INTACT User Guide
Contents
1. 62 jeg ic gt C eae 62 PO SENDA MESSAGE cU RACER AN aua CREMA Uude 63 Cullen 64 DEVICES TABLE BUSINESS VIEWS qe EE Ua odo o eei Er opc de d o eo ero o Eee oes Ede orsi teste bete e pa eiu 65 SPECIFIC DEVICE MANAGEMIENT eie ees sae e ee pres Uus 69 MOVE DEVICES 7 USERS E 69 ALLOW DE VICEA CCE S brano veda sets ca cin LU S 70 d DEVICE RECESS m E 70 RESET DEVICE CONTAINER PASSWORD 1 5 er to te A rete ert Do E Eee pete iris 70 H 70 TO DELETE A DEVICE USER ed a iro E teams dei i rper Lapin 71 SYSTEM 71 ADMINISTRATONRS zu codice tuta ebat aicut oda nale a eee ebore eub d debeo ge nana aed 71 SUB ADNMINISTRATORS Ld uude ao touc dam he umts a aki anto Cale ase dtes a cada 72 POLICIES erm E 75 PASSWORD POLICY ue 75 TO DEFINE A PASSWORD POLC posui du b be 76 TO DISCARD PASSWORD POLIC eua2. vuU tet 12 PRIVACY RESTRICTIONS cacsoexeabsevecoeesscaveseansnagescesdasesceotaeessovexsucesesanceceeueoetveusescabsgerenentersvess 12 IOS BUSINESS REGISTRATION eae noe ao heo nane EY NE aR ER Noua n ea xe puo Ee RPM EN o RUE NE SEE EUR KS NEUEN RUIN 13 LDAP INTEGRATION porem 13 EXCHANGE CONEIGURATION eE 16 PRECONDITIONS FOR ACCESSING THE EXCHANGE SERVER 16 TOPERFORM EXCHANGE CONFIGURATION S ra roe eta eoe Mare onde aeo o eei ete repe 17 SECURE CONTAINER qe aia 18 SET SECURE MESSAGING ACCESS 2 red E ndo tate esque i umen ome Doe etaed dun 19 TO SSEDSECUBE FIFE CONTAINER ACCESS tibi iro RE po Ep 19 GBANT A DEVICE AGCESS TO THE CONTAINER 20 TO REMOVE DEVICE ACCESS TO THE SECURE CONTAINER ration ee 21 GLOBAL ENROLLMENT PROCESS aged ee He pao ge CE PEN EN PEE o a aUe EP F EE Ee EUR 22 POLICIES 23 SET DEFAULT INHERITANCE FOR NEW GROUPS sci oie etin epe ertet beer eter e b ton here 23 SECURE EMAIL INTEGRATION iei Sea eR Ren Evo epe E XR nenene reai R
3. 44 DASHBOARD GUI MANAGEMIENT s is ee co eoe eto e En S Ia EA eaa CE oisean srenti sei kosati 47 CHANGING DASHBOARD COMPONENTS LOCATION AND 47 DASHBOARD DATA EXTRACTIQON Parens au te E Ee epe o eva b REP ae 48 PP M 49 3 Np Sce 49 TO CREATE AGRO UP atit o beo eot ati px ob be VEI UEM c eai sape equ ma Las MIN Eva SO ea d 50 A GROUP sete eder ote Me elo tat bad ca E 51 DEW ICES lee M 51 DEVICES ANVENTORY VIEW Sero EDEN 51 INGEBDINGOUBGROUDS duo tcs bu 53 qe 54 TOXADD DEVICES VIA BUEK UPLOAD oed ti a eo e 56 TOJgBBEMOVEA DEVIENT vis ud qo deduced ots one COMER RET AR dod DR Piu equ M 57 TO ADDI ANIOS DEVICE NN 59 5 e 61 EDU DEVICE ATTRIBUTES AEE poe 61 REFRESH DEVICE atti iei ter debere teorie
4. sesso ee esone 90 ADDING ANDROID RESTRICTIONS CONFIGURATION c ee eee eee e eee eee eee eee esee esee sse e soos esses 92 GENERIC ANDROID DEVICE RESTRICTIONS 52g tatio rtu eer 93 SAMSUNG SAFE DEVICE RESTRIGITQBS kilo See adeo oU ae 93 COMMUNITAKE FIRMWARE DEVICE RESTRICTIONS 94 ANDROID ENHANCED DEVICE RESTRICTIONS tta dod ted eee ott deu atre at eene 95 TO DEFINE ANDROID RESTRICTIONS 5 ai edo dev 95 FYO DEEINE ANDROID RESTRIGHON BY ias certe open e S epu 96 TO DEFINE ANDROID RESTRICTION BY LOCATION reete rne ere roa reno En eaa Eae e o ere Een aora no one ena 96 VIOLATIONS DRIVEN POLICIES ENFORCEMENT eee e eee eee sees esee esee soe esee sse e osse soe 97 BROWSER CONTROL HERPES YA VEA ERES GR CE YE VER VE YE Na Va AN COO ERA 99 TOXACTIVATE BROWSER CONTROL pue 99 TO REMOVE DOMAIN URL IN BROWSER CONTROL cccccssssccessssssecesssnscecesssseecessseseeceseseseeesesseseeessees 100 TO ACTIVATE BROWSER CONTROL BY TIME So char eT e cero eiua cies 100 ACTIVATE BROWSER CONTROL BY LOCATION te etn 100 DEVICE USER EXPERIENCE ces
5. COMMUNITAKE TECHNOLOGIES COMMUNITAKE INTACT User Guide Copyright 2015 COMMUNITAKE Technologies Ltd Yokneam Israel All rights reserved For a hard copy book No part of this publication may be reproduced stored in a retrieval system or transmitted in any form or by any means electronic mechanical photocopying or otherwise without the prior written permission of the publisher CommuniTake Technologies Ltd For a Web download or e book Use of this publication shall be governed by the terms established by the vendor at the time this publication was acquired Contents alitur f 8 WHATIS COMMUNITAKE INTACT cxcscieccccccsesesesonccenscssconsssnsunedencteeseensbesenesenssexeaseuensecsouneseastyseneseegoaseees 8 ABOUT THIS DOCUMENT isses 9 GETTING STARTED FOR ADMINISTRATOR cccssccossccsssccsssccsscccssccssccessccsssccnsccesscceeseceess 10 SYSTEM COMPONENTS AND BEHAVIOR eene esset esso etes sso sese soos sesso tee sso seus 10 ACTIVATING YOUR ACCOUNT ccseseccssvecsssuscesscenesessvoeseansedssvasesssencescanceesdsuneseasbessvansessssadssavesessansectees 11 GENERAL SETTINGS AE Ye EE XE RE EE NER EHE EROR E Ye RENE RE YE IRR VER OL UE SEE NERA S EP AREE YR S Wee 11 GENERAECONNECGTION INTERVALS tini plateau du PURSE
6. EMEA region Y MADISON THOMAS 500005891 madison thomas bb com madison thomas Blocked EMEA Operations 0 Belgacom CHRISTOPHER KING 500051050 christopher kingPbbl com christopher king y Unsupported EMEA Sales Management KIM 500045580 ethan kimfPbbi com kim v Blocked Management EMEA Operations AVERY JOHNSON 500010294 avery johnsoniBbbl com avery johnson L4 Blocked EMEA Sales Sales David s Zopo 972545610101 shames david gmailcom shames david v Allowed David m gt LJ SPAIN TYLOR LO 500035557 com tylor io 4 Blocked EMEA Sales a Assist m QJ Headquarters Y Francisca Falla 5330568054080 ftalla calastamcom Blocked CALA Operations a 109 Finance Human Resources 5 COMMUNITAKE ENTERPRISE MOBILITY ctmamdemo communitake com Logout 291 Groups a Gh v Owner P Number Emait Send message Service SharePoint Group PIN code 05 Remote Control 00 I Demo Groups ALICE THOMPSON 500058999 Pending NA Operations QJ region LAUREN CHOW 500045066 Biccked WA Management ud CALA region 9 c m GRACE U 500051098 Blocked EMEA Sales QJ Classes tg m MADISON THOMAS 500005 MEA EMEA region ADISON THE 0000381 Gand also by amal Blocked EMEA Operations c Belgacom CHRISTOPHER KING s00051090 ra E A Unsupported EME
7. Black List Required App G Backus 05 Restricti Add Recommended App 29 Groups 5 Android Name Recommended Applications Category Seed vue oom Upload a file Mew2 Edit Name Play store 7 aU URL Redemption Code Comment lc cor immunitake tes i 11 Select the Catalog tab 1 Click on the Add button 2 Enter the application name 3 Select the application OS 4 Enter the application version code optional a In Android enter the application s version code 5 Define with the slides the devices OS version for which the application is intended 6 Enter the application ID 7 Add comments 8 Write the application URL or upload the application file 9 Click Note When adding catalog apps the system automatically detects the ID and the version number for Android APKs uploaded to the system The system automatically detects ID from the Google Play links or from the iOS App Store links Once the recommended application is defined the device holder will be able to view all the recommended application on his her device via the application client The user can select to install the apps directly from the list on the device BACKUP POLICY TO DEFINE BACKUP SETTINGS Select the device group for which you wish to deploy the backup settings Click on the Backup tab 1 2 3 The default selection is Inherit Backup Settings 4 Check the Periodic Backup checkbox
8. QU Classes EMEA region LJ Belgacom ad to direct Docs 0 Management Operet E Sale SPAIN Headquarters HOME SCREEN The Home screen policy allows you to define the elements that appear on the device s home screen These elements contain Wallpaper Android only Icons Android only and Bookmarks Web clips 3 COMMUNITAKE ENTERPRISE MOBILITY dl noamG communitake com 2 Logout P Password 6 Black List Required Apps i Catalog G Backup 4 io Launcher see roups Enable Disable of Noam Wallpaper Android only A gi APAC Sales un File peration CALA Sales Comment Management Icons Android only Operation Icons Classe App id Comment EMEA Sales No Records To Display 0 HQs Bookmarks Web Clips Finance Bookmarks Web Clips Human Resources Name URL Comment Management No Records To Display Marketing Operation Sales Note Inherit is the default state Change the inheritance status to Adopt or Enable prior to specific configuration PROPERTY OF 2009 2015 103 ADD WALLPAPER 1 Select the screen tab 2 Under Wallpaper select URL for a file pull via a URL or File to upload a file 3 For URL enter the File URL address mandatory The address should be initiated with http 4 For File click Upload
9. Restrictions policy 1 X XM we Define Android Restrictions policy Click on the Change link near the Policy is always active Select Time in the pop up Select the start time and the end time in hours and minutes Select the days of the week Select the time zone Click on Submit Verify that your selection summary appears on the upper policies bar Click on Change near the summary if you wish to alter it Click on Apply TO DEFINE ANDROID RESTRICTION BY LOCATION The default Android Restrictions policy state is always active by your definitions However you can selectively activate the policy by a specific device location In this location and only at this location the Android Restrictions policy will be viable This can be valuable when you wish to block security breaches of unauthorized data collection in the organization premise To define location driven Android Restrictions policy 1 2 3 4 5 6 7 Define Android Restrictions policy Click on the Change link near the Policy is always active Select Location in the pop up You can define the location in two ways a Manually define the latitude and the Longitude b on the Map to locate your location i You will be shown New York City location as the starting point Navigate to the desired location and click on the map The latitude and the Longitude fields will be populated in accordance Define
10. cue rated ba eben bant aout 125 TO RESTORE DEVICE DATA tian EE 126 EXCHANGE ACTIVESYNC POLICY FRE Ra PRU Ra NS ERE e EUR EE EEEE OAOA REA V EVE EEn 126 TO MANAGE EXCHANGE ACTIVESY NG POLICY escis cere cum estet o mudo asd eum Moe Lo Spb 126 DIAGNOSTICS o 127 WI cr 129 e qpile co 129 PRELIMINARIES WHAT IS COMMUNITAKE INTACT COMMUNITAKE INTACT allows businesses to perform highly secure communications while holistically managing their mobile devices covering inventory security policies and analytics INTACT can be deployed in three security levels 1 INTACT Level 1 software Secure voice calls and messaging plus apps security tools 2 INTACT Level 2 firmware Custom Android like firmware plus level 1 feature set 3 INTACT Level 3 hardware Hardened device locked with a custom firmware and apps security All deployments contain a central device management system COMMUNITAKE INTACT includes gt Secure voice calls Secure messaging gt Secure file container SharePoint files view Browsing control gt Mobile device inventory management Grouping by organizational hierarchy gt Device data protection locate lock alarm wipe gt Device data backup and restore contacts and messages gt Passwo
11. 10 10 94 55 10 11 94 55 Cancel Warning Install Profile Installed Done Root Certificate Mad CommuniTake My 4 S CommuniTake Installing the certificate NT CommuniTake MDM will add it 9 Verified to the list of trusted certificates on your iPhone Description CommuniTake MyDevice MDM Signed communitake com Mobile Device Management Received 2012 14 y lt Contains 2 Certificates Installing this profile will allow the Mobile Device Management administrator at https mydevice communitake com More Details gt MDClientServer mdsiphone mdm to remotely manage your iPhone The administrator may collect personal data add remove accounts and restrictions list install and manage apps and remotely erase PROPERTY OF COMMUNITAKE 2009 2015 59 COMMUNITAKE TECHNOLOGIES LTD INTACT USER GUIDE In order to allow more iOS device management capabilities such as contacts backup and restore sound alarm get location web browser control and data usage tracking there is a need to complete the installation process with the following Once the profile was installed you are required to install the INTACT CEM application that is displayed on the device App Installation The server mydevice communitake com is about to install the app CommuniTake MyDevice from the App Store Your iTunes account will
12. 3 Click on the Edit Password button 4 Define the password 5 Click Submit 6 Click Apply 7 To remove the application and switch back to Kill mode you should enter an empty password in step 4 Device holder s screen for approving a password protected application R onan Enterprise Mobility Forbiden Application You are not autherised to access this application Click the Home or Back button to PROPERTY OF COMMUNITAKE 2009 2015 80 COMMUNITAKE TECHNOLOGIES LTD INTACT USER GUIDE TO ACTIVATE ANDROID BLACKLIST POLICY BY TIME 3 COMMUNITAKE ENTERPRISE MOBILITY d ctmdmdemo communitakecom o Logout 202 Groups quU Policy ts active on Latitude Longitude 0 within radius of 0 meters Change ree r Applications ted Applications 00 CT Demo Groups a pi pr E n APAC region 05 APP Name APP Name Kill Viole Android 23Pet alk e CALA region gt 0 Management Operations EMEA Sale SPAIN Y Headquarters Human Resources The default Blacklist policy state is always active by your definitions However you can selectively activate the policy by a specific time of day and week In this time period and only at this time period the Blacklist policy will be viable thus allowing prohibited applications to reside on the device but not run under the time policy restrictions This definition provides you with the flexibi
13. Esc Unamited Attached Groups For Exchange ActiveSync configuration make sure to define the following mandatory parameters 1 Name 2 Exchange ActiveSync Host Important This configuration is supported for the following Android devices Samsung SAFE Motorola EDM HTC Pro and Sony MDM Version 4 0 and above devices ADDING WI FI CONFIGURATION COMMUNITAKE ENTERPRISE MOBILITY 28 Configurations Wicc Attached Groups For Wi Fi configuration make sure to define the following mandatory parameters 1 Name 2 Service Set Identifier PROPERTY OF COMMUNITAKE 2009 2015 115 COMMUNITAKE TECHNOLOGIES LTD INTACT USER GUIDE ADDING VPN CONFIGURATION COMMUNITAKE ENTERPRISE MOBIUTY 19 Configurations VPN CTI VPN CT2 VPN CT Attached Groups For VPN configuration make sure to define the following mandatory parameters 1 Name 2 Server 3 Account Important This configuration is supported for the following Android devices Samsung SAFE Motorola EDM HTC Pro and Sony MDM Version 4 0 and above devices For Android 2 2 2 3 6 devices activating the CEM defined VPN connection is done via the on device Enterprise Mobility application under VPN PROPERTY OF COMMUNITAKE 2009 2015 116 11 DEVICE DEVICE STATUS The system provides quick device status with the following parameters Parameter Dates
14. For iOS devices Once the download link is selected the device holder will be presented with this screen The user should check the Active Directory Login checkbox eeeeo GOLAN T 10 07 95 NEN dev communitake com Pincode Missing D Active directory login a Submit 2 Thank you Communitake Support CommuniTake Technologies Ltd For iOS devices Once checked the user will be presented with this screen The user should enter the credentials On completion the device will install the INTACT CEM profile and enroll in the INTACT CEM system eeeec GOLAN T gt 10 07 9 95 mM dev communitake com Pincode Missing Active directory login C cy Submit PIN code 37316373 Thank you Communitake Support CommuniTake Technologies Ltd GLOBAL ENROLLMENT VIA PIN CODES The system allows you to allocate devices to groups without allocating them to specific users These devices are allocated to pre defined groups via a group s PIN code Please refer to the section named Global Enrollment Process For enrolling a group related device you should send the user an invite email SMS with a link to download the device administrator app You should also indicate in the invite email SMS the pre defined PIN code of the user s group The user will be required to enter the specific PIN code during the enrollment process Important The glo
15. Last seen Last backup Policies Password policy Required Apps violations Whitelist violations Blacklist violations Restrictions violations Configurations Exchange violations Wi Fi violations VPN violations Description The last date in which the device has connected with the application The last date in which the device has performed data backup The device password policy status Success Not Supported Pending Failed The device Required Apps policy compliance status Success Pending Failed The device Whitelist policy compliance status Success Pending Failed The device Blacklist policy compliance status Success Failed The device restrictions policy compliance status Success Pending Failed The device Exchange configuration status Supported Pending Failed The device Wi Fi configuration status Not Supported Pending Failed The VPN configuration status OK Supported Pending Failed LI COMMUNITAKE TECHNOLOGIES LTD INTACT USER GUIDE 3 COMMUNITAKE ENTERPRISE MOBILITY P ctmdmdemo communitake com Logout The system provides device protection features that allow the enterprise system administrator or the device holder to resolve lost or stolen device situations Device protection includes gt Locate the device on a map gt Activat
16. N 46 COMMUNITAKE TECHNOLOGIES LTD INTACT USER GUIDE DASHBOARD GUI MANAGEMENT CHANGING DASHBOARD COMPONENTS LOCATION AND PRESENCE The location of elements on the dashboard can be changed by simple drag and drop To change a location of a dashboard component click on the component and drag it to the desired location 3 COMMUNITAKE ENTERPRISE MOBILITY 5 ctmdmdemo commun 482 Groups w Include Sub Group 6 nj CT Demo F eo ct Deme 21 91 0 70 5 70 0 70 2 70 70 4 70 61 70 0 70 Not rolled Roaming Device No Backup Restrictior Blacklist ed Apr white Pa j Policy E y Enforcement 65 66 0 0 1 2 Belgacom Licenses Operators Operating Systems EMEA Management EMEA Operation SPAIN v 0 Headquarters Clicking the Filter icon on the upper right corner of the dashboard screen opens a drop down menu with which you can select the dashboard components that you wish to see when accessing the system S COMMUNITAKE ENTERPRISE MOBILITY 2 ctmdmdemo communitake com o Logout 19 Groups v e au F 6 lof Demo coct t 21 91 0 70 5 70 0 70 2 70 32 70 4 70 LJ 00 Groups Not Er led Roaming i N ckup Restrict Blacklist Reg A Whitelist 0 region CALA region 65 66 0 0 1 2 0 region J Belqacom Licenses Operators 0 Management Operat SPAIN L Headquarters XA Jj North America region Filter choices
17. No selection A specific or partial number A specific or partial name A specific or partial name A specific or partial name number A specific or partial date item A specific or partial date item Success violated pending unsupported undefined Dropdown selection Android iOS WP pending validity A specific or partial number A specific or partial number A specific or partial number Yes No Unknown A specific or partial name Yes No Unknown A specific or partial number A specific or partial number Success violated pending unsupported undefined Success violated pending unsupported undefined Success violated pending unsupported undefined Success failed pending unsupported undefined Success failed pending unsupported undefined Success failed pending unsupported undefined 68 COMMUNITAKE TECHNOLOGIES LTD INTACT USER GUIDE Restriction violations Success failed pending unsupported undefined Remote Control CSR Available CSR Client Not Installed CSR Client Not Supported Undefined SPECIFIC DEVICE MANAGEMENT 5 COMMUNITAKE ENTERPRISE MOBILITY ctmdmdemo communitake com Logout 291 Groups inude Sub Groups TES m CT Demo Owner Name P Number Emall User Name Domain Username Seit Service SharePoint Group PIN code Sole Remote Control 00 CT Demo Groups jiny APAC region CALA region Classes momo oot EMEA region
18. Password 2 The application checks the credentials via the server and the SharePoint credentials are stored encrypted TO REMOVE DEVICE ACCESS TO THE SECURE CONTAINER 1 Disable the device s Secure Container access via the Edit function or by selecting the device and clicking Block on the action bar 2 Remove Secure Container access message is sent to the device 3 received the device performs the following actions a Deletes all on device stored files b the SharePoint s stored credentials c the password d Removes the Container button from the on device application Ul Sra Ty rast Ss AF SAPNA AR AL TM I AAAA H lt Y VIIMEIN Jl M IM CAIT Y 4HNOLOGIES LTD INTACT USER 21 COMMUNITAKE TECHNOLOGIES LTD INTACT USER GUIDE GLOBAL ENROLLMENT PROCESS The system enables a global enrollment process prior to allocating Android devices to actual users It allows administrators to get a global PIN code for a specific group Devices which will enter this PIN will be registered to this group S COMMUNITAKE ENTERPRISE MOBILITY ctmdmdemo communitake com d o Logout 1 General iOS LDAP Exchange Secure Container Policies 48 Groups Groups PIN Codes 0 CT Demo o Bo 2 0 00 Demo Groups 4 0 chA region
19. Roaming IMEI Description Device holder name as defined when the device was added to the system MSISDN as defined when the device was added to the system Device user email address It will be used for Exchange configuration such as blocking the user from accessing the Exchange server as well as the MDM system user name for device holders who are given self service access Checkbox for defining the device user as a self service user Device s Secure Container access status This is only available when secure container is defined The PIN code identifies the device in the enrollment process It might be required by the device holder in order to conclude the enrollment process Once connected to the MDM system this PIN code will no longer be necessary and will not appear in the table The organizational group to which the device is assigned Device manufacturer name Device brand model name The last time the device was connected to the system cloud service Last backup date Yes no indication whether there is a defined and active password policy on the device Device mobile operating system Device mobile operating system version Device firmware version not available for all operating systems Version of the On device device management client that is currently installed and operating Yes no indication whether the device is rooted or jailbroken The country as identified by Mobile Country Code MCC to uniquely identify
20. J Belgacom EMEA Management 0 I ma v E SPAIN 7 QJ Headquarters There are five pre defined views of the devices data Table view Attributes Default Item Device Owner Name Number Email User name Self service access Group PIN code OS Remote Control Policies Device Owner Name Number Email Password policy OS Required Apps Violation WhiteList Violations BlackList Violations Restrictions Violations Last Seen Last Backup Configurations Device Owner Name Number Email OS Exchange Violations Wi Fi Violations VPN Violations Device Info 1 Device Owner Name Number Email Vendor Model OS OS Version Firmware Client Version Rooted Device Info 2 Device Owner Name Number Email Operator Country Roaming IMSI IMEI To select a pre defined table view 1 Select the devices group Click on the Views filter icon on the right area in the sub tabs area 2 3 Check in the drop down views the desired view 4 Thetable view will be changed in real time by the selected view cM i 65 The following table describes the content of each parameter Parameter Device Owner Name Phone number User name Self service access Secure container PIN code Group Device vendor Device Model Last seen Last backup Password policy status OS OS version Firmware version Client version Rooted Country
21. You will be displayed with a list of the devices for which the SMS is being re sent to along with the current PIN code and the SMS sending status SMS status and PIN code presence are refreshed automatically as they become available SEND A MESSAGE 3 COMMUNITAKE ENTERPRISE MOBILITY dl omerb communitakecom Y o Logout 182 Groups include subGroups O B9 m Meow P Owner Name 4 Number Em Send message Self Service 2 Group P PIN code 2 05 P Remote Control Boom GS4 test communital Meow Mew2 1 nd also by rce show Android only A message can be sent to a group of devices or to a single device The message can be a notification from the MDM application or an email 1 2 3 10 Click on the Fleet tab Click on the devices group to which you wish to send a message Check the checkbox to select all the devices that are presented on the screen A notification will appear above the devices table headers indicating the number of the checked devices If you wish to send to all the group s devices click on the link Click here to select all number devices next to the notification about the checked devices Once clicked you will be notified that All number devices are selected Click on the Clear selection if you wish to cancel your selection If you wish to send a message to a single device check only this device in the table If you wish to send a message only
22. Belgacom Management Davars 2 972545610101 shame davidifgmail com shames david 4 David EMEA Sales SPAIN 2 v eon P e QJ Headquarters Checking one or more device checkboxes in the devices table allows you quick links to up to four actions 1 Move devices users 2 Allow device access 3 Block device access 4 Reset container password MOVE DEVICES USERS S COMMUNITAKE ENTERPIUSE MORIUTY d ctmamdemo communitake com a Logout 291 Groups giv ide Sub Groups o 0 B M oi CT Demo Owner Name Number E mall User Name Domain Username Soll Service P SharePoint Group PIN code Seve Remote 00 Demo Groups ud CALA region gt North America region Davids Zopo 122545610101 shames dai Afowed David EMEA Sales Classes SPAIN EMEA region region rov Move LJ CALA region Classes M THEMA 13891 TR bed m CT Demo m am LJ EMEA region HRISTOPHER KIN 10 wistopher k LJ 00 CT Demo Groups 4 gt 0 Belgacom Es TRAN KIM 1 n LJ region boc bed LJ EMEA Management t L Ani QJ Headquarters Headquarters PROPERTY OF 2009 2015 69 Move allows you to edit the location of devices in the group 1 Check the device which you wish to edit 2 Click
23. Secure Messaging 4 Under Messaging check Protect the messaging inside the secure container This enables the device holder to exchange messages with enrolled devices only after keying in a password to the contained environment 5 Click on Save 4 t Enterprise Mobility COMMUNITAKE 4 o L7 o 9 Required Blacklist History D SS Messaging Secure Phone TO SET SECURE FILE CONTAINER ACCESS Perform the following steps to set Secure File Container access 1 Click on Settings Click on the tab Secure Container Check the Enable Sharepoint checkbox Define the server host IP address mandatory Check the SSL checkbox to define encrypted connectivity Fill in the Domain name mandatory Fill in the Project name optional eS Ge GM Se Click on Test to test the connectivity a Enter valid SharePoint credentials and click Test b Test results will be displayed when the test completes 9 Click on Save rr rm8rmPTTMAZ Ar AR AL AJIT AIST TM 1 AAAA DDODCDTY FYE OCYMIMII NI 10192011 r WM V VZIVIIVIUZINI I IJ 1 9 n BM 8 COMMUNITAKE ENTERPRISE MOBILITY La TECHI NOLOGIES LTD General LDAP Exchange Secure Container Policies R GI INTACT USE 4 lt tmdmdemo communitake com o Logout PIN
24. a network operator Yes no indication whether the device is roaming enabled The International Mobile Equipment Identity is a unique number identifying GSM WCDMA iDEN and some satellite phones The IMEI number is used by the GSM network to identify valid devices 66 IMSI An International Mobile Subscriber Identity is a unique number associated with all GSM and UMTS network mobile phone users It is stored in the SIM inside the phone and is sent by the phone to the network Required Apps Violation Yes no indication whether the device is fulfilling the mandatory applications policy Whitelist Violations Yes no indication whether the device is fulfilling the only allowed applications policy Blacklist Violations Yes no indication whether the device is fulfilling the prohibited applications policy Wi Fi violations Yes no indication whether the device installed the configuration if supported Exchange violations Yes no indication whether the device installed the defined configuration if supported VPN violations Yes no indication whether the device installed the defined configuration if supported Restriction violations Yes no indication whether the device installed the defined policy if supported Remote Control One click remote access to the device for support SORTING AND SEARCHING DEVICES TABLE ATTRIBUTES The system allows you to filter the devices table according to column attributes 8 COMMUNITA
25. and Reset About all Mobile Data aill internet Connectivity PROPERTY OF COMMUNITAKE 2009 2015 COMMUNITAKE TECHNOLOGIES LTD INTACT USER GUIDE ACTIVATING REMOTE SUPPORT Activating the remote takeover for a device is performed via the devices table under the Fleet tab S COMMUNITAKE ENTERPRISE MOBILITY ctm m emogcommunitakecom Logout 482 Groups w Include Sul o B 2 lof Demo Owner Name Number Emall User Name Domain Username Sell Service SharePoint gt P Grow PIN code 05 Remote Control 0 00 Demo Groups 0 region 0 CALA region Classes 0 EMEA region Belgacom EMEA Management EMEA Operat EMEA Sale v9 v T yr 4 gt SPAIN Headquarters MEME CU Once activated the system launches the remote support module under a new Support tab 1 Select the Fleet tab and then the Devices tab below it 2 Select the Default view 3 Select the device for which you wish to conduct remote takeover 4 Click on Assist at the line of the selected device You can shift to the Remote Support table view for an easy access to the remote support request The system will deflect you to a new tab where the remote support application will be launched 6 If needed the remote support application will automatically send the support client download SMS to the target device by the num
26. and locations are saved when you log out The same view will be displayed next time you log into the system This allows you to see only what you want and need to see PROPERTY OF 2009 2015 47 COMMUNITAKE TECHNOLOGIES LTD INTACT USER GUIDE DASHBOARD DATA The dashboard data can be exported to an Excel file for further processing To export the data click on the Export button located in the upper right corner of the dashboard page An Excel file will be created Each KPI will have its own sheet in the Excel file and only the KPIs which have data are exported S COMMUNITAKE ENTERPRISE MODALITY report Mar 9 2014 1 Compatibilty Mode Microsoft Excel 485 Groups v Invert Vege Layout Formule Date anal 10 Nw ow ow 2 B nditional Format ei Formatting i Table Styles G DA ii wc lof CT Demo Lj 00 CT Demo Groups LJ region LJ CALA region LI Classes EMEA region Belgacom 9999999999 8 Zopo 9999999999 9 Madnd 9999999999 10 004402450882323 9999999999 M No Backup Frvoled Bastit L EMEA Management SPAIN Headquarters PROPERTY OF 2009 2015 48 North America region COMMUNITAKE TECHNOLOGIES LTD INTACT USER GUIDE FLEET The Fleet tab provides a view of the enterprise s devices Device assets are viewed
27. and managed by groups ENTERPRISE GROUPS Enterprise groups appear in the left section of the console screen Every device holder must be part of a group The top level group will be the overall enterprise Below this you can define sub groups according to any logical structure that suits your needs These groups can be by device type by organizational role by device holder location by department etc The enterprise groups are the basis for implementing any kind of activity on the device such as enforcing password policy implementing backup policy and conducting mass deployment campaigns 3 COMMUNITAKE ENTERPRISE MOBILITY Groups Owner Name Number E mail User Name Domain Username Service SharePoint Group PIN code 05 Remote Con of CT Demo lt d 00 CT Demo Groups n APAC region d n CALA region amp B Classes ae EMEA region Belgacom EMEA Management lt In the initial group set up you will see only the top level group representing your organization From this point you should build the group hierarchies that best serve you in managing your enterprise devices You can add devices from different operating systems and different vendors to the same group Actions and definitions made in the device management areas will be valid for the selected group at the time of definition and activation It is recommende
28. ci mdmdemoGcommunitake com o Logout General iOS LDAP Exchange Secure Container 48 Groups J v CT Demo Send alerts for Send first alert As soon as possible Send To 1 70 0 70 0 00 CT Demo Groups E Then send an alert every amp Hours word Policy Policy Enforcement region Ane And stop after 1 Day gt 0 CALA region gt 0 Classes t Remov Send first alert As soon as possible Send To EMEA region el sono Plan Violati Then send an alert every 6 Hours Headquarters And stop after 1 Day 0 irating Systems Finance Human Resources Management 0 North America region NA Management NA Operations NA Sales PROPERTY OF COMMUNITAKE 2009 2015 25 COMMUNITAKE TECHNOLOGIES LTD INTACT USER GUIDE GETTING SIARTED FOR DEVICE USERS INIACI APPLICATION INSTALLATION The device holder can install the INTACT CEM application on the device in three methods 1 SMS invite based installation 2 Self registration using Active Directory LDAP credentials 3 Global enrollment via PIN codes The enrollment method will be defined by the system administrator SMS INVITE The enrollment via an SMS invite occurs as follows You manually add the user and his her device to the system one by one or via bulk upload Note to select Self Service access and or Secure Container access and or BYOD policy amp COMMUNITAKE ENTE
29. device PROPERTY OF COMMUNITAKE 2009 2015 127 Screen resolution Hardware screen resolution Rooted Signal strength Battery status Operator name RAM free memory User profile Ringtone volume Network type Speaker Speaker volume UI language MCC Mobile Country Code MNC Mobile Network Code APN Access Point Name Client version Cell ID The current actual screen resolution on the device The maximum screen resolution possible on the device Device status whether rooted Device s connection strength Device s battery charging state The name of the service provider The free device s Random Access Memory RAM in which information can be accessed in any order User permission scheme to self operate the system As is The type of wireless network by which the device operates such as GSM UMTS etc An indication whether the speaker is on or off As is Language used across device s user interface Mobile Country Code MCC is used in identifying mobile stations in wireless telephone networks particularly GSM and UMTS networks An MCC is often combined with a Mobile Network Code in order to uniquely identify a network operator The MCC is part of the International Mobile Subscriber Identity IMSI number which uniquely identifies a particular subscriber and is stored on a removable SIM card A Mobile Network Code MNC is used in combination with a Mobile Country Code MCC to uniquely identify a m
30. enable inherit adopt Whitelist enable inherit adopt gt _ Recommended apps enable inherit adopt gt Backup Policy inherit disable jOS Restrictions inherit disable A Android Restrictions inherit disable gt Web Control enable inherit adopt disable Distribution enable inherit adopt Home screen inherit disable gt A Launcher inherit disable The default inheritance is set for inherit TO SET DEFAULT INHERITANCE FOR NEW GROUPS 1 Clickon the Settings icon 2 Click on the Policies tab 3 Mark the required inheritance for the target policy 4 Click on Apply SECURE EMAIL INTEGRATION The secure email module is managed in such a way as to ensure that neither email content nor access credentials are stored on the registered mobile device When the device holder accesses the emails the system retrieves the email content from the email server The Mail session is run mostly on line but can also be off line based on the administrator judgment Reading email content and sending emails are performed within the native email application no need to use third party applications to view and compose emails The on device emails do not include email attachment but only a link embedded in the email body The attachments are not downloaded to the mobile device but are viewed in a browser window and the user cannot manipulate the email attachments The secure email module allows definition of impli
31. enter his hers iTunes password IOS IN HOUSE APPLICATIONS DISTRIBUTION The system allows distribution of Ad Hoc in house applications to iOS devices These devices must be managed inside the provisioning profile used to sign the application Once built and signed the iApp file can either be uploaded directly to the system or a link can be provided to an internet location where the file can be downloaded from ANDROID WHITELIST APPLICATIONS POLICY Whitelist applications policy defines the applications that the enterprise allows to run on an Android device No other applications can run on the device once this policy is set To enable Whitelist mode for Android devices 1 Check the checkbox Android allow apps only from whitelist 2 Click Apply Once applied all Android required applications now define the Whitelist apps e These applications are mandatory on the device e These applications are the only a party applications which are allowed to run on the device 86 COMMUNITAKE TECHNOLOGIES LTD INTACT USER GUIDE 3 COMMUNITAKE ENTERPRISE MOBILITY d ctmdmdemogcommunitake com M Logout Password Black List to Catalog y Browser Contro i ile Distribution 28 Groups CT Demo J 00 CT Demo Groups UJ APAC region Edi Name 14 Version 05 05 Version URL File Redemption Code Comment au CALA region e b droid Link gt Classes be droid Link n EMEA region f droid gt
32. following 1 Select the system Settings 2 Select General 3 Select Profile 4 Select CommuniTake MyDevice and click Remove 5 Delete the CommuniTake MyDevice application long press on it and click the X TO EDIT DEVICE ATTRIBUTES 1 Click on the group in which you want to edit a device PROPERTY OF COMMUNITAKE 2009 2015 61 COMMUNITAKE TECHNOLOGIES LTD INTACT USER GUIDE L 2 Click on the More tab 3 Click on the Edit Device 4 An editable table will be opened with Device Owner Name Number Email User Name for all the devices in the selected group 5 Youcan edit the following device details a Phone number email address b Device owner name C User name e g user email address i Attach a device to a user ii Remove a user from a device leaving just the device in the group Switch the device between users If the device is attached to a new user the user will receive a welcome email inviting him to the system d Self service access e Secure Container access 6 Click Save to save your changes S COMMUNITAKE ENTERPRISE MOBILITY dl ctm m emogcommunitake com Logout 28 Groups e Sub Groug lof Demo Owner Number User Name Domain Username Selt Service SharePoint 00 Demo Groups ALICE THOMPSON 500058999 ale thompson bbl v J region TORIA HALI 1a a
33. in his hands while simultaneously talking with the device holder Remote Support includes the following features gt gt gt 8 COMMUNITAKE ENTERPRISE MOBILITY A fully operational device replica On device screen drawing in real time for guiding on How Do 1 queries Automated resolution macros for resolving operational problems Extensive device diagnostics Device data management for managing device files and content Operations to manage device applications Permission solicitation mechanism for device access authorization by device user A floating replica across other applications web sites Remote iOS configuration without complete takeover Remote iOS screen captures view Remote access pause due to privacy constraints Automated reconnect after device restart One click screen capture and recording Textual chat COMMUNITAKE 2 8 REMOTE CARE wen Model type Sony Xperia ZL Session time 00 0024 Phone number 972533376646 J conso ENEENITSENTITITNE NENNEN Applications Settings Calculator 7 Calendar E mail g Messaging Store Google Maps E Contacts e Downloads Settings Apn Settings Q Band Mode Battery Info Phone Info Language ce Manage Applications Running Storage a Secunty gt Bluetooth Settings o Status Wb Power Usag T Wifi settings VPN 5 8 oe 4 Person al Hotspot 9 Location Backup
34. move the device to Allow gt A Allthe settings that are done by the INTACT CEM system can be done directly on the Exchange server itself for example you can change the configuration in the Exchange from Block all clients to Allow all clients The next time you log into the system and check the Exchange settings page you will see that the settings have changed PROPERTY OF 2009 2015 17 SECURE CONTAINER The Secure Container enables enrolled devices to perform the following 1 Access a contained environment for secure communications 2 Access content that is maintained in the organizational SharePoint system Authorized device holders will have a view only access to SharePoint content 8JCOMMUNITAKE ENTERPRISE MOBILITY lt tmdmdemo communitake com o Logout LDAP Exchange Secure Container Policies erts PIN code Gene i05 4 Groups 19 inside the secure i taine m D CT Demo 0 00 Demo Groups e A PIN code Pos Remote Control Save Discard SharePoint 0 region 4 0 CALA region 0 Classes EMEA region M Headquarters Finance F ect Name EH Management B North America region NA Management NA Operations The Secure Messaging module provides users with a safe environment in which they can exchange messages that are not accessible by external non enrolled device holders The Secure File Conta
35. of a Role Group that has Mail Recipient Creation rights To perform this make the run as user that is part of the Recipient Management Role Group You can achieve it by going to Exchange Management Console gt Microsoft Exchange gt Microsoft Exchange On Premises gt Toolbox gt Role Based Access Control User Editor gt The user name must have Remote PowerShell rights Gain these rights by going to Exchange Management Shell and running the following cmdlet Set User UserNameHere RemotePowerShellEnabled Strue gt Exchange server must be configured to allow remote management gt Exchange 2010 server must allow basic authentication To allow Basic Authentication perform the following 15 Manager gt Sites Default Website gt Powershell Select the Authentication feature and enable Basic Authentication If Basic Authentication is not an option on the Authentication feature 16 COMMUNITAKE TECHNOLOGIES LTD INTACT USER GUIDE page you should install it navigate to the Server Manager select the Web Server role select Add Role Services under the Security node in the tree view select Basic Authentication E Internet Information Services 115 Manager G 2 OP gt 1967 8 Stes WebSite PowerShel Fie 111218 J Authentication Start Page n i 5 95 PEDRO admi
36. policy Click on the Password Policy tab 1 2 3 Uncheck the Enabled checkbox 4 Click the Apply button PROPERTY OF COMMUNITAKE 2009 2015 76 PASSWORD POLICY ENFORCEMENT The password policy enforcement varies by the mobile OS Criteria OS Minimum length History length Expiration Max attempts before wipe Lock timeout Complex Disk encryption Enforcement Status change in the portal Important Android Supported Supported Supported Supported Letters and numbers Android 3 0 and above The user is forced to change the password as soon as the policy reaches the device Status is updated when the password is set 105 Supported Supported Supported Supported Letters numbers and one symbol which is neither Enabled automatically when the password is defined The user is granted a one hour grace period for setting a password After the hour expires the user is forced to set a password Device status is queried after an hour By then the user must set a password gt J Samsung SAFE enabled devices enforce the password the Samsung SAFE services gt A Adding a device to a group on which a password policy is deployed will automatically implement the set password policy on the new device Inherit Policy check box will be disabled for a group if it does not have a parent group with a set password
37. rette om dues 76 PASSWORD POLICY ENFORCEMENT roe bU 77 MOBILE APPLICATIONS POLICY aE a 78 BEACKEISTAPPHCATIONS POLICY tee Eso Ed eb Coda 78 TO MANUALLY DEFINE i edet ria tI Deer 79 TO DEFINE PASSWORD PROTECTED APPLICATIONS e etta e ra ue eto eet e tiu ote 80 TOACHVATE ANDROID BLACKLISTPOLICY BY ME d eo iba S 81 ENFORCEMENT OF PROHIBITED APPEICATIORNS 83 REQUIRED APPLICATIONS POLICY toc teo ee IEEE oe iS tuere ra ode evo su to Eoi co o bed code pedit cobro ree puteus 83 IOS IN HOUSE APPLICATIONS DISTRIBUTIONS Hae ER SUE EN ETUR SEED ER ERU ENS uh 86 ANDROID WHITELIST APPLICATIONS POLICY toin rta Ep ran rt nep an true eae be eoru e neve tou 86 CATALOG PO eR 87 BACKUP POLICY ne 88 TO DEFINE BACKUP SE TINGS Hot bee peso a Sete auc ne 88 TO REMOVE BACKUR SETTINGS Seen EL uota abet Sure oder obi 89 ADDING IOS RESTRICTIONS CONFIGURATION ecce eee eee eee e eee e tene see eese ess
38. structures the hierarchical groups in the system Each group contains the users that are attached to it without the allocated devices Once the integration process is concluded you can initiate the self registration process The invite should contain the link to download the application https mydevice communitake com d After installation users are required to check the Active Directory Login checkbox and enter their Active Directory LDAP credentials in order to complete the enrollment 8 Onregistration completion the device is being automatically added to the user s group and obtains all the policies that were defined for it For devices running pre iOS 7 0 When entering the Active Directory LDAP credentials a PIN code is displayed at the bottom of the screen This PIN is also displayed in the system portal fleet view The user should enter this PIN code when the registration process requires it For Android devices Once the download link is selected the device holder will be presented with this screen The user should check the Active Directory Login checkbox LIE E 9 WENT 10 06 Active Directory Login Login For Android devices Once checked the user will be presented with this screen The user should enter the credentials On completion the device will be enrolled in the INTACT CEM system G Rh aRQSv 241 10 07 Active Directory Login Login PROPERTY OF COMMUNITAKE 2009 2015 29
39. the desired radius in meters in the Radius field for the selected point location Click on Submit Click on Apply 96 n BM TECHNOLOGIES LTD INTACT USER GUIDE VIOLATIONS DRIVEN POLICIES ENFORCEMENT SJ COMMUNITAKE exrenPnise ctmamdemo communitakecom EP Logout XP Passwort Black Ust Requires Apps Catalog GD Backs DAF Pol i cod gt jenera 482 Groups Enforcement 9 cr deme General 00 Demo Groups Stock Camel 7 0 region win Biuetd a CALA region Samsung Sal 0 Classes Dock Factot 0 EMEA region Bock 50 m Bo Wwlgacom 4 Block Noned LJ EMEA Management Mock Tethel EMEA Operations Bock Bock US8 d we Bock Mass 2 g SPAIN Media Lotsati Headquarters Rares 24 The system allows you to enable the enforcement actions once a policy violation occurs 1 Click on Settings on the upper right corner of the screen 2 Click on the General tab 3 Check the Enable Policy Enforcement checkbox 4 Checkthe policies violations events for which you wish to activate enforcement a Blacklist b Whitelist c Password d Rooted 5 Check one or more of the automated actions that will take place once a violation event occurs a Block from Exchang
40. the device user to access the self service device protection features Checking this option will generate a welcome email to the device user for activating his access BYOD This will appear only when the Enable BYOD Privacy is checked in the general settings It prohibits system administrator from viewing the device location the device backups and the on device applications attributes Secure container access This access will allow the device user to access the SharePoint files via the device client This is only available for a Secure Container that is configured in the Settings Email language The selected welcome email language that will be sent to the device user 4 Make sure that the MSISDN email is not used elsewhere in the system DDOD E TV PROPERTY 54 C U OMMUNITAKE TECHNOLOGIES LTD INTACT USER GUIDE 5 Ifa device with the same SIM is used you will be prompted by an alert indicating that the number is in use 6 Click the Add button in the pop up box A PIN code is assigned to the device 7 Thenew device will be added to the devices table under the group that you have selected 8 An SMS is sent to the device with a client download link The assigned PIN code is embedded in the SMS thus ensuring accurate device identification The device must have a valid SIM card in order to receive SMS messages and
41. the first time TO ADD ADMINISTRATORS Select System Users under the Fleet tab Click Add under the Admin users section Define the Display for the user Write the Username the user s email address Select the preferred Language This will define the welcome letter language Click Add ge um X I 71 COMMUNITAKE TECHNOLOGIES LTD INTACT USER GUIDE 5 COMMUNITAKE ENTERPRISE MOBILITY dl ctmdmdemogcommunitakecom amp Administrators Display Name Add new Admin use Sub Admins Display Username Remote Support Users Display Name Username e maill The new administrator will receive a welcome letter that includes links to the device management application and to the remote support application Once the newly added user will activate his account by setting his unique password he will be able to enter the system with his user name email address and the password and perform complete administration tasks TO DELETE ADMINISTRATOR 1 Select System Users under the Fleet tab 2 Select the Administrator you wish to remove 3 Click on Delete user 4 Confirm the action SUB ADMINISTRATORS Sub administrators are additional administrators with lower access privileges who can manage the system Sub administrators can only view policies and configurations but they cannot change them TO ADD SUB ADMINISTRATORS Select Syste
42. which the files will be downloaded mandatory Click on Add to activate procedure p Click Apply when you finish adding all the files TO EDIT AN EXISTING FILE 1 Select the Files distribution tab 2 Click the edit button 9 near the file you wish to edit 3 Change one or more of the following a Update the file by either changing the download URL or uploading a new file You can also switch between the two modes b Update the file name c Update the comment d Change download directory 4 Click Save to save the changes 5 Click Apply to finalize the process and activate the changes Note gt There is a 25 MB size limit for uploading a file to the system Not all edit operations result in the file being re downloaded Ifthe download fails due to on device memory limit the system will attempt to re distribute the file until a successful distribution A n Android the system does not track if the user deleted moved or renamed the file 102 COMMUNITAKE TECHNOLOGIES LTD INTACT USER GUIDE S COMMUNITAKE ENTERPRISE MOBILITY 2 ctmdmdemo communitake com Logout Password Black List Required Apps E Catalog Gd Backup 05 Restrict Android Restrictions f 28 Groups qc Add new file 100 Demo Upload file Edit File name URL Size pla 00 CI Demo Groups 0 region CALA region
43. A Sales Assist v ETHAN KIM 500045980 Miccked Management 7 Assist LJ EMEA Management 4s LJ Operat v AVER Y JOHNSON 5000102 every com avery jo myon 4 liccked EMEA a c Sale v Davids Zopo 972545610101 shames david mai com shames david v Allowed David c J SPAIN v TYLOR LO 500035557 wr com tioro 4 Blocked EMEA Sales 2 Headquarters 1390508054080 E Bocked CALA Operations a EXPORI DATA EXCEL Devices table data can be extracted to an Excel file for further processing 1 Click on the devices group for which you want to export its attributes 2 Click on the More tab 3 Select either to Export Current View or Export Columns 4 Click on Export The requested table will be exported to Excel PROPERTY OF 2009 2015 64 TECHNOLOGIES LTD INTACT USER GUIDE DEVICES TABLE BUSINESS VIEWS S COMMUNITAKE ENTERPRISE ctmamdemo communitake com 482 Groups hd Sul o Be 1 v lof CT Demo Owner Name Number E mail User Domain Username Sell Service SharePoint Grow P PIN code 05 00 CT Demo Groups i ded j 1 d region i loon uren v QJ CALA region T v Q J Classes i e bi ison toma v EMEA region i topher king wi
44. Browser Control policy state is always active by your definitions However you can selectively activate the policy by a specific time of day and week In this time period and only at this time period the Browser Control policy will be viable This definition provides you with the flexibility to activate productivity enforcement during work hours for example To define time driven Browser Control policy 1 Define Browser Control policy Click on the Change link near the Policy is always active Select Time in the pop up Select the start time and the end time in hours and minutes Select the days of the week Select the time zone Click on Submit Verify that your selection summary appears on the upper policies bar Click on Change near the summary if you wish to alter it ur eS GM p Click on Apply ACTIVATE BROWSER CONTROL BY LOCATION The default Browser Control policy state is always active by your definitions However you can selectively activate the policy by a specific device location In this location and only at this location the Browser Control policy will be viable This definition provides you with the flexibility to activate productivity enforcement when on the organization premise for example To define location driven Browser Control policy 1 Define Browser Control policy 2 Click on the Change link near the Policy is always active 3 Select Location in the pop up 4 You defin
45. D INTACT USER GUIDE S COMIMUNITAKE enteres Lc imos iitake com Logout TO RESTORE DEVICE DATA Restoring device data allows you to restore backed up data from one device to another device 1 Select the group to which the device is assigned 2 Click once on the device line in the devices table 3 Click on the Backup tab 4 Select the required backup from the Available Backups under Restore Data 5 Click on the Restore button The backed up data will be restored on the device in context Important Restore can generate duplicated Contacts and Messages Different devices support different contact attributes Contacts might be slightly altered and may lose parameters if restored to a different device A user can restore data to a new device If the user has a new device in the system defined for him replacing a previous device then the restore data procedure can be apply to the new device thus transforming previous device data to the new device EXCHANGE ACTIVESYNC POLICY Exchange ActiveSync settings enable to block or allow a device to access the Exchange server MANAGE EXCHANGE ACTIVESYNC POLICY 1 Click ActiveSync Policy 2 Ifthe device is not automatically detected in the Exchange a Enter the email which is defined on the device and click Show devices for this email b Select the device from the list 3 The current status of the device in the Exch
46. EY Po eeu aO Eaa Ne ee EE YE ER ERR Vea PNE UE 24 TO CONFIG RE SECURE EMAIL tae eati the hoa eee re teat utet ro oer cabra ues 24 SVS TEM ALERTS criei o 24 TOSEND SYSTEM ALERTS E E 24 GETTING STARTED FOR DEVICE USERS irri a EERE AEE NE 26 INTACT APPLICATION INSTALLATION cc ssccccccsccsscscsedceansessseucessacccessncbgecsocessacseciqenegscsesedssabecssseasedcaeneds 26 SIUS TIT Ep E 26 SEEFSREGISTRATIOTGI auti end ped cos 29 GLOBAL ENROLLMENT VIA PIN CODES teet Ert Et Eee Ege ot eid oe T ee 30 SECURE COMMUNICATIONS FOR DEVICE 5 31 SECURE VOICE CALLS SUSER EXPERIENCE 2 2 ere o entender da adeb a ette dee edet eges 31 TOACHVATE SECURE VOICE CALES e aaepe loll ps Su nave bu etapa ld satis n Drame n 31 SECURE MESSAGING USER EXPERIENCE oer 36 TOACTHVATE SECURE MESSAGING ete eec oat let nre oed al ende 37 PO ACCESS TEE CONTAINER Fee anite onto feta ub or auia 41 FO ACCESS A VIA THE DEVICE OPER eub eed ined a pee reo treo 42 SYSTEM DASHBOARD e 44 DASHBOARD DATA AND KEY PERFORMANCE INDICATORS
47. File and select the file you wish to upload The file source should be a PNG file 5 delete the file click on the clear icon near its name 6 Enter Comment optional Note that this comment will be displayed only in the web portal 7 Enter the Download to directory location to which the files will be downloaded mandatory 8 Click Apply when you finish adding all the files ADD ICONS 1 Select the screen tab 2 Under Icons click on the add button to add an icon 3 Enter the App ID mandatory 4 Enter Comment optional 5 Click Add 6 Check the checkbox near the icons that you wish to add 7 Click Apply 8 Todelete an icon check the checkbox near its name 9 Click on the minus button 10 Click on Delete ADD BOOKMARKS WEB CLIPS m SS D Ag e e N m Select the Home screen tab Under Bookmarks Web clips click on the add button to add a bookmark Enter the bookmark s name mandatory Enter the bookmark s URL mandatory Enter Comment optional Note that this comment will be displayed only in the web portal Upload a file for the bookmark s icon optional Click Add Check the checkbox near the icons that you wish to add Click Apply To delete a bookmark check the checkbox near its name Click on the minus button Click on Delete 104 COMMUNITAKE TECHNOLOGIES
48. GIES LTD INTACT USER GUIDE 10 Oncethe voice call is established you will see an active interface indicating the recipient s name call duration and call management icons m Enterprise Mobility liat lg g3 liattester 9 gmail com 0 16 11 You pause the voice dialog by clicking on the Pause icon Once selected the Pause icon will be marked Click the Pause icon again to return to the call m Enterprise Mobility liat lg g3 liattester 9 gmail com 0 28 12 Once in pause mode the recipient s device will show the session s pause status Call Paused PROPERTY OF COMMUNITAKE 2009 2015 34 COMMUNITAKE TECHNOLOGIES LTD INTACT USER GUIDE 13 You can mute yourself by clicking on the Mute icon Once clicked the Mute icon will be marked Clicking it again will release the mute state Enterprise Mobility liat lg g3 liattester 9 gmail com 0 48 14 You can turn on the speakerphone and speak through it Selecting the speakerphone will mark the speakerphone icon Clicking it again will cancel the speakerphone function Enterprise Mobility liat lg g3 liattester 9 gmail com 0 25 15 You can end the call by clicking on the End call icon PROPERTY OF COMMUNITAKE 2009 2015 45 16 You can see the entire previous call log Click on the Call log tab It will present you with the previous calls contacts Yo
49. IES LTD INTACT USER GUIDE EXPENSE CONTROL The Expense Control module allows the user to monitor usage across the enterprise s devices that are enrolled in the system Usage monitoring is governed by two factors 1 Enterprise s groups as defined in the system 2 Theusage plans that are defined in the system and that are associated to groups A device usage will be examined in accordance to its group s plan USAGE PLANS Usage plans are set in the system by the user MANGE USAGE PLANS TO ADD A NEW PLAN 1 Click on the Expense tab 2 Click on the near the Add plan 3 Enter the plan name 4 Click Submit S COMMUNITAKE ENTERPRISE MOBILITY ctmamdemo communitakecom Loa Plans Info Add New Plan Rac TO REMOVE AN EXISTING PLAN 1 Click on the Expense tab 2 Click on the minus sign near the plan you wish to remove 3 Click Submit PROPERTY OF COMMUNITAKE 2009 2015 107 TO DEFINE PLAN ATTRIBUTES You can allocate usage parameters to a new plan or amend usage parameters to an existing plan 8 COMMUNITAKE ENTERPRISE MOBILITY dl ctmdmdemo communitake com Logout Data Plan Data Plan Supported usage parameters by mobile operating system Usage Parameter Android iOS Call In Seconds Yes No Call Out Seconds Yes No Data KB Yes Yes SMS Out Yes No Roaming Call in Seconds Yes No Roaming Call out Seconds Yes No Roamin
50. KE ENTERPRISE MOBIUTY dl ctmamdemo communitakecom amp cc s 10 Groups Y Bg 5 fe Demo Owner Name Number Emait User Domain Username Self Service SharePoint Group PIN code LI Remote Control Asset L3 ES ba ba Ba FS EH LE m m mm E DE ww gt To select a filtered table view by column parameter 1 Select the devices group 2 Click on the magnify glass icon to the left of the desired column heading 3 Select the parameter from the drop down list or write your search item Search is case sensitive 4 The table view will be changed in real time showing only the devices by the selected parameter 5 Click on the refresh icon or close the filter to resume the original table view 6 Click on the small arrows near the column headline to sort the column data by descending and ascending order The table parameters filtering options are as follow Parameter Device Owner Name Phone number User name Self service access PIN code Group Device vendor Device Model Last seen Last backup Password policy status OS OS version Firmware version Client version Rooted Country Roaming IMEI IMSI Required Apps Violation Whitelist Violations Blacklist Violations Wi Fi violations Exchange violations VPN violations Filter A specific or partial name A specific or partial number A specific or partial name Yes
51. LJ Belgacom gt EMEA Management EMEA Operations EMEA Sales gt SPAIN Headquarters we Human Resource m ENFORCEMENT OF WHITELIST APPLICATIONS The system administrator is notified through the violation status in the devices table A notification is displayed in the devices notification center prompting the device holder to uninstall the not allowed application The device holder is blocked from using applications that were not defined as allowed The system will kill any not allowed application from running The prohibited application should be manually removed by the device holder This can be done either by clicking the notification On Samsung SAFE and Android Enhanced devices applications which are not part of the whitelist will be silently uninstalled CATALOG POLICY Catalog policy defines on device recommended applications which the business wishes to have on the devices but does not enforce their presence These applications will be presented in an enterprise applications catalog from which users will be able to download and install the applications Defining the recommended application is done in a similar way to defining mandatory applications PROPERTY OF COMMUNITAKE 2009 2015 87 COMMUNITAKE TECHNOLOGIES LTD INTACT USER GUIDE 3 COMMUNITAKE ENTERPRISE MOBILITY dl omerb communitake com Y Logout joard lee AP Password
52. LTD INTACT USER GUIDE LAUNCHER The Launcher policy allows you to the lock the use of the device to only specified services By default the launcher will show applications defined via the Android s whitelist module and applications installed from the internal enterprise catalog The device settings application will also be only available via the Launcher s menu You can choose to add more common applications gt Phone gt Messaging Email gt CommuniTake s Enterprise Mobility applications Enterprise Mobility Secure browser Secure messaging and the enterprise store 3 COMMUNITAKE ENTERPRISE MOBILITY 2 noam communitake com 7 Logout ORO i Dashboard Configurations Of Noam MDM application TO DEFINE LAUNCHER 1 2 3 4 5 Select the Launcher tab Inherit is the default state Change the inheritance status to Adopt or Enable Check the Launcher s checkbox Check the desired launcher s services Phone Messages Email MDM Applications Click Apply PROPERTY OF COMMUNITAKE 2009 2015 105 COMMUNITAKE TECHNOLOGIES LTD INTACT USER GUIDE Once defined the device holder will be required to complete the action when trying to access device services FRA 11 41 AM SS 5 Enterprise Easy Launcher Mobility TouchWiz Always Just once PROPERTY OF 2009 2015 106 COMMUNITAKE TECHNOLOG
53. M m CT Demo Device functionality gt 00 CT Demo Groups T Block installing apps region Block use from using camera CALA region Block FaceTime am Block Se 1 Captu gt Classes Block matic Sync while Roaming ae EMEA region Block Sir LJ Headquarters e dialing aa In App Purcha North America region Do not Force user to enter iTunes Store password for all purchases Planex Argentina Block multiplayer gaming Sales Italy Block user from adding Game Center frends 2 v Ea e vi The iOS restrictions module allows you to limit user s access to services Optional configuration for iOS restrictions Device functionality gt A Allow installing apps gt A Allow use of camera o Allow FaceTime gt A Allow Screen Capture A Allow Automatic Sync while Roaming gt A Allow Siri gt A Allow voice dialing gt A Allow In App Purchase gt Force user to enter iTunes Store password for all purchases gt A Allow multiplayer gaming gt A Allow adding Game Center friends Applications gt A Allow use of Youtube gt A Allow use of iTunes store gt A Allows use of Safari o Enable autofill o Force fraud warning o A Allow JavaScript o Allow pop ups gt Accept Cookies Never From visited sites Always gt A Allow user to use Passbook while device is locked PROPERTY OF COMMUNITAKE 2009 2015 90 iCloud 7 Allow user to use GameCenter Allow user to use Bookstore Allow user to
54. MUNITAKE FIRMWARE DEVICE RESTRICTIONS 3 COMMUNITAKE ENTERPRISE MOBILITY noamG communitake com 7 Logout B v P Password 9 Black List 9 Required Apps e Catalog G gt Backup iOS Restrictions trol Ei File Distribut int H Er L h se roups qc Disable Policy is always active Change Edit Password of Noam General v Sales Samsung Safe peration Secure Firmware CALA Sales Management Mobile Data atio App Installation Masses Password Supported JSE EMEA Sal Password Supported M Has General Signed Devices Only Optional configuration for dedicated ROM that can be provided as part of the deployment Block SMS Mobile Data Block Voice Calls A Applications installation allow allow with password block USB access allow allow but with password block PROPERTY OF COMMUNITAKE 2009 2015 94 COMMUNITAKE TECHNOLOGIES LTD INTACT USER GUIDE ANDROID ENHANCED DEVICE RESTRICTIONS 3 COMMUNITAKE ENTERPRISE MOBILITY 2 noam communitake com 7 Logout Dashboard Fleet Expenses Configurations alog ack 1 Restrictions ON Cc Hon screen L se roups Disable Policy is always active Change Edit Password Of Noam General v Sales Samsung Safe gt CALA Sales Secure Firmware 1255 General Signed Devices Only 5 5 paming Always on 7 Unknown Sourc
55. Periodic Sync for periodic updates Define the Periodic Sync Interval in hours Define if you want the device to be deleted from the system when its owner is deleted from the LDAP Otherwise the device will remain attached to the group 2 defined click on Save Configurations 3 Click Choose Groups to import to select which groups to import a You will be presented with the groups that are currently available for import from the LDAP the default is to import all Select the groups that you wish to import into the system Please note that if a child group is selected its parent group will also be selected Click Import to initiate the import process The process will import the selected groups and all their valid users A valid user is a user that has an email address The status of the import process is displayed in the top right corner During the import process all the LDAP groups are locked and cannot be accessed 4 Click on Import Users Only if you wish to refresh the users in the groups that were imported The status of the import process is displayed in the top right corner During the import process all LDAP groups are locked and cannot be accessed 5 Click on Test Connection if you wish to verify proper connection without an actual population of the system groups The end result of this process is a group structure and their allocated users present in the system All
56. RPIUSE MOBILITY ci m m emogicommunitakecom LOCATE DEVICE VIA ALARM 1 Select the group to which the device is assigned 2 Click once on the device line in the devices table 3 Click on the Location button 4 Amap with device location indicator will be presented This is the current location as perceived by the system 5 Click on the Sound Alarm Button for activating an alarm even if the device in on silent 6 Click on Send message for sending SMS or SMS amp Email to the device 8 COMMUNITAKE ENTERPRISE MOBIUTY dl ct mdm emogcommunitake com Important You can activate the device alarm from afar even if the device is set to silent mode 2015 119 COMMUNITAKE TECHNOLOGIES LTD INTACT USER GUIDE LOCK THE DEVICE Locking a device from afar will require from the device holder to enter a set password prior to operating it Lock device features Feature Description Lock device Lock with the current device password If exists Locks the device with the password that was defined Or Set New Password Set lock password Defines the password for the lock without activating the lock Clear on device password Clears the on device password that is used to lock the device TO LOCK A DEVICE 1 Select the group to which the device is assigned 2 Click once on the device line in the dev
57. RPRISE MOBILITY 2 ctmdmdemo communitakecom Logout Add EN 102 Groups include Sub Groups m oj CT Demo D Owner Name 2 Number Email 00 CT Demo Groups noam 97254551551 Device Owner Name Undefined 4151831 Once added the system automatically sends an SMS invite containing a download link to install the INTACT CEM application PROPERTY OF COMMUNITAKE 2009 2015 26 COMMUNITAKE TECHNOLOGIES LTD INTACT USER GUIDE The device holder should open the SMS install the INTACT CEM application and follow the directives during the installation Open the SMS E 46737494533 CommuniTake Device Management https mydevice communitake com d PIN 41518310 amp cid communitake amp type mydevice 160 1 Click Accept You may be presented with a PIN code screen at first launch Enterprise Mobility Device amp app history Identity Contacts Calendar Location SMS Phone Photos Media Files Camera Microphone Wi Fi connection information Device ID amp call information ACCEPT Download starts automatically ps mydevice communitake com 2 Your browser will now be redirected to the download link To go there now click the following link Download Link Downloading 6 Enterprise Mobility Click Install Saving screenshot 1 Enterprise Mobility o Enterprise Mobility P CommuniTake Technologi
58. Regardless of a successful backup PROPERTY OF COMMUNITAKE 2009 2015 121 COMMUNITAKE TECHNOLOGIES LTD INTACT USER GUIDE COMMUNITAKE ENTERPRISE MOBILITY 5 ctmdmdemo communitakecom Logout The page at https mydevice communitake c Enterprise Wipe v Activesync Policy Secure Container 200065380 ACTIVATE A COMPLETE WIPE 1 Select the group to which the device is assigned 2 Click once on the device line in the devices table 3 Click on the Security button 4 Check the Complete Wipe Factory Reset checkbox 5 Check a backup before wipe checkboxes by your preference Checking the Backup checkbox will require a complete successful backup prior to on device data wipe Checking Wipe regardless of backup errors will activate a wipe even if the back was not completed successfully 6 Clickthe Wipe Now button Important Not all the devices support Factory Reset Factory Reset also deletes the SD card data Factory Reset status might not be updated when the device goes through a reset process This is driven by the fact that at times the device reboots before it manages sending back the reset status PROPERTY OF 2009 2015 122 COMMUNITAKE TECHNOLOGIES LTD INTACT USER GUIDE ACTIVATE A SELECTIVE WIPE S COMMUNITAKE ENTERPRISE MOBILITY dl ctmamdemo communitake com Logout Select the g
59. Secure Container password to log in For a first time activation use the password that was sent to you in the welcome email You will be prompted to define your own password Your password will serve you in the following secure phone sessions Once opened you will be directed to the PhoneBook tab Select the contact with whom you wish to communicate from the contacts list Note that this list contains only enrolled device holders It is not your generic contacts list 6 C C C y C uw lt gt 7123 3 3 3 5 3 3 5 5315 If needed you can search for the contact name via the search function 01 tT 06 gt IE IKS Pi 1 tT 1 gt dt d 50 2009 2015 32 COMMUNITAKE TECHNOLOGIES LTD INTACT USER GUIDE 7 Once selected the system will initiate the registration to the voice server and will ring the recipient Registering with the voice server Please hold while registering with the voice server 8 You will hear the ringing voice while waiting for the recipient to respond to the call les Saving screenshot m Enterprise Mobility liat Ig 93 liattester 9 gmail com 9 the recipient answers the call the system initiates the encryption phase Call Encryption Please hold while a secured voice conversation is established Cancel PROPERTY OF COMMUNITAKE 2009 2015 3 COMMUNITAKE TECHNOLO
60. Wizard f lof Demo Owner Name Beni ierat Group PIN code 05 Remote Contro 1 0 00 Demo Groups M i En Ms play Name the ma name erat 0 region efine d CALA region REN 1 iA Ma Classes CSV format a m 1516 Name Attached User Domain Username Self ice t d EMEA region P B EMEA Management lt f Er i Chek here to download an empty Excel template f Operat EMEA Sale QJ SPAIN QJ Headquarters 5 Select Bulk Upload in the dropdown list 6 Download the Excel file template 7 Populate the Excel file with details by the template Make sure to build this file in the right order Align the data to the upper left corner of the spreadsheet 8 Upload the file with the device holders details 9 Click on Next 10 Once uploaded the system verifies that the file is in the proper structure 11 Click on Next 12 The system provides view of details and upload status Verify completion for the new devices 13 Click Close REMOVE A DEVICE 1 Click on the group from which you wish to delete a device 2 Select the device or devices to be deleted in the table 3 Click on the Remove button you must select a device to see this button 4 device will be deleted from the system and from the table PROPERTY OF COMMUNITAKE 2009 2015 57 COMMUNITAKE TECHNOLOGIES LTD INTACT USER GUIDE 5 The device will disp
61. Y omerb communitake com v o Logout P Password Black List i Required Apps E Catalog Backup 53 iOS Restrictions A x sn ia Distrib Add Required App 48 Groups Enable Android a OS Android Df Meow Name 80 Required Applications Upload a file Play stc u G9 Mew2 Edit Name URL File Redemption Code Comment TestToolapk Id Application Ver TO DEFINE MANDATORY APPLICATIONS 1 Select the Required Apps tab 2 Click on the Add button 3 Enter the application name 4 Select the application OS 5 Select the application version Optional a In Android enter the application s version code 6 Define with the slider the OS versions for which the installation should occur 7 Enter the application ID 8 Add comments 9 Enter the application URL or upload the application file 10 Click Add 11 Click on the edit icon near the app for corrections once required 9 Note When adding required apps the system automatically detects the ID and the version number for Android APKs uploaded to the system The system automatically detects ID from the Google Play links or from the iOS App Store links ADDING REQUIRED IOS APPLICATIONS When adding an iOS application the system allows you to pass additional parameters as follows System parameters UDID Wi Fi MAC Bluetooth MAC Ethernet MAC MSISDN IMEI and IMSI A User defined static values such as server to connect with PIN code and
62. access Erotica in Bookstore Allow backup Allow document sync Allow Photo Stream disallowing can cause data loss Security and Privacy 7 7 d Allow diagnostic data to be sent to Apple Allow user to accept untrusted TLS certificates Force encrypted backups iOS 7 restrictions 7 7 Block Account Modification Block Air Drop Block App Cellular Data Modification Block Assistant User Generated Content Block Find My Friends Modification Block Fingerprint For Unlock Block Host Pairing Block Lock Screen Control Center Block Lock Screen Notifications View Block Lock Screen Today View Block Open From Managed To Unmanaged Block Open From Unmanaged To Managed Block OTA PKI Updated Do Not Force Limit Ad Tracking To define iOS restrictions 1 Select the devices group for which you wish to define iOS restrictions 2 Click on the Policies tab 3 Click on the iOS Restrictions tab 4 Select the heritage behavior 5 Check the required restrictions 6 Click on Apply Important The implication of activating a restriction for example disabling the camera will cause the camera application to disappear from the device 9 COMMUNITAKE TECHNOLOGIES LTD INTACT USER GUIDE ADDING ANDROID RESTRICTIONS CONFIGURATION 3 COMMUNITAKE ENTERPRISE MOBILITY d noamG communitake com 2 Logout P Password 6 Black List 8 Required Apps i E Catalog G gt Backup iOS Restrictions trol File Distribut
63. ain components that facilitate system operation On device client cloud based server User Interface UI The solution can also contain a custom firmware and hardened device based on the specific deployment Two processes occur when an on device client is properly installed on a device 1 The on device client publishes the device s Mobile Device Management related capabilities to the cloud based server These capabilities will vary as different OSs support different capabilities 2 The system will automatically alter the Graphical User Interface GUI to allow each device to show its specific supported features as operational components in the system UI For this reason not all operations are available in the UI for some devices Based on policies settings and other actions taken by users of the system the UI creates tasks for the device and generates requests for push notifications to be sent to the device When the push notification reaches the device the device will connect to the cloud services and it will read and perform the next task in line The speed in which a device will perform a task is directly related to the speed in which it receives push notifications Furthermore a device with no SIM card or an Android device that is not registered will not receive any push notifications The device client handles requests one at a time If a device has received a task that requires fulfillment time Get location for exampl
64. ange server is displayed 4 Seta new status by selecting the required status radio button PROPERTY OF COMMUNITAKE 2009 2015 126 COMMUNITAKE TECHNOLOGIES LTD INTACT USER GUIDE Important The device must try to connect to the Exchange server at least once before its status can be set If a device has more than one Exchange email account the status will be set for all the email accounts DIAGNOSTICS Device diagnostics provides insights on the device hardware software and connectivity parameters It can provide an initial directive to problems or drivers for malfunctions S COMIMUNITAKE ENTERPRISE o E E Diagnostics Criteria Description Device vendor Device manufacture name Device ID A unique identifier for the device The device ID is used when accessing the Enterprise Mobility database and other device management services Device model family The family of manufacture models to which the device is related IMEI The International Mobile Equipment Identity is a unique number identifying GSM WCDMA iDEN and some satellite phones The IMEI number is used by the GSM network to identify valid devices IMSI An International Mobile Subscriber Identity is a unique number associated with all GSM and UMTS network mobile phone users It is stored in the SIM inside the phone and is sent by the phone to the network Operating system version The version of the system that runs the
65. bal enrollment process is only applicable to Android devices 30 COMMUNITAKE TECHNOLOGIES LTD INTACT USER GUIDE SECURE COMMUNICATIONS FOR DEVICE USERS a 4 Enterprise Mobility COMMUNITAKE E 5 bm o o Required Blacklist History Messaging Secure Phone SECURE VOICE CALLS USER EXPERIENCE Once Secure Phone is defined in the system by the administrator all enrolled devices can have access to it The secure voice calls are performed in the Enterprise Mobility client via the system The voice communication is always encrypted since the conversation is performed via the Enterprise Mobility server The Secure Phone module requires an access password and encrypts all the in client voice calls thus adding another security layer The Secure Phone icon will appear as part of the on device Enterprise Mobility application TO ACTIVATE SECURE VOICE CALLS You can initiate a conversation with other enrolled users or continue an existing conversation Secure voice calls are only applicable to Android devices To activate secure voice calls perform the following 1 Click on the Enterprise Mobility icon o 2 Click on the Secure Phone icon PROPERTY OE COMMIINITAKE 2119 2145 PROPERTY OF 2009 2015 3 COMMUNITAKE TECHNOLOGIES LTD INTACT USER GUIDE Key in your
66. ber indicated in the devices table 7 Proactively guide the device holder how to install the remote support client 8 the client is installed and the device holder has approved the terms of use the remote takeover will take place 9 end of the remote support session disconnect from the device by clicking the disconnect icon in the remote support application PROPERTY OF COMMUNITAKE 2009 2015 113 10 CONFIGURATIONS The system enables four configuration setting 1 2 3 Exchange ActiveSync Wi Fi VPN SETTING CONFIGURATIONS Setting a configuration is performed using the same flow for all configurations 1 2 m Moo Select the Configurations tab Select the configuration type out of the options Exchange ActiveSync Wi Fi iOS restrictions VPN The system indicates the mobile OSs for which the configuration is valid Click on the plus icon near the Add configuration Define the Configuration name in the Add new configuration box Click on Submit Define the configuration parameters as presented for the configuration type Make sure to define the mandatory parameters marked in Under the Attach Groups click on Manage Select the groups for which you wish to deploy the configuration Click on Apply 114 COMMUNITAKE TECHNOLOGIES LTD INTACT USER GUIDE ADDING EXCHANGE ACTIVESYNC CONFIGURATION S COMMUNITAKE ENTERPRISE 181 Configurations
67. business administrators with equal administration rights Please see the System Users module under the tab GENERAL SETTINGS ENTERPRISE MOBILITY ctmdmdemo communitake com M o Logout iOS LDAP Exchange Secure Container Policies Alerts PIN code Df CT Demo 0 00 CT Demo Groups 48 P PINcode 2 05 2 2 Remote Control 202 Groups Device connection interval Minutes 120 Default Y N Int region CALA region t Removal Interval Hours 168 0 Classes 0 region M 0 Headquarters bl Human Resources Discard Finance Management M 0 North America region NA Management NA Operations The General Settings area allows you to define generic connection and enforcement settings that will apply for all the devices that are defined in the system Q PROPERTY OF COMMUNITAKE 2009 2015 11 The General Settings tab provides you with the flexibility to define system behavior in the following areas J General connection intervals gt A Usage collection enablement disablement gt Violations driven policies enforcement gt Actions on SIM change gt Actions on Device Administrator removal GENERAL CONNECTION INTERVALS General connection intervals between the cloud service and device include the following Parameter Description Default Device connection interval The time i
68. city location as the starting point Navigate to the desired location and click on on the map The latitude and the Longitude fields will be populated in accordance ii Define the desired radius in meters in the Radius field for the selected point location 5 Click on Submit 6 Click on Apply Important The system by its nature is not a real time system and it depends on the data transmitted by the devices to the cloud service As such you may not see immediately all the applications that reside across all the enrolled devices once you log in to the system To view all these applications log out and log in again to refresh this view and create a more up to date PROPERTY OF COMMUNITAKE 2009 2015 Q2 applications list Applications are managed by OS Make sure to define the applications per OS Blacklist policy by time and location is valid only to Android devices You can define Blacklist viability by location or by time not by both ENFORCEMENT OF PROHIBITED APPLICATIONS Once an application is defined as a prohibited application the policy enforcement varies by the mobile OS OS Blacklist enforcement Android The system administrator is notified through the violation status in the devices table For Android Enhanced devices devices for which CommuniTake has enhanced management capabilities and Samsung SAFE devices the application will be automatically removed This is applicabl
69. code 482 Groups Y oj CT Demo o0 CT Demo Groups APAC region CALA region Classes EMEA region Headquarters North America region GRANT A DEVICE ACCESS TO THE CONTAINER 4 Messaging w Messaging Support w Protect the messaging inside wos SharePoint f gt v Save Discard EH 1 70 0 70 bword Policy Policy Enforcement irating Systems 1 Check the Secure Container checkbox when adding a device to the Enterprise Mobility You can define access after device enrollment via the Edit function in the devices table 2 TheEnterprise Mobility generates a random one time password to access the container 3 Enable container access message is sent to the device along with an initial password 4 The Enterprise Mobility sends a welcome to container email to device owner which includes the first time password 5 The device holder launches the Enterprise Mobility application on his device 6 The device holder is prompted to enter the first time password and to select new password Container Login IY KAES BIUVA Set new container password Minimum length 8 Password must include at least two capital letters or special characters Confirm 20 COMMUNITAKE TEC aes Nes V VIX N Al u 1 The device holder is prompted to enter his SharePoint credentials Enter your Sharepoint Credentials
70. conforming to the philosophy by which the enterprise regards its employees mobile experience The system allows the following policies 1 Password policy enforcement of on device password in accordance to the OS capabilities IOS restrictions Ee ct M x o Android restrictions PASSWORD POLICY Blacklist Applications policy enforcement of on device prohibited applications Required Applications policy enforcement of on device mandatory applications Whitelist Applications policy enforcement of on device allowed applications Recommended Applications policy recommended on device applications Backup policy periodic backup of on device contacts and messages A password policy defines the following attributes Feature Inherit policy Enable Minimum password length History length How many days between changing passwords Number of failed attempts before wiping the device How long before the device locks seconds Complex policy Description Automatically implements the parent group password policy on the selected group Enable disable the password policy The minimum characters number for setting a password How many former passwords the system will remember and deny reuse The number of days after which the device holder will be required to change the password Number of failed attempts before the device will undergo a factory reset deleting all its data How many seconds of device inac
71. ctivate secure messaging perform the following 1 Clickon the Enterprise Mobility icon o 2 Click on Secure Messaging icon 225 3 your Secure Container password to log in For a first time activation use the password that was sent to you in the welcome email You will be prompted to define your own password Your password will serve you in the following messaging sessions 4 Select the contact with whom you wish to communicate from the contacts list Note that this list contains only enrolled device holders It is not your generic contacts list 5 Messaging Anibal 3 Anibal A 3 Keren 3 Luiz S 3 Udi 21 Udi Nx5 Vito 21 Zeev S 3 Ziv Gabel 3 5 f needed you can search for contact name the search function CHARLES CHU CHARLES charles lai bb1 con RICHARD DHILLON richard dhillon bb1 com RICHARD MA richard ma bb1 com qwertyui 1 gt bL ng 1 dg ll 1 M Q 6 Click on the contact name DD C CY A N A 1 NIIT A K S NUPEN Y OF GUIVIIVI U LN 37 COMMUNITAKE TECHNOLOGIES LTD INTACT USER GUIDE 7 your message CHARLES LAI X 18 16 58 19 08 2014 Hello need your help with the order a BE ON NE 1 1 gt ft Z X CV BNM 2123 A MEE 8 Click on the send icon 9 When logged in in the messaging m
72. d to select the upper group representing the entire enterprise for generic actions that need to take place across the organization PROPERTY OF COMMUNITAKE 2009 2015 49 COMMUNITAKE TECHNOLOGIES LTD INTACT USER GUIDE Important Tip Important C A Group s hierarchical location has significance since it is possible to indicate an inheritance mechanism for policies This mechanism activates on the child group the same policy as defined for its parent group Make sure to locate groups under the proper parent group through which you want to define identical policies The triangle on the left side of the group name appears when it is a parent group that has child groups No such triangle will appear if it is a group with no child groups Clicking on this Triangle will display all the child groups connected to the parent group Business groups represent logical clusters of devices that have similar policies but differentiated policies as compared to other groups As an initial step it is highly recommended to carefully and thoughtfully build the business structure and allocate the policies to each and every group and only then add the devices to the groups CREATE A GROUP 1 Click on the group for which you want to create a child group 2 Click on Group button 3 A pop up box appears for entering the new group name Enter the new gro
73. e this is only available if the Exchange server is properly configured b Lock the device with a password Android only c Enterprise Wipe d Block secure file container access 6 Define the grace period in days for the enforcement activation The default time is set to 0 97 SICOMMUNITAKE ENTERPRISE MOBILITY ctmdmdemo communitake com Logout 28 Groups T Policy Enforcement v P oj CT Demo General Action on SIM Char ge 0 00 Demo Groups Block Camel v 0 region Block Wifi Bluet region Samsung Sal 0 Classes Block Factot M 0 region Block 50 Settim LJ Belgacom 4 LJ EMEA Management Block Tethel ry EMEA Operations Block Cellulj Block 058 0 D EMEA Sales Block Mass f gt LJ SPAIN Block Media Cose Locatii M 0 Headquarters Rinrk F Mail Finance Human Resources LE For action on SIM Change event 1 Check the Enable action on SIM change checkbox 2 Enable one of the following actions once the device SIM card is changed a Lock device with password Android only b Factory Reset c Enterprise Wipe 3 Click Submit 3 COMMUNITAKE ENTERPRISE MOBILITY noamQcommunitake com M o Logout fu j Pp Password k Black List 8 Required Apps le g ze Groups e Policy Enforcement Actio
74. e and immediately afterward the user issues a backup request the backup will not start until the first task finishes and the device connects to the server to get the next one in line If the client is not properly installed on the device the device will not publish its actual capabilities to the cloud service In such a case the cloud service will not be able to properly perform requests INTACT is not designed to perform live no latency changes on multiple devices Requests are published to the device as push notifications via a 3rd party service Whereas the system usually performs immediately there are times that it might take a few minutes for requests and their driven changes to propagate to the devices 10 COMMUNITAKE TECHNOLOGIES LTD INTACT USER GUIDE ACTIVATING YOUR ACCOUNT Click on the Activate Account link in the welcome email you have received from us You will be directed to a login page Your user name has been defined to be your email address Define your password to the INTACT s Enterprise Mobility Management EMM Usernames and passwords in INTACT EMM are case sensitive po omm Click the Login button User name Password Login Forgot my password By entering I accept the Terms of use Once you are logged in you will be directed to the system dashboard Important The system allows you to add several
75. e Fleet tab Click Add under the Remote Support users section Define the Display for the user 2 3 4 Write the Username the user s email address 5 Select the preferred Language This will define the welcome letter language 6 Click Add PROPERTY OF COMMUNITAKE 2009 2015 73 COMMUNITAKE TECHNOLOGIES LTD INTACT USER GUIDE SJCOMMUNITAKE ENTERPRISE momuTY ctmamdemo communitake com Administrators Display Name Username e mati Sub Admins Display Name Remote Support Users Display Name Username e maill The new Remote Support user will receive a welcome letter that includes a link to the remote support application Once the newly added user will activate his account by setting his unique password he will be able to enter the system with his user name email address and the password and perform complete remote support tasks TO DELETE REMOTE SUPPORT USER 1 Select System Users under the Fleet tab 2 Select the Remote Support user you wish to remove 3 Click on Delete user 4 Confirm the action Tip You cannot delete yourself as an administrator You can remove only other administrators Tip Both the administrator and the Remote Support user can also be device owners You should simply put in their usernames when adding their device to a group PROPERTY OF COMMUNITAKE 2009 2015 74 POLICIES Device management policies are courses of action and procedures
76. e Always on Always block Android Enhanced devices are devices for which CommuniTake has obtained improved management capabilities This is applicable for most LG HTC and the newest Sony devices Optional configuration for Android Enhanced devices Block GPS J Roaming Always on Always block No policy Unknown sources Always on Always block No policy Block USB Debug Block Airplane Mode A Mobile Data Always on Always block No policy TO DEFINE ANDROID RESTRICTIONS Select the devices group for which you wish to define Android restrictions Click on the Policies tab Click on the Android Restrictions tab Select the heritage behavior Select the restrictions by the Android device type Check the required restrictions and define the passwords once required Doom wm PY Click on Apply For Samsung SAFE enabled devices the Android restrictions are implemented via the SAFE services PROPERTY OF COMMUNITAKE 2009 2015 95 TO DEFINE ANDROID RESTRICTION BY TIME The default Android Restrictions policy state is always active by your definitions However you can selectively activate the policy by a specific time of day and week In this time period and only at this time period the Android Restrictions policy will be viable This definition provides you with the flexibility to activate security restrictions that are viable to work hours for example To define time driven Android
77. e device alarm from afar gt Lock the device with or without a password gt Wipe on device data gt and restore on device data The system user can navigate to these features by clicking on the selected device from the devices table under the Fleet tab LOCATE THE DEVICE There are two ways to locate a device on map position and via activating its alarm Based on your country s regulation you may or may not be able to track other users devices LOCATE DEVICE POSITION ON A MAP Select the group to which the device is assigned Click once on the device line in the devices table Click on the Location button E map with device location indicator will be presented This is the last known location as perceived by the system based on the level of accuracy that the device itself achieves either via GPS location or via nearest cell location 5 Click the Update Location button if you wish to see the device s current location after a time shift PROPERTY OF 2009 2015 118 TECHNOLOGIES LTD INTACT USER GUIDE Important Push notifications in iOS devices do not wakeup the application without the user consent If the user doesn t click on the notification the action will only be performed when the device wakes up the app in the background It may take a while for this to happen ENTE
78. e for most Samsung LG and HTC devices For non Android Enhanced devices a notification is displayed in the devices notification center prompting the device holder to uninstall the application The device holder is blocked from using the application The application should be manually removed by the device holder This can be done either by clicking the notification or by clicking the application inside the MDM application under Blacklist Status For Samsung SAFE enabled devices the prohibited applications will be silently uninstalled iOS The system administrator is notified through the violation status in the devices table The application should be manually removed by the device holder The user can see the Blacklist application status in the on device application REQUIRED APPLICATIONS POLICY Required applications policy defines all the mandatory applications that the enterprise expects to have on the device The Device Management Required Applications function also acts as a smart mechanism for mass deployments and patch management The system deploys the mandatory application in two possible ways 1 Installing the application files on the device 2 Installing the application via a link to its location in the web app store 83 COMMUNITAKE TECHNOLOGIES LTD INTACT USER GUIDE There is a need to indicate in the system one of these two data sources 3 COMMUNITAKE ENTERPRISE MOBILIT
79. e the location in two ways a Manually define the latitude and the Longitude 100 b Orclick on the Map to find the required location i You will be shown New York City location as the starting point Navigate to the desired location and click on on the map The latitude and the Longitude fields will be populated in accordance 5 Define the desired radius in meters in the Radius field for the selected point location 6 Click on Submit 7 Click on Apply iOS The application cannot disable the browser on iOS devices This will be done via iOS Important restrictions blocking default browser and Blacklist which only notifies the application administrator In order to block the Safari browser and iOS restrictions policy which disables the Safari browser must be applied to the devices group All other browsers must be handled via Blacklist management DEVICE USER EXPERIENCE The on device web access is conducted only via the on device application client Once the web browser is activated the device holder is required to enter the domain URL When trying to access a prohibited domain URL the access will be blocked When accessing the web the device user can leverage Bookmarks History and Add bookmarks amp ail 49 8 11 48 29 Web Browser I ail 49 E 11 48 a Web Browser gt Enterprise Mobility www google com COMMUNITAKE Site is Blocked Your corporate security policy
80. ed sensitive information based on key words thus blocking out this information from contacts calendar appointments notes etc Email data is always encrypted and a profiles engine can set different permissions to different users profiles The secure email module is provided via a third party application by LetMobile Secure Email configuration is done via the LetMobile Secure Email interface tab in the Enterprise Mobility console CONFIGURE SECURE EMAIL 1 Click on the arrow near your user name in upper right end of the screen 2 Select the LetMobile Settings This will open a pop up with your LetMobile Secure Email credentials 3 Verify your user name and password 4 Click on Submit 5 You will be able to access the LetMobile Secure Email administration interface from which you can define how to operate the Secure Email features for the devices Important If the enterprise has not purchased the Secure Email module the user will not be able to access the Secure Email administration interface Detailed instructions on how to configure the Secure Email features can be found in the Secure Email user manual SYSTEM ALERTS The system alerts module allows the system administrator to send alerts when policy or use violations occur The drive for this alert will be to inform system administrators and managers of violations for increased awareness and as acceleration for resolution The system enables you to granularly set ale
81. efault o CT Demo Iser Password P code AOSS Remote Control 00 CT Demo Groups Host 389 region lary Host 189 region Classes EMEA region gt 3 oo Headquarters Finance DAP Human Resources ES lest Connection Management Y 0 North America region KH NA Management Operations The system enables LDAP integration for performing the following 1 Populating the system with groups and users from the LDAP 2 Defining which groups should be synchronized 3 On demand synchronization of groups and or users Integrating with your organizational LDAP will facilitate rapid creation of the organizational groups in the MDM system To complete LDAP integration 1 Setthe following definitions a Username This user must have at minimum LDAP read permissions b Password C Secured LDAP Checked Unchecked d Secured LDAP parameters i Upload the certificate ii Certificate password iii Certificate type e Primary Host Port mandatory parameter f Secondary Host Port g Root Context h Users Organizational Unit mandatory parameter i Groups Organizational Unit mandatory parameter j Domain Alias k LDAP Field Mapping i User ID ii User Display Name iii User Email iv Group ID v Group Display Name vi User Object Class CAIT 3 f i J vii Group Object Class Check the Enabled
82. email address as specified in the device addition process Important Email address on the third field is a mandatory data field The self service access is optional If the installation SMS email does not reach the device you can download and install the client by manually launching the device s web browser to the following URL http mydevice communitake com d ADD DEVICES VIA BULK UPLOAD S COMMUNITAKE ENTERPRISE MORILITY ctmdmdemo communitake com Logout 28 Groups je Sul B e lof CT Demo Owner Name Nember Emall me Sell Service SharePoint Group PIN code 05 Remote Control d 00 CT Demo Groups 9955 0 region 0 CALA region QJ Classes 0 region 0 Belgacom EMEA Management EMEA Operat EMEA Sale 4151541 4144144 lt SPAIN Headquarters The system allows you to add devices via bulk upload Bulk upload populates a group by importing an external Excel CSV file that contains device holders details PROPERTY OF COMMUNITAKE 2009 2015 56 COMMUNITAKE TECHNOLOGIES LTD INTACT USER GUIDE To add device holders via bulk upload 1 Click on the Fleet tab 2 Click on Devices tab 3 Select the group which should be populated 4 Click on the More tab S COMMUNITAKE ENTERPRISE ctmamdemo communitakecom Logout 28 Groups w Include Sub Group amp Bulk Upload
83. es Ltd INSTALL OO Busines Similar CommuniTake Enterprise Mobility provides enterprises a simple comprehensive and smart toolset to manage and enforce mobile assets security access and use policies READ MORE COMMUNITAKE ENTERPRISE MOBILITY Click Open gt Enterprise Mobility dh Enterprise Mobility E CommuniTake Technologies Ltd Downloads Similar WHAT S NEW Improve password policy management Improve Disk encryption policy READ MORE FIT COMMUNITAKE ENTERPRISE MOBILITY dh Enterprise Mobility UE CommuniTake Technologies Ltd Downloads 72 Business Similar WHAT S NEW Improve password policy management Improve Disk encryption policy READ MORI PROPERTY OF COMMUNITAKE 2009 2015 27 gt LTD INTA Click Activate The INTACT CEM application Activate device administrator Enterprise Mobility e Enterprise Mobility COMMUNITAKE Activ ating th t Enterprise Mobility to perform Viso o g e Erase all data EET ph s data without wa ming factory data rest Required Blacklist Change the screen unlock password Change the screen unlock passworc Eg History Web Browser Secure Set password rules Container Control the length and the characters anowed In ee un Monitor screen unlock attempts Monitor the number of Secure Mes
84. g Data KB Yes Yes Roaming SMS out Yes 1 Select the plan which you wish to define 2 Setthe timeframe for which you wish to monitor the usage It can be on a monthly basis or a weekly basis For a weekly basis define the first day of the week 3 Define the usage level for each plan parameter a In Seconds b Call Out Seconds c Data 3G KB d SMS Out e Roaming Call in Seconds f Roaming Call out Seconds g Roaming Data 3G KB h Roaming SMS out 4 Define for each parameter the monitoring mechanism Unlimited use will not generate monitoring procedure ADAD DTN AN CNN ANAL INIT I D Y VIII i PANS Li VI IIVINJINI VANI aa COMMUNITAKE TECHNOLOGIES LTD INTACT USER GUIDE b A Threshold defines the percentage of the limit for that parameter by which you wish to create an alert mechanism The alert will be performed in accordance to the threshold percentage and the plan attribute 5 Check Notify Device on Exception of a Threshold Definition if you wish the system to generate a notification to the device holder when the threshold is reached 6 Define the Message to send to device on threshold exception 7 Attach the groups to the plan a Click on the Manage button the Attached Groups table b Select the groups you wish to attach the plan c Clic
85. ger to completely uninstall the client instead of just deleting it Important To remove an on device client Delete the device from the group it is in Once removed from the group a message on the device should inform the device holder that the device was disconnected successfully An attempt to reconnect with the same device performed by starting the client on the device should return an error message Use the device s uninstall application mechanism to make sure that all the files that are related to client are removed Use the device s remove application program in Options gt Device gt Application Management PROPERTY OF COMMUNITAKE 2009 2015 58 COMMUNITAKE TECHNOLOGIES LTD INTACT USER GUIDE ADD AN IOS DEVICE 1 Follow the steps of adding a device 2 An SMS will reach the device The device holder should open it and click on the link A profile will be automatically downloaded 3 The device holder should install the profile On completion the device is registered Pelephone gt 10 09 95 lamb Cancel Install Profile T CommuniTake My CommuniTake Verified Install Description CommuniTake MyDevice Install Profile Service Profile Installing this profile will change Signed communitake com settings on your iPhone Contains Device enrollment challenge Install Now More Details gt ILI EM aL EE aulPelephone
86. ices table 3 Click on the Security button 4 Click on the Lock Device Button 8 COMMUNITAKE ENTERPRISE MOBILITY di ctmdmdemogcommunitake com Logout v v v v PROPERTY OF COMMUNITAKE 2009 2015 120 COMMUNITAKE TECHNOLOGIES LTD INTACT USER GUIDE 3 COMMUNITAKE ENTERPRISE MOBRLIYY 2 ctmdmdemo communitake com a Logout ETT Remote Device Lock Remote Device Wipe et New Enterpris passw You should define a minimum of four 4 characters password an Android device Lock password is not supported on all mobile operating systems Important When setting a new lock password the password must be compliant with current password policy otherwise it might fail WPTO UNLOCK A DEVICE Unlocking the device is done by the device holder once activating the locked device the device holder will be requested to key in the unlock password Entering the password will unlock the device Another option is to clear the on device password thus no password will reside on the device WIPE ON DEVICE DATA Wipe on device data has two dimensions 1 Choosing the on device data that should be wiped a Complete wipe via factory reset b Selective wipe through which the device holder can select to wipe only portions of that data stored on the device 2 Under which conditions will the wipe data function be activated a Only after a successful backup b
87. iner operates according to the following guidelines Integrates with SharePoint Enables accessing the SharePoint content via the Enterprise Mobility on device client gt A Allows access to users which have SharePoint access gt J Automatically uses the SharePoint s permission scheme gt Uses the device holders SharePoint credentials in order to access the content gt Enables content browsing by the SharePoint directory structure A Provides file status view not downloaded downloaded newer version available A Enables the device holder to perform on demand download of files to the device by the following restrictions O Stores encrypted content o Device encryption by using a user provided password which is also used to access the container o Displays content only inside the client Prevents cut copy of document content gt A Provides control to block allow device to access the files gt A Allows deletion of the on device files when the device is deleted from system or as part of the enterprise wipe SET SECURE MESSAGING ACCESS Perform the following steps to set Secure Messaging access 1 Click on Settings 2 Click on the tab Secure Container 3 Under Messaging check Messaging Support This enables the device holder to exchange messages with enrolled devices without the need to enter the environment with a password This is a mandatory checkbox for activating the access to
88. ion nl Hon B L see roups Enable Disable M of Noam General v Sales Samsung Safe Operation Secure Firmware M CALA Sales General Signed Devices Only M Management peration Classe EMEA Sal Fin Human Resources The Android restrictions module allows you to limit user s access to services These limitations defer by device type There are four different device types which allow distinctive restrictions 1 Generic Android devices 2 Samsung SAFE devices 3 Devices containing the CommuniTake s secure firmware 4 Devices containing CommuniTake s enhanced management capabilities namely non SAFE Samsung LG HTC and newest Sony devices Samsung SAFE does not require downloading the extra component PROPERTY OF 2009 2015 92 COMMUNITAKE TECHNOLOGIES LTD INTACT USER GUIDE GENERIC ANDROID DEVICE RESTRICTIONS 3 COMMUNITAKE ENTERPRISE MOBILITY dl noamG communitake com 7 Logout B M DP Password Black List o Required Apps Ca 282 Groups M of Noam General v Sales Block Camera Operation Wifi Always or Always block No policy Bluetooth Always on Always block quA v CALA Sales Disable Non System Apps when Wifi is unavailable Management Samsung Safe Operation Secure Firmware General Signed Devices Only 0 HQs Finance Human Resources Management Marketing Opt
89. ional configuration for generic Android restrictions gt Block Camera gt Wi Fi Always or Always block or No policy gt Bluetooth Always on or Always block or No policy gt Disable Non System Apps when Wi Fi is not available SAMSUNG SAFE DEVICE RESTRICTIONS 3 COMMUNITAKE ENTERPRISE MOBILITY dl com 7 Logout Password o Black List 8 Required Apps Ca Screen Er Launcher 28 Groups M of Noam Samsung Safe v Sales Block Factory Reset Operation Block SDCard 2 Block Settings M CALA Sales 2 Block None Market Apps Management Block Tethering Block Cellular Data Operation k USB Det Classes Block Mass Storage Ag Sales edia Acc k Location HQs T Q Block EMail Forward Finance Block Google Play Block Web Br f Human Resources B uTub Management Marketing PROPERTY OF 2009 2015 93 COMMUNITAKE TECHNOLOGIES LTD INTACT USER GUIDE Optional restrictions for Samsung SAFE devices gt Block factory reset gt Block SD card access gt Block setting changes gt non market apps gt Block tethering gt Block cellular data gt Block USB debug gt USB mass storage Block USB media access gt Block Location services gt A Block email forwarding gt Block Google Play gt Web browser gt Block YouTube COM
90. k Done Please note that adding a group does not automatically adds its subgroups You will be prompted to select the behavior If the selected group is already attached to a different plan you will be requested to override the attachment 8 Click Apply S COMMUNITAKE ENTERPRISE MOBILITY dl ctmamdemo communitake com Logout Unlimited Talk amp Text w Notit Voice Plan CALA region Attached Groups M MEXICO USAGE REPORT Usage report provides you with an approximate usage view based on the parameters that were set in the usage plans The report provides data for the following parameters 1 Device Number MSISDN Device User Name Call In Minutes Call In 96 of defined Usage Call Out Minutes Call Out 96 of defined Usage SMSs p ox QV SMSs 96 of defined Usage PROPERTY OF COMMUNITAKE 2009 2015 109 COMMUNITAKE TECHNOLOGIES LTD INTACT USER GUIDE 9 Data MBs 10 Data of defined Usage 11 Calls In Roaming minutes 12 Calls Out Roaming minutes 13 SMSs Roaming 14 Data Roaming MBs The 96 of usage relates to the parameter level in the price plan f wi lam Numbertmal User Usage ge 1 SMS Usage Data ma TO RUN USAGE REPORT Select the devices group Click the Expenses tab 2 3 Click the Usage Report tab 4 Select the time period f
91. k on Uninstall to totally block the application from running on the device regardless of time location policy 5 Verify that the Kill Violated indicate Yes for kill only and No for blocking 6 Click on Apply PROPERTY OF COMMUNITAKE 2009 2015 79 COMMUNITAKE TECHNOLOGIES LTD INTACT USER GUIDE TO DEFINE PASSWORD PROTECTED APPLICATIONS 3 COMMUNITAKE ENTERPRISE MOBILITY dl nosmG communitakecom Logout P Password CT EE 0 Required Apps 7 Catalo Backup iOS Restrictions Android Restrictions Browser Control File Distribution m Home Screen 3 Launcher B Required Apps a G HE w E g E see roups qc Policy is always active Change Edit Password M oj Noam APAC Sales Q Applications Prohibited Applications Operation OS instead of killing the application will turn into password protected application dame Kill Violated E CALA Sales No Records Yes Management Operation a E eec Finance Human Resources Management Marketing Operation Apply Discard NA Sales E This module allows you to restrict the activation of on device applications via a password The device holder will be required to key in the password prior to running these applications 1 Define prohibited applications as described above 2 Click on Kill to prohibit the application from running by the time location but allow it to reside on the device E
92. l Violated has turned to Yes 10 Click on the Block icon if you wish to uninstall the prohibited application once the policy is violated regardless of the time policy 11 Click on Apply TO ACTIVATE ANDROID BALCKLIST POLICY BY LOCATION The default Blacklist policy state is always active by your definitions However you can selectively activate the policy by a specific device location In this location and only at this location the Blacklist policy will be viable To define location driven Blacklist policy 1 Define Blacklist applications 2 Click on the Change link near the Policy is always active 3 Select Location in the pop up 3 COMMUNITAKE ENTERPRISE MOBILITY ctindmdemo communitakecom id a Logout 28 Groups GET Policy is active on Latitude 0 Longitude 0 within radius of O meters Change 1 ETEF s T CT Demo s 7 A Applications ted Applications LJ 00 T Demo Groups atitude 00 a B region 05 ngitude 00 APP Name Kill Viole froid Pet CALA region rori fie Classes B EMEA region 0 Irod 1 Manager LJ Belgacom M eather Da Submit EMEA Management ws P SPAIN Headquarters iuman Resources 4 You define the location in two ways a Define specifically the latitude and the Longitude b Click on the i You will be shown New York
93. l d 0 CALA reqion LAUREN CHON 0046 5666 lauren chow bb1 cor Classes 0 region GRACE LI 500051098 grace 1001 com Y 0 lelqacom LEXI t EMEA Management f T bl EN MRISTOPHER KIN 1 stopr bbi v SPAIN ETHAN KIM 0045980 ethan kim fbbi com m David s 20 972545610101 shames david qmai Fina Ra 0 M AVERY JOHNSON 0010294 M avery johnson 551 J Important If there was an error while changing device s details you will remain in the edit mode with only the devices that require details completion TO REFRESH DEVICE DATA The devices table is refreshed via user generated events Clicking on the Refresh button generates an immediate update of the table data with the recent data that resides in device management system server RESEND SMS Device enrollment process requires sending an installation SMS Through this SMS the device holder downloads and installs the on device management client If the enrollment process was not concluded or the device holder accidently deleted the SMS the system enables a resend procedure 1 Click on the group in which you want to edit a device PROPERTY OF COMMUNITAKE 2009 2015 62 COMMUNITAKE TECHNOLOGIES LTD INTACT USER GUIDE po Select the device devices for which you wish to resend an SMS Click on the More tab Click on the Resend SMS
94. lay a message stating that it has been deleted If you wish to reconnect the device to the system you must first uninstall the on device client and reinstall it via a new SMS 8 COMMUNITAKE ENTERPRISE MOBILITY d ctmamdemo communitake com Logout 18 Groups Include Sub Groups o B M loj Demo Owner Name Number Emall User Name Domain Username Self Service SharePoint 6roup PIN code 05 Remote Control 00 CT Demo Groups AUCE THON N 19 alice Some Dobl pice thompson Pending Operation region TORIA 889 Delete jndefined 7 CALA region AUREN CHO 4 Blocked NA Management 4 Please confirm that you would like to delete the selected devices Classes GRACE U 500051098 Blocked EMEA Assist imn dw stani 7 Bei LJ Belgacom M N THOMA 1 ni momaswood Cof v Assist EMEA Management EMEA Operat bbl EMEA Sales 10101 SPAIN 1 1 v 4 Assist Headquarters Finance Human Resou Important After removing a device the device should show an alert saying it was disconnected If no alert is shown open the client on the device click on options and then on Sync After the device is successfully disconnected it can no longer connect to the server If you try to manually launch the application at this point it will automatically quit Use the device s application mana
95. lity to allocate various policies to devices with different ownership addressing BYOD challenges To define time driven Blacklist policy 1 Define Blacklist applications 2 Click on the Change link near the Policy is always active 3 Select Time in the pop up 3 COMMUNITAKE ENTERPRISE MOBILITY ctmdmdemogcommunitake com v Logout P Password amm t Required I 4 f e 05 f t ah Browser Control j File Distribution 10 Groups Policy is active on Latitude ongitude within radius of O meter Change 0 cr demo ED Applications 00 Demo Groups n PF S T 00 Bg gt 0 05 APP Name End Time 00 O00 ill Viole gt 0 CALA region Tue gt Classes EMEA region GMT 11 00 Pacific Midway A About PlayStation Timezone D Di diiit LE 0 EMEA Management SPAIN L2 Headquarters Ea Select the start time and the end time in hours and minutes Select the days of the week Select the time zone 7 Gee dm Click on Submit Verify that your selection summary appears on the upper Blacklist bar PROPERTY OF COMMUNITAKE 2009 2015 81 COMMUNITAKE TECHNOLOGIES LTD INTACT USER GUIDI IDE 8 Click on Change near the summary if you wish to alter it 9 Click on the Kill icon to activate the policy Verify that the Kil
96. long with its group 5 Note that the group will be deleted from your device but it will continue to appear in the other group members ACCESS THE CONTAINER 1 Launch the Enterprise Mobility application on your device 2 Enter the first time password and to select a new password Set new container password Container Login Minimum length 8 Password must include at least two capital letters or special characters Confirm PROPERTY OF COMMUNITAKE 2009 2015 4 INTACT USER GUIDE COMMUNITAKE TECHNOLOGIES LTD 3 Enter your SharePoint credentials Enter your Sharepoint Credentials Password 4 encrypted The application checks the credentials via the server and the SharePoint credentials are stored TO ACCESS A FILE VIA THE DEVICE 1 e Enterprise Mobility COMMUNITAKE amp o o 0 Required Blacklist Store ff History Web Browser Secure Container Secure Messaging Launch the Enterprise Mobility application on your device and click the container button PROPERTY OF COMMUNITAKE 2009 2015 42 COMMUNITAKE TECHNOLOGIES LTD INTACT USER GUIDE 2 Enter your password Container Login 3 Click a SharePoint file a Ifthe file is not on the device requests and downloads it from the server and stores it encrypted b Unencrypt the file in memory and display it to
97. m Users under the Fleet tab Click Add under the Sub Admin users section Define the Display for the user Write the Username the user s email address Select the preferred Language This will define the welcome letter language Click Add Se ee Se x PROPERTY OF COMMUNITAKE 2009 2015 72 COMMUNITAKE TECHNOLOGIES LTD INTACT USER GUIDE ENTERPRISE MOBILITY di ctmdmdemo communitake com Administrators Display Name Username le mati Add new Sub Admin user Sub Admins Display Name English Remote Support Users D conce Display Name Username man The new sub administrator will receive a welcome letter that includes links to the device management application and to the remote support application Once the newly added user will activate his account by setting his unique password he will be able to enter the system with his user name email address and the password and perform administration tasks TO DELETE SUB ADMINISTRATOR Select System Users under the Fleet tab Select the Sub Administrator you wish to remove Click on Delete user o Confirm the action TO ADD A REMOTE SUPPORT USER Remote Support Users are additional users that can perform remote support via device takeover Remote Support Users have complete device takeover rights but no system administration rights 1 Select System Users under th
98. mment m IMEI L CALA reqion IMSI Bluetooth MAC Classes WiFi MAC Ethernet MAC n EMEA region wh 0 Headquarters Ju North America region Cance 0 Planex Argentina ES LE Sales Italy Add Peel Note iOS added parameters are also applicable when adding recommended apps PROPERTY OF 2009 2015 95 ENFORCEMENT OF MANDATORY APPLICATIONS Once an application is defined as a mandatory application the policy enforcement will vary by the mobile OS OS Required Apps enforcement Android The system administrator is notified through the violation status in the devices table A notification is displayed on the device s notification center prompting the user to install the application The application should be manually installed by the device holder This can be done either by clicking the notification or by clicking the application inside the MDM application under Required Apps Status For Samsung SAFE enabled devices and Android Enhanced devices devices for which CommuniTake has improved management capabilities required APK files will be silently installed The files should be uploaded to the system or should contain direct download links In any case Google Play applications must be manually installed by the user iOS The system administrator is notified through the violation status in the devices table The application is automatically installed on the device The user may be prompted to
99. more To add parameters 1 Click on the Policies tab 2 Click on the Required Apps tab 3 Select iOS as the OS PROPERTY OF COMMUNITAKE 2009 2015 84 COMMUNITAKE TECHNOLOGIES LTD INTACT USER GUIDE 4 Inthe process of adding an app click on the Edit button 5 the parameter name 3 COMMUNITAKE ENTERPRISE MOBILITY 4 id Logout P Password 15 1 OS Restri t File Distribution 482 Groups m Name of CT Demo d m Required Applications gt 00 CT Demo Groups Rede nption j reqion Edit Name m URL File Redemption Code Comment n CALA region Viber Link Additional Params ES Classes Link Upload a file ae EMEA region WhatsApp X Cr N File Link gt 0 Headquarters North America region gt 0 Planex Argentina E E E 6 Selectthe parameter value 7 Click on the Add button 8 Click on Save 8 COMMUNITAKE ENTERPRISE MOBILITY 4 Logout Add Required App P Password Black List 482 Groups qu Ad Catalog G Backup Catalog Back Additional Params Parameter Name 1 t Of CT Demo Required Applic atic Parameter Value Select value from list v Custon gt 00 CT Demo Groups UDID APAC region File Redemption Code Co
100. n SIM Change 04 Devi Action on Device Admin Removal Android Only v APAC Sales w Enable action on device admin remova Launcher 05 LDAP Exchange Secure Container Policies Alerts PIN code Operation hoose which of the following you would like to ena CALA Sales Management Operation Classes EMEA Sales 0 HQs Finance Human Resources Management Marketing Operation NA Sales For device admin removal event 1 Check Enable action on device admin removal checkbox 2 Enable one of the following actions once the device client is removed a Lock device If selected define the Unlock password b Factory reset COMMUNITAKE TECHNOLOGIES LTD INTACT USER GUIDE BROWSER CONTROL Web browser control has two deployments 1 Blacklist allows you to block certain domains URLs from access by the device 2 Whitelist allows you to define domains URLs that will the only ones the device will be able to navigate to The control over the web use is fulfilled via a dedicated COMMUNITAKE browser URLs are also black listed using Google s safe browsing S COMMUNITAKE ENTERPRISE MOBILITY d tmdmdemo communitake com a Logout 392 Group Mj cr pom 7 0 00 Demo Groups Add New Url 0 region 7 CALA region JRI m Wildcard UR Classes 0 region 0 Belgacom Ea B EMEA Management perat SPAIN a Headqua
101. ng Do not inherit or Adopt Inherited the system will present the available applications 3 Check the selected application checkbox in the applications list 4 Click on to shift the applications to the prohibited application list 5 Click Submit TO MANUALLY DEFINE PROHIBITED APPLICATIONS 3 COMMUNITAKE ENTERPRISE MOBILITY dl ct mdmdemocommunitake com Logou 28 Groups GET Policy s active on Latitude 0 Longitude 0 within radius of O meters Change Of Demo Add BlackList CT Demo Groups Applications lications a E jt Android LJ region 05 APP Name P Name Kill Viole gt CALA region gt n Classes n EMEA region Android 1 Manage 0 Belgacom Add Em gt EMEA Management ar un SPAIN B Headquarters 1 Select the Blacklist tab 2 Click on the Add Manually button 3 Select the mobile OS from the OS list 4 Enterthe application name 5 Enterthe application ID 6 Click Add 7 Click Submit You have the flexibility to shift between two prohibited applications states 1 Totally prohibited applications 2 Time location driven prohibited applications To shift between these two states act as follows 1 Define Blacklisted applications 2 Define the time or location policy 3 Click on Kill to prohibit the application from running by the time location but allow it to reside on the device E 4 Clic
102. nistrator Group No Grouping 1 Appkcabon Pools Name Status R Stes Anonymous uthenbcsbon Osabled Defak Web Ste ASP NET Impersonation Disabled m sspnet cient DJ Basic Audhen cabon SEENE j 401 Challenge 9 Autodiecover Forme Authentication Ctsabied HTTP 302 LogniRedirect 4 Windows Authentication Disabled HTTP 401 Challenge 9 ews 4 Exchange Exchweb Macrosoft Server ActiveSyric LI DAB gt emp osete Public TO PERFORM EXCHANGE CONFIGURATION 1 Define the following parameters a Server Address mandatory parameter b Username mandatory parameter c Password mandatory parameter d Ignore server certificate checked unchecked e Delete device from exchange when deleting device from the system checked unchecked f ActiveSync Settings select between Allow all clients by default or Block all clients by default 2 Click Save to perform the configuration 3 Click Test for verifying the validity of your settings without activating it Important gt norder to manage the Exchange settings the INTACT CEM system servers must be able to access your Exchange servers gt Currently if you have configured the Exchange to block all clients when you add a new device to the INTACT CEM system it is not automatically allowed in the Exchange You must click the device in the INTACT CEM system go to the Security tab and
103. not be charged for this app pp nr Cancel Install 1 Install the application from the Apple store 2 Launch the application 3 Accept the following three requests you must accept all three a Use of current location b Access contacts c Receive push notifications O mmunte O mmuni akt ommuni lake CommuniTake MDM Would Like to Send You Push Communitake MDM Would Sai Notifications Like to Use Your Current voum Like to Access Your Contacts Notifications may include alerts sounds and icon badges These can be configured in Settings Location C E Don t Allow Don t Allow OK Don t Allow OK PROPERTY OF COMMUNITAKE 2009 2015 60 COMMUNITAKE TECHNOLOGIES LTD INTACT USER GUIDE 4 The application then requests a PIN code The PIN code is the same for both the profile installation and the application installation It remains in the Devices table until the complete installation of the profile and the application at GOLAN T 14 35 5 Key in the PIN code 6 Verify to receive a Registered Successfully notification This is the indication that the application connects to the server and finishes syncing with it Device registered successfully 7 Close the application TO REMOVE AN IOS DEVICE Delete the device from the Enterprise Mobility system in the same way you would remove any other device On the device do the
104. nterface is done through the system Setting located on the upper right corner of the screen 3 COMMUNITAKE ENTERPRISE MOBILITY ct mdmdemogcommunitake com M Logout Policies Alerts PIN code Devices Device Users System Usi Spr 2 Exchange Settings 482 Groups me E C v oj CT Demo 2 05 2 2 Remote Control 00 CT Demo Groups server 0 region Delete device xchange when deleting device from the system 0 CALA region c Setting Allow all clients by 0 Classes 0 EMEA region v 0 Headquarters Finance Management v 0 North America region NA Management NA Operations The Exchange Settings enables the system user to block allow devices accessing the exchange server Use cases for connecting the exchange server with the INTACT EMM system 1 Only devices attached to the INTACT EMM system can access the Exchange server 2 Blocking a device from accessing the Exchange server if it has outstanding policy violations The INTACT EMM system utilizes the remote configuration capabilities of the Exchange server to manage different settings directly on the Exchange PRECONDITIONS FOR ACCESSING THE EXCHANGE SERVER USER The Exchange connection uses port 443 gt A Currently only Exchange 2010 is supported gt Exchange integration requires a username and password for accessing the Exchange server gt The user must be a part
105. nterval in which the system 30 minutes connects with the device Device not seen interval The amount of time which must pass with no 48 hours connection to the device after which the system will report the device as not seen Device SIM change interval The amount of time the system will report a 7 days device SIM change If no new settings are defined the system will use the default time intervals The Collect Usage statistics function allows you to collect usage data per device for call minutes messages and data local and roaming This is valuable for usage monitoring and expense control The system provides you with the option to disable this function as may be required by the organizational privacy policy Note Violations driven policies enforcement Actions on SIM change and action on Device Administrator removal are discussed under the policy section of this document PRIVACY RESTRICTIONS Privacy restrictions contain two elements Collect Usage Statistics Usage is anonymous but still the system allows the administrator to eliminate the ability to track the general use per device regarding use in general The default system state is active usage collection Uncheck it if you wish to halt the system from collecting usage data Enable BYOD privacy Once BYOD privacy is activated a BYOD checkbox is added to the new device attributes in the enrollment process If a device is marked as BYOD the administrator cannot vie
106. o CommuniTake s MDM 12 You can check if your device is Samsung SAFE enabled in the following link 10000022 13 You might be prompted to enter a PIN code in order to complete the device registration Please use the PIN that was created when the device was added PROPERTY OF COMMUNITAKE 2009 2015 55 AN COMMUNITAKE TECHNOLOGIES LTD INTACT USER GU D IDE 14 Make sure that there are no network issues The client will try to reconnect every few seconds as long as it is running It will update the capabilities when connected 15 For every action instance made in the web page and that needs to be updated in a device a push notification will be sent 16 If there is no SIM card or if the device is an Android device that was not correctly registered with account user and password the device will not be able to receive a push notification and it would seem as if the action did not take place In this case the message will reach the device the next time it periodically connects to the system 17 To make the client simulate a push notification open the client on the device click on options and click on Sync Now 18 An email is sent to the device holder enabling him to define an access password for self managed device protection features The device holder user name for the system is his
107. oard components that are displayed and the order of their display can be customized to your personal preference This order and filtering is maintained between sessions allowing you to choose the KPIs you wish to see The system dashboard contains the following information Presentation Description Alerts Scheduled backups The number of devices that have a backup policy but the periodic backup has failed Lost connection The number of devices which have exceeded the time configured in the system for connecting to the cloud service PROPERTY OF COMMUNITAKE 2009 2015 44 SIM change Usage Plan Jailbroken Rooted Policy enforcement Client removal Policies Password Policy Required Apps Blacklist Apps The number of devices that have replaced their SIM card The number of devices which have exceeded one or more usage thresholds set in the system These thresholds include items defined in the Usage plans such as calls minutes SMSs and data Number of devices that are jailbroken or rooted The number of devices which have exceeded the allowed grace period for policy violations and the system has activated enforcement measurements against them The number of devices in which the user disabled the Android device administrator for the MDM application or an iOS MDM profile was deleted This presentation has three categories the device has received the Password Policy and is in compliance N
108. obile phone operator carrier using the GSM CDMA iDEN TETRA and UMTS public land mobile networks and some satellite mobile networks Access point name APN identifies an IP packet data network PDN that a mobile data user wants to communicate with An APN consists of two parts Network Identifier and Operator Identifier The client version installed on the device allowing the device management A GSM Cell ID CID is a unique number used to identify each Base transceiver station BTS or sector of a BTS within a Location area code n BM TECHN R GUIDE INTACT USEI UIDE Cell location area code RSSI Received signal strength indication DB Roaming LAC if not within a GSM network A location area is a set of base stations that are grouped together to optimize signaling To each location area a unique number called a location area code is assigned Received signal strength indicator RSSI is a measurement of the power present in a received radio signal An indication whether the device in a roaming state APPLICATIONS The Applications section presents all the applications that reside on the device Selecting a specific application will show its related details such as name version and location URL A COMMUNITAKE ENTERPRISE MOBILITY 4 ctmdmdemo communitake com Y Logout i Device Status C Backup Location f Securit
109. odule you can see the previous conversations and new incoming messages by senders CHARLES X 18 16 58 19 08 2014 Hello need your help with the order 18 10 Click on the conversation to view it and continue the dialog Secure Messaging E PhoneBook lt lt Conversations CHARLES 18 16 58 19 08 2014 Sales 17 14 22 19 08 2014 PROPERTY OF COMMUNITAKE 2009 2015 38 COMMUNITAKE TECHNOLOGIES LTD INTACT USER GUIDE TO CREATE A CONVERSATION GROUP 1 When in the Contacts Book click on the Add Group icon cp D a O Secure Messaging ADDISON DAVIS addison davis bb1 com ALEXANDRA TAYLOR alexandra taylor bb1 com ALEXIA CHEN alexia chen bb1 com ALEXIS BAKER alexis baker obb1 com ALEXIS BROWN alexis brown bb1 com ALEXIS ROSS alexis ross bb1 com ALICE THOMPSON alice thompson bb1 com ALISSA CHUNG alissa chung bb1 com AMELIA REID amelia reid bb1 com ANNA CLARK 2 Name your group and click on the Next icon E D a 8 Create Group Enter a name for the group Saes J Sale s t i Eo 6 Pi X c v b nm e 3 You will be directed to the contacts book Select the contacts for this group 8 Select contacts ADDISON DAVIS addison davis bb1 com ALEXANDRA TAYLOR alexandra taylor bb1 com ALEXIA CHEN alexia chen bb1 com ALEXIS BAKER alexi
110. on the Move Devices Users at the bottom of the screen 3 Select the group to which you wish to move the device 4 Click on Commit ALLOW DEVICE ACCESS Allow Device Access enables the device to access the Secure File Container 1 Check the device which you wish to edit 2 Click on the Allow Device Access at the bottom of the screen 3 The action will generate the process of Secure File container Access enablement BLOCK DEVICE ACCESS Block Device Access removes the device access to the Secure File Container 1 Check the device which you wish to edit 2 Click on the Block Device Access at the bottom of the screen 3 The action will generate the process of removing Secure File container Access RESET DEVICE CONTAINER PASSWORD Reset Device Container Password initiates new password settings for accessing the Secure File Container 1 Check the device which you wish to edit 2 Click on the Reset Device Container Password at the bottom of the screen 3 The action will generate the process of resetting the access password to the Secure File Container DEVICE USERS Device users are device holders that are allowed to operate device data protection procedures via the system These procedures include locate a device on a map activate a device alarm lock a device wipe device data backup device data Once a device is added to a group its holder is added to the system as a user Once a user is defined in the s
111. only delete Exchange configurations which were created via the Exchange Configuration PROPERTY OF COMMUNITAKE 2009 2015 124 COMMUNITAKE TECHNOLOGIES LTD INTACT USER GUIDE ALLOW BLOCK SECURE CONTAINER ACCESS 3 COMMUNITAKE ENTERPRISE MOBILITY dl lt tmdmdemo communitake com M Logout 0 Device Status C Backup e Locatior m ECIAM Diagnostics 1 Catalog amp Applications Remote Device Lock Remote Device Wipe Enterprise Wipe Activesync Policy Secure Container SharePoint Stat d Xperia S Device Numt 500045980 Select the devices group Select the required device from the devices table Click on the Security tab Click on Secure Container pH os d e You can choose to either allow or block access to the container or set the access password BACKUP ON DEVICE DATA BACK UP ON DEVICE DATA Select the group to which the device is assigned Click once on the device line in the devices table Click on the Backup tab A There are two backup alternatives periodic backup and on demand backup a For periodic backup i Checkthe Enable periodic backup button ii Define the Backup Intervals in days iii Check which data items should be backed up Contacts Messages b Foron demand backup i Clickon the Backup button The system will back up now the data PROPERTY OF COMMUNITAKE 2009 2015 125 COMMUNITAKE TECHNOLOGIES LT
112. or which you wish to see the usage data 5 Click on Submit Important The system presents an approximate usage based on the device s counters This usage presentation does not replace the usage calculated by the billing system and cannot be considered as accurate as the billing system calculations The system collects usage once the device in enrolled It cannot present historic usage data that has occurred prior to the device enrollment PROPERTY OF COMMUNITAKE 2009 2015 110 COMMUNITAKE TECHNOLOGIES LTD TO EXPORT USAGE DATA TO EXCEL gt ee Ye m Usage data can be exported to an Excel file for further processing Select the devices group Click the Expenses tab Click the Usage Report tab Select the time period for which you wish to see the usage data Click on Submit This is a mandatory step prior to exporting Click on the Export button PROPERTY OF 2009 2015 INTACT USER GUIDE 111 COMMUNITAKE TECHNOLOGIES LTD INTACT USER GUIDE SUPPORT REMOTE SUPPORT The Support module enables the system user to remotely assume complete control over the mobile device It enables technical experts to take over a mobile phone or tablet through an Internet connection regardless of the phone s actual location After installing a small device client with the active participation of the phone holder the system user can remotely view and operate the phone as if he is holding it
113. ot Supported the device cannot fulfill the Password Policy due to OS limitations Pending the device has not yet received the Password Policy from the system server Failed the device has received the Password Policy but is not in compliance This presentation has three categories the device has received the Required Apps policy and has installed all required applications Pending the device has not received yet the Required Apps policy from the system server Failed the device has received the Required Apps policy but has not yet installed all required applications This presentation has three categories the device has received the Blacklist Apps policy and is in compliance Pending the device has not received yet the Blacklist Apps policy from the system server Failed the device has received the Blacklist Apps policy but is not in compliance the device has an application installed that appears in the blacklist Whitelist Apps This presentation has three categories the device has received the Whitelist Apps policy and is in compliance the device has not received yet the Whitelist Apps policy from the system server Failed the device has received the Whitelist Apps policy but is not in compliance the device has an application installed that does not appear in the Whitelist apps list Status No backup Number of devices that do n
114. ot have an assigned backup procedure Not enrolled The number of devices that have been registered in the system but have not yet completed the enrollment process and their attributes are not yet available to the system Roaming devices The number of devices that have a roaming usage indication Restrictions The number of devices that have violated either iOS or Android restrictions Cellular operator distribution The distribution of devices by service provider to which their SIM is allocated Operating system distribution The distribution of devices according to their mobile operating system Current license status The number of devices registered compared to the total number of MDM licenses purchased Clicking on one of the presentation areas in the dashboard will show further details such as the list of devices that are in violation or details on the device distribution 3 COMMUNITAKE ENTERPRISE MOBILITY d ctmdmdemo communitake com Y Logout 28 Groups v ide Su zi d lof CT Demo 7 00 CT Demo Groups 21 91 Enrolled 32 70 2 70 4 70 61 70 0 70 region E TEE B CALA region 65 AMILE WHITE lana 2 cheduled ailbroken Root Client I B EMEA region a Bel RE ihi perators Operating Systems a EMEA Management MEA eration C SPAIN Headquarters OHV AANRALIAIITALCCM MIY I D Y iNJ i d
115. oup that contains devices users or child groups You must delete all the devices users and child groups associated with the group prior to deleting it DEVICES The Fleet section presents the enterprise device inventory along with device attributes DEVICES INVENTORY VIEW Select the Fleet tab and then click on the Devices tab Note This is the default presentation when clicking the Fleet tab The system will present a table showing all the devices that are assigned to the selected group at the time of selection You can select to see devices only from the current group or the devices from the current group and all its subgroups PROPERTY OF COMMUNITAKE 2009 2015 51 8 COMMUNITAKE ENTERPRISE MODIUTY 28 Groups v m CT Demo Owner Name 0 00 CT Demo Groups 0 region CALA region 0 Classes 0 region Belgacom 0 Management 7 SPAIN Headquarters o Be Number E mall User Name Domain Username Sell Service SharePoint Group PIN code 05 Remote Control v v 7 etine 7 B 7 The device table presents a default view with following attributes Item Description Device Owner Name Number Email User name Self service access Group PIN code OS Remote Control Device holder name as defined when the device was added to the system The MSISDN or the email address as defined when the device was added to the sy
116. pae n Pe eap 114 ADDING EXCHANGE ACTIVESYNC CONFIGURATION aere k detecta eet eate oa 0e ete tee at aote 115 ADDING WEELCONEIGSORATIODJ ed doo aliu 115 ADDING VPEN CONFIGURA A 116 DEVICE s oin In Dn nii uu e 117 DEVICE M G 117 LOCATE THE DEVICE E CES NE 118 LOCATE DEVICE POSION ON AMAP e eure eb e oud PP Uc aos cio pct eve 118 EOCATE DEVICE VIA ALAR Mh cic op DI serta uae E E uo AU Ie eot dms Eo IS p rue bUUE 119 BOCK eee m 120 TO LOCKA m 120 WP TO UNLOCK AE E EE EEEE ENE EE ATN ua uU E 121 WIPE ON DEVICE DATA c 121 TFOACTIVATEA COMPLETE WIPE nia ETE E NOOTE ENEE TES 122 TOACTIVATE A SELECTIVE WIPE seinen 123 ENTERPRISE WIPE 124 deep edu usas Una tipi ud o dM uS UEM 124 TO ALLOW BLOCK 55 een 125 BACKUP ON DEVICE DATA 225 2 ETAO Eaa 125 JO BACK UP ONSDEVICE DATA ab Ire thee
117. policy Inherit Policy always works regardless of the Enabled status of the parent group If the parent group password policy is disabled then so will be the child group password policy gt Complex relates to the most complex password as defined by the device operating system This will vary by the operating systems The device owner will be directed to define the most complex password in the event of password definition gt J Password expiration is supported for Android and above Disk encryption is supported for Android 3 0 devices and above OS Specific Guideline provides guidelines re possible password complexity password components and encryption support by the device OS version 77 COMMUNITAKE TECHNOLOGIES LTD INTACT USER GUIDE C MOBILE APPLICATIONS POLICY Mobile applications management is conducted via the system application policies The system allows defining which application must not reside in the device Blacklist applications which applications must reside in the device Whitelist applications which applications are recommended to reside in the device Recommended applications Mobile applications policy is managed by the enterprise groups There are three states for managing this policy 1 Inherited only inherit the parent group applications policy as is 2 Donotinherit do not inherit the parent group a
118. pplications policy 3 Adopt inherited inherit the parent group applications policy but allow adding more applications To fulfill these policies the system activates a smart content management mechanism that constantly scans the devices state and automatically removes or deploys applications by the policies definitions BLACKLIST APPLICATIONS POLICY Blacklist applications are on device applications that are prohibited on the device Selecting and defining a prohibited application can be done in two ways 1 Selecting an application from a pre built applications list 2 Manually defining a prohibited application The pre built applications list is automatically generated by the system as it reviews and collects all the applications that reside on the enterprise devices which are enrolled in the system S COMMUNITAKE ENTERPRISE MOBILITY ctmamdemo communitake com a Logout 102 Groups lof CT Demo m A TAA m J 00 CT Demo Groups Prohibited Application a a x region 05 APP Name 05 APP Name Ki v d CALA region Classes EMEA region Belqacom 0 Management 7 SPAIN Headquarters PROPERTY OF COMMUNITAKE 2009 2015 78 COMMUNITAKE TECHNOLOGIES LTD INTACT USER GUIDE TO DEFINE PROHIBITED APPLICATIONS FROM THE PRE BUILT APPLICATIONS LIST 1 Selectthe Blacklist tab 2 Selectthe heritage state Note that only when selecti
119. prohibits you from accessing this URL http edition cnn com o BLOGS AUDIONIDEO Select a section e o o o o 6 v Required Blacklist Store v N Latest News E History Web Browser Secure Container Secure Superstorm scenario puts Messaging millions on alert Bookmarks History Add Bookmark HLE DISTRIBUTION The file distribution module allows you to send files to groups of devices The files are defined in the system for distribution and the devices pull them once they connect to the system If a distributed file already resides on the device the new file will overwrite it In iOS devices the files are viewed via the on device MDM application but can be exported to external applications In Android devices the files are visible in the device file system TO DISTRIBUTE FILES TO DEVICES Select the Files distribution tab Inherit is the default state Change the inheritance status to Adopt or Enable Click on the Add button Select URL for a file pull via a URL or File to upload a file For URL enter the URL address mandatory For File click Upload File and select the file you wish to upload Enter the File name mandatory Enter Comment optional Note that this comment will be displayed inside the iOS application See o S M Enter the Download to directory location to
120. push notifications 9 The device holder should install the device client as follows a Open SMS Email b Activate the link and download the device client c Oncethe download was completed activate the client Device registration is completed only after the device holder downloads and activates the on device client 10 Oncethe client has finished installing the device will show Successfully Registered message If there was no such message the device did not yet register In Android devices the message is presented in the upper status bar 11 Samsung SAFE and Android Enhanced devices are required to install an extra component that empowers the additional capabilities The device holder can install the extra component from the Google Play store or locally for Samsung SAFE or just locally for Android Enhanced requires allowed installation from unknown sources It is recommended to install the extra component via the Google Play store if the user has access to it 9 57 AM Updating Google Text to Speech m C gt Apps P MDM Add On SAF COM M U N ITAKE COMMUNITAKE TECHNOLOGIES LT ENTERPRISE MOBILITY Install extra component for Samsung SA F E COMMUNITAKE TT Install from Google Play Install locally requires store installing from Unknown sources 1 5 people 1 d this Rate this app Description This application is an add on component adding Samsung SAFE capabilities t
121. rd policy enforcement gt Internal apps catalog A Mobile applications management Blacklist Whitelist gt Location and time driven policies Use restrictions management gt Expense control via usage plan monitoring and usage reporting gt Mobile configurations Exchange ActiveSync Wi Fi VPN gt Enterprise wipe for selective business data gt System dashboard gt Remote support for mobile devices gt Self service portal for managing data protection COMMUNITAKE INTACT is intuitive and easy to manage allowing system users to perform quickly and effectively without the need for extensive training COMMUNITAKE TECHNOLOGIES LTD INTACT USER GUIDE ABOUT THIS DOCUMENT This document presents step by step guidelines for using COMMUNITAKE INTACT It encompasses directives to the system features under a demarcation between an enterprise administrator and an enterprise employee Important This document presents COMMUNITAKE INTACT features Please refer to the COMMUNITAKE Remote Care Manual for guidance on the remote support feature set PROPERTY OF COMMUNITAKE 2009 2015 9 GETTING STARTED FOR ADMINISTRATORS COMMUNITAKE INTACT is an application of COMMUNITAKE solutions suite for businesses An account has been defined for your organization All you need to do is activate the account and begin using it for managing your enterprise s mobile devices SYSTEM COMPONENTS AND BEHAVIOR There are three m
122. roup to which the device is assigned Click once on the device line in the devices table Click on the Security button oe wn Check the data items checkboxes of your choice in the selective wipe area You can select one or many of the data items Contacts Messages Image Files Documents Movie Files Music Files Files on the SD Card Call Logs 5 Check a backup before wipe checkboxes by your preference Checking the Backup checkbox will require a complete successful backup prior to on device data wipe Checking Wipe regardless of backup errors will activate a wipe even if the back was not completed successfully 6 Click the Wipe Now button PROPERTY OF COMMUNITAKE 2009 2015 123 COMMUNITAKE TECHNOLOGIES LTD INTACT USER GUIDE ENIERPRISE WIPE Enterprise Wipe allows the system user to delete the on device Exchange email configuration S COMMUNITAKE ENTERPRISE MOBILITY 2 tmdmdemo communitake com a Logout Remote Device Lock v mote Device Wipe Enterprise Wipe Enterprise Wipe Activesync Policy w Ail activesy WIPE ENTERPRISE DATA Select the devices group Select the required device from the devices table 1 2 3 Click on the Security tab 4 Click on Enterprise Wipe 5 You can choose to either delete all the exchange configurations from the device or to selectively define which email account to delete by providing their email addresses Important iOS devices can
123. rters Fina Human Resource ACTIVATE BROWSER CONTROL Select the group for which you wish to define browser control Click on the Policies tab Click on the Browser Control sub tab Select the preferred action Disable or Enable or Inherit or Adopt Select Blacklist or Whitelist Click on BOR oe omo Enter the URL in the designated data field The URL is required to have a legal format for example http 8 Select Domain to block the entire domain or uncheck to block only the specific URL 9 Click Important If the required URL for whitelist or blacklist is accessible with and without WWW then you must add both options PROPERTY OF COMMUNITAKE 2009 2015 99 REMOVE DOMAIN URL IN BROWSER CONTROL Select the group for which you wish to remove browser control Click on the Policies tab Click on the Browser Control sub tab Select the preferred action Disable or Enable or Inherit or Adopt Select Blacklist or Whitelist Select the URL you wish to remove Click on Delete URL ER Click Delete on the pop up gt When Browser Control is activated the Browser button will appear in the on device application client gt A All popular browsers are automatically disabled killed when launched A Additional browsers be handled via Application Blacklist ACTIVATE BROWSER CONTROL BY TIME The default
124. rts so that recipients will receive various alerts for various events with different alerts timing TO SEND SYSTEM ALERTS 1 Click on the General Settings icon at the upper right of the application screen 2 Click on the Alerts tab 3 Click on the plus icon to add and define an alert 24 C COMMUNITAKE TECHNOLOGIES LTD INTACT USER GUIDE 4 Click the plus icon next to Send alerts for to define the initiation for alert Alerts causes can the following violations Whitelist Blacklist Exclusive Whitelist Password Policy Not Enrolled Client Removal Roaming Usage Plan Violation SIM Change Lost Connection Rooted 5 Click on the ok icon to approve the selection 6 Analert will be sent as soon as possible once defined and activated 7 Check the following activation options are required a Send alert even if resolved b Then send an alert every number Hours can be every 15 minutes every 30 minutes every one hour every six hours every twelve hours and once a day c And stop after number Day can be every day every two days every three days once a week 8 the recipient s email address in the Send To data field Click on the plus icon near this field for adding more recipients 9 Click on Apply to activate the alerts mechanism 3 COMMUNITAKE ENTERPRISE MOBILITY
125. s E 101 FILE DISTRIBUTION nem n 101 TO DISTRIBUTE RILES TO DEVICE ids dub dest abet 102 AN EXISTING ioa e aetate roo Deere teu aura ae Caster muta eto eret 102 HOME SCREEN Mc 103 e 104 TOADDICON c 104 TO ADD BOOKNMIARKS WEB CPS Mq DE 104 LAUNCHER Q 105 TODEFINE LAUNCHER A 105 EXPENSE CONTROL 107 USAGE PLANS 2 107 TO MANGESSAGE PLANG E 107 109 SUPPORT titer 112 REMOTE 112 ACTIVATING REMOTE SUPPORT o EE Fe apa eo Eben eae erae 113 e Jic ygel m a 114 SETTING CONFIGURATIONS reseau eoe ea pee esae neo ee pae e oaa re RT e Pa
126. s baker bb1 com ALEXIS BROWN alexis brown bb1 com ALEXIS ROSS alexis ross bb1 com ALICE THOMPSON alice thompson bb1 com ALISSA CHUNG alissa chung bb1 com AMELIA REID amelia reid bb1 com ANNA CLARK 4 anna clark bb1 com AVERY JOHNSON PROPERTY OF COMMUNITAKE 2009 2015 39 COMMUNITAKE TECHNOLOGIES LTD INTACT USER GUIDE 4 Click on the Apply icon You will be directed to a conversation screen From this point the group will appear in your contacts list 5 Click on the Discard icon if you wish to cancel the operation gt lt 6 When receiving a message from a group member the message headline will be by the group name The sender named will appear in the opened message Secure Messaging 5 PhoneBook Conversations CHARLES 18 16 58 19 08 2014 Sales 17 14 22 19 08 2014 TO DELETE CONVERSATION 1 Whenin the conversation click on the Discard icon X CHARLES X 18 16 58 19 08 2014 Hello need your help with the order PROPERTY OF COMMUNITAKE 2009 2015 40 COMMUNITAKE TECHNOLOGIES LTD INTACT USER GUIDE 2 Approve the deletion when prompted Are you sure you want to delete the current conversation Cancel OK TO DELETE A CONVERSATION GROUP 1 When in the Conversations press on the group s conversation 2 Click on the Discard icon 3 Press Ok to approve the deletion 4 conversation will be deleted a
127. saging Lock the screen 1 Cancel Activate If you have marked the self service access and or the Secured Container access the user will receive email for each module access 3 COMMUNITAKE Hello noam communitake com Your device is managed within the organizational Mobile Device Management MDM system The MDM system allows you to securely view the organizational SharePoint content and or to safely communicate with the enterprise members Activating these functions is done via your on device MDM application click on the SharePoint icon to view the SharePoint content click on the Secure Messaging icon to conduct a safe dialog Enter a password when prompted Your initial password is srhfh4cn1b On your first entry you will be required to change the password Thank you for your cooperation The MDM team t contact communitake com For accessing the Secured Container and performing secure messaging or secure SharePoint files view the user should click on the Secure Container icon and enter the temporary password as sent in the email Then the user will be directed to replace the password with a new password 28 Important COMMUNITAKE TECHNOLOGIES LTD SELF REGISTRATION DU WP IUe oue CAM xp Send an email to users inviting them to register Direct the users to download the CEM application and install it INTACT USER GUIDE The system integration with Active Directory LDAP
128. ss 6 71 0 70 0 Classes No Backup Restrictions 0 0 Headquarters iting Systems 0 North America region 0 Planex Argentina Sales Italy wiephon Cellcom Telefonic a AR Unknown P 95 e Perform the following steps to set a global enrollment process 1 Click on Settings Click on the tab PIN code Click on the Add Group icon 2 3 4 Select the group groups to which you wish to add devices 5 Once added the system will automatically assign a PIN code to this group 6 Any device which enters this PIN code will be registered to this group Important The global enrollment process is only applicable to Android devices PROPERTY OF COMMUNITAKE 2009 2015 22 The system allows to define the default inheritance when creating a new group X COMMUNITAKE ENTERPRISE MOBILITY noa mGcommunitakecom EY Logout 3 D 4 Device Users AM System Users General 05 LDAP Exchange Secure Container 291 Groups 094 Password Policy Disable Default v oi Noam APAC Sales A Remote Control 2 CALA Sales Classes Android Restrictions Disable EMEA Sales File Distribution Enable Home Screen Disable Finance Launche Disable Human Resources Management NA Sales The inheritance settings alternatives are as follows Password Policy inherit disable gt Blacklist
129. stem Device user email address It will be used for Exchange configuration such as blocking the user from accessing the Exchange server as well as the MDM system user name for device holders who are given self service access Checkbox for defining the device user as a self service user The organizational group to which the device is assigned The PIN code identifies the device in the enrollment process It might be required by the device holder in order to conclude the enrollment process Once connected to the MDM system this PIN code will no longer be necessary and will not appear in the table Device mobile operating system One click remote access to the device for support All columns contain filters or search capabilities ADAD AN AL IARI A IET TM PROPERTY OF COMMUNITAKE The device table icons o 5 Description Policy setting has failed Policy setting is not supported Policy setting is pending Policy setting has succeeded 0 000 Q Policy not set Policy is violated Roaming is not viable Roaming is viable The device is not rooted O The device is rooted INCLUDING SUBGROUPS Including subgroups allows you to see and manage all the groups that are under the selected group Once Include Sub Groups is checked the devices table will present all the devices that are under the selected hierarchy group If it is not checked the system will show only the de
130. the user inside the application atl GOLAN T kostya new site Forms naya n 50 R ATT invite tif 27 01 13 17 59 um wn ta n ir bg jpg 02 01 13 10 14 R bg_empty bmp 01 01 13 10 34 T vaccin A d m R butterfly bmp 27 01 13 16 33 CCITT 1 TIF citation txt 28 11 12 20 15 we CommuniTake Release Notes Security and Privacy docx Ma 2009 2015 43 COMMUNITAKE TECHNOLOGIES LTD INTACT USER GUIDE SYSTEM DASHBOARD DASHBOARD DATA AND KEY PERFORMANCE INDICATORS KPIS The initial view presented when accessing the system is the system dashboard The system dashboard provides an instant overview of the state of the enterprise s devices 3 COMMUNITAKE ENTERPRISE MOBILITY d ctmdmdemogcommunitake com v o Logout 28 Groups w Include Sub Groug zd Df Demo 21 91 0 70 5 70 0 70 32 70 2 70 4 70 61 70 0 70 LJ Groups Not Enrolled Roaming Device No Backur Restrict equired Ay Blacklist Whitelist Password icy Policy Enforcement d region B CALA region T 65 66 0 0 1 2 Classes scheduled Backu Lost Connecti IM Change Jsage Pla Root Client Rer r EMEA region 7 Bel Licenses Operators Operating Systems gt EMEA Management Operation 7 SPAIN M Headquarters You can select to view information for current group or current group along with its subgroups The Dashb
131. tivity before the device is locked Automatically implements the complex policy enabled by the device operating system la COMMUNITAKE TECHNOLOGIES LTD Disk encryption Important TO DEFINE A PASSWORD POLICY INTACT USE TI 2 TI Encrypts the on device disk data The device encrypts the user s files contacts emails and messages both on the internal drive and the SD card if available using the device s lock password The encryption key is the device s lock password The encryption is handled by the operating system itself Disk encryption requires a password to be set on the device To activate disk encryption on android the password length must be at least 6 and complex letters and numbers For iOS devices disk encryption is done automatically when a password is set on the device Select the group for which you wish to deploy the password policy Click on the Password Policy tab Click on the Apply button COMMUNITAKE ENTERPRISE 1 2 3 Define the password attributes parameters 4 19 Groups loj CT Demo 0 00 CT Demo Groups region CALA region 0 region Belqacom d EMEA Management 7 SPAIN QJ Headquarters OS Specific Guideline Min os Length Complex Encryption TO DISCARD A PASSWORD POLICY Select the group for which you wish to discard the password
132. to a number of devices check the devices you wish to send the message to Click on the Send message at the left bottom part of the screen Write the message in the pop up message screen Check Send also by email if you wish to send the message as an email as well The email will be sent to the defined device s owner email Check Force Show applicable for Android devices if you wish that the message will pop on the recipient device screen Click on Send PROPERTY OF COMMUNITAKE 2009 2015 63 COMMUNITAKE TECHNOLOGIES LTD INTACT USER GUIDE Note You can also send messages to devices from gt KPI drill down popup gt From the device s location tab 8 COMMUNITAKE ENTERPRISE MOBILITY ctmdm emogcommunitake com Logout 1 Device Users System Users a 19 Groups w Include Sub Groups TS r7 Di CT Demo All 10 devices on this page are selected here to select all 90 devices CA Owner Name 2 Number Email 4 User Name Domain Username P Self Service P SharePoint 4 Group PIN code 05 P Remote Control 00 CT Demo Groups ALICE THOMPSON 500058999 alice mompsonfPbbi com alice thompson y Pending NA Operations d region M LAUREN 500045666 aurenchowBbl com lauren chow v Blocked NA Management LJ CALA region GRACE U 500051098 com gracen Blocked EMEA Sales J Classes A m
133. u can initiate an immediate call with the contact by clicking the Start call icon m Phone 7 93 17 Clicking on the contact name will present you with all the previous calls a m Call Log liat 19 93 SECURE MESSAGING USER EXPERIENCE Once the Messaging Secure Messaging module is defined in the system by the administrator all enrolled devices can have access to it The Messaging and the Secure Messaging are performed in the Enterprise Mobility client via the system These messages are not related to the generic SMSs The messages communication is always encrypted since the conversation is performed via the Enterprise Mobility server The Messaging module allows direct access to messages The Secure Messaging module requires an access password and encrypts all the in client messages thus adding another security layer When the client is removed from the device all the conversations are removed with it The Messaging Secure Messaging icon will appear as part of the on device Enterprise Mobility application When defined as a Messaging Support it will appear as Messaging When defined as Protect the messaging inside the secure container it will appear as Secure Messaging COMMUNITAKE TECHNOLOGIES LTD INTACT USE R GUIDE ACTIVATE SECURE MESSAGING You can initiate a conversation with other enrolled users or continue an existing conversation To a
134. uncheck the default settings 5 Define the number of days for the Backup Interval PROPERTY OF COMMUNITAKE 2009 2015 88 COMMUNITAKE TECHNOLOGIES LTD INTACT USER GUIDE 6 Select which data detail types will be backed up Contacts Messages Note that Contacts and Messages are pre defined once you mark the Enable Periodic Backup checkbox 7 Click on Commit Changes 3 COMMUNITAKE ENTERPRISE MOBILITY d ctindmdemo communitakecom o Logout 202 Groups of CT Demo d n 00 CT Demo Groups gt region CALA reg ion tact Message d Classes ew M EMEA region we Belgacom LJ EMEA Management SPAIN Headquarters we iuman Resources REMOVE BACKUP SETTINGS 1 Select the device group for which you wish to remove the backup settings 2 Click on Backup tab 3 Uncheck the Enable Periodic Backup checkbox 4 Click on Commit Changes Tip The default policy is the inherit policy by the parent group In order to select another policy first uncheck the inherit checkbox and then check the enable checkbox and define the policy parameters PROPERTY OF COMMUNITAKE 2009 2015 g9 COMMUNITAKE TECHNOLOGIES LTD INTACT USER GUIDE ADDING IOS RESTRICTIONS CONFIGURATION ENTERPRISE MOBILITY 4 ctmamdemo communitake com v Logout P Password Black List Required Apps 28 Groups
135. up name 4 Click the Add button in the pop up box 5 new group will be added under the group that you have selected 3 COMMUNITAKE ENTERPRISE MOBILITY d ctindmdemo communitakecom ogout 202 Groups 0f CT Demo 4 00 CT Demo Group d region CALA region LI Classes 7 EMEA region Belgacom gt 0 Managemen MEA Opera MEA Sale SPAIN Headquarters Add New Group amp 9 Owner Name Number E User Name Domain Username Service SharePoint Group PIN code 05 Rer gt e 2 z PROPERTY OF COMMUNITAKE 2009 2015 50 COMMUNITAKE TECHNOLOGIES LTD INTACT USER GUIDE TO DELETE A GROUP 1 Click on the group which you want to delete 2 Click on the Delete Group button X 3 The group will be deleted from the groups hierarchy tree 3 COMMUNITAKE ENTERPRISE MORILITY dl lt tmdmdemo communitakecom o Logout 482 Groups w Include Sub Group B 0f CT Demo Owner Name Number E mail User Name Domain Username Service SharePoint Group PIN code 05 Remote Cont gt B 00 CT Demo Groups Al H N alice t bbl aie thor i 4 f fing NA Operat LJ region Jndefinec LJ ALA region f 1 Classes D EMEA reg v ndefined Belgaco EMEA M 9 t MI perati ina a SPAIN d x 2 3 Important You cannot delete a gr
136. using the values you used for creating your Apple ID Click Request Certificate and save the file gU Ae Using the above certificate request a certificate from Apple Go to the following Apple site link https identity apple com pushcert and log in using your Apple ID 6 Click Create a Certificate and agree to the terms of use 7 Upload your certificate request which you have saved in step 4 After a few seconds your certificate will be ready for download Download and save the certificate 8 Click Settings again on the system user interface Upload the certificate that you have downloaded from Apple 9 You are now ready to add iOS devices to the INTACT CEM system LDAP INTEGRATION Devices are managed in the system via groups Devices are allocated to logical groups with similar use policies These groups are built and populated manually or via integration with an LDAP that already contains groups and devices The LDAP Settings tab allows you to create LDAP integration for defining and populating the system s devices groups via the organizational LDAP Accessing the LDAP integration interface is done through the system Setting located on the upper right corner of the screen TOR COMMUNITAKE TEC T COMMUNITAKE ENTERPRISE MOBILITY General 105 d Exchange Secure Container Policies Alerts T ovce amca 5 LDAP Settings E Groups leer Name d D
137. vices that directly associated with the selected group 53 TECHN R GUIDE INTACT USE LZ I Tl ADD A DEVICE COMMUNITAKE ENTERPRISE MOBILITY 19 Groups lof CT Demo 0 00 CT Demo Groups 0 region 0 CALA region Classes 0 EMEA region Belqacom 0 Management Operat EMEA Sale 7 SPAIN Headquarters v Sut f o a f Owner Name Number Email 1 Service SharePoint Group PIN code 05 Remote Control amp lt juage English e Ea E v gt 9 1 Click on the group to which you want to add a device 2 Click on the Add New Device button 3 pop up box appears for entering the new device attributes Enter the following The new device MSISDN phone number for a mobile phone or an email address for tablets Define the device owner name as you wish it to appear in the system Device owner name serves only for display The device owner email The Email address will be used for Exchange configurations and as the user name for the device owner to access the self service device protection features Domain username For some enterprises the domain username is different than the email address For this reason this data field must also be filled This will allow proper operation of configurations such as Exchange and VPN Self service access This access will allow
138. w its location its backups and its applications The default BYOD setting is inactive 12 IOS BUSINESS REGISTRATION Apple requires a one time procedural step to allow the INTACT EMM system to manage your iOS devices Requesting and uploading the iOS certificate is done through the system Setting located on the upper right corner of the screen 3 COMMUNITAKE ENTERPRISE MOBILITY ctmdmdemo communitake com v General i LDAP Exchange Secure Container Policies Alerts PIN code Jevices 4 Device Users 19 System Users iPhone Certificate Request ES 48 Groups ET Defaut v 2 PINcode 05 2 Remote Cont Email Address M CI Demo oj Common Namc gt 0 00 CI Demo Groups 0 APAC region Country Code United States v CALA rcgion D 3 Request Certificate gt Classes Please make sure that entered valucs match the ones sent to Apple for certification EMEA region Expiration Date May 9 2014 09 15 v Headquarters iPhone Certificate Upload Finance Upload the certificate using this form Human Resources Upload Management 0 North America region NA Management NA Operations NA Sales 1 If you not already have an Apple ID you should create one via the following Apple site link http appleid apple com Click on Settings located on the top right corner of the system user interface and select iOS Fill in the email and your name
139. y Diagnostics i Catalog Owner Noam P Device Grand X Quad Device Number 972545515516 Name ID 3D Mushroom Wallpaper Android Live Wallpapers Version Android System Android System Name AppGuidePlugin Atci service Basic Sleep Mode Apps BatteryWarning Bell ActiveCare Black Hole Bluetooth Bubbles CATALOG The recommended applications catalog was defined in the applications policy section It illustrates the applications which the business wishes to have on the devices but it does not enforce their presence To deploy recommended application on the device 1 Click on Catalog tab 2 Check the applications you wish to install in the device 3 Click on Send Important The catalog tab will appear only if recommended applications were defined the device group and for the device OS 129
140. you have to do is add the device to the user MSISDN or Email define the display name for the device in the system and define the self service access Important gt fauser is removed from the LDAP the user will be also removed from the system along with all his related devices Ifagroupis deleted from the LDAP all the users in that group that were not moved to another group which was imported to the system will be deleted along with their related devices Ifa group is deleted from the LDAP all the devices that are directly attached to the group will be deleted gt When a user is moved between different LDAP groups his device remains the original group gt When a group is moved in the LDAP to a different location all the users and the devices that are attached to this group will also move It means that the group s policy could potentially change if a policy is inherited In order to perform an import from the LDAP the MDM system servers must be able to access the LDAP servers Once the import is completed you can close the access connection until next time it is needed for an import or sync A device can only be attached to a user that is defined in the LDAP group 15 EXCHANGE CONFIGURATION The Exchange Settings tab allows you to define the Exchange server through which the device will access emails and contacts and its generic ActiveSync settings Accessing the Exchange Settings configuration i
141. ystem he can be identified and authorized to run these procedures A user is defined in the system by the email address that was defined in the device addition process 70 TO DELETE A DEVICE USER 1 Select the device group in which the user is defined 2 Click on the Users tab 3 Check the user line 4 Click on Delete Users button 5 Youcan select to delete just the user or the user and his her devices 6 Deleting the user but not his her device will result in the device remaining in the group and only the administrator can access it same as adding a device with no user Tip You can add a user after the initial enrollment process If you wish to enable self service for device protection check the Self service access box in the devices table or in the edit devices table This will generate the process to send a welcome email to the device holder through which he can activate his access to self manage the device protection features SYSTEM USERS The System Users module allows you to add system administrators and Customer Service Representatives CSR to the system Once added the system will generate for every user a similar account activation process including sending a welcome letter and a requirement to set a password ADMINISTRATORS Administrators are additional administrators who can manage the system Administrators have complete administration rights equal to the administrator who has activated the account for
Download Pdf Manuals
Related Search