Client App Supported Versions 32 6 2 The Android EPP Client App ccceseeeeeeeeeeeeeseeeeeeeeeeeas 32 6 3 EPP Client Android App to enroll devices ccc cece eee eee es 32 6 4 Install EPP Client App on Android and Enrolling Android Device33 7 Enrolling Mobile DeVIC S cccce eee eee 39 7 1 Different Enrollment methods are available 08 40 7 2 Mobile Device EnrollMent cece cece cece eee eeeeeeeeeeeeneeeees 41 7 2 1 iOS Enrollment and Profile Protection cccccceceee eee e eens 44 7 2 2 iOS Prof
33. ID coral firefly 424 Project umoef Overview APIs amp auth Permissions Settings Support Add them at Mobile Device Management gt GCM Maps Setup Google ENDPOINT 4 mii PROTECTOR Reporting and Administration Tool Lngtan an a r i Dashboard Endpoint Management Res Endpoint Rights tote To ute Mote Devre Management features for andad dew A R requred hat you prode an API key from Google Mote Devre Management Gr Andad yal not work maul Dece pette That API bey s ako requred to wee tions Grew locators better y for Androsd ond 05 devices in fhe locate Motte Device View of Excipowt Protector wairrg Googie Hops Step 1 Obtain API key from Google 4 Wat the following Google Ste Google APIs Console and login wth your company Googie account D OF pena Reger to ths Googie Site for the frat time you wal be asked to Create project Select thes optics lt Make sure the following Google Services have ON status green Google Cloud Messaging for Android Googie Maps API v and State Maps API To enable these Services Google will ask you to agree to ther Terms of Serwce ind User License Agreement Moble Devices d You can new locale your API key it fhe lef meray ort fhe Google Site unde AP Access gt Simgiie API Acorts gt API bey MOM Poioes 105 A o Managernent Step 2 Enter Google API key APKS Cortficate Senay Regie GCMMaos Setup Googe Please ender the API bey you Pave locates at API Access gt Simpie API
34. S device becomes unmanaged either if the Endpoint Protector administrator unmanages the device or if the device user is unmanaging the device by removing the device enrollment profile e Prevent backup of the app data if this management flag is set the managed Apps associated data content will not be backed up in case the device is synced or backed up with iTunes E 4 Eni Reporting and Administration Tool Engish Q Dashboard El Endpoint Management P ee Endpoint Rights Search Search type Using search term w County United States e Q Seach app Store A Endpoint Settings Q Content Aware Protection Select icon Tite Vendor Version Description Price Category Phone Wad Actone fb Mobile Device Management u db EPP MOM CoSoSys 10 06 Endpoint Protector Mobile Device Management provdes complete OS enterprise mob Free utthies r Errol Devices Mobile Devices MOM Polices IOS App Management APIS Certticate Setup Apple GCM Maps Setup Googie Ofline Temporary Pessword S Reports and Analyses AS sis Add selected Apps E Directory Services Appliance System Maintenance Tithe EPP MOM Q System Configuration Osso mtor Endpoint Protector Mobile Deuce Management provides complete IOS enterpnse mob ity management for smal and medium szed buanesses and enterprises It Offers your IT department the ability to easily erral 10S devices provision them make sure the proper searity policy is established and enfor a Sys
35. a list of all used OTCs with the corresponding e mail addresses and or phone numbers where they were sent to The View Available OTC allows the administrator to return to the list of unassigned OTCs The third enrollment method allows the end user to directly enroll his mobile phone through the Endpoint Protector Cloud Service which can be accessed at two separate links one for each supported mobile device operating system This option requires the user to previously receive the MDM ID and OTC keys from the administrator In this case the administrator must reserve one OTC from the list for the user making the request either by e using the Reserve right click menu option S This operation will remove the selected OTC from the list of the available OTCs and move it to the list of already sent invitations 44 Endpoint Protector Mobile Device Management User Manual 7 2 1 1OS Enrollment and Profile Protection When an iOS device is enrolled the Administrator has the option to protect the policy settings in iOS called Profiles to be protected against uninstallation When an iOS device is enrolled it receives first an enrollment profile which is responsible for the communication between the iOS device and the Endpoint Protector Appliance This enrollment profile is not protected against uninstallation but all additional profiles attached to the enrollment profile can be protected against uninstallation This means on an iOS devi
36. actual device the option to Include SD Card can be selected to also wipe the data on an SD Card in the device After a remote wipe the device is unmanaged No more connection between the Android device and Endpoint Protector is possible after the remote wipe The remote wipe of a device works also in case of a device that has a SIM card and the SIM card has been removed from the device As long as the device has a working internet connection in this case over Wi Fi the remote wipe of the device will still work as long as the wipe command can reach the device Note All data on the device will be permanently lost It cannot be recovered after a remote wipe Use this feature with caution and only as a last resort 10 3 1 Android Remote Wipe of SD Card Mobile Devices gt Lock Wipe gt Wipe SD Card Security Policy Lock Wipe Device Settings Manage Device Manage WiFi Manage Mail Installed Apps Accounts Contacts Profiles History Lock Device Wipe Device Data Wipe SD Card Strong Password Lock Set Random Password Warning Please note that the device after Warning this feature will delete all data executing the remote wipe is no longer connected from SD Card in the device to and managed by Endpoint Protector since all data including connectivity information to Endpoint Protector is erased Lock Device Screen Keep Current Password EF including SD Card Lock Wipe Wipe SD Card The SD Card in an Android
37. and to view information about it DPO 4 2 s abe esapta i Reporting and Administration Tool Engish v _Q i Dashboard gl Endpoint Management Re Endpoint Rights Nam Pron a Hame LastSees 19 October 2012 17 38 Endpoent Settings me 108 Dai si O Content Aware Protection Modat iPhonea i Orange Fils ice 237 Lo HoweWo MC6O3RR SVerson 60 fb Mobile Device Management s eee Security Policy Lock Wipe Device Settings Manage Dewce Manage WFi Manage Mal Installed Apps Accounts Contacts Profiles History Q System Configuration a System Parameters Smole Vawe Tha feature wA renet he current device password io Alk Applications h with O Support Altan ee De empty vere can be unlocked without bfi Set Security Policy Clear Password No more password required Sel Restriction Policy g 5 E z rel g g 3 g 3 i Endpoint Protector 4 Copyright 2004 2012 CoSoSys Lid AS nghts reserved The main three rows are the following three e Device Information displays all important device related details from mobile device name model type and OS to carrier related details such as carrier name user phone number and user name Not all information will be available all the time since the information available depends on the device and the operating system e Locate Device displays on the included map the previous and the current location of the device at the time of the last request By selecting the Upd
38. as minimum password ome Set Security Policy length password quality max time to i 4 y lock max number of password retries before wipe Security Ask User To Change Enforces the user to define a new iw Policy Password password Security Resets any existing password for the Policy Clear Password Aea im Sacurit Resets any existing password and allows ji y Device Password defining remotely a different password i Policy for the mobile device erat Keeps a track of the last n passwords Policy y Password History used and doesn t allow setting them as K new passwords 65 Endpoint Protector Mobile Device Management User Manual Security Secured wae Enforces the user to define a new Policy g password after a certain time period l Enforces the user to define a new Security ay Poli Grace Period password after the grace period is over d Ory counted in minutes Manage Play Sound on Activates a song on the device which Device Device will play for a predefined period of time l Manage Refresh Device Updates the device details displayed Device Details under Device Information e Manage Display the list of currently installed Device Refresh App List apps on the mobile device Manage Display the list of currently set profiles ier Refresh Profile List the mobile device Manage Refresh Google Display the list of currently set Google e Device Accounts ma
39. ate Location option the current location will be displayed on the map while the Location History option will allow the Administrator to view the previous locations of the mobile device For iOS only the current location is available of the device For Android all location options are available Please remember iOS and Android both require for location information the EPP MDM app to be installed on the device e Device Management Tabs includes separate tabs containing the available MDM options for remote device and data managing Detailed Features are described in the following paragraphs 63 Endpoint Protector Mobile Device Management User Manual For each of the available Mobile Device Management options a status bullet is displayed indicating the returned result of a selected executed operation k Red indicates that the requested operation has failed O Green indicates that the requested operation was successfully performed O Yellow indicates that the requested operation is in pending mode A practical example is when you click on Refresh Device Details The bullet will turn yellow and stay for a few seconds in the yellow color until the request has been sent to the device and the device has answered to the Endpoint Protector Appliance Then the status is changed to green and in this case the updated device details can be viewed Note Due to the differences existing between the iOS and Android platforms some of
40. ation of Mobile Device Management The Mobile Device Management feature enables administrators to remotely control and enforce strong security policies on iOS Apple and Android devices Through options such as remote data wipe device tracking and blocking it offers enhanced protection against data theft and data loss considerably reducing the risks that come with the increase of mobility in today s business environment Welcome t t Logoart ENDPOINT 4 A PROTEC Reporting and Admimstration Tool Ergish a PROTECTOR Barn ra Ge af Ea Dashboard Mobile Device Management Confkyure Feat Show all departments Endpoint Management fis Endpoint Pah a Endpoint Settings With Mobile Device Monagenent MOM in Enip Protector yoo Gam add another bevel al Content Aware Protector security to probeert your valuable dita Keepy control over AS ond Andro dewetes that ane gee wilhin of outside pour miik amp critical in Moke Devige Manageren your free 30 day trial of Hobie Dirie Management in Endpoint Probecher lodar and test Enrol Devices with up to 10 mobile devices or get your subsonption immediately Beste Peek ae a MOBILE DEVICE PhS Cerblicate Setup Appi i MANAGEMENT GOH Hapa Setup ooge by ENDPCEN PROTEC Tet lal OMfine Temporary Password EE Reports and Analysis Pa Enaltt Fos ATS System Alerts ry Directory Sorneces A i system Maintenance Q System Comfaquration a System Parameter
41. ccess to their company e mails Sales reports etc everywhere they go The wide adoption of the BYOD Bring Your Own Device model by companies worldwide led to the use of more personal mobile devices by employees for storing business information together with private data such as photos and music This trend raised new issues for IT administrators which are faced now with the challenge of protecting sensitive company data not only inside the secured company network but also everywhere it is taken on mobile company endpoints At the same time a separation and close monitoring of company information from personal data must be imposed To face the security challenges by the increase mobility in business environments Mobile Device Management by Endpoint Protector enables a complete control and detailed monitoring over the use of mobile devices both inside and outside corporate environments allowing employees to have a secure access to both corporate and private data wherever they are and on whatever device they are using without business critical information getting compromised 2 Endpoint Protector Mobile Device Management User Manual 1 1 What is Endpoint Protector Endpoint Protector is a complete Data Loss Prevention solution for companies networks of all sizes enabling a detailed control over removable mobile storage media and mobile devices both inside and outside the companies walls Welcome Guest Login ENDPOINT
42. ce the restriction profile cannot be uninstalled from the device without a passcode that is protecting it but the enrollment profile can which along will uninstall the restriction profile The Profile Protection options are C t Profiles Protection Always Alow Removal Always Allow Removal Never Allow Removal Passphrase Required for Removal Send E Always Allow Removal which allows the user to remove a profile at any time Never Allow Removal which allows removal of the profiles only through the Endpoint Protector Appliance Administrator Passphrase Required for Removal which allows the device user to delete the profile after entering the passphrase for deletion A practical example to illustrate this fact better is the following An iPhone is enrolled and the administrator applies the companies security policy for restrictions disabling FaceTime for example and WiFi Settings as a profile and protects it with a profile protection The user of the device wants to uninstall the restrictions profile to be able to use FaceTime To do that the user is required to enter a passcode which he doesn t know only the Endpoint Protector administrators The user still could uninstall the enrollment profile without a passcode but in case he does that also all his other profiles and settings are deleted along with it meaning company WiFi settings etc 45 Endpoint Protector Mobile Device Management User Manual 7
43. code password in order to confirm installation 52 Endpoint Protector Mobile Device Management User Manual Once the Endpoint Protector Profile was successfully installed the mobile device will be displayed inside the Mobile Devices List from the Endpoint Protector Web based Reporting amp Administration Interface and it now available for the administrator to manage it 53 Endpoint Protector Mobile Device Management User Manual 7 2 8 iOS Mobile Device Enrollment through EPP MDM App To enroll using the EPP MDM iOS app from the Apple App Store the user has to install the app on the iOS Device After installing the EPP MDM iOS app as described before in 5 5 Installing the EPP MDM iOS App the user has to click Query enrollment status w orange gt PROTECTOR nsgemen Query enrollment status gt Location Info gt afa ENDPOINT Mobile Device Device Info gt What is EPP MDM The app is now checking if the iOS device is already enrolled with Endpoint Protector Mobile Device Management If the device is not enrolled yet the following message will appear The device doesn t appear to be enrolled If the device is enrolled already it will appear Device enrolled w orange ENDPOINT Mobile Device PROTECTOR Management The device doesn t appear to be enrolled You may enroll your device with your MDM ID and an OTC Device enrolled gt Location Info gt
44. ction Always Allow Removal Never Allow Removal Passphrase Required for Removal Browse for the import file No file selected Download sample file Bulk Enrollment xls Sample G Upload Paste Contacts at ese tam iNSlAnnle Android Al inknawn Note Contacts to which the invitations were already sent will available in the interface no longer be 8 Managing Mobile Devices The list of enrolled mobile devices and their status is available under Mobile Device Management gt Mobile Devices Welcome tt Logoat a abe sereine Reporting and Administration Tool rmm Dashboard El Endpoint Management Fiter Re Endpoent Rights kinks pe G E gt Endpoent Settings States Last Seen Actions 3 Content Aware Protection company phoned t MOSOIRA 60 Regsterec 19 October 2012 17 38 5 Regestered 19 October 2012 17 32 unknown s2 Samsung GT 8100 403 Qegetered 19 October 2012 1223 ia Mobile Device Management Con fie we Fash so results I S0 per page POA d MOM PoRues APNS Certificate Setup 005 C20M Google Maps Setup Offfme Temporary Password Reports and Analysis System Alerts Directory Services System Maintenance System Configuration System Parameters Oe amp eB gt le Support tndpoint Protector 4 Copynght 2004 2012 CoSoSys Lid Al nghts reserved TO manage a specific device select it from the list by right clicking on the device name and choose one of the available action
45. d Supervised Devices Restrictions won t be sent to the device a m 106 Endpoint Protector Mobile Device Management User Manual 12 2 Assigning Devices to Policy After you created a MDM Policy you can assign devices to the policy by selecting them under Policy OS type Applies To Policies ke Show Help R amp D Policy TestPolicy Android Devices Creal Custom Content Custom Content security Content eaten ay Devices Update Custom Content Click on Devices Update Double cli Add New Duplicate Ed Edit Policy 05 type Applies To i Show Help ED i0S Mobile Devices E Phone F iPad 1 iPhone gt a amp 5 Save and Apply You can save your selection of devices by clicking Save The Save option is not yet applying the settings from the policy to a device Only after you click Apply or Save and Apply the policy will be applied to the devices included in the policy In case that a mobile device must no longer be remotely managed controlled Endpoint Protector the user depending on rights and Endpoint Protector Administrator can uninstall unmanage the mobile device The uninstall unmanage process for Android and iOS mobile devices is different To unmanage an iOS device the Endpoint Protector Enrollment Profile on the iOS device has to be removed The Endpoint Protector Administrator can remove the profile by following th
46. d click Add selected Apps ie PROTECTOR st ll seca ni xin siete an tagan OOo Dashboard al Endpoint Mesegensent Search Tunes App Store Ce Endpoint Rights Jobi Search type Using search term w County United States LQ Search App Store Search Results Q content aware Protection TETTEY hiii E E Pres catagory Phone iPad Action Mobile Device Management tal B EPP MOM CoSoSys 10 06 Endpoint Protector Mobile Device Management provides complete OS enterprae mob Free Utilities v uw Errol Devices Moble Devices MOM Polices 105 App Management APNS Certficate Setup Apple GCM Maps Setuo Googie kg Offline Temporary Password Reports and Analysis GB directory Services a Manage 105 Apps Appliance a os icon Title Vendor Version Description Price Codes Category Flags iPhone iPad Actions System Maintenance a a EPP MDM CoSeSys 1006 Endpoint Protector Moble Device Management provides complete OS enta Free Unies DA wa RO Q aor Tresult 10x per page a system Parameters Q server Endpoint Protector 4 Copyright 2004 2013 CoSoSys Lid Al rights reserved Version 43 0 5 Appliance 11 1 3 Adding Enterprise Apps to Managed Apps Catalog You can add applications developed in house by clicking on the Add Enterprise App button itai w ofa PROTECTOR Reporting and Admunistration Tool Engian Sl aj issam Sont A Dashboard Mobile Pavice Managemen 105 App Manegamami
47. device and second to use the app optionally also as a way to enroll an iOS device to Endpoint Protector Mobile Device Management 5 1 EPP MDM iOS App Supported iOS Versions The EPP MDM app for iOS supports iOS version 7 0 6 0 5 0 iOS version 4 0 is not supported by the EPP MDM iOS app due to missing support for required features 27 Endpoint Protector Mobile Device Management User Manual 5 2 EPP MDM iOS App to locate devices The EPP MDM app allows the iOS device to provide location data of the device to the Endpoint Protector Appliance in order to determine the current location of an iOS device in case it is misplaced lost or stolen To locate an iOS device the EPP MDM app is a necessity on the iOS device 5 3 EPP MDM iOS App to enroll devices optional The EPP MDM App allows the iOS device to enroll as described below at iOS Mobile Device Enrollment through EPP MDM App The EPP MDM App is not required for enrollment it is simply an option to enroll in this way a device to Endpoint Protector Server 28 Endpoint Protector Mobile Device Management User Manual 5 4 EPP MDM iOS App Device Information The EPP MDM app also detects device details and if a device was tampered with Jailbreak Status Back Device Info Identification Name Jailbroken No WiFi Mac Software System Name iPhone OS System Version 6 0 Hardware Model iPhone wi 29 End
48. e Management Information the MDM ID corresponding to your appliance is displayed which will be further used as a parameter for enrolling mobile devices Additionally one can check the exact number of mobile devices enrolled at that moment 42 Endpoint Protector Mobile Device Management User Manual The enrollment of iOS and Android devices is similar in many ways There are different enrollment options for each mobile device type available The first two options allow the sending of E mail and SMS based invitation requests to mobile devices invitations which include short instructions on the steps required for the end users of the device to perform The sending of E mail invitations can be performed by clicking on the Send E mail request button while the SMS based invitation can be performed by clicking on the Send SMS Request button The bulk enrollment feature allows the administrator In order to ensure that a mobile device is properly and securely enrolled there are two keys required during the enrollment process MDM ID which uniquely identifies your Endpoint Protector Appliance Server OTC One Time Code which allows only the invited devices to be enrolled on your Endpoint Protector Appliance Server The OTC will expire after one use Uninstallation Passphrase applies to iOS only which allows the device to be unmanaged uninstalled The uninstallation option for iOS has to be chosen at enrollment
49. e Screen Keep Current Password 72 Endpoint Protector Mobile Device Management User Manual The iOS device can be remotely locked Clicking Lock will remotely lock the device screen and require a password entry to unlock the screen The current password Is kept in this case if the device is remotely locked The remote lock of a device works also in case of a device that has a SIM card and the SIM card has been removed from the device As long as the device has a working internet connection in this case over Wi Fi the remote locking of the device will still work as long as the lock command can reach the device 9 4 Remote iOS Device Wipe Device Nuke Mobile Devices gt Lock Wipe gt Wipe Device Data Security Policy Lock Wipe Device Settings Manage Device Manage WiFi Manage Mail Installed Apps Lock Device Wipe Device Data Lock Device Screen Keep Current Password Warning Please note that the device after executing the remote wipe is no longer connected to and managed by Endpoint Protector since all data including connectivity information to Endpoint Protector is erased The iOS device can be remotely wiped A remote wipe will erase all data on the device and reset the device to its factory default To remotely wipe a device click Wipe and a confirmation message will ask to proceed if you are sure you want to remotely wipe the device After a remote wipe the device is unmanaged No more connection betwe
50. e removal of profile information described here 9 14 1 Remove Profile from iOS Device To unmanage device it is important that the Endpoint Protector Enrollment Profile is removed After removing of the Enrollment Profile the device status as described in chapter 8 1 Mobile Device Status will change to MobileProfileRemoved To unmanage an iOS device the Endpoint Protector Enrollment Profile on an iOS mobile device go to Device Settings gt General and select the Endpoint Protector Profile The next window displayed will contain the option to Remove Endpoint Protector from the mobile device Attention Although the uninstallation can be performed by the user the Administrator will also be notified about the removal of the Endpoint Protector Enrollment Profile 108 Endpoint Protector Mobile Device Management User Manual 13 2 Uninstall iOS EPP MDM app To uninstall the EPP MDM iOS app the user of the iOS device can uninstall it by pushing the EPP MDM app icon for two seconds and then deleting the app by clicking x 13 3 Android EPP Client App Uninstall Unmanage Android Device To uninstall EPP Client App on an Android Mobile Device the user needs to disable the Device Administrator role from Device Settings To uninstall the EPP Client App follow these steps 1 Go to Settings on your Android device and select Security ich Sets Localion services Security A Language and input Back
51. ee ees 70 9 2 3 iCloud restrictions Photo stream restrictions 70 9 2 4 Security and Privacy R StrictiONS cccccceeeeeeeeeeeeeeeeeees 70 92 5 Content Rating Restrictions sesessssersrererrerererrrrrrerereras 70 9 2 6 10S7 RestrictionS sesssssereerrerrrrrrrrrrrrrrerrrrrrrrerrrrrrrrn 71 9 2 7 Supervised Device Restrictions cccceccceeeeeeeeeeeeeeeees 71 III Endpoint Protector Mobile Device Management User Manual 9 3 Remote iOS Lock of Device cece e ener eee eeeeees 71 9 4 Remote iOS Device Wipe Device NUK ccc cece ee eeees 72 9 5 iOS Disable Device Password PaSSCOde cece eee 72 926 DeVICS OW els OID arerin iena ORIORI NNS 73 9 7 Voice Roaming on iOS cecncsuavccevinaetesvinawteaeinastanetnasacawtensdeas 74 2e Data RoOamMiNG ON 10 gt socdicncccndignecaadocnedaadianeeusdqeneesetanseaedin 74 9 9 Profile Removal Policy for iOS Devices cece eee cece eeeees 75 9 10 Refresh Device Details for IOS sivsiisxciseiexorseeer eee eeeeenenes 76 9 11 Refresh App List for iOS ccc cccececeeeesee eee eeeeeeesseeeeeeeeenegs 70 9 12 nstalled Apps ON iOS cce cece cece eeee esse ee eee eeeeeeseeeeeeetenegs 71 9 13 Refresh Profile List on IOS ssi scsicssassssessassssesegsasessananessaniees 78 9 14 Profiles on 10S Devices Information c ccc cece eee eee 78 9 14 1 Remove Profile from IOS De VICE cc cccceee cece e
52. eeeeneeeees 78 9 15 Manage WiFi on iOS sineinoncnotexiienancnemenetennqcnstimeaamesimomenoiens 79 9 15 1 Wipe Wi fi SettingS sesesererserererrrrernrerrrrernrerrrrnrererrrs 79 2o Manage Wall O00 10 erriren erren E r E EE ES E 80 9 16 1 Wipe E mail SettingS ccc cece cece cece cece sees eeeeeeeeeeeenneees 80 Oi Mana VPN ON TOS mises Trnine EErEE TATEA ATATEN 81 9 18 History of IOS Devices ACTIONS ssssserererrerererrrrersrerrrrsrene 81 9 19 Contacts and Accounts Tab on iOS Devices eccess 81 10 Manage Android DeVICES c ee 83 10 1 Security Settings Security Profile on Android 065 83 10 1 1 Password Passcode Setting on Android Device 84 101 2 Devic PaSS WOO ase tcsceaversaseseecens acces aae Ea 85 10 1 3 Android Device Hardware Encryption ssssesesrerrererrererre 85 10 2 Remote Android Lock Of Device ssssssssrssrssrrsrrerrrrrerrene 86 10 3 Remote Android Device Wipe Device Nuke 000000 es 86 10 3 1 Android Remote Wipe of SD Card ccceceeeee cece eee eeeees 87 10 4 Device Ownership scnceansconacanseanavanneancravsaravensneravavanerceancnen 88 10 5 Android Device Location Settings s seserserersrerrerererren 88 10 5 1 Location Accuracy Fine on Android 0cceeeeeeeeeeeeeeeees 88 10 5 2 Location Cost Allowed on ANdrold cccceccececececaecucueanas 88 IV Endpoint Protector Mobile Device Managemen
53. elected Strong Password Lock Set Random Password The remote lock of a device works also in case of a device that has a SIM card and the SIM card has been removed from the device As long as the device has a working internet connection in this case over Wi Fi the remote locking of the device will still work as long as the lock command can reach the device 10 3 Remote Android Device Wipe Device Nuke Mobile Devices gt Lock Wipe gt Wipe Device Data Security Policy Lock Wipe Device Settings Manage Device Manage WiFi Manage Mail Installed Apps Accounts Contacts Profiles History Lock Device Wipe Device Data Wipe D Card gt Strong Password Lock Set Random Password Warning Please note that the device after Warning this feature will delete all data PS P l executing the remote wipe is no longer connected from SD Card in the device Lock Device Screen Keep Current Password to and managed by Endpoint Protector since all data including connectivity information to Endpoint Protector is erased F Including SD Card Lock Wipe SD Card The Android device can be remotely wiped A remote wipe will erase all data on the device and reset the device to its factory default To remotely wipe a device click Wipe and a confirmation message will ask to proceed if you are sure you want to remotely wipe the device 87 Endpoint Protector Mobile Device Management User Manual Additionally to wiping the data on the
54. emption code is consumed during this process c lt 4 App Update The server cloud endpointprotecior com is Cancel 103 Endpoint Protector Mobile Device Management User Manual 11 5 Removing Managed Apps from iOS Devices All installed Apps on a managed iOS device are displayed in the tab Installed Apps Ce Endpoint Rights Name DemoiPadmini a arte Last Seen 15 April 2013 11 24 A g 5 g Tye OS Prone Hunis we 9900013 Content Aware Protection Model Pad2 7 Comer Orange Romania WiMax 4c8079 fo Mobile Device Managerment ee MDS40HC OS Vereen 612 Deewcr tote Enrol Devices BB Reports and Analysis AS Sreem ner E oreco serves E aiene Systeam Moantenance j Name enter Version Short Version Last Statu App Siz Storage Used Management Flags Action e System Configuration 8 Angry Bees com ravi angrybids tree st 153 Managed 124 82 uB BKB IA e a System Porematers EPP MDM com cosesys EPPMDM 1006 E Managed 535 KB 296 KB DON e O Support Books com appie Books 1823 a Managed 53 568 eke NA e Te com ted TED 2028 2100 Managed 23 27 u6 eK WA e 4resumts 50 per page Endpomt Protector 4 Copyright 2004 2013 CoSeSys Lid All nghts reserved Ready Version 4 3 0 5 Appliance To remove an app click the icon and the app will be deleted from the managed iOS device When a managed app is removed on the device the device user is not asked to confirm the removal of the app 12 Policy Builder for IOS or
55. en the iOS device and Endpoint Protector is possible after the remote wipe The remote wipe of a device works also in case of a device that has a SIM card and the SIM card has been removed from the device As long as the device has a working internet connection in this case over Wi Fi the remote wipe of the device will still work as long as the wipe command can reach the device Note All data on the device will be permanently lost It cannot be recovered after a remote wipe Use this feature with caution and only as a last resort 9 5 10S Disable Device Password Passcode Mobile Devices gt Security Policy gt Clear Password No more password required 73 Endpoint Protector Mobile Device Management User Manual The option Clear Password No more password required will disable the password passcode requirement for the iOS device Unlocking the device screen will be possible without a password entry 9 6 Device Ownership Mobile Devices gt Device Settings gt Device Ownership Security Policy Lock Wipe Device Settings Device Ownership Unknown Personal Company The option Device Ownership can be set to who is the rightful owner of a device Set it to Company if the company has purchased the device for the user or to Personal if the user has purchased the device and uses it for business purposes After a device is enrolled the default settings is set to Unknown 74 Endpoi
56. enance o System Configuration z System Parameters Support Your MDM ID is Reporting and Administration Tool Mobile Device Management Enroll Devices Mobile Device Management Information Welcome t t Logout Engish vt 8 8 Q Advanced Search Show all departments urrenty managing 3 mobile Devices P i mobile Devices Enroll Mobile Devices 10S 0S X Apple Method 1 Send E mail request containing enrollment invitation link Method 2 Send an SMS request containing enrollment invitation link Method 3 On Mobile Device visit in web browser https coud endpointprotector com mobile php register iOS Android Method 1 Send E mail request link containing the customized EPP Client installation package Method 2 Send SMS request link containing the customized EPP Client installation package Method 3 On Mobile Device visit in web browser https cloud endpointprotector com mobile php register android Send E mail Request Send SMS Request One Time Codes Results Code Uninstall Passphrase Show Actions rererere N trtrtrtt N N tttttttt NJ _ N e tttttttt NI p o tttttttt N gt teeeeete N Senses N sesesese N 12 results 10 per page We 4 20 pln View Invitations Sent View Available OTC Request More OTC Endpoint Protector 4 Copyright 2004 2012 CoSoSys Ltd All rights reserved Ready Version 4 2 0 1 In the Enrollment window under Mobile Devic
57. erating System the Policy should apply Choose between Android and iOS Give the policy a name and a description that will help you later administering your devices easier Policies are based on device operating system Make the settings for the policy you require For each operating system different options are available to be set in the policy Add a new Policy Show all departments Policy Device Type ios Android Policy Information Policy Name Test MDM Policy Policy Description Test MDM Policy description iOS Version iOS6 and older iOS7 and newer Supervised Devices No Yes Security Policy Device Settings Manage Device Manage WiFi Manage Apps Set Security Policy Clear Password No more password required Set Restriction Policy Simple Value E This feature will reset the current device passwordto All be empty hence the device can be unlocked without x as e fan Alphanumeric Password entering a password Device Functionality Applications B iOS7 Restrictions Min Password Length 0 Allow installing apps i Allow YouTube Allow fingerprint for unlock L Allow Siri a Allow iTunes Allow Control Center on Lock Screen Min Number Of Complex Chars 0 Enable Disable T Allow Siri while device locked i Allow Safari E Allow Lock Screen Notifications Max Password Age days 0 Allow use of camera Allow Safari Auto Fill E Allow Lock Screen Today View a Max Time To Lock minutes 0 Allow FaceT
58. evice Management for i05 After the upload was successfully performed your APNS renewal for the Mobile Device Management is finalized Please check if the expiration date of the APNS certificate in Endpoint Protector My Endpoint Protector was updated to the renewed date 17 Endpoint Protector Mobile Device Management User Manual 4 2 Setup of GCM for Android To use Mobile Device Management features for Android devices it is required that you provide an API key from Google This API key is also required if you want to see device locations using Google Maps for Android and iOS devices in the Locate Mobile Device View of Endpoint Protector 4 2 1 What is GCM Google Cloud Messaging and why need it In order to use the MDM features provided for Android a GCM API Key Google Cloud Messaging for Android is required GCM is necessary to establish communication between an Android mobile device and Endpoint Protector and issuance to you is up to Google Androids own discretion For more info about Google Cloud Messaging for Android please refer to http developer android com quide google gcm index html For more info about Google Maps API please refer to https developers google com maps 18 Endpoint Protector Mobile Device Management User Manual 4 2 2 How to get your Google API Key for GCM and Maps new method November 2013 Visit the following site Google Cloud Console and login with your compa
59. evice Managemunt Reporting and Administration Toot OS App Managemem JErgaan xi Welcome Logout q Show all deponrmems Offline Temporary Paseword Reports and Analysis Aarts tarectory Services Roplance Sysiem Syste System Ta upport Maerlensnce Configurevon Poramelers Add selected Anes Tfesut 10 J pet cage fnapoint Protector 4 Copyrgmt 2024 201 CeSeSye Loo As gree aanva Unites States Uong otin tere j Coury Vendor CoSoSys Venneor Version reS Sye 1007 Descrpacrr 3 Q Search Ago Stoet Descripthon Pree Category Encpere Protector icn e Device Masagement provides compete OS emerrrae me Free Utes Add Enterprise 0S App x Tte CoSoSys Enterprise Apo vendo Cososys Ltd veson 10 0 0 Drarption Enterprise Application hoe identifier cocosii eoo Dumio tum F sop Link bates 292 368 0 63 etorekom ces F Supper ted Devices Prone amp Pad Manageren Flags None gt j AGG irtersrae Qu Ace Price Codes Category ropni Orctector iocis Ue ce snegeneri prostese conpisle OF wie hiee ee 11 2 Editing App Management Options Managed Apps options can be modified by selecting Edit App gt i 2 BB ENDPOINT 4 PROTECTOR APNS Certificate Setup Apple GCM Mags Setup Googe Offline Temporary Password Reports and Analysis System Alerts Directory Services System Maintenance System Configuration System Parameters Support Reporting and
60. filled with the MDM ID and OTC keys These steps are described in detail in chapter 6 4 Install EPP Client App on Android and Enrolling Android Device 7 2 10 Bulk Enrollment Bulk enrollment allows the administrator to send enrollment invitations to a large number of devices at the same time through contacts list Welcome Logout P a s Reporting and Administration Tool lagan Q Dashboard E Endpoint Management Notde Device Management Inkoarmastan Re Endpoint Pughts Your MOM 3D is A Endpoint Settings Oo Corrent Aware Protection CAP otir Devices w Mobile Device Management Oanticord orallsras 16 Apple Opsonaly you can sean the QR Code Sor your device type han ensar the OTE Mode Devices Method 1 Send Emai request comtanwy erroiment eretaten b MOM Pohaes Method 2 Send a SMS request contanng enrolment mitaten bak 5 apo Mankgamert Method k On Motte Device vat in webQromser Mitia loud erion oint coniro chovhegster Aca feel SKPM 1556 INO Cerbcate Seta Aggie Android KMM Sep Googie Method 1 Send E nai request ink ontanng the customand EFP Cent installation package Metod J Serd SM regat bk Contarwg the Gattorened FPP Chet reultan package lal Ona Temporary Password Method 2 On Monde Deuce vst n web Qraese hing Soud endtomayoterty com mebde oho regster jancrod ed KEM 1556 E Reports and Analyses A Nets no jneeie ARA Ee a Ba ne One Time Codes System Maimenancte Results Q
61. ges mciures sudo notes and video mes vende WhatsApp Inc Offline Temporary Password 28 7 E Reports and Analysis Pecat Re A System Alerts r Directory Services i Appliance System Maintenance Fo pet adds please purchase Redemoteon Codes Fom the Apple Volume Purchase Program Copy the cudes tere Q System Configuration Copy Redemption Codes a System Parameters sven No Results F Make Codes Avantie Delete Selected Codes Endpoint Protector 4 Copyright 2004 2013 CoSoSys Lid Al nohis resetwed Ready Version 45 0 5 Appliance 100 Endpoint Protector Mobile Device Management User Manual After adding the redemption codes click Save The saved redemption codes will be listed under Edit App gt Redemption Codes m Yealcore Logout ENDPOINT 4 i E ee s as PROTECTOR Reporting and Administration Tool E a aoed Search Dashboard Ej Endpoint Management Desorption WhatsApp Messenger amp a cross platform smartphone messenger currently avaiable for Phone and al other smartphones The apphcaton utiizes push nobfications to instantly get messages from friends colleagues and family Svetch from SMS to exchange messages pictures audio notes and video mes Ce Endpoint Rights Vendor Whatsapp Inc me Verson 2 8 7 a Endpoint Settings Price 0 99 USD Q Contant Awara Protection EEPE PAIA m Mobile Device Management ition sate be Bw J Errol D Prevent backup of the anp data y
62. he EPP MDM set to ON as well Next to the ON a small compass needle icon is shown as well a ee ices E EPP mom 5 7 Pushing and Managing EPP MDM App to IOS Devices The EPP MDM App can be pushed and managed to any supported and managed IOS device For details how to push the EPP MDM App to an iOS devices check section 11 4 31 Endpoint Protector Mobile Device Management User Manual Pushing Apps to iOS Devices The Android Endpoint Protector MDM Client app is a free app for Android and available on the Google Play Marketplace here The Android EPP Client app is MANDATORY for use of Endpoint Protector MDM with Android devices The EPP MDM app for Android is compatible with Android devices using Android Version 2 2 Codename Froyo or newer The Android EPP Client app allows the Android device to provide Endpoint Protector MDM with management rights It also offers location data of the device to the Endpoint Protector Appliance in order to determine the current location of an Android device in case it is misplaced lost or stolen The Android EPP Client App is required for enrollment of an Android mobile device to an Endpoint Protector Appliance 33 Endpoint Protector Mobile Device Management User Manual 6 4 Install EPP Client App on Android and Enrolling Android Device After receiving the enrollment invitation E Mail or SMS click on the link provided in the E Mail or SMS 1 Choose to
63. hing for Apps is possible by entering the name of the App or by directly entering the App ID of an App e g the App ID for the EPP MDM iOS App is I1d570954584 The App ID is stated in the URL of an app when viewing the app details in a web browser e g https itunes apple com us app epp mdm 1d570954584 For either type of search select Using search term or Using iTunes App ID as ERNOD n Reporting and Administration Tool BR Dashboard E Endpoint Management Re Endpoint Rights O Content Aware Protection Select icon Title Vendor Version Description Jal Mabile Device Management eo EPP MDM CosSaSys 1006 Enapant Preeecnse Wotan Desce Management prowedies complete KS enterprese mon OG Faw Marauerners APNS Certificate Setup Angir GCM Mays Setup Google Olfline Temporary Paeaword Reports and Analyses A paaa om Add selected Apps Directory Services E ven By Syren Maintenance Manage i05 Apps os kon Tile Vendor Version Description a amp EPP MDM CedaSys 1006 Frdpont Pretecser Vober Devier Management previdesas complete OS ente 2 System Configuration a System Parameters Support Tresult 190e per page Endpoint Protector 4 Copynght 2004 2013 CoSeSys Lid Al rights reserved 96 Endpoint Protector Mobile Device Management User Manual 11 1 2 Adding Apps to Managed Apps Catalog To add an App to your Managed Apps Catalog select the App from the Search Results an
64. icate Error Navigation Blocked Dai S ww There is a problem with this website s security certificate The security certificate presented by this website was not issued by a trusted certificate authority The security certificate presented by this website was issued for a different website s address Security certificate problems may indicate an attempt to fool you or intercept any data you send to t server We recommend that you close this webpage and do not continue to this website E Click here to close this webpage ki Continue to this website not recommended More information Done Internet Protected Mode Off 114 Endpoint Protector Mobile Device Management User Manual Continue your navigation by clicking x Continue to this website not recommended Now go to the Certificate file you downloaded from the Appliance Setup Wizard gt Appliance Server Certificate gt and install the Certificate Click the Certificate Error button just next to the IE address bar as shown By clicking the Certificate Error button a pop up window appears J ust click the View certificates in that pop up window Another pop up Certificate window will appear with three tabs namely General Details and Certification Path Select the General tab and then click Install Certificate button or go to Tools gt I nternet Options gt Content
65. il accounts on the mobile device Manage Display the list of all currently set e mail Device Refresh Accounts accounts on the mobile device Manage Display the list of all current contacts Device Refresh Contacts saved on the mobile device Installed Shows the list of installed apps after Apps Installed Apps selecting the Refresh Apps List option Remove Removes the selected application from Installed Installed Apps the list of installed apps and uninstalls iv Apps the application from the mobile device Shows the list of e mail accounts after Accounts Accounts selecting the Refresh Accounts Refresh i Google Accounts option Shows the list of contacts after selecting Contacts Contacts the Refresh Contacts option 4 l Shows the list of set profiles after Profiles Profiles selecting the Refresh Profile List option s History History Logs all device activity ii I E 9 Manage iOS Device For each operating system iOS and Android different Device Management features are supported and available For iOS the different management settings are stored as different profiles One iOS device can have multiple profiles stored on it 9 1 Security Settings Security Profile on IOS Enforcing the use of a password passcode is the most important feature on any device company or individually owned Protecting access to data on the device is the first task to protecting your iOS devices
66. ile Protection Deletion Passphrase ssseeee 45 7 2 3 Sending E Mail or SMS Enrollment Invitation iOS Android 47 7 2 4 SMS Enrollment Number Format iOS Android 47 7 2 5 E Mail Enrollment Invitation iOS Android 66606 48 7 2 6 SMS Enrollment Invitation IOS Android ccceee eee ees 49 7 2 7 iOS Mobile Device Enrollment over URL ccccceee eee es 50 7 2 8 iOS Mobile Device Enrollment through EPP MDM App 53 7 2 9 Android Device Enrollment ciciwcsranwcecrmndsanntncrweseneieoswanece 55 7 2 10 Bulk Enrollment assessssssrssrrsrrnrrsrrsrrrrrrrrrrrrrrerrrrrsrrn 55 8 Managing Mobile DeVICES cece eee eee 59 Bede WIOOIG DOVICS 5 LAL US cisccecccncnercecuenereecwenerceewenerceewenerceenenerss 61 8 1 1 Available Options cccccceeeeeeeeeeeseeeeeeeeseeeeeuueeeeteeeegaues 64 9 Manage IOS Device 1 ccc ece cece eee e eee e tenes 66 9 1 Security Settings Security Profile ON 1OS cccccee sees 66 9 1 1 Password Passcode Setting on iOS DeVICE 0000 67 9 1 2 Clear Passcode No more password required 00006 67 9 1 3 iOS Device Hardware Encryption cccccccceeeeeseeeeeeeeeees 67 9 2 Restrictions Restrictions Profile on IOS cc eee e eee eeees 68 9 2 1 The following iOS features can be restricted 00ee ees 69 9 2 2 The following Applications can be restricted 0e
67. ill be sent to the provided e mail address and the trial period for the feature will be activated Please make sure your Firewall will have domains cososys com and endpointprotector com whitelisted for you to receive all communication A yearly subscription can be purchased to further use all the functionalities of the Mobile Device Management feature For Endpoint Protector Mobile Device Management to be able to manage your mobile iOS and Android devices the communication between the devices and the Endpoint Protector Appliance over an internet connection is vital Management actions need to arrive at your device either by a data connection like 3G in case of an iPhone or over an internet connection if the device does not have a data connection like an iPad with Wi Fi only an Android tablet or a MacBook For the management actions to arrive at the device the actions are send using for iOS devices the Apple Push Notification Service short APNS and for Android device the Google Cloud Messaging Service short GCM To simplify the setup of your Endpoint Protector MDM service the Endpoint Protector Cloud is communicating between your Endpoint Protector Appliance the Administration and Management Server and the Apple and Google Services with your devices Mobile devices respond directly to Endpoint Protector MDM Cloud Service APNS Apple Push Notification Service Actions jai ia n il Notifications TN i tay a Endpo
68. ime m Allow javascript on Safari E Allow managed docs in unmanaged Apps __ Allow screen capture Allow popups on Safari E Allow unmanaged docs in managed Apps E Password History 0 _ Allow Passbook while device locked Safari fraud warning Allow OTA PKI updates E Grace Period minutes 0 Allow sync while roaming F iCloud Limit ad tracking w Max Failed Password Retries 0 Allow voice dialing Allow iCloud backup Supervised Devices Restrictions 4 A E Allow iCloud document sync Allow AirDrop Enable Disable Allow In App Purchase l E Require iTunes Store password E Allow photo stream Allow Account Modification Allow multiplayer gaming im Allow shared photo streams Allow App Cellular Data Changes ua Allow adding Game Center friends m Security and Privacy Allow user generated Siri content C Allow sending diagnostic data Allow changes to Find My Friends E Allow untrusted TLS certificate E Allow Host Pairing F Force encrypted backups E Allow iBookstore F Content Rating __ Allow Game center E Allo licit content EE EEn oa Allow iMessage Allow App Removal us G Save Back After you made the settings to the Policy click Save Note If you select iOS7 and newer as your Operating System version but actually the devices Operating System is older than iOS6 the iOS7 Restrictions an
69. ing the device type if Known in this step is of advantage due to a lesser chance that the user will select the wrong option For iOS device in the device enrollment step as previously described it is important to set the Profile Protection settings 7 2 4 SMS Enrollment Number Format iOS Android When sending SMS enrollment invitations it is essential to send them using the correct number format The correct number format is 401112345678 Country code followed by area code and number No or zeroes are required in front of the country code At all time a country code is required in case of US or Canadian numbers it is a 1 for Germany it is 49 etc 48 Endpoint Protector Mobile Device Management User Manual 7 2 5 E Mail Enrollment Invitation IOS Android The device user can receive an enrollment invitation on the actual device and access the included URL which includes already the MDM ID and OTC to enroll the device Or if the e mail is received with a desktop e mail client the user can scan the containing QR Code in the e mail which includes already the MDM ID and OTC or access the included URL by typing it in the browser on the mobile device Below is shown an enrollment invitation e mail on an iOS device To CoSoSys SRL gt Mobile Device Enrollment Request 20 Oktober 2012 12 38 s SETI Hello In case the e mail invitation is sent to an unknown device type it is important that
70. int Protector Endpoint Protector MDM F lt 5 MDM Cloud Service available as e27 Virtual or Hardware Appliance or Amazon Web Services EC2 GCM Google Cloud Messaging For the communication to work between your mobile devices and Endpoint Protector it is required that you setup the APNS and GCM settings as described in the following steps 6 Endpoint Protector Mobile Device Management User Manual 3 1 Supported Operating Systems and devices The supported mobile device operating systems are e iOS7 iPhone and iPad 1 0S6 iPhone and iPad i0S5 i0S4 e Android 2 2 Codename Froyo or newer versions A list of supported Android mobile devices is not provided due to the large number of devices from different manufacturers In general Android devices with Android Operating version 2 2 and newer are supported 4 MDM Setup APNS Apple amp GCM Google Android Before you can use the Endpoint Protector MDM features for IOS and Android different settings are required for you to make The following steps describe the steps and settings needed to be able to communicate between your mobile devices and Endpoint Protector 8 Endpoint Protector Mobile Device Management User Manual 4 1 Setup of APNS for iOS 4 1 1 What is an Apple APNS Certificate and why do I need it In order to use the MDM features provided for iOS an Apple Push Notification Service short APNS certificate is required by Apple Inc Recei
71. ion Mobile Devices gt Manage Devices gt Refresh Contacts Security Policy Lock Wipe Device Settings Manage Device Manage WiFi Manage Mail Installed Apps Accounts Contacts Profiles History Play Sound on Device Refresh Device Details Refresh App List This feature plays a sound on the device to make itt This feature will read current device details This feature will update the list of installed apps easier to find it if misplaced Note Results are displayed inside the Installed Apps tab Play Sound Get Device Details Get App List Refresh Google Accounts Refresh Accounts Refresh Contacts This feature will refresh This feature will refresh This feature will refresh the list of Google Accounts the list of Phone Accounts the list of Contacts Get Google Accounts Get Accounts Get Contacts 10 12 Get Accounts on Android Mobile Devices gt Accounts The tab Accounts Lists all accounts used on an Android device To retrieve the list of Accounts on the device the Endpoint Protector Administrator can request the list by clicking Get Accounts under the option Mobile Devices gt Manage Devices gt Refresh Accounts 93 Endpoint Protector Mobile Device Management User Manual 10 13 History of Android Device Actions Mobile Devices gt History In the History tab a record of actions send to an Android device are saved and the corresponding results is shown as well The result can be executed er
72. ions iCloud is a service where almost all data on an iOS device is uploaded to Apple Servers Some companies might choose to restrict the use of iCloud due to regulatory requirements compliance requirements data protection concerns or Simply privacy concerns Allow iCloud backup Allow iCloud document sync Allow photo stream Allow shared photo streams Disallow photo stream can cause loss of data that was part of photo stream 9 2 4 Security and Privacy Restrictions Allow sending diagnostic data Allow untrusted TLS certificate Force encrypted backups when backing up iOS device to a computer 9 2 5 Content Rating Restrictions Allow explicit content 71 Endpoint Protector Mobile Device Management User Manual 9 2 6 1OS7 Restrictions Allow fingerprint for unlock Allow Lock Screen Control Center Allow Lock Screen Notifications Allow Lock Screen Today View Allow managed docs in unmanaged Apps Allow unmanaged docs in managed Apps Allow OTA PKI updates Limit ad tracking 9 2 7 Supervised Device Restrictions d a Allow AirDrop Allow Account Modification Allow App Cellular Data Changes Allow User Generated Siri Content Allow changes to Find My Friends Allow Host Pairing Allow iBookstore Allow Game center Allow iMessage Allow App Removal Remote IOS Lock of Device Mobile Devices gt Lock Wipe gt Lock Device Security Policy Lock Wipe Device Settings M Lock Device Lock Devic
73. ir Aer hioi Pasir ane Qecared for Rimana Tontas List MRS SA OSES si orot To add the selected contacts to the sending queue click on Add To Sending Queue button List of Mobile Device Management Bulk Enrollment Contacts Show all departments Important Notice Q Please select the Mobile Device Type and Default Profiles Protection Type when importing pasting contacts since the Enrollment Requests will contain these information If the contact contains both an E mail address and a phone number the request will be send to the E mail address Sending Enrollment Requests to the maximum accepted entries in the sending queue will take up to 1 hour depending on the number of selected contacts Results a EAn Type Contact E mail Phone Actions F John A john company com 0740000 4 iris id Mark B mark company com 07 400000 yi is E Paul C paul example com 07420000 PLETI a Dan D dan example com 07400000 ole 4results zf per page 4 Add To Sending Queue Delete Contacts Import contacts list ili Select Mobile Device Type iOS Apple Android Unknown Profiles Protection Always Allow Removal Never Allow Removal Passphrase Required for Removal Browse for the import file No fe seiecini O Download sample file Bulk Enrollment xls Sample G Upload Paste Contacts a Select Mobile Device Type iOS Apple Android Unknown Profiles Protection Always Allow Rem
74. itation and clicked on the included link a confirmation page will be displayed in his browser auto filled with the MDM ID and OTC keys s Orange cloud endpointprotecto Googe 12 19 2 93 m gt 2 m B After clicking on the Connect button the user receives an Endpoint Protector profile for download which must be further installed on his mobile device 51 Endpoint Protector Mobile Device Management User Manual cloud endpointprotecto a eS Authentication Step Completed Fita eee eee ee oe ee gt es eS eee FT AWN BTN ETS OF VNV The user has to click on Endpoint Protector Profile to continue The Profile has been generated at this step and is ready for installation Note The profile is valid from this point on for two 2 hours If the enrollment process is at this point interrupted for more than two hours the enrollment process has to be repeated from the start Next the user must click on the Install button for the installation of the Endpoint Protector Profile range a m e eie Cancel MAE E Endpoint Protector CoSoSys OVerified Description Endpoint Protector Enrollment Profile Signed endpointprotector com Received 04 04 2012 Contains Certificate Mobile Device Management _ More Details In case the iOS device has already a passcode password set to access the device the user is asked to access the pass
75. ject will let you s Use Google APIs beyond anonymous limits Monitor API usage and control API access e Share API management with a team Create project 2 In the left menu on the Google APIs Console Site go to Services mail Calendar Documents Ph Google apis API Project 7 A Team API Access Billing ay Reports Quotas 23 Endpoint Protector Mobile Device Management User Manual 3 Make sure the following two Google Services have ON status green e Google Cloud Messaging for Android e Google Maps API v3 To enable these two services toggle it to the status ON Google will ask you to agree to their Terms of Service End User License Agreement Gmail Calendar Documents Photos Sites Groups Search More v v Se Google apis API Project v All 51 Active 2 Inactive 48 Google Cloud Platform Overview i All services Services Select services for the project Team Service Status Notes API Access Billing Google Cloud Messaging for Android EN Reports T Google Maps API v3 oe kl Courtesy limit 25 000 requests day Pricing Quotas 4 You can now locate your API key in the left menu on the Google APIs Console Site under API Access gt Simple API Access gt API key The API key has the following format Example API key ExamplE67QWuu26 5j6WEEfWqgqYYouW1408 7 Google apis API Project X API Access Overview To provers abuse Services Authorized AP Access API Access A
76. lay Sound on Device Refresh Device Details This feature plays a sound on the device to make it easier to find it if misplaced This feature will read current device details Play Sound This function will ask the Android devices for its latest details and display them in the Mobile Device Information section This function is particularly useful if all device information is not displayed after enrollment 10 9 Refresh App List for Android Mobile Devices gt Manage Device gt Refresh App List Security Policy Lock Wipe Device Settings Manage Device Manage WiFi Manage Mail Installed Apps Accounts Contacts Profiles History Play Sound on Device Refresh Device Details Refresh App List This feature plays a sound on the dewice to make it This feature wil read current dewice details easier to find it if misplaced This feature will update the list of installed apps Note Results are displayed inside the Installed Apps tab Play Sound e Get Device Details Get App List G This function by clicking Get App List will ask the Android device for a list of all the apps installed on the Android device The list of all installed Apps is shown in Endpoint Protector MDM at Mobile Devices gt Installed Apps 91 Endpoint Protector Mobile Device Management User Manual 10 10 Installed Apps on Android Mobile Devices gt Installed Apps The List of Apps installed on the Android device lets the Administrator
77. le Device Management MDM from step 2 below A Endpoint Settings Step 1 Fill in this form below with your company information for a CSR Content Aware Protection CoSoSys as authorized MDM vendor will sign for you a Certificate Signing Request CSR in this step You will need this in the next step when contacting Apple Mobile Device Management Mare me Company Name Your Company Enroll Devices i Mobile Devices Simna your email yourcompany com aes Country United States APNS Certificate Setup Apple State or Province Name New York GCM Maps Se Google E e Location City New York City Offline Temporary Password Download signed CSR Reports and Analysis Step 2 Request your signed certificate for APNS from Apple A System Alerts Apple will sign the certificate for your company to be used with Apple Push Notification Services APNS and will link the certificate to your Apple ID EJ Directory Services System Maint Visit this dedicated Apple website for this here https identity apple com pushcert log in with your Apple ID and follow the steps to obtain your certificate for APNS At this step provide Apple with the certificate you have downh em Maintenance 1 above Q System Configuration Step 3 Upload certificate signed by Apple s Dedi eet i Upload now the signed certificate you received from Apple at step 2 above to doud endpointprotector com in order to enable Mobile Device Management for iOS O Support Bro
78. led Disabling an option feature will result in the option feature being disabled from the iOS device A practical example would be for the Administrator to disable the use of FaceTime After the restriction policy is received by the iOS device the FaceTime app icon and all FaceTime related options under Settings are removed see screenshots below The iOS device user has no option anymore to access or use the FaceTime feature Set Restriction Policy SIEISSE SS SES All Applications iOS 7 Restritions Device Functionality Allow YouTube Allow fingerprint for unlock Allow installing apps Allow iTunes Allow Lock Screen Control Center Allow Siri Allow Safari Allow Lock Screen Notifications Allow Siri while device locked Allow Safari Auto Fill Allow Lock Screen Today View Allow use of camera Allow javascript on Safari Allow managed docs in unmanaged Apps Allow popups on Safari Allow unmanaged docs in managed Apps Allow screen capture Safari fraud warning Allow OTA PKI updates Allow Passbook while device locked iChoud Limit ad tracking Allow sync while roaming Allow iCloud backup Allow voice dialing Allow iCloud document sync Allow In App Purchase Allow photo stream Require iTunes Store password Allow shared photo streams Allow multiplayer gaming Security and Privacy Allow adding Game Center friends Aiku non ad Allow untrusted TLS certificate Force encrypted backups Content Rating Allow explicit content
79. left menu on the Google Site above under API Access gt Simple API Access gt API key c Make sure the following two Google Services have ON status green Google Cloud Messaging for Android and Static Maps API To enable these two Services Google will ask you to agree to their Terms of Service End User License Ai Reports and Analysis A System Alerts Google API Key ExamplE67QWuu26 5j6WEEfWqgqYYouW 1408 7 Save API key EJ Directory Services z Step 3 Enter Google Proiect Number System Maintenance Please enter the Google Project Number you have located at Google APIs Console gt Overview gt Project Summary gt Project Number om system Configuration Google Project Number a System Parameters O Support Save Project Number After entering copying the API Key click Save API Key Now enter the Google Project Number and click Save Project Number After completing these steps you can start enrolling Android devices to Endpoint Protector Mobile Device Management 25 Endpoint Protector Mobile Device Management User Manual 4 2 6 Google C2DM C2DM for Android is not supported by Endpoint Protector anymore 5 IOS EPP MDM App The EPP MDM iOS app is a free app for iOS available on the Apple App Store The EPP MDM app is compatible with iPhone and iPad It is an optional app and not a necessity for use of Endpoint Protector MDM for iOS The EPP MDM app has two functions one to locate the
80. matically deploy and use company VPN settings and policies without having to manually add the settings on the device 9 18 History of IOS Devices Actions Mobile Devices gt History In the History tab a record of actions sent to an iOS device are saved and the corresponding results are shown as well The result can be executed error failed or pending Security Policy Lock Wipe Phone Phone m iPhone lt Phone mesa iPhone iPhone Device Settings Manage Device Manage WiFi Manage Mail Installed Apps Accounts 15results 50 per page Action WifiSettinas MailSettings VoiceRoami WifiSettings ProfileList MailSettings WifiSettings MailSettings WifiSettings GetDeviceinfo GetDeviceinfo g tus COCCCCOCOOCOCCOOCECOE Result Message Error CommandFormatError Executed CommandFormatError Executed Executed Executed Executed 9 19 Contacts and Accounts Tab on Mobile Devices gt Contacts Contacts Profiles History Event Time v 19 October 2012 16 58 19 October 2012 16 35 19 October 2012 16 34 19 October 2012 16 32 19 October 2012 16 31 19 October 2012 16 30 19 October 2012 16 30 19 October 2012 16 30 19 October 2012 16 30 19 October 2012 16 30 19 October 2012 16 28 19 October 2012 16 28 19 October 2012 16 28 19 October 2012 16 26 19 October 2012 16 24 IOS Devices 82 Endpoint Protector Mobile Device Management User Manual Mobile Devices gt Accounts
81. n Status Actions Phone Se unknown Iphone3 1 MC603RR tems 5 1 1 20 October 2012 11 57 TA U Samsung GT 19100 unknown Samsung GT 9100 gt 4 0 3 20 October 20128 51 PAD Pad unknown Ipad1 1 MB292LL 5 0 1 Al Phone company lphone3 1 MC603RR _ SL 6 0 19 October 2012 17 38 TA DJ 4results 50 per page In the column Status the current mobile device status is shown if know to Endpoint Protector Registered means the device is currently managed and Endpoint Protector MDM can communicate with the device Applies to both iOS and Android devices MobileProfileRemoved means the device is no longer managed Either the device user has directly on the device removed the Enrollment Profile or the Endpoint Protector Administrator has remotely removed the Enrollment Profile from the device to unmanage it Applies to iOS devices DeviceAdminDisabled means the device is no longer managed Either the device user has directly on the device removed the EPP Client app or the Endpoint Protector Administrator has remotely removed the EPP Client app from the device to unmanage it Last Seen is the time and date when the device has last time communicated with the Endpoint Protector MDM 62 Endpoint Protector Mobile Device Management User Manual Selecting the Manage Device option for a mobile device will open the Manage Device page containing different options to manage the selected device
82. nd CoSoSys disclaims any warranties to that effect to the fullest extent permitted by law 2004 2014 CoSoSys Ltd Endpoint Protector My Endpoint Protector are trademarks of CoSoSys Ltd All rights reserved Windows is registered trademark of Microsoft Corporation Android is registered trademark of Google Inc Macintosh Mac OS X iOS MacBook are trademarks of Apple Corporation All other names and trademarks are property of their respective owners
83. ndpoint Protector Mobile Device Management User Manual Note We recommend performing these steps on a Safari or Mozilla Firefox browser Use of Internet Explorer for this step is known to cause the process to fail 1 In the Endpoint Protector Administration Interface go to Mobile Device Management and select APNS Certificate Setup Apple setup 2 Renew your APNS Certificate before it expires by checking the expiration date as mentioned in the interface 3 Follow the same steps as you have in the initial enrollment process Click on the Download signed CSR to get the Code Signing Request CSR file signed by CoSoSys Save it on your computer 4 In a different browser window Firefox or Safari browser not Internet Explorer open the following link to the Apple Push Certificates Portal https identity apple com pushcert 5 Login to the Apple Push Certificates Portal using your Apple ID previously used to request an APNS Certificate and follow the steps provided there 6 Click Renew iTunes Support Apple Push Certificates Portal Certificates for Third Party Servers Service Vendor Expiration Date Status Mobile Device Management CoSoSys SRL Feb 21 2013 Active Revoking or allowing this certificate to expire will require existing devices to be re enrolled with a new push certificate About Apple Push Certificates Portal Create and manage push certificates that enable your third party se
84. ndroid device e Password Quality The following settings can be chosen from O No requirement Any Numeric Alphabetical Alphanumeric e Min Password Length Minimum number of digits e Max Time To Lock seconds If Android device is not used the device will lock request password to access again after set number of seconds e Max Failed Password Retries Means the number a user can enter a wrong password until the device will wipe all data and reset itself In case of reset the device Is wiping its entire data and is reset to a factory default All data on the device is erased and cannot be recovered e Ask User to change password Checking this option will prompt the device user to change from current password to a new password To apply the password Policy to the device make the selection and click Apply 85 Endpoint Protector Mobile Device Management User Manual 10 1 2 Device Password Mobile Devices gt Security Policy gt Device Password Security Policy Lock Wipe Device Settings Manage Device Manage WiFi Manage Mail aled Apps Accounts Contacts Profiles History Set Security Policy Current Security Policy Password Quality Alphanumeric f Password Password Quality No requirement Min Password Length 5 i Min Password Length 0 Max Time To Lock sec 60 Max Time To Lock sec 0 Max Failed Password Retries 10 gt Max Failed Password Retries 0 Ask User to change password O
85. nt Protector Mobile Device Management User Manual 9 7 Voice Roaming on iOS Mobile Devices gt Device Settings gt Voice Roaming Security Policy Lock Wipe Device Settings Manage Device Manage WiFi Manage Mail Ins Device Ownership Voice Roaming Unknown f This feature will enable disable voice roaming on i the mobile device Personal Note This option is carrier dependent meaning that the carrier has to make the change of this setting Company Enabie Disable E Save G The option Voice Roaming can be set to allow a device to have voice roaming enabled while outside of range of the default cellular network This setting can in some cases also bed dependent on the cellular network provider It might be required depending on the cellular subscription if voice roaming has to be activated first for the subscription before it can be enabled or disabled through Endpoint Protector 9 8 Data Roaming on IOS Mobile Devices gt Device Settings gt Data Roaming Security Policy Lock Wipe Device Settings Manage Device Manage WiFi Manage Mail Installed Apps Accounts Contacts Profiles Hisi Device Ownership Voice Roaming Data Roaming Unknown This feature will enable disable voice roaming on This feature will enable disable data roaming on the E the mobile dewice mobile dewice Personal w Note This option is carrier dependent meaning that the carrier has to make the change of this setting Enable
86. ntime e Grace Period minutes Means the time a user has to make a change to the password or to initially set a password after the device receives the security policy e Max Failed Password Retries Means the number a user can enter a wrong password until the device will wipe all data and reset itself In case of reset the device Is wiping its entire data and is reset to a factory default All data on the device is erased and cannot be recovered 9 1 2 Clear Passcode No more password required Using the option Clear Passcode the current device password will be set to be empty hence the device can be unlocked without entering a password This feature can be helpful in case the device is damaged and a password cannot be entered through the device itself 9 1 3 iOS Device Hardware Encryption When the password code for an iOS device is set the iOS device is automatically using its built in hardware encryption in order to protect data on the device in case it is lost or stolen We recommend setting a complex password in the security policy in order to have maximum protection 68 Endpoint Protector Mobile Device Management User Manual 9 2 Restrictions Restrictions Profile on IOS Mobile Devices gt Security Policy gt Set Restriction Policy In order to use an iOS according to a company policy the Endpoint Protector Administrator can choose what options features to allow to be used on the iOS device or to be disab
87. ny Google account https cloud google com console Please note that the old method can still be used by those who prefer it over the new When you log in with your Google account to the console you have the option to revert to the old style To set up GCM with the old method see paragraph 4 2 4 and 4 2 5 Google Projects PROJECT ID REQUESTS 1 ERRORS CHARGES 1 If you login to the Google Cloud Console for the first time you will be asked to CREATE PROJECT Select this option and give the project a name The Project will be given a Project Number by Google which you also need to enter in the Endpoint Protector interface as described in the next paragraph Google c AP Project 0 0 0 00 19 Endpoint Protector Mobile Device Management User Manual 2 In the left menu go to APIS amp auth gt APIs Google Cloud Cc lt My Cloud Project Overview APIs amp auth APIs Registered apps Consent screen Notification endpoints Permissions Settings Support 3 Make sure the following three Google Services have ON status green e Google Cloud Messaging for Android e Google Maps API v3 e Static Maps API To enable these three services toggle it to the status ON Google sole Qai c My Cloud Project NAME 20 Endpoint Protector Mobile Device Management User Manual 4 Register a new APP Give it a name and select the Web Application platform Google o Samca
88. obile Device Management User Manual 8 Download now the Certificate from the Apple Push Certificates Portal to your computer iPhone iTunes Support Apple Push Certificates Portal Certificates for Third Party Servers Service Vendor Expiration Date Status Mobile Device Management CoSoSys SRL Feb 21 2013 Active Revoking or allowing this certificate to expire will require existing devices to be re enrolled with a new push certificate About Apple Push Certificates Portal Create and manage push certificates that enable your third party server to work with the Apple Push Notification Service and your Apple devices Learn more about Mobile Device Management MDM push certificates created in the iOS Developer Enterprise Program have been migrated to the Apple Push Certificate Portal Learn more about MDM push certificate migration Shop the Apple Online Store S00 MY APPLE visit an Apple Retail Store or find a reseller Apple Info Site Map Hot News RSS Feeds Contact Us t Copyright 2012 Apple Inc All rights reserved Terms of Use Privacy Policy 16 Endpoint Protector Mobile Device Management User Manual 9 The APNS certificate from the previous step has to be uploaded to the Endpoint Protector My Endpoint Protector MDM Setup Step 3 Upload certificate signed by Apple Upload now the certificate you received signed from Apple in step 2 above to cloud endpointprotector com in order to enable Mobile D
89. oint can call and be called It generates and terminates the information stream Client refers to the client user who is logged in on a computer and who facilitates the transaction of data Rights applies to computers devices groups users and global rights it stands for privileges that any of these items may or may not possess Online computers refers to PC s Workstations and or Notebooks which have Endpoint Protector Client installed and are currently running and are connected to the Endpoint Protector server Connected devices are devices which are connected to online computers Events are a list of actions that hold major significance in Endpoint Protector There are currently 17 events that are monitored by Endpoint Protector Connected the action of connecting a device to a computer running Endpoint Protector Client Disconnected the action of safely removing a device from a computer running Endpoint Protector Client Enabled refers to devices the action of allowing a device access on the Specified computer s group s or under the specified user s Disabled refers to devices the action of removing all rights from the device making it inaccessible and therefore unusable File delete a file located on a portable device has been deleted 10 Support In case additional help such as the FAQs or e mail support is required please visit our support website directly at http w
90. op company c Mail Server emip company IMAP Path Prefix imap company Port Port User Display Name Demo User Username demo compan Username emo company Email Address emo company Auth Type FEA m Auth Type None Allow Move Password eeeeee Password ETITI Use SSL Use SSL rr Use incoming password Disable Address Syncing i Use only in Mail F Apply O The Endpoint Protector Administrator can apply E Mail settings to an iOS device This can be used for iOS devices to automatically use company e mail accounts and settings without having to manually add the settings on the device 9 16 1 Wipe E mail Settings E mail Profile can be removed to wipe company E Mail Content and Settings while personal E mail accounts and content remain untouched 81 Endpoint Protector Mobile Device Management User Manual 9 17 Manage VPN on iOS Mobile Devices gt Manage VPN Security Policy Lock Wipe Device Settings Manage Device Manage Wifi Manage Mail Manage VPN Apps Installed Apps Profles History VPN Settings Connection Name Demo VPN Auth type Password Proxy Settings Manual Connection Type L71P Server Username Provider Custom Account Name Password Proxy Type Password Proxy Serwer all traffic C Proxy Server Port Shared Secret Proxy Settings Auto Proxy Serwer URL Apply O The Endpoint Protector Administrator can apply VPN settings to an iOS device This can be used for iOS devices to auto
91. open the link with the default browser on your Android device Complete action using Dalphin Browser Beta OF Internet In this case screenshot above the choice for native browser is the option Internet not the Dolphin or any other browser that might be installed on your Android device 2 The web browser will open the enrollment site that already includes your registration data consisting of an MDM ID and your One Time Code OTC ike E https etoud endpoii f E Click Connect to proceed 34 Endpoint Protector Mobile Device Management User Manual 3 In the next step the device user has to click on the Endpoint Protector Client link Then a download of the EPP Client App will start We x 4 The download of the eppclient apk name of the EPP Client Android app download file should finish rather fast depending on your data connection speed since the eppclient apk is small w Screenshot captured eppclient apk 35 Endpoint Protector Mobile Device Management User Manual 5 Locate now the eppclient apk in the download folder on your device CPT LS ee Fa Today eplpeot esr apk I r IRTIR triti fi F o F Lasi monin Son by size 6 Click on the eppclient apk and select Install The EPP Client will start to install itself on the Android device de Be PF EPP Client P Chent Gp mnu wamni Do ied ll Tih application
92. oval Never Allow Removal Passphrase Required for Removal Contacts List Maximum 500 contacts at once A In case both e mail and telephone number is given the enrollment invitation be sent via e mail Sending all the invitations might take up to one hour depending on the number of selected contacts will 58 Endpoint Protector Mobile Device Management User Manual To view the pending enrollments click on the Check Sending Queue link List of Mobile Device Management Bulk Enrollment Contacts Show all departments G Added selected contacts 2 in total to the Sending Queue A Current Sending Queue contains 2 entries maximum is 50 Important Notice Q Please select the Mobile Device Type and Default Profiles Protection Type when importing pasting contacts since the Enrollment Requests will contain these information If the contact contains both an E mail address and a phone number the request will be send to the E mail address Sending Enrollment Requests to the maximum accepted entries in the sending queue will take up to 1 hour depending on the number of selected contacts Results All Type Contact E mail Phone Actions Paul C paul example com 07400000 LTA Dan D dan example com 07400000 oles 2results 20 per page A m 1 Add To Sending Queue Delete Contacts Import contacts list Select Mobile Device Type iOS Apple Android Unknown Profiles Prote
93. point Protector Mobile Device Management User Manual 11 Now you will see the message EPP Client Successfully registered to Google GCM or C2DM This means that your Android device is now enrolled ENDPONT GA oreca Location Accuracy Fine Location Cost Allowed Repon Lomein j Done 12 The settings Location Accuracy Fine or Location Cost Allowed can be selected Click Done to finish the enrollment process ENDPOINT GB irorecron Location Accuracy Fine Location Cost Allowed Ipon Locate These two settings are described in the chapter 10 5 1 Location Accuracy Fine on Android 10 5 2 Location Cost Allowed on Android Enrolling Mobile Devices means to establish the connection for communication and management between the Endpoint Protector Appliance and your mobile devices It is the process of inviting enrolling and connecting the device with your Endpoint Protector Appliance IOS enmlimeni Android enrolment To enroll mobile devices it is required to have the setup for either APNS for iOS or GCM for Android as described in chapter 4 MDM Setup APNS Apple amp GCM finalized If the Setup for APNS or GCM is not finalized the Endpoint Protector Appliance will not give you access to gt Enroll Devices 40 Endpoint Protector Mobile Device Management User Manual 7 1 Different Enrollment methods are available A mobile device can be enrolled by
94. point Protector Mobile Device Management User Manual 5 5 Installing the EPP MDM iOS App The EPP MDM app for iOS is available on the Apple App Store here https itunes apple com us app epp mdm id570954584 mt 8 Downloading and installing the application can be made directly on the iOS device by accessing App Store on the device and entering EPP MDM in the search bar The search result will show you EPP MDM by CoSoSys Click on the button FREE followed by INSTALL APP After that the EPP MDM app will be downloaded and installed on your device To start the EPP MDM app simply locate it on your iOS device home screen and click to start it Weather Passbook Ae r ed 9 63 Pd Reminders Clock Game Center Newsstand Settings Stocks EPP MDM Camera e LE wr Pm I Fn z pa UO AL Phone Mail Safari Music 30 Endpoint Protector Mobile Device Management User Manual 5 6 Allow Location Services for EPP MDM iOS App After starting the EPP MDM iOS app the user will be asked EPP MDM would like to use your current location The user has to select OK to allow Location Services If this setting is not made correctly to allow the IOS EPP MDM app will not be able to report location information This setting can be checked on the iOS device in the following location IOS device home screen gt Settings gt Privacy gt Location Services Location Services have to be set to ON and for t
95. pps from iOS DeVICES 00 eee ee 103 12 Policy Builder for iOS or Android Devices104 12 1 Create a Policy for iOS or Android DeVICES 0e eee ees 105 12 2 Assigning Devices tO POLICY c cece ce eee eee eeeeeeeeeeeeeeeenenees 106 13 Unmanage a Mobile Device Uninstall App 107 13 1 iOS Device Unmanage by Administrator over the air 107 13 1 1 iOS Uninstall Unmanage by User on Device 107 13 2 Uninstall iOS EPP MDM app cc cccccee cece eeeeeeeeeeeeeeneeees 108 13 3 Android EPP Client App Uninstall Unmanage Android Device108 V Endpoint Protector Mobile Device Management User Manual 14 Installing Root Certificate to your Internet BIrOWSED ccc ccccecceecceceeuneeneeaneuneeanennees 113 14 1 For Microsoft Internet Explorer scsi nancies 113 14 2 For Mozilla Fil ClOX ve ctsctucneiintenadivederdienduwrdinwdaeddinadairdd nad 121 15 Terms and Definitions 05 123 15 1 Server Related ccc cece ccc ce cece ececeeseeeeseseesusaeeutaneusunansaney 123 15 2 Client Related 0 cece ccc ccc c eee eee ceeeeseseesusaeeetannennnnnnana 124 MO SUP OE seenasccangreasesstscecaseerraceesensacns 125 17 Important Notice Disclaimer 126 In the last past years mobile devices have invaded business environments Personally owned or company owned smartphones and tablets are used on a daily basis by employees to store and have a
96. pt of the Apple issued and signed certificate is up to Apple Inc own discretion What is Apple APNS It is a certificate that is signed by Apple to clearly identify what iOS devices are communicating with your Endpoint Protector Appliance in order to be sure that only your company own devices receive commands from Endpoint Protector MDM gh m m a _ ae e7 me ig Mobile devices respond directly to Endpoint Protector MDM Cloud Service x Ca amp P 7 X hS a ae ONA CONFIG Notifications f Actions APNS Apple Push Notification Service Endpoint Protector Endpoint Protector MDM MDM Cloud Service available as Virtual or Hardware Appliance a or Amazon Web Services EC2 x CONFIG 7 Re ow a as w e ewe es ae M 9 Endpoint Protector Mobile Device Management User Manual 4 1 2 How to generate your Apple APNS Certificate The APNS Certificate can be generated in just a few simple steps from the Mobile Device Management APNS Certificate Setup Apple fe ENDPOINT j PEPENE a D PROTECTOR Reporting and Administration Tool English v p3 Dashboard Mobile Device Management APNS Certificate Enrollment Information gl Endpoint Management p Endpoint Rights To use Mobile Device Management features for iOS devices it is required that you follow the steps below for the setup and agree and comply to the Apple License Terms for Mobi
97. ror failed or pending Htc_europe HTC Wildfire S A510e SetMaximumTimeToLock O Success 24 October 2012 15 09 Htc_europe HTC Wildfire S A510e SetMaximumFailedPasswordsForWipe OQ Success 24 October 2012 15 09 Htc_europe HTC Wildfire S A510e SetPasswordMinimumLength O Success 24 October 2012 15 09 Htc_europe HTC Wildfire S A510e SetPasswordQuality Q Success 24 October 2012 15 09 Htc_europe HTC Wildfire S A510e AskUserChangePassword QO Success 24 October 2012 15 05 Htc_europe HTC Wildfire S A510e GetContacts QO Success 24 October 2012 15 05 Htc_europe HTC Wildfire S A510e GetAccounts O Success 24 October 2012 15 04 Htc_europe HTC Wildfire S A510e GetGoogleAccounts O Success 24 October 2012 15 04 Htc_europe HTC Wildfire S A510e GetinstalledPackages O Success 24 October 2012 15 04 Htc_europe HTC Wildfire S A510e GetDevicelnfo Q Success 24 October 2012 15 04 10 14 Manage WiFi Manage Mail Profiles on Android Mobile Devices gt Manage WiFi Mobile Devices gt Manage Mail Mobile Devices gt Profiles The tabs Manage WiFi Manage Mail and Profiles have no functionality associated with them for Android and show No Results This function is currently only supported for iOS devices The Mobile Application Management MAM feature in Endpoint Protector for iOS gives the Endpoint Protector Administrator the power to push Apps from the App store on managed iOS devices The feature in the current version supports paid and free apps li
98. rver to work with the Apple Push Notification Service and your Apple devices Learn more about Mobile Device Management MDM push certificates created in the iOS Developer Enterprise Program have been migrated to the Apple Push Certificate Portal Learn more about MDM push certificate migration Shop the Apple Online Store S00 MY APPLE visit an Apple Retail Store or find a reseller Apple Info Site Map Hot News RSS Feeds Contact Us Copyright 2012 Apple Inc All rights reserved Terms of Use Privacy Policy 14 Endpoint Protector Mobile Device Management User Manual 7 After clicking Renew you are prompted to upload the Code Signing Request CSR from the previous step 3 that you saved on your computer Select your signed CSR and click Upload to the Apple Push Certificates Portal In just a few moments your certificate will be renewed and you see the Expiration date is updated a Store ET iPod iPhone iTunes Support Apple Push Certificates Portal Renew Push Certificate Enter your Certificate Signing Request signed by your third party server vendor to renew the following push certificate Service Mobile Device Management Vendor CoSoSys SRL i Shop the Apple Online Store 1 800 MY APPL E visit an Apple Retail Store or find a reseller Apple Info Site Map Hot News RSS Feeds Contact Us Copyright 2012 Apple Inc All rights reserved Terms of Use Privacy Policy 15 Endpoint Protector M
99. s Support Endpein Protector d Copyrigh 7004 3007 GoSe Rye LES AD righi cwasreed Ho Rckgiound Tasks Version 4103 4 Endpoint Protector Mobile Device Management User Manual 2 1 Activation of Mobile Device Management Feature Mobile Device Management comes as an optional feature with Endpoint Protector that requires a yearly based separate subscription based on the number of protected mobile devices By default the feature appears as deactivated inside the Endpoint Protector Reporting and Administration interface The Mobile Device Management feature requires an internet connection for the Endpoint Protector Appliance The feature can be enabled by simply selecting the Mobile Device Management option from the left side menu and clicking on the Enable Feature button Activating this feature will require a working Internet connection on Endpoint Protector Server Appliance Additionally the initiator of the activation request will have to provide several company details such as Company Name Contact Person Name and Contact Details which will be sent to the Endpoint Protector Licensing Server including Company name Contact Person Contact Details phone number and e mail CoSoSys will use this information only for validation purposes and it will not imply subscribing to any newsletter or sharing it with any third party Once the request was processed and approved the feature will be enabled by the CoSoSys Team A notification w
100. s Manage Device edit Hide Show and Delete A Manage Hide Delete Device 60 Endpoint Protector Mobile Device Management User Manual The Manage Device option allows the Administrator to separately manage an already enrolled device and enforce different settings to the device such as security settings specifically for the selected device The Hide option once selected will remove the mobile device from the list without deleting the mobile device history or uninstalling unmanaging the device A hidden device can be added again to the list of mobile devices by selecting the Show Hidden Devices gt Yes gt Apply Filter option from the available Filter option Filter Name Phone Number Show Hidden Devices yes i 5 Reset QO Apply filter The Delete option once selected by the Administrator will delete a device and the corresponding history and logs from Endpoint Protector Appliance We recommend not to Delete a device not before it was unmanaged To unmanage a device please check the section 13 Unmanage a Mobile Device in this manual Note We recommend using the Hide option instead of deleting the mobile device in order to keep the mobile device history for later auditing 61 Endpoint Protector Mobile Device Management User Manual 8 1 Mobile Device Status Mobile Devices gt Filter v Results Type Name Description Ownership Username Model Carrier Phone Number OSVersio
101. s gt Manage WiFi Security Policy Lock Wipe Device Settings Manage Device Manage WiFi Manage Mail Installed Apps Accounts Contacts Profiles History WiFi Settings Service Set Identifier DemoSsID Enterprise Settings Proxy Settings Manual Auto Join Accepted EAP Types Username Hidden Network TLS Password Encryption Type WPA WPA2 TILS Proxy Server WiFi Password seeseesees LEAF Proxy Server Port Enterprise Wifi pear Proxy Settings Auto Proxy Type None e EAPFAST Proxy Server URL EAP SIM Accepted EAP Types Use PAC Provisioning PAC Provisioning PAC Anon Inner Identity PAP Authentication Username Per Connection Password User Password Outer ldentity Apply O The Endpoint Protector Administrator can apply wireless network WiFi settings to an iOS device This can be used for iOS devices to automatically connect to a WiFi access point without having to manually add the settings on the device 9 15 1 Wipe Wi fi Settings Wi Fi Profile can be removed to wipe company Wi Fi Settings while personal Wi Fi content remains untouched 80 Endpoint Protector Mobile Device Management User Manual 9 16 Manage Mail on iOS Mobile Devices gt Manage Mail Security Policy Lock Wipe Device Settings Manage Device Manage WiFi Manage Mail Installed Apps Accounts Contacts Profles Histo Mail Settings Account Description Demo User Incoming Mail Outgoing Mail Account Type IMAP Mail Server p
102. s users or computers Grouping any of these items will significantly help the server administrators to easily manage rights and settings for them Departments an alternative way to Groups to organize main entities devices users or computers which involves also the administrators of Endpoint Protector Mobile Device Management MDM a set of software and services that allow Organizations to closely monitor manage and secure employees mobile devices regardless of the different mobile service provders and mobile operating systems being used BYOD acronym that stands for Bring Your Own Device which refers to the new trend adopted by employees to take their own personal devices to work and directly interface to the corporate network 124 Endpoint Protector Mobile Device Management User Manual Apple APNs Certificate stands for Apple Push Notification Service and it is a certificate signed by Apple that enables the management of iOS devices by IT Administrators using available MDM software Provisioning refers to the process of providing mobile device users with appropriate access to all necessary enterprise resources and enforcement of company policies Enrollment for mobile devices it refers to the setup process for enabling Mobile Device Management for a specific mobile phone or tablet 15 2 Client Related Endpoint can be a Personal Computer a Workstation you use at the office or a Notebook An endp
103. s 21 Rivetng taks by remarkable people free to the worki The offical Free Educaton ay Support v iBooks Appie inc 31 Boats is an amazng way to downbad and read books Books nctudes t ree ok 4 SL gt S EPP MOM CoSoSys 1006 Endpont Protector Mob e Device Management provides complete OS ente ree Utetes J D Sf Pe Po E4 v Adobe Reader Adobe Systems inc 105 2 Adobe Reader is Me free trusted kader for retabiy viewing and ee Busness IJA v v Sresulis Sol per page 4 Puan af selected apps Add more Apps to ths bst Endpoint Protector 4 Copyright 2004 2013 CoSeSys Lid Al nghts reserved Ready Version 4305 Appliance Only Apps that have been added to the Managed App Catalog are displayed in this tab To push an app to a managed device click the 7 icon A message will show that the app has been pushed to the device After the app has been pushed to the device the user is prompted to install the app and to provide the iTunes account password associated with the device App Installation Install Note Apps can also be pushed from MDM policies Manage Apps tab 102 Endpoint Protector Mobile Device Management User Manual 11 4 1 Update Managed Apps Changing Settings In case a newer version of an app is available you can update it using the same steps as when pushing a new app to a managed device In case an update is pushed the user will be prompted to update the app In case of paid apps no new red
104. see what apps users have installed on their devices The list of apps installed on a device can be requested from the Android device and updated though the option Get App List as described in chapter 10 9 Refresh App List for Android Security Policy Lock Wipe Device Settings Manage Device Manage WiFi Manage Mail Installed Apps Accounts Contacts Profiles History 3results 50 per page In future versions of Endpoint Protector MDM more features for managing apps on iOS Devices will be introduced 10 10 1 Removing Installed Apps on Android The Endpoint Protector Administrator can send an action to the Android device and ask the device to remove the app from the device By clicking the amp Remove App button the request is sent to the device The Android device will now show the user that the device is supposed to be removed The user can oppose removal and simply deny this In this case the Administrator should send another request for removal Due to the Androids Operating System in the current scenario the App cannot be forcefully be unistalled 92 Endpoint Protector Mobile Device Management User Manual 10 11 Get Contacts on Android Mobile Devices gt Contacts The tab Contacts Lists all contacts that are saved in the address book of an Android device To retrieve the list of contacts on the device the Endpoint Protector Administrator can request the list by clicking Get Contacts under the opt
105. sted on iTunes App Store Support for enterprise apps will be released in the near future with an update The feature supports paid and free apps listed on iTunes App Store and enterprise apps that are developed in house Mobile Apps can be managed under the following option Mobile Device Management gt iOS App Management as EA aA p Reporting and Administration Tool ajm Dashboard E Endpoint Management cnguch itunes App Since p Endpoint Rights Search Search type Using search term County United States mh Endpoint Settings EEN ERA Content Aware Protection Satect ican Tile 4 tnr fm Mobile Device Management la ee EPP MDM CoSoSys Enroll Devices Mobile Devices GCM Maps Setup Google Offline Temporary Password Reports and Analysis System Alerts PITTOR aad t Directory Services Manage 10S Apps Appliance os Icon Title v Vendor Version System Maintenance a ay EPP MDM CoSoSys 1 0 0 6 System Configuration y 9 1 result 10 per page System Parameters Support Oi 6o DE ia e Q Search App Store Version Description 1 0 0 6 Endpoint Protector Mobile Device Ma Description Endpoint Protector Mobile Device Management provides com 95 Endpoint Protector Mobile Device Management User Manual 11 1 Adding Apps to your Managed Apps Catalog To add Apps search for the App in the iTunes App Store directly in the Endpoint Protector interface 11 1 1 Searching for Apps Searc
106. t User Manual 10 6 Play Sound on Device for Android cccccceeeeeeeeeeeeeeeeeees 89 10 7 Refresh Google Accounts for Android s sssesesererererererrrrrrn 89 10 8 Refresh Device Details for Android cccccceeeeeeeeeeeeeeeeees 90 10 9 Refresh App List for Android cancasascanttaasetovanesetokaeusadeseeawadees 90 10 10 Installed Apps on ANdrold ccccccceeeeeeeeeeeeeeeeeeeeeeeeeees 91 10 10 1 Removing Installed Apps on Androld cccceeeeeeeeeeees 91 TOL GEC COMEAGES OF AOI OIG eree EEE E 92 10 12 Get Accounts ON Android ccc ce ccce cece eeeeeeeeeeeeeeeeees 92 10 13 History of Android Device ACTIONS ccceeeeeeeeeeeeeeeeees 93 10 14 Manage WiFi Manage Mail Profiles on Android 93 11 Mobile Application Management MAM for yee ye eee een secede sane eases E eee sees 94 11 1 Adding Apps to your Managed Apps Catalog 00006 95 IL l Searching POF ADDS ssseice en wavacuassuedourmariaucisendaneneacececatanes 95 11 1 2 Adding Apps to Managed Apps Catalog cccceeee eee es 96 11 1 3 Adding Enterprise Apps to Managed Apps Catalog 96 11 2 Editing App Management OPTIONS ccccceeeeeeeeeeeeeeeeeeees 97 ToM MoJa PalG ADDS ear E TE EE A AEE T A 99 11 4 Pushing Apps to IOS Devices sesesersrersrsrsrsrerererrrrrrrrne 101 11 4 1 Update Managed Apps Changing Settings 05 102 11 5 Removing Managed A
107. t Ninja Free LAV Ie mamery eere p Fi y iF ae SCooOUNTS and syne 6 Click on Force stop and confirm the warning with OK ite Lo r IE ia ey il ffs App mifi i EPP Client ri Force stop IF you force stop an app it may Case ETS 111 Endpoint Protector Mobile Device Management User Manual WT 7 Now select Clear data ih App miia af EPP Client HUUKH lore S0RKA O08 4 D0KE 8 Now click Uninstall and confirm with OK the question if EPP Client Should be uninstalled B te i ih App miii Pe EPP Client Leiriailad 112 Endpoint Protector Mobile Device Management User Manual 9 A message will indicate Uninstall finished that the EPP Cient was now uninstalled from the Android device Click OK and the process is finalized FP EPP Client Uninstall tina her Attention Although the uninstallation can be performed by the user the Endpoint Protector Appliance will also be notified about the removal of the Android EPP Client App 14 Installing Root Certificate to your Internet Browser 14 1 For Microsoft Internet Explorer Open Endpoint Protector Administration and Reporting Tool IP address Your Appliance static IP Address example https 192 168 0 201 If there is no certificate in your browser you will be prompted with Certificate Error page like the screenshot below E Certif
108. te under gt Overview gt Project Number Google apis MDM CoSoSys 7 x Dashboard Overview Services Project Summary Service Status Team Name EO Google Cloud Messaging for Android WIE No known issues API Access Billing m Project Number 922E b5 Google Maps API v3 i818 No known issues Reports Project ID oe Quotas Owners you Current charges Click here to administer your billing settings Add them at Mobile Device Management gt GCM Maps Setup Google fe ENDPOINT k ER N AEE S arian lt PROTECTOR eportng an ministration 100 nglis v feo Dashboard Mobile Device Management Configure Feature al Endpoint Management Inf t es Endpoint Rights Note To use Mobile Device Management features for Android devices it is required that you provide an API key from Google Mobile Device Management for Android will not work without these settings This API key is also required t TA locations history for Android and iOS devices in the Locate Mobile Device View of Endpoint Protector using Google Maps A Endpoint Settings Step 1 Obtain API key from Google Content Aware Protection a Visit the following Google Site Google APIs Console and login with your company Google account amp Mobile Device Management b If you login to this Google Site for the first time you will be asked to Create project Select this option Enroll Devices Mobile Devices MDM Policies d You can now locate your API key in the
109. tem Parameters Vendor CoSoSys Version 1 0 0 6 swe Endpoint Protector 4 Copyright 2004 2013 CoSoSys Lid Af rights reserved Version 4 3 0 5 Appliance 99 Endpoint Protector Mobile Device Management User Manual 11 3 Managed Paid Apps Paid Apps require purchasing license keys through the Apple Volume Purchase Program The licenses which Apple calls Redemption Codes can be purchased here https vpp itunes apple com This option is available in the Endpoint Protector interface only for paid apps when selecting Edit App under the point Import Redemption Codes After redemption codes have been purchased from Apple they need to be introducted through copy pasting the redeption codes into the Endpoint Protector interface under the option Edit App gt Import Redemption Codes gt ENDPOINT y stowne Logout di PROTECTOR Reporting and Administration Tool Engk Q Fa Dashboard Endpoint Management Re Endpoint Rights A Endpoint Settings oO Content Aware Protectin _Acctsetecion hove Mobile Device Management Manage iOS Apps Erroll Devices Mobde Deses MOM Po Tite WhatsApp Messenger 105 App Management APNG Certificate 5 exTonor Whatsapp Messenger is a cross platform smartphone messenger currently avalabie for Phone and al other smartphones The app caton utilizes push notifications to instaritly get messages from friends colleagues and famdy Swatch from SMS to cent y exchenge messa
110. the user chooses the proper device type from the available link options for IOS and Android devices 49 Endpoint Protector Mobile Device Management User Manual 7 2 6 SMS Enrollment Invitation iOS Android The device user should receive the enrollment invitation SMS on the actual device and access the included URL which includes already the MDM ID and OTC to enroll the device through the native browser of the device In case of IOS it has to be accesses using Safari on the iPhone or iPad Below is shown an enrollment invitation SMS on an iOS device Messages 1837 Edit Call FaceTime Add Contact Text Message 17 07 2012 12 17 Enroll for iOS Device Management https cloud endpointprot t iobile phoriani ster iOS eid 50 Endpoint Protector Mobile Device Management User Manual 7 2 7 iOS Mobile Device Enrollment over URL Attention Enrollment of iOS devices should be done through the Safari browser on your iOS device or the iOS EPP MDM app from the App Store Using other web browsers to enroll your iOS device is not supported The enrollment of an iOS device requires a working Internet connection Wi Fi or 4G 3G 2G A 3G data connection is recommended for mobile devices This way the communication with the Apple Servers can be performed and the information about the mobile device can be further transmitted to the Endpoint Protector Appliance Server Once the user has received the inv
111. ther supported enrollment methods as described in the following paragraph 7 Enrolling Mobile Devices 12 Endpoint Protector Mobile Device Management User Manual 4 1 3 Renew an Apple APNS Certificate before expiration The Apple APNS certificate must be renewed periodically with Apple before its expiration date to avoid losing control over the managed iOS devices or having to re enroll all devices Please check the expiration date of your APNS certificate in the Endpoint Protector interface ENDPOINT 4 PROTECTOR Reporting and Administration Tool p3 Dashboard Mobile Device Manaaement APNS Certificate Enrollment Endpoint Management an Endpoint Rights RH Endpoint Settings G Your Apple APNS Certificate is already enrolled and it will expire on 12 Mar 2014 10 48 38 Content Aware Protection Your APNS certificate must be renewed with Apple before its expiration date Renewing it in time does not require you to re enroll devices Note if your APNS certificate expires is revoke or you create a new certificate each device will have to be re enrolled amp Mobile Device Management Enroll Devi Step 1 Fill in this form below with your company information for a CSR Mobile Devices MDM Polici CoSoSys as authorized MDM vendor will sign for you a Certificate Signing Request CSR in this step You will need this in the next step when contacting Apple APNS Certificate Setup Apple All fields are mandatory GCM Maps Se
112. time The MDM ID can be found in the Reporting and Administration web interface at Mobile Device Management gt Enroll Devices gt Mobile Device Management Information I ENDPOINT A i Ea i PROTECTOR Reporting and Administration Dashboard i Mobile Device Management Enroll Devices Endpoint Management CS Endpoint Rights Endpoint Settings Currently managing 3 Mobile Devices Content Aware Protection D 1 Sie oala Mobile Device Management Enrall Devices Mobile Devices 105 05 X Annie 43 Endpoint Protector Mobile Device Management User Manual These invitations in case of an unknown device type will include two different registration links for the different types of devices iOS and Android which ready include the MDM ID and OTC While the MDM ID is used for all enrolled mobile devices different OTCs must be used for enrolling each mobile device The Mobile Device Management feature comes with 10 pre generated OTCs available in the Enrollment window The Request More OTC option will allow the Administrator to generate more OTCs Once an E mail or SMS based invitation request is sent an OTC will be automatically assigned to the user requesting the enrollment of his device and it will be automatically removed from the list of available One Time Codes To verify which OTC was assigned to each device and user the administrator can click on the View Sent Invitations button which will displayed
113. tion Security Warning window pops up 122 Endpoint Protector Mobile Device Management User Manual Just click Get Certificate button and then the Confirm Security Exception button Add Security Exception lls lll You are about to override how Firefox identifies this site Legitimate banks stores and other public sites will not ask you to do this Server Location Se Get Certificate Certificate Status This site attempts to identify itself with invalid information Wrong Site Certificate belongs to a different site which could indicate an identity theft Unknown Identity Certificate is not trusted because it hasn t been verified by a recognized authority Permanently store this exception POEIER Close the browser and start it again h le 9 Google JETO Welcome Guest Login we ENDPOINT 4 ay a PROTECTOR Reporting and Administration Tool English v Here you can find a list of terms and definitions that are encountered throughout the user manual Appliance Appliance refers to the Endpoint Protector Appliance which is running the Endpoint Protector Server Operating System Databases etc Computers refers to PC s workstations thin clients notebooks which have Endpoint Protector Client installed Devices refers to a list of Known mobile devices ranging from iPhones and iPads to Android Smartphones and tablets Groups can be groups of device
114. tup Google Company Name Customer Ltd kg Offline Temporary Password E mail customer customer com E Reports and Analysis Country United States State or Province Name NY A System Alerts Location City NYC EJ Directory Services Download signed CSR System Maintenance Step 2 Request your signed certificate for APNS from Apple o System Configuration a System Parameters som Apple will sign the certificate for your company to be used with Apple Push Notification Services APNS and will link the certificate to your Apple ID Visit this dedicated Apple website for this here https identity apple com pushcert log in with your Apple ID and follow the steps to obtain your certificate for APNS At this step provide Apple with the certificate y Step 3 Upload certificate signed by Apple Upload now the signed certificate you received from Apple at step 2 above to doud endpointprotector com in order to enable Mobile Device Management for iOS Browse for APNS certificate signed by Apple Upload Endpoint Protector 4 Copyright 2004 2013 CoSoSys Ltd All rights reserved The APNS certificate can be renewed in just a few simple steps from the Mobile Device Management APNS Certificate Setup Apple in Endpoint Protector Note If your APNS certificate expires or is revoked it will result in unmanaged iOS devices To manage a device after an APNS certificate expires requires re enroll of the iOS device 13 E
115. up and resel Te ia ae LOCK B Late and tine 2 In Security select Device administrators and click on it i Device administrators Ww of denble dover sirara WnKnoWn sources Credential stonge rus ted eredentials Install from device storage Clear credentials 109 Endpoint Protector Mobile Device Management User Manual 3 Select EPP Device Admin and click Deactivate Ba B i I Bii fh Deviga mdirienishrainr amp Dewee timing rr EPP Gece Admin EPF Ahti Ciera EPP Devine Armin Erase all data Chenge the screen unlock password Sel pismami mies Monitor screen unlock attienvpts Lock roermen KACEY 4 A pop up will appear saying that the EPP Server will be notified To continue click OK A message saying EPP Client Device Admin disabled will appear i I B i i ich Device marinishaitors ee EPP Device Admin FPP Server will be noted Ok Cancel l Copied ta lighaard i EPP Giese Dente daa dieil i 110 Endpoint Protector Mobile Device Management User Manual 5 Now go to the Application menu on your Android device and locate EPP Client in the list of Applications Click on EPP Client ei Lo i Gi Sets ih Applica niais bom AP miia Sound Elemental Dis p ay ii Power saving ee ES File Explorer Storage Evernote Facebook Applications T Poona l Frui
116. urchase V Allow photo stream ed Require iTunes Store password W Allow shared photo streams m Allow multiplayer gaming v Security and Privacy Allow adding Game Center friends V Allow sending diagnostic data v Allow untrusted TLS certificate v Force encrypted backups W Content Rating Allow explicit content Set Settings Clear Password Set Settings 67 Endpoint Protector Mobile Device Management User Manual 9 1 1 Password Passcode Setting on iOS Device Mobile Devices gt Security Policy gt Set Security Policy The following Settings can be applied for the password passcode settings for an iOS device e Simple Value Example Password could be 1221 e Alphanumeric Password Example could be 123A e Min Password Length Minimum number of digits e Min Number Of Complex Chars Minimum number of complex characters Complex characters are for example amp etc e Max Password Age days Number of days for which a user can use the same password After that the user is requested to change the password to a new password e Max Time To Lock minutes If iOS device is not used the device will lock request password to access again after set number of minutes e Password History When a new password is set a new password Is required For example if set to two it means that after changing the password the user cannot reuse a previously used password until he has set two new passwords in the mea
117. uth 2 08 s users to Share specific data With you for example mornation private A singe project may contam upto 20 client IDs Lo Reports Quotas Google places imis on API requests Using a vaid OAuth token or API Key allows you to exceed anonymous limits by connecting requests beck to your project Create an OAuth 2 0 client ID Simple API Access Use API keys to identity your protect when you d not need to access user data Loam mot Key for server apps with IP locking API key Py Any IP sicwed Actrealed on Jun 13 2013 230 AM Activated By Create mew Server key Create new Browse key Create mew Android key Create new IOS key 5 On the Google APIs Console Site in API Access gt Simple API Access gt you can also add referrers that are allowed to use your API keys and we recommend you to add the following two Do this by clicking on the right side next to the API key on Edit allowed referrers and add there in separate lines cloud endpointprotector com endpointprotector com 6 Copy the Google API key as described in the next step in the Endpoint Protector interface 24 Endpoint Protector Mobile Device Management User Manual 4 2 5 Entering Google API Key and Project Number in Endpoint Protector old method After you have obtained your Google API Key please enter it together with the Google Project Number in the Endpoint Protector Interface The Google Project Number you find on the Google APIs Console Si
118. wse for APNS certificate signed by Apple Upload Endpoint Protector 4 Copyright 2004 2012 CoSoSys Ltd All rights reserved Note We recommend performing these steps on a Safari or Mozilla Firefox browser Use of Internet Explorer for this step is known to cause the process to fail 1 In the Administration Interface go to Mobile Device Management and select APNS Certificate Setup Apple where you have to complete the enrollment for the Apple Push Notification Certificate 2 Fill in the required details and click on the Download signed CSR to get the Code Signing Request CSR file signed by CoSoSys Save it on your computer Step 1 Fill in this form below with your company information for a CSR CoSoSys as authorized MDM vendor will sign for you a Certificate Signing Request CSR in this step You will need this in the next step when contacting Apple All fields are mandatory Company Name Your Company E mail your email yourcompany com Country United States State or Province Name New York Location City New York City Download signed CSR 10 Endpoint Protector Mobile Device Management User Manual 3 In a different browser window Firefox or Safari browser not Internet Explorer open the following link to the Apple Push Certificates Portal https identity apple com pushcert Step 2 Request your signed certificate from Apple for APNS Apple will sign the certificate for your compan
119. ww endpointprotector com support You can also write an e mail to our Support Department under the Contact Us tab from the Support module Welcome t Logout g ENDPOINT 4 Ca Ait Br ko wh 3 S v PROTECTOR epor ng an ministration 100 ng r Advanced Search Dashboard Contact Support Show all departments gl Endpoint Management ae a se Sender E mail administrator cososys com a gt Endpoint Settings Company Name Subject Content Aware Protection Content Please describe here your problem or your suggestions Mobile Device Management Offline Temporary Password Reports and Analysis i A System Alerts EJ Directory Services Sa i _ System Maintenance Q System Configuration f System Parameters O Support User Manual AD Deployment Guide Contact Support Endpoint Protector 4 Copyright 2004 2012 CoSoSys Ltd All rights reserved Ready Version 4 1 0 2 One of our team members will contact you in the shortest time possible Even if you do not have a problem but miss some feature or just want to leave us general comment we would love to hear from you Your input is much appreciated and we welcome any input to make computing with portable devices Safe and convenient 17 Important Notice Disclaimer Security safeguards by their nature are capable of circumvention CoSoSys cannot and does not guarantee that data or devices will not be accessed by unauthorized persons a
120. y to be used with Apple Push Notification Services APNS and will link the certificate to your Apple ID Visit this dedicated Apple website for this here https identity apple com pushcert log in with your Apple ID and follow the steps to obtain your certificate for APNS In this step provide Apple with the certificate you have downloaded in step 1 above 4 Login to the Apple Push Certificates Portal using your Apple ID and follow the steps provided there 5 Click Create a Certificate and agree to the Apple Terms of Use 6 Select your signed CSR downloaded at step 2 and click Upload to the Apple Push Certificates Portal that you saved on your computer In just a few moments your certificate will be available for download 7 Download now the Certificate from the Apple Push Certificates Portal to your computer 11 Endpoint Protector Mobile Device Management User Manual 8 The APNS certificate from the previous step has to be uploaded to the Endpoint Protector MDM Setup Step 3 Upload certificate signed by Apple Upload now the certificate you received signed from Apple in step 2 above to cloud endpointprotector com in order to enable Mobile Device Management for i05 After the upload was successfully performed your setup for the Endpoint Protector Mobile Device Management is finalized for iOS You can now start enrolling iOS devices by sending invitations to them either by E Mail or SMS or through the o
Download Pdf Manuals
Related Search
Related Contents
NRMA Mobile User Manual - NRMA Travel International SIM Card (第3章~第5章)(PDF:4.8MB) Baixe aqui - Turma IN-17 Hampton Bay 25088 Installation Guide INNO SPOT PRO - Quality Music PYLE Audio PYD2400U User's Manual Everyday Steam Cleaner Limpiador de Vapor de JVC XV-M565BK User's Manual Manuale di Game Boy Advance RX2NR 數位碼表 ^文說明書(wh015ba005).cdr- https://telegra.ph/AC-Single-phase-Voltage-Drop-Calculator-39df653e-11-16
- https://telegra.ph/Concrete-Mix-Calculator-529a4e94-11-17
- https://telegra.ph/Footer-Concrete-Volume-Calculator-454c9ee1-11-17
- https://telegra.ph/Wall-Concrete-Volume-Calculator-8149ff96-11-17
- https://telegra.ph/Round-Column-Concrete-Volume-Calculator-d5523230-11-17
- https://telegra.ph/1-4-8-Concrete-Mix-Calculator-533b2965-11-13
- https://telegra.ph/Concrete-Volume-Calculator-for-Curbs-Gutters-08b0dd03-11-13
- https://telegra.ph/Calculate-Length-from-Voltage-Drop-c7a99ea3-11-18
- https://telegra.ph/Calculate-Wire-Resistor-from-Voltage-Drop-5fe485a1-11-18
- https://telegra.ph/Wire-Size-Calculator-From-Voltage-Drop-71f7dcc1-11-18