From eScan Wiki
Revision as of 05:59, 23 April 2020 WikiSysop (Talk | contribs) ← Previous diff |
Revision as of 06:12, 23 April 2020 WikiSysop (Talk | contribs) Next diff → |
||
Line 243: | Line 243: | ||
<li> | <li> | ||
Click <strong>Action List</strong> > <strong> Change Server IP</strong>. Change Server IP Address window | Click <strong>Action List</strong> > <strong> Change Server IP</strong>. Change Server IP Address window | ||
- | appears. The IP Address field displays the current IP address of a | + | appears. |
- | group. | + | |
</li> | </li> | ||
<li> | <li> | ||
Line 254: | Line 253: | ||
</li> | </li> | ||
<li> | <li> | ||
- | After you are done making changes, click <strong>Apply</strong>. After | + | After you are done making changes, click <strong>Apply</strong>. The progress of the command is shown in the new window after some interval. |
- | a group’s or device’s IP address is changed, a success message appears. | + | |
</li> | </li> | ||
</ol> | </ol> |
Revision as of 06:12, 23 April 2020
Managed Mobile Devices
The Managed Mobile Devices module lets you take action related to a group and specific device(s). There are following buttons in this module:
- Action List
- Client Action List
- Select/Add Columns
- Policy Templates
Action List
This drop-down lets you take an action for a group.
New Group
This option lets you create a new group for categorizing/adding devices.
Add New Device
This option lets you add new devices to the selected groups.
Add Multiple Devices
This option lets you import (*.txt) file with device and user details in the following format for adding multiple devices at once.
Mobile no.1,Username1,Email ID1 for example: 9012345678,ABCD,abcd@xyz.com
Note: Do not put space before or after comma in the above format.
Remove Group
This option lets you remove a group from the Managed Devices.
Change Server IP
This option lets you change the server IP address on the managed device. The new server IP can be allotted to a particular group or list of devices.
Synchronize with LDAP/Active Directory
This option lets you synchronize the managed devices with the source active Directory Organization unit, the minimum sync interval is five minutes and you can also exclude ADS source files that are not required.
Properties
This option lets you view properties of the group such as Name, Parent Group, Group Type.
Create New Group
In case the containerization benefits are not required, select the group type as MDM. The policies are applied to the Personal profile of the devices in the MDM group type. Web-blocking, Application Control etc. policies can be applied to the devices without creating a work profile (Container).
In case the device belongs to a company and is given to an employee for company work/task purposes, select the group type as COD (Company Owned Device). As company is the device owner, the device will always be policy restricted irrespective of the Geo/Wi-Fi location. Containerization and its benefits are available for COD group type.
In case the users are allowed to bring their own devices to company for work/task purposes, select the group type as BYOD (Bring Your Own Device). In this group type, policies will be applied within the Geo/Wi-Fi location. The restrictions as per the policy will be applied only if the device is in Geo/Wi-Fi location. If the device is out of the Geo/Wi-Fi location, the device will be free of restrictions. Containerization and its benefits are available for BYOD group type.
Creating a New Group
- Click Action List > New Group. Create New Group window appears.
- Enter a name.
- Select a preferred group type.
- Click Save. A new group will be created.
Adding a New Device
After a group is created, you will be required to add devices to the respective groups for managing and securing them efficiently. To add a device, follow the steps given below:
1. Select a group.
2. Click Action List > Add New Device. Add New Device window appears.
3. Enter the mandatory details.
4. Select the appropriate OS type.
5. Click Add. An enrollment email with a link to download and install eScan Device Management (client) will be sent to the specified email address.
Note |
The mobile number required here is only for indicative purposes and it need not be an actual mobile number. |
Adding Multiple Devices
By using Add Multiple Devices option, you can add multiple devices to a group by importing details from a .csv or .txt file in the following format – Mobile no. 1, Username1, Email-id1
To add multiple devices, follow the steps given below:
- Select a group.
- Click Action list > Add Multiple Devices. Add Multiple Devices window appears.
- Click Browse and select the .txt and .csv file consisting required details.
- Click OK. All devices from the .txt and .csv file will be added to the group.
Note |
Ensure there is no space before or after comma in the above format. Use a line break to separate each device’s information. |
Removing a group
To remove a group, follow the steps given below:
Group Removal is allowed only for empty groups. (Group(s) that contains no devices)
1. Select a group.
2. Click Action List > Remove Group. A confirmation prompt appears.
3. Click OK. The group will be removed.
Changing Server IP address
- Select a group.
- Click Action List > Change Server IP. Change Server IP Address window appears.
- Select the Change To check box and enter the new server IP address.
- In the Apply to section, select whether IP address change is forGroups or List of Devices.
- After you are done making changes, click Apply. The progress of the command is shown in the new window after some interval.
Synchronizing with Active Directory
To synchronize a group with Active Directory, follow the steps given below:
- Select a group and then click Action List > Synchronize with LDAP/Active Directory.
Synchronize with LDAP/Active Directory window appears.
- If you want to change the target group for synchronization, clickBrowse and select a group or subgroup. (Skip this step if you don’t want to change the group).
- Select the Source LDAP/Active Directory Organization Unit by clickingBrowse. It takes you to LDAP/Active Directory; selection will depend upon which OU you want to synchronize. After selecting OU, click OK.
- Set the Synchronization Interval as per your requirement.
- Click OK.
To exclude group(s) from AD sync
- Check Excluded LDAP/Active Directory Sources. Click Exclude. Select OU to Exclude pop-up appears.
- Select the group you want to exclude and then click OK .
Client Action List
This drop-down lets you take action for the devices added in the console.
Select a device or devices and take the action of your preference.
Moving Devices from one group to the other group
After adding devices in a group, you can move a device or devices from one group to other as per your requirement.
To move device(s) from one group to other, follow the steps given below:
- Select the group in which the device(s) is already added and then click Client Devices.
- Select the device you want to move to another group and then click Client Action List > Move to Group . Select Group window appears.
- Select the group to which you wish to move the device(s) and then click OK.
Note |
You can create a New Group by clicking New Group and move the device(s) to that group. |
Checking a Device’s Properties
The Properties option lets you check a device’s general properties, anti-virus settings, protection status and miscellaneous properties.
1. Select a device.
2. Click Client Action List > Properties. The Properties (Mobile Number) window appears displaying all details of the device.
Removing a device from group
The Remove from Group option lets you remove any device from a group.
- Select a device.
- Click Client Action List > Remove from Group. A confirmation prompt appears.
- Click OK. The device will be removed from the group.
Resending Enrollment Email
The Resend Enrollment Email option lets you resend the enrollment email to the user who didn’t receive it at the time of adding the device.
- Select the specific device.
- Click Client Action List > Resend Enrollment Email. A new enrollment email will be sent to the user.
Changing a User’s Name/Email ID
The Change Username/Email ID option lets you change the name/email ID of a user.
- Select the specific device.
- Click Client Action List > Change Username/Email ID. Change Details window appears.
3. Make the required changes and then click Save Details. The User details will be updated.
Disenrolling a device
The Disenroll option lets you disenroll a device.
1. Select a device.
2. Click Client Action List > Disenroll. A confirmation prompt appears.
3. Click OK. The selected device will be disenrolled.
Policy
Steps for Defining Policies for the Group
To define policies for a group, select a group and under the group, click Policy. Group Policy pane appears on the right side.
Clicking Select Template displays a list of available templates.
Clicking Policy Templates displays Policy Template screen and lets you create, copy and assign template to specific group or devices.
Creating New Template
To create a new template, follow the steps given below:
- Click New Template. Create Policy Template window appears.
- Enter a name for template.
- Select appropriate group type.
The Create Policy Template lets you create template for both Android and iOS devices discussed below:
Android Template
The Android Template consists following policies:
- Anti-Virus Policy
- Call & SMS Filter Policy
- Web and Application Control
- App specific network blocking
- Anti-Theft Policy
- Additional Settings Policy
- Password Policy
- Device Oriented Policy
- Required Applications Policy
- Wi-Fi Settings Policy
- Scheduled Backup (Contacts & SMS)
- Content Library Policy
- Kiosk Mode Policy
Anti-Virus Policy
Anti-Virus Policy lets you scan the device, schedule a scan and update the virus signature database as per your requirement.
Scan Settings
Using the options present under the Anti-Virus Policy, the administrator can define settings for enabling or disabling virus protection on devices along with settings for file types to be scanned on managed devices.
Protection Scanning for files on installation is enabled
Select Enabled or Disabled to enable or disable protection on managed devices in the group.
Scan Type
Select the Scan Type as All Files or Executable only files on managed devices in the group.
Automatic Scan
Use options present under the Anti-Virus Policy to scan devices on startup or schedule the scan as per requirement.
Startup Scan
Select from drop-down to enable or disable scanning on device startup, as per your requirement.
Schedule Scan
Select a schedule to scan managed devices. You can conduct a weekly or daily scan as required or even disable the scan schedules.
Scan Day
Select a particular day of the week to scan the managed devices present in the group. This check box will be activated only if you select weekly scan.
Select Scan Time
Set time for scanning the managed devices in the group.
Schedule Update Settings
Define settings for updating eScan on managed devices.
Schedule Update
Define a schedule to update virus signature database on a daily or weekly basis or disable the update schedule.
Update Day
Select a particular day of the week to update the managed devices present in the group. This check box will be activated only if you select weekly update.
Update Time
Set time for the devices to take virus signature database update from the server. It will be helpful in saving network congestion where large numbers of devices are added in the MDM Server.
Update from Internet server
Select this check box to update the virus signature database from the Internet server.
Update only if Wi-Fi is available
Select this check box to update virus signature database only if the Wi-Fi connection is available.
Call & SMS Filter Policy
The Call & SMS Filter Policy lets you set filter for incoming calls, text messages and outgoing calls on managed devices.
Call and SMS filter mode set to Off
If the Call and SMS filter mode is set to Off, all calls and text messages will be allowed.
Call and SMS filter mode set to Blacklist
Select Block Non-Numeric SMS and Calls check box to block SMS and calls from non-numeric numbers.
To block incoming calls from known numbers and SMS consisting specific keywords, click Blacklist. Call and SMS Blacklist window appears.
Click Add. Block Incoming window appears.
Select whether to block SMS, Calls or both Calls & SMS. Enter the Blocked Phone Number and Forbidden Text in the fields and then click Add.
To delete a specific number from the Blacklist, select the number and click Delete.
The selected number will be deleted.
Call and SMS filter mode set to Whitelist
Check Allow Contacts check box and then click Whitelist.
Call and SMS Whitelist window appears.
Click Add. Allow Incoming window appears.
Select whether to allow SMS, Calls or both Calls & SMS. Enter the Allowed Phone Number and Forbidden Text in the fields and then click Add.
To delete a specific number from whitelist, select the number and click Delete.
The number will be deleted. To remove all numbers in a single-click, click Remove All.
Call and SMS filter mode set to Both List
Check Allow Contacts and Block Non-Numeric SMS and Calls and you will be able to access both Blacklist’s and Whitelist’s features.
Call Filter (Outgoing) Mode set to Off
If Call Filter Mode is set to Off, all outgoing calls will be allowed.
Call Filter (Outgoing) Mode set to Whitelist
If Call Filter Mode is set to Whitelist, a user can make outgoing calls only to whitelisted numbers.
Click Whitelist. Outgoing calls window appears.
Click Add. Allow outgoing window appears.
Enter the phone number and then click Add.
The number will be added to the Whitelist.
To delete a specific number, select a number and then click Delete. The number will be deleted.
Web and Application Control
Web and Application Control policy lets you allow and block applications and websites
on managed devices.
Control Mode
Allow or Block Applications/Website or Both or Off based on your requirement and Policies.
Control mode set to Off
If the Control Mode is set to Off, you cannot allow/block websites or applications.
Control mode set to Website
Setting the Control Mode to Website lets you allow and block website categories.
Allow List : Websites added to this list can be accessed in browser. You can modify, delete and also remove the list of websites.
Click Add. Add in allow list window appears.
Enter the URL in the field and then click Save.
Block List: Websites added to this list will be blocked in browser. You can modify, delete and remove the list of websites from the Block List.
Click Add. Add in block list window appears.
Enter the URL and then click Save.
Control mode set to Application
Setting the Control Mode to Application lets you allow or block an application.
Click Allow/Block Application List. Allow/Block Application List window appears.
Click Add.
Application List
- Applications added to this list will be allowed/blocked as per the specified action.
- System applications will be allowed by default unless explicitly added to "Block" section.
- User installed applications will be blocked by default unless explicitly added to "Allow" section.
- If the action is set to "Ask Uninstall" the device will prompt the user to uninstall the application and will remain "Non-Compliant" until the application is uninstalled.
- If “Ask Uninstall” action is set for the system applications, the applications will be blocked and will have no effect on the device compliance. Allow/Block Application window appears.
Enter the application’s package name in the field. Select whether to Allow, Block or Ask to Uninstall the specific application and then click Add > Save.
Note |
If Application is NOT in the "Available Applications" list you can add the package name with the "Enter Package Name" option. |
Control mode set to Both
Setting the Control Mode to Both lets you allow/block website categories and applications.
App Specific Network Blocking
The App Specific Network Blocking Policy lets you block a particular application from accessing the Internet.
In the Enter Package Name field, type the application’s package name and then click Add.
The package will be added and displayed in Package Name section below.
After a package is added, the respective application will be unable to access the Internet.
Note |
VPN permission is needed for this functionality to work. |
To delete a package from the list, select the specific package and then click Delete.
To remove all packages, click Remove All.
Anti-Theft Policy
Anti-Theft Policy lets you keep track of a device’s location history, block a device and send alert about SIM card change.
Enable Anti-Theft
By default, this check box is selected.
Enable Location History
Select Enable Location History check box to track the location history.
Interval in Mins
Track the location history at a defined interval.
You can set the interval using Interval field.
Block Device
Select this check box to block the device before uninstallation of eScan application.
Ask "Admin Access Password" (Do not block device)
Select this option if you don’t want the device to be blocked if a user tries to uninstall the MDM application. The application will ask the user to enter the Admin Access Password.
Delete all configured email accounts
Select this check box to delete all email accounts configured on the managed device.
Delete specific domain account
Select this check box to delete email accounts of specific domain. After selecting this check box, enter the domain name in Enter domain names field.
Send SMS notification on SIM card change
Select this check box to receive a text message informing about SIM card change. The text message will be sent to the number added by you.
Add the desired number in To Mobile No.
Send Email notification on SIM card change
Select this check box to receive an email informing about SIM card change. The notification email will be sent to the administrator’s email ID or the custom email ID that the administrator has specified.
Additional Settings Policy
Use this option to enable or disable the above options on selected managed devices.
Show Notification
Selecting this check box will display all notifications on devices.
Sound
Selecting this check box will play notification sound for eScan MDM application events.
Write Logs
Selecting this check box will enable MDM application to write logs of user actions on the eScan log file.
Disable Device Settings
Selecting this check box will block devices from accessing Device Settings.
Sync at Device Reboot
Selecting this check box will sync the device with the eScan server after it reboots.
Sync Frequency
You can set the Sync Frequency in minutes and let the device sync with the eScan server.
Password Policy
Password Policy lets you define Administrator Access Password that allows an authorized user to configure settings of eScan Module on respective Managed devices.
Enter the password in Admin Access Password field.
Note |
The password should be numeric and minimum of four digits are required. |
Device Oriented Policy
Device Oriented Policy lets you enable GPS and disable Camera, Bluetooth and USB Connectivity on a device.
Enable GPS (For devices with Android version below 4 .0)
Select this check box to enable GPS.
Disable Camera (For device with Android version 4 .0 and Above)
Select this check box to disable the camera.
Disable Bluetooth & Bluetooth Discovery
Select this check box to disable the Bluetooth and Bluetooth discoveries.
Disable USB Connectivity (For devices with Android version below 4 .0)
Select this check box to disable USB Connectivity.
Send Call Details to server, including Call/SMS filter events
Select this check box if you want device(s) to send their Call/SMS details to the server.
Required Applications Policy
The Required Applications Policy lets you import applications from the App Store module for installation on devices in the group through policy deployment.
Importing an application
- Click Import. Import Application window appears.
- Select the application(s).
- Click Save. The selected application will be imported.
A pop-up message appears displaying Applications added to the "Required Applications Policy" will be automatically added to the "Allow List" under "Parental Policy >> Allow/Block Application List".
Click Deploy. The policy will be deployed on the device instantly if the device is connected to the Internet. The following prompt appears after the successful policy deployment.
Note |
If the device is not connected to Internet, the policy changes will be applied on the next sync with the server. By default, the device(s) sync with the server every 60 minutes. If an application is deployed via the Required Application Policy, the device(s) in the group receive a notification to install the application. The user will be provided with the option to start the installation process and install the application. If the device user cancels the installation, it will alert the user about application installation on the next sync with the server. If the deployed application with the same version number already exists on device, the device user won't receive notification.
|
Deleting an application from “Required Applications Policy”
To delete an application, select the application and then click Delete. The selected application will be deleted.
Wi-Fi Settings Policy
The Wi-Fi Settings policy lets you define the settings for your Wi-Fi connections. You can disable WLAN/Wi-Fi or restrict the usage of Wi-Fi by allowing the device to connect only to the listed Wi-Fi networks. The device can be automatically locked or raise a sound alarm if it is not connected to any of the listed Wi-Fi connections.
Enable Wi-Fi Restrictions (For devices with Android version below 6 .0)
Adding a Wi-Fi SSID
- Select the check box Enable Wi-Fi Restrictions and then click Add. Add window appears.
- Enter the Wi-Fi network name (SSID) in the field and then click Add. The Wi-Fi network will be added to the console.
The devices will be allowed to connect only to the added Wi-Fi network
SSID.
Locking/Sounding alarm on a device
- Select the check boxes Lock Device orSound Alarm as per your requirement and then click Add. Add Networks window appears.
- Select the Wi-Fi networks you want the device to always be connected to and then click Save.
If the devices are not connected/disconnected from the added Wi-Fi network SSID, they will be locked or raise a loud alarm as per the policy configuration.
Deleting a Wi-Fi network SSID
- Select a Wi-Fi network SSID and then click Delete. A confirmation prompt appears.
- Click OK. The Wi-Fi network SSID will be deleted.
Scheduled Backup (Contacts & SMS)
The Schedule Backup policy lets you take a backup of all the contacts and text messages on a device as per your requirements. The backup of contacts and text messages can be saved in two different folders. The backup can be scheduled for daily/weekly basis.
Creating a schedule
- Click Add. Add new job window appears.
- Enter a job name.
- In Job Settings, select the preferred backup(s).
- In Job Scheduler Settings, select whether you want to take a backup daily or weekly.
Set the specific time at which you want to take the backup and then click Save.
Modifying a schedule
- To modify a schedule, select the specific schedule and then click Modify. Modify backup job window appears.
- Make the required changes and then click Save. The schedule will be modified.
As an Administrator, you can even disable a scheduled backup by selecting the option Disable schedule > Save.
Deleting a schedule
To delete a schedule, follow the steps given below:
- Select a schedule and then click Delete. A confirmation prompt appears.
- Click OK. The schedule will be deleted.
Content Library Policy
Content Library policy lets you deploy documents to the users’ devices. The documents can be imported from the Content Library module and deployed to the users.
Import a file
To import a file from Content Library, click Import. Select the file and then click Save.
To delete a file, select the specific file and then click Delete.
Default, Deploy, or Cancel
Description - You can select eScan Default settings or Deploy the setting defined by you for implementing/deploying on specific groups.
Kiosk Mode Policy
To configure Kiosk Mode Policy, select Enable Kiosk Mode check box.
To allow an application to be accessed in Kiosk mode, click the drop-down. The drop-down displays a list of installed applications. Select an application and then click Add. The application will be added.
To delete the added application(s) from Kiosk mode, select the application(s) and then click Delete. The application will be deleted.
Hardware Key Control
Kiosk mode also lets you disable a device’s hardware keys.
Disable Power button – Selecting this check box disables a device’s Power button.
Disable Volume buttons – Selecting this check box disables a device’s Volume buttons.
Allow User to Turn ON/OFF
Wi-Fi – Selecting this check box allows a user to turn device’s Wi-Fi ON/OFF through Kiosk application.
Bluetooth – Selecting this check box allows a user to turn device’s Bluetooth ON/OFF through Kiosk application.
Volume – Selecting this check box allows a user to increase/decrease the device’s volume through Kiosk application.
Brightness – Selecting this check box allows a user to increase/decrease the device’s brightness through Kiosk application.
Note |
Unchecking options won’t display Control to the user on the Kiosk application. |
iOS Template
The iOS Template consists following policies:
- Device Passcode Policy
- Restrictions Policy
- Web Clip Policy
- Email Policy
- Wi-Fi Settings Policy
- Content Library Policy
- Required Applications
Device Passcode Policy
The Device Passcode Policy lets you configure the passcode, auto-lock duration, device lock grace period and data wipe in case of maximum passcode fail attempts.
Select the Enable check box to enable all the fields in this section.
You can set the Device passcode policy for the device using this policy.
Allow Simple Value: Set this option to Yes if the passcode should be simple value.
For example, 1234 or 0000
Require Alphanumeric Value: Set this option to Yes if the passcode should be alphanumeric. For example, abc123 or 123abc
Minimum Passcode Length: This option lets you set the minimum passcode length. The numeric value can be set between 1 and 16.
Minimum Number of Special characters: This option lets you set the count of special characters required to construct a passcode. The count for special characters in
passcode can be set between 1 and 4.
Maximum Passcode Age (days 1-730, or blank): This option lets you set the maximum number of days from 1 to 730 before the password expires and asks the user to set a new one.
Allowed idle time, before Auto-Lock: This option lets you set time for a device (in minutes), before it gets auto-locked.
Number of Passcodes to be maintained in the history (1-50, or blank): This option lets you set the number of passcodes to be maintained in the history.
Grace Period for Device Lock: Grace period is a time duration that ensures the device stays locked until the next passcode entry. This option lets you set the grace period for a device from 1 Minute to 4 Hours.
Maximum Number of Failed Attempts (Before all data is erased): This option lets you set the maximum number of failed attempts allowed for unlocking a device before all data on the device is erased.
Restrictions Policy
The Restrictions Policy lets you apply restrictions on a device.
• Device Functionality
• Application
• Safari Settings
• iCloud
• Security and Privacy
• Content Ratings
• Ratings by Region
Device Functionality
Allow Installing Apps: Set this option to Yes to allow users to install applications.
Allow Use of Camera: Set this option to Yes to allow users to access device’s camera.
Allow FaceTime: Set this option to Yes to allow users to access FaceTime.
Allow Screen Capture: Set this option to Yes to allow users to take a screenshot or record their screen.
Allow Siri: Set this option to Yes to allow users to use Siri.
Allow Siri while the device is locked: Set this option to Yes to allow users to use Siri while the device is locked.
Allow usage of Touch ID to unlock device (iOS 7 and above): Set this option to Yes to allow users to unlock their devices with Touch ID.
Allow Apple Wallet while the device is locked (iOS 6 and above): Set this option to Yes to allow use of Apple Wallet while the device is locked.
Show Control Center in lock screen (iOS 7 and above): Set this option to Yes to allow users to access Control Center in the lock screen.
Show Notification Center in lock screen (iOS 7 and above): Notification Center is a feature in iOS that provides an overview of application notifications. Set this option to Yes to allow users to view Notification Center in lock screen.
Show Today view in lock screen (iOS 7 and above): Set this option to Yes to allow users to view Today View in lock screen.
Allow Voice Dialing: Set this option to Yes to allow users to call their contacts via voice.
Allow In - App Purchase: Set this option to Yes to allow users to make in-app purchases.
Force User to enter iTunes Store password: Set this option to Yes to force a user to enter their iTunes Store password.
Allow Multiplayer Gaming : Set this option to Yes to allow a user to play a multiplayer game on their device.
Allow Adding Game Center Friends: Set this option to Yes to allow a user to add Game Center friends.
Application
Allow Use of YouTube: Set this option to Yes to allow users to access YouTube.
Allow Use of iTunes Music Store: Set this option to Yes allow users to access iTunes Music Store.
Allow Use of Safari: Set this option to Yes to allow users to access Safari.
Safari Settings
Enable Autofill: Set this option to Yes if you want Safari to remember the information users entered in the web forms.
Force Fraud Warning: Set this option to Yes if you want Safari to prevent the user from visiting websites identified as being fraudulent or compromised.
Enable JavaScript: Set this option to Yes if you want Safari to accept all JavaScript on websites.
Allow Pop-ups: Set this option to Yes if you want Safari to allow all pop-ups on a website.
Accept Cookies: Select the appropriate option for Safari to accept cookies.
- Always
- From Visited Sites
- Never
iCloud
Allow Backup: Set this option to Yes to allow backup of device data to iCloud.
Allow Document Sync: Set this option to Yes to allow Document Sync on a device.
Allow Photo Stream: Set this option to Yes to allow Photo Stream on a device.
Allow Shared Stream (iOS 6 and above): Set this option to Yes to allow Shared Stream on a device.
Security and Privacy
Allow Diagnostic Data to be sent to Apple (iOS 6 and above): Set this option to Yes to allow a device’s diagnostic data to be sent to Apple servers.
Allow User to accept untrusted TLS Certificates: Set this option to Yes to allow user to accept untrusted TLS Certificates.
Allow automatic updates to certificate trust settings (iOS 7 and above): Set this option to Yes to allow automatic updates to certificate trust settings.
Force Encrypted Backups: Set this option to Yes to force a device to take encrypted backups.
Force limited ad tracking (iOS 7 and above) : Set this option to Yes to stop receiving targeted advertisements on a device. This feature does not block ads. The device user may still receive random ads.
Allow documents from managed apps in unmanaged apps (iOS 7 and above): Set this option to Yes to allow documents from managed applications to open in unmanaged applications.
Allow documents from unmanaged apps in managed apps (iOS 7 and above): Set this option to Yes to allow documents from unmanaged applications to open in managed applications.
Content Ratings
Allow Explicit Music Podcasts : Set this option to Yes to allow explicit music podcasts to be played on a device.
Ratings by Region
Enable Ratings by Region : Set this option to Yes to enable content ratings by region.
WebClip Policy
The WebClip policy lets you get important websites on a device’s home screen to let users access it quickly.
Adding a WebClip
Check Enable and then click Add. WebClip Policy window appears.
WebClip Label: Enter a name for the WebClip.
URL to be Linked: Enter the website URL.
Removal of WebClip: Set the WebClip status as either Enable or Disable. If enabled, the user can remove the WebClip from the device.
Allow Full Screen : Select Yes to allow full screen and No to disable full screen.
After entering all the details, click Save. The new web clip policy will be added.
Deleting a WebClip
Select a WebClip and then click Delete. The WebClip will be deleted.
Email Policy
The Email Policy lets you set up an email account for the managed devices and define the settings for incoming and outgoing emails.
Check Enable and then click Add.
Email Policy window appears.
Account Name: Enter an account name.
Account Type: Set the Account Type as IMAP or POP.
Choose POP if…
- You need constant access to your email, regardless of the Internet availability.
- You have limited server storage.
Choose IMAP if…
- You have a reliable and active Internet connection.
- You want to receive a quick overview of new emails on the server.
- Your local storage space is limited.
Path Prefix: In some cases, it is possible that you will not see theSent, Trash, Drafts, and Junk folders. Typically, these folders are in your INBOX and you'll have to set a prefix path for it to work correctly.
User Display Name: Type in the prefix "%username%" or "%email%". It will fetch the appropriate Username/Email mapped to the device.
Email Address: Typing in the prefix %email%" will fetch the appropriate email ID mapped to the device.
Allow Move: Select the Yes option to Allow Move. Selecting No will prevent email data from being opened in other applications.
Disable recent mail address sync (iOS 6 and above): Selecting Yes will remove the mailbox from Recents address syncing.
Incoming Mail
Mail Server: Enter the hostname for Incoming Mail Server in this field.
Port: Designates the incoming mail server port number. If no port number is specified, the default port for a given protocol is used.
Username: Add the prefixes “%username%" or "%email %". It will fetch the appropriate Username/Email mapped to the device.
Authentication Type: Select the appropriate authentication type from the following options
- None
- Password
- MD5 Challenge Service-Response
- NTLM
- HTTP MD5 Digest
Password: Set a password for incoming emails.
Use SSL: Designates whether or not the incoming mail server uses SSL certificate. Select Yes to allow the mail server to use SSL.
Outgoing Mail
Mail Server: Enter the hostname for outgoing mail server.
Port: Enter the outgoing mail server port number.
Username: Add the prefixes “%username%" or "%email%". It will fetch the appropriate Username/Email mapped to the device.
Authentication Type: Select the appropriate authentication type from the drop-down. Following authentication types are available.
- None
- Password
- MD5 Challenge Service-Response
- NTLM
- HTTP MD5 Digest
Password: Set a password for outgoing emails.
Use Outgoing Password Same as Incoming: If you want to use the same password set for the incoming email server, select Yes.
Use Only in Mail: Prohibits sending messages from other applications, such as Safari or Photos. If yes, configured account cannot be selected as default mail account on the device.
Use SSL: Determines whether or not the outgoing mail server uses SSL certificate.
Wi-Fi Settings Policy
The Wi-Fi Settings Policy lets you manage how a user connects their devices to a Wi-Fi network. Check Enable and then click Add. Wi-Fi Settings Policy window appears.
Wireless Network Identification: Enter a name for the Wireless Network Identification.
Automatically Join Network: Set this option to Yes to automatically join a Wi-Fi network.
Hidden Network: Select this option to Yes to add a hidden network.
Security Type: Select a Security type for Wi-Fi network from the following options.
- None
- WEP
- WPA/WPA2
- Any(Personal)
- WEP Enterprise
- WPA/WPA2 Enterprise
- Any (Enterprise)
Password: Enter the password to connect to the Wi-Fi network.
Configure Proxy: Configure a proxy for Wi-Fi settings by selecting a Wireless Network Identification.
- None
- Manual
- Automatic
After entering the appropriate details, click Save.
Content Library Policy
The Content Library policy lets you share documents with the users. The documents can be imported from the Content Library module and deployed to multiple users at the same time.
Importing a file
Check Enable and then click Import. Import Files window appears.
Select a file and then click Save.
Deleting a file
Select a file and then click Delete. The file will be deleted.
Default, Deploy or Cancel
You can select eScan Default settings or Deploy the setting defined by you for implementing/deploying on selected managed devices.
Required Applications Policy
The Required Applications policy lets you import applications from the App Store module for installation on managed devices in the group through policy deployment.
Importing an application
To import applications from the App Store, follow the steps given below:
- Select Enable check box and then click Import. Import Application window appears.
- Select the application(s) to be installed on users’ devices and then click Save. The application(s) will be imported.
Deleting an application
Select an application and then click Delete. The selected application will be deleted.
Group Tasks
The Group Tasks option lets you create and schedule tasks for the devices in a group.
Creating a New Group Task
- Select a group and then click Group Tasks > New Task. The New Task window appears.
- Enter a task name.
- In Task Settings, select the scan type to be run on a device. By checking Update, you can also let the application update its virus signature database.
- In Task Scheduling Settings, schedule the created task by selecting the appropriate options.
- Click Save. The task will be created instantly.
Start Task
Click Start Task to run the selected task for the specific group.
Properties
Click Properties to view properties and change settings of the selected task.
Results
Click Results to view detailed results of the selected task.
Delete Task
Click Delete Task to delete the selected task from the list of tasks.
Installation and Enrollment of Android Device for MDM Group
The enrollment procedure for an Android device consists of two main steps:
- Adding a device to the console
- Enrolling the added device
Adding a device to the console
To add a device to the console, perform the following steps:
- Click Managed Mobile Devices > Action List > New Group.
- Enter a name for the group; select the group type as MDM and then click Save.
- Select the group.
- Click Action List > Add New Device . Add New Device window appears.
- Enter the mandatory details, select the appropriate OS Type and then click Add.
The device will be added to the MDM group.
After adding a device to the group, you will see red android icon next to the check box. This icon indicates that the added device is not enrolled.
Enrolling the added device
After a device is added to the console, an enrollment email is sent to the specified email ID. This email contains enrollment details and steps to download the MDM application. It also contains the QR code which directly fetches the enrollment details by scanning it from the device.
In case a user did not receive the enrollment email at the time of adding the device, you can resend it. Select the specific device and then clickClient Action List > Resend Enrollment Email.
After receiving the enrollment email, the user should perform the following steps:
- Tap the shared URL in the email. A prompt appears asking you to download the eScan MDM application. Tap DOWNLOAD.
2. Tap the downloaded file and read thoroughly about the permissions asked by
the application. To proceed, tap NEXT.
- After reading the application’s access permissions, tap INSTALL. Welcome screen appears.
- Tap Open Agreement and read the agreement completely.
- After reading the agreement, tap Accept. Enrollment Details form appears.
- Enter the enrollment details mentioned in the email. To fetch the details automatically by scanning QR code, tap Fill entries through QR Code. Doing so allows application to access device’s camera. Match up the on-screen square with the QR code and hold device steady till the application scans it. After the details are filled, tap Enroll Device.
- Device Enrollment begins. Wait till the device gets enrolled. Device Administrator prompt appears.
- It is recommended that you tap Next. Activate Device Administrator prompt appears.
- Read about the permissions completely and then tap ACTIVATE. VPN Service Permission dialog box appears.
- It is recommended that you tap Next as VPN won’t work if you tap Skip. This permission is required for the proper functioning of the “App Specfic Network Blocking” feature. App Lock Activity prompt appears.
- It is recommended that you tap Next. The application enrollment is completed after this step.
Installation and Enrollment of Android Device for COD and BYOD Group
The Enrollment Procedure for Android Devices for COD and BYOD Group
The enrollment procedure for an Android device consists of two main steps:
- Adding a device to the console
- Enrolling the added device
Adding a device to the console
To add a device in the eScan Mobility Management ( EMM) console, perform the following steps:
- Click Managed Mobile Devices > Action List > New Group.
- Enter a name for the group and select the group Type as COD to create COD group or BYOD to create BYOD Group.
- Select a group.
- Click Action List > Add New Device . Add New Device screen appears.
- Enter the required details, select the appropriate OS Type and then click Add.
The device will be added to the console in the COD or BYOD group.
You can see the device being added in the console. Notice the icon red android in the Mobile Number column; this indicates that the device is not enrolled.
Enrolling the added device
After a device is added to the console, an email containing the enrollment procedure will be sent to the specified email ID. This email contains enrollment details and steps to download MDM application. In addition to this, it also contains the QR code which will directly fetch the enrollment details by scanning it from the device.
In case a user didn’t receive the enrollment email at the time of adding the device, you can resend the email by using Resend Enrollment Email option.
Resend Enrollment email for Device in COD/BYOD Group
Select the specific device and then clickClient Action List > Resend Enrollment Email.
After receiving the enrollment email, the user should perform the following steps:
- Tap the shared URL in the email. A prompt appears asking you to download the eScan MDM application. Tap DOWNLOAD.
- Tap the downloaded file and read thoroughly about the permissions asked by the application. Tap NEXT to proceed.
- The application will get access to your call logs, text messages and USB storage. Tap INSTALL. Welcome screen appears.
- Tap Open Agreement and read the agreement completely.
- After reading the agreement completely, tap Accept. Enrollment Details form appears.
6. Enter the details mentioned in the enrollment email or scan the QR code to fetch the details automatically by tapping Fill entries through QR Code. Doing so will turn on your device’s camera. Match up the on-screen square with the QR code and hold your device steady till the application scans it. The details will be automatically filled. After the details are filled, tap Enroll Device. Device Enrollment begins. Wait till the device gets enrolled. Device Administrator prompt appears.
- It is recommended that you tap Next. Activate Device Administrator prompt appears.
- Read about the permissions asked by the application completely and then tap ACTIVATE.
VPN Service Permission dialog box appears.
- It is recommended that you tap Next as VPN won’t work if you tap Skip. This permission is required for the proper functioning of the “App Specfic Network Blocking” feature. App Lock Activity prompt appears.
- It is recommended that you tap Next. The application enrollment is completed after this step. After the MDM application is installed, install the Container Application.
Differences between COD and BYOD group
Enterprises empower their employees by allowing the use of mobile devices
under Company Owned Devices (COD) policy or by implementing Bring Your Own
Device (BYOD) policy for work operations. This enhances employee
productivity and allows seamless business operations. It allows
organizations to have a comprehensive approach in safeguarding critical
applications and enterprise data accessed or residing in mobile devices. It
ensures that corporate data is secured from data loss, malware or
unauthorized access.
After the MDM application is successfully installed on a device, the
administrator can see the device details in the management console. Policy
deployment on the managed devices will be carried out under the MDM
Category.
Container deployment will provide you with a medium to allow users to use their device for office work within the defined perimeter under BYOD through geo-fencing policy deployment.
In case the device is provided by the enterprise, you can enroll the device as COD (Company Owned Device) where the security policies for the container will be applicable irrespective of the device location.
Note |
By default, whenever an administrator adds mobile device(s), it will be added in the MDM group. The Container application can be accessed only after the eScan MDM application is installed and enrolled on the managed device. |
Installing eScan Container app
To install eScan Container app, follow the steps given below:
- Instruct the user to tap the installation notification. Tapping this notification will initiate the download of eScan container application. Tap the downloaded apk file.
- Tap Package Installer.
Note |
It is recommended that a user tap Install and initiate the installation of the Container application. |
After tapping Install, an installation prompt appears.
- Tap INSTALL. The Container application will be successfully installed on the user’s device.
- Following screen appears after successful installation. Tap OPEN.
5. Launch the Container application. The application asks you to set up your profile. Tap SET UP >.
6. A message informing about device information access to administrator is displayed. Tap OK to proceed.
7. To create a work profile, select one of the following three options.
- Add Account: Enter your Gmail account details and tap ACCEPT.
- Add account with name : Enter your Gmail account details and name.
- Skip: Select this option to skip entering your login details.
After selecting an option, tap NEXT >.
8. Finish setup screen appears, tap FINISH >.
9. Launch eScan Container and then tap ACCEPT.
- After the Container app is successfully installed, there will be two eScan containers displayed on the device as follows. Uninstall the eScan Container without the briefcase icon.
11. Launch eScan Container.
Enrollment Process for container
Tap Accept to proceed with the enrollment process, the following screen will be displayed.
A user can fill up the enrollment details using any of the following procedures:
Filling enrollment details manually
Filling enrollment details by scanning QR code
Filling enrollment details manually
1. Open eScan Container app. Enrollment Details form appears.
2. Fill in the required details from the enrollment email.
3. After filling all the details, tap Enroll container. The device will be enrolled instantly and a Device Administrator pop-up message appears.
4. Tap Next to activate device administrator permission to enable Anti-theft, Parental Control and Uninstall Protection features on the device. You will be forwarded to the information window for activating Device Administrator.
5. Tap Activate for activating Device Administrator.
Filling enrollment details by scanning QR Code
1. Open the enrollment email containing QR code on your tablet/computer.
2. Open the eScan Container app. Enrollment Details form appears.
3. Tap Fill entries through QR Code. Doing so will turn on your device’s camera.
4. Match up the on-screen square with the QR code and hold your device steady till the application scans it. After the successful scan, the enrollment details will be automatically filled.
5. Tap Enroll Device.
All the container applications will display a briefcase icon.
Note |
The application(s) added to the container by default will vary from device to device. |
The administrator can deploy applications and content through App Store and Content Library modules. The user will be able to access only selected applications and content that the administrator has deployed based on the geo-fencing. The administrator can add applications under the App Store and then deploy the application to the managed device via the Required Applications policy.
The user will receive the following notification:
“Install following app- your administrator requested you to install the following application – (Application name)
Tap OK to install the application. Go to the App Store under application option on the device, the deployed application will be displayed, click download and install. Tap Download to install the app.
Installation and Enrollment of iOS Device
The enrollment procedure for an iOS device consists of two main steps:
- Adding a device to the console
- Enrolling the added device
Adding a device to the console
1. Click Managed Mobile Devices > Action List > Add New Device. Add New Device window appears.
2. Enter the details, select the OS Type as iOS and then click Add. After clicking Add, the device will be added to the console.
Notice the red apple icon in the Mobile Number column; it denotes that the device is not enrolled.
Enrolling the added device
After a device is added to the console, an email containing the enrollment procedure will be sent to the specified email ID. This email will contain steps to download MDM application and details such as Mobile No, Server, and Port. In addition to this, it will also contain the QR code that will fetch the above mentioned details by scanning it from the device. In case a user didn’t receive the enrollment email at the time of adding the device, you can resend the enrollment email.
Select the specific device and then clickClient Action List > Resend Enrollment Email.
After you’ve received the enrollment email, perform the following steps:
1. Download and install the eScan MDM application from the App Store.
2. Read the eScan Agreement completely and then tap Accept .
3. Launch the eScan MDM application and enter the details mentioned in the enrollment email, or fill in the details automatically via QR code by tapping Read QR Code. Doing so will turn on your device’s camera. Match up the on-screen square with the QR code and hold your device steady till the application scans it. After the successful scan, the details will be automatically filled.
4. After the enrollment details are filled, tap Enroll Device. iOS Config screen appears.
5. Tap Install Profile. The application attempts to access your device’s Settings. The following dialog box appears asking confirmation.
6. Tap Allow. Install Profile settings appear.
7. Tap Install. Enter Passcode screen appears.
8. Enter the device’s passcode to proceed with the installation. After entering the passcode, a warning message appears stating that the administrator will be able to remotely manage your device.
9. To proceed with the installation, tap Install. A pop-up message appears asking confirmation for remote management of your device.
10. Tap Trust.
11. The MDM profile will be installed on your device. To exit the installation process, tap Done. The iOS Config screen appears.
12. Tap Open eScan App. A pop-up appears.
13. Tap Open. Configure screen appears stating that the Device Enrollment is in progress.
In the eScan Mobility Management (EMM) console, you can see the icon change to green from red and the enrollment status change to Enrolled from Not Enrolled.
For detailed policy description for following policies, refer Policies section under Managed Mobile Device.
- Anti-Virus Policy
- Call & SMS Filter Policy
- Web and Application Control
- App specific network blocking
- Anti-Theft Policy
- Additional Settings Policy
- Password Policy
- Device Oriented Policy
- Required Applications Policy
- Wi-Fi Settings Policy
- Scheduled Backup (Contacts & SMS)
- Content Library Policy
For more on Additional Features Policy for COD and Location Fence Policy for BYOD group refer below.
Restriction Policy
The Restriction Policy lets you apply certain restrictions on a device that prevents the device user from getting access to few device features.
Disable Screenshot - Select this check box to disable a device from taking a screenshot.
Allow uninstalling applications - Select this check box to allow a user to uninstall applications.
Disable Cross Profile Copy-Paste - Select this check box to disable cross profile copy-paste on a device.
Disable Install App (From all sources) - Select this check box to disable application installations from all sources on a device.
Disable Incognito Mode - Select this check box to disable web browsing in incognito mode on a device.
Disable Install From Unknown Sources - Select this check box to disable application installation from unknown sources on a device.
Location Fence
Under Location Fence policy, restrictions as per the policy will be applied only if the device is in the Geo/Wi-Fi location. If the device is out of the Geo/Wi-Fi location, there will be no restrictions on the device.
To use Location Fence feature, check Enable Fencing check box.
Select the appropriate type of fencing you want to use for devices.
To use Geo Fencing, it is necessary that a default location must be set first.
Geo fencing
To enable Geo Fencing, check this check box.
- Click Import.
Fencing Location(s) window appears.
- Select location to import location details and then click Save.
Wi-Fi Fencing
To enable Wi-Fi Fencing, check Wi-Fi Fencing check box.
- Click Add.
Add Networks window appears.
- Enter Wi-Fi network name (SSID) and then click Add.
Select AND/OR option as per requirement.
In case you want to Import Geo Fencing location(s) and add Wi-Fi Fencing at the same time.
Select the AND option otherwise select the OR option.