Jump to:navigation, search
Wiki

Devices

From Securepoint Wiki



























{{#vardefinition:headerIcon|fa-fw fal fa-mobile-alt}}

In dieser Seite werden die Variablen für unterschiedliche Sprachen definiert.
Diese Seite wird auf folgenden Seiten eingebunden

















































































  }}







































































}}


















Operation and configuration scope of the devices in the Mobile Security Portal

Last adaptation to the version: 2.11

New:
notempty
This article refers to a Beta version
Access: portal.securepoint.cloud  Mobile Security iOS/iPadOS Devices  oder   Mobile Security Android Devices

Technical requirements

For proper operation, compatibility must be ensured.

notempty
Note on DEP profiles from Portal version 2.8'
  • For security reasons, enrollment will only be possible if all iOS/iPad devices have been assigned a DEP profile with PIN
  • All DEP profiles without a PIN must be deleted
  • Further information can be found in the Wiki article Apple DEP settings

Introduction

This wiki article explains how to create and manage devices in the Mobile Security Portal.
Devices are basically divided according to the operating system:   iOS or   Android

Overview of device management

General Options

Filter displayed devices
Name It can be filtered according to the following special criteria:
Device managment
ID Internal ID
Serial number Serial number
Profile Assigned profile
Contact Time since last contact
Ascending/Descending Displays the search results alphabetically ascending/descending
Search Filters the display
  Send invite
Send invite
Sends an invitation email to one or more recipients for the enrollment of iOS or Android devices.
Further information can be found in the wiki articles iOS-Enrollment invitation email and Android-Enrollment invitation email
  Enroll new device

See article: Enrollment Android or Enrollment iOS
You have reached the device limit

In order to add additional devices, additional licenses must be purchased
notempty
Your licenses are not sufficient 
to license all logged-out devices.
Please extend your licenses if neccessary.

In order to add additional devices, additional licenses must be purchased
 Download CSV

Starts the download of a csv file of IOS or Android devices in the tenant
  OS update

Triggers a two-step update process. Depending on the current status, the download or the installation of the update is triggered
List view / Grid view
/

Switch between list and grid view.
Refresh

Refresh the display

Action for selected items

If one or more devices are selected, this selection area is displayed.
To select devices, click on the icon of the device type.
The following actions are then available for selection
Delete		 Removes the device from the portal. notempty
Caution: If an iOS device is removed from the portal while it is in Lost mode, it can only be unlocked with proof of purchase directly from Apple!
 notempty
 Android: If the delete command is selected and the Android device is offline for longer than 30 days, the delete process is not executed and the data is retained
Updates (only iOS) The button Ok opens the dialog Confirm Update. There the update type is selected:

Default: Download or install the update, depending on the current state Download only: Download the software update without installing it. Install asap: In iOS and tvOS, install a previously downloaded software update. By  Confirm the selected update type will be applied to all selected devices.

The dialog window for selecting the update type

Device Options

The button at the top right of each device tile provides the following options depending on the status of the device:
  Show details (see below) (only if already configured)

  Renew MDM Profile (IOS only) The MDM profile is renewed
  Download MDM profile (iOS only) The MDM profile to which this device is assigned can be downloaded. If the profile on the device has been deleted, it can be manually transferred to the device and reinstalled there.
 Assign DEP profil (iOS only) Assigns a DEP Profile to the unit after the next factory reset.
This defines the installation steps, the type of unit management and the user management (multi-user) in the initialisation process). notempty
From Portal version 2.8 only DEP profiles with PIN are permitted.
 Remove DEP-Profil (iOS only) Removes a DEP profile from the device. The next time the factory reset is performed, the user is shown all the iOS installation steps.
  Delete		 Removes the device from the portal.
notempty
Caution: If an iOS device is removed from the portal while it is in Lost mode, it can only be unlocked with proof of purchase directly from Apple!
 notempty
 Android: If the delete command is selected and the Android device is offline for longer than 30 days, the delete process is not executed and the data is retained

Details displayed in the device tile

Device Type
Android iOS unbekannt (nur bei nicht konfigurierten Geräten)
Device Alias: Edit with Freely configurable (a0a0 interne ID) Limited to 120 characters.
Enrollment Mode:
 supervised 
 Unsupervised 		 The type of setup is defined in the Enrollment Process and determines which differences in configuration are possible.
 Lost  See below: Operations
 New  The device was added within the last 24 hours.
Logged out
  • The connection to the MDM has been terminated
    •  iOS: The MDM profile has been removed from the device settings
      Android: The device management has been removed from the device settings
     Terms not accepted  The license terms and conditions have not yet been accepted. Clicking on the device tile opens a window in which the terms and conditions can be accepted.
     Unconfigured  The device has not yet been configured
     Update available  (only iOS) A firmware update is available for the device
    Caption Description
      model e.g: Apple - iPad (10th generation) - iOS 18.1
      Serial number 123456abcdef
      IMEI 123456789012345
      Phone Telefonnummer zur eSIM-Karte
      Ownership
    		 COPE (Corperate owned, Personal enabled) or BYOD
    notempty
    New as of:2.8
     Wird lediglich in den Gerätedetails angezeigt
      Operating mode Not configured Profile Owner (COPE) or Device Owner (COBO)
      Store-Account active / inactive. Shows whether a login was detected in the Apple App Store or Google Play Store.
      Users User With you can select a user created in the user administration.
    If it is a BYOD device, the registered user can no longer be changed.
      Device profile
    Device profile assigned to this device
    Pending The device profile could not yet be applied.
    Partially installed Not all settings of the profile could be applied. If necessary, check whether VPP licences are available for all apps.
     DEP Profiles iOS only: DEP Profiles assigned to the device notempty
    From Portal version 2.8 only DEP profiles with PIN are permitted.
      tags Associated tags
      Contact xy hours / days / months ago. With the device can be pingled.
     Licence Displays the license type used with the internal ID. Clicking on this label opens the details page for this license in list-general Licenses .

    Device Details

    Overview

      Overview
    Device status
    Device status (iOS only)
    Caption Value
      Battery Level N/A Display only after a manual update
      Storage Capacity N/A
    Device Summary
     Registered on Date and time of registration in the portal
      Device ID 1234abcd-5678-abcd-efab-123
      Device Type ANDROID / iOS
      model Phone69
      Manufacturer Manufacturer
      IMEI 123456789012345
      OS Android (7.1.2). A button is displayed when an update of the operating system is available. The update can be performed via this button.
      Serial number 1a1a1a1a1a1a
    Network Summary
      ICCID 1234 5678 9012 3456 7890
      Network Operator e.g.: Telekom.de
      Bluetooth-MAC 0a:0a:0a:0a:0a:0a
      WIFI MAC 0b:0b:0b:0b:0b:0b
      Roaming Enabled No
      Data Roaming No
      Device Locator Enabled Yes
      Network tethered Yes
    Inventory
      Buyed on N/A
      Warranty ends on N/A
      External inventory link N/A
    Sim slot 0 Primary
      IMEI 123456789012345
      Phone +491500000000
      Carrier info N/A
    Apple DEP
     Profile DEP profile used
     Profile status Display whether the profile is already in use
     Profile assignment time Date and time when the profile was transmitted to the device
    Sim slot 1
      IMEI 123456789012345
      Phone +491500000000
      Carrier info N/A

    Operations

      Operations
    available for Device Operations Description
      Enable Lost Mode
    When the 'Lost Mode' is activated, a customizable message is sent to the device.
    The dialog window in the MDM portal
    The message on the iPhone
    notempty
    This button is clickable from Android version 11 for COBO and Android version 13 for COPE.

    When the Lost Mode is activated, a customizable message including the company name, address, email address, and phone number is sent to the device.
    The dialog window in the MDM portal
    1. Lost Mode activated
    2. The device starts ringing
    3. Two buttons appear: My device & Device found
    4. If no action is taken and the device continues to ring, the location will be sent after 5 minutes
    5. Interaction with the device
      1. My device button
        1. The device stops ringing and after its unlocked, lost mode is deactivated in the portal
        2. The device does not send its location
      2. Device found button
        1. The device stops ringing but remains locked with the PIN
        2. After 5 minutes, the device sends its location

    Further information on this can be found in the following Wiki article.

    The device is locked. Unlocking only possible via the portal.
    There are also two additional buttons:
      Localize notempty
    Only available if the device is logged in as COPE.
    Only available if the device is logged in as »Supervised«.
    • The device is located via GPS and displayed on a map.
    • A message 'Your device has been located' appears on the device.

      Klingelton starten
    • A ringtone is played on the device.

    tv not available with tvOS
      Lock Locks the device. Unlocking is possible using the authentication methods stored in the device (PIN, password, etc.).
    (only iOS): A dialog window opens in which a message can be transferred. This message is displayed on the device.
    The dialog window in the MDM portal
    The message on the iPhone


    tv not available with tvOS

      Reboot Performs a reboot of the device
      Shutdown Shut down the device
    tv not available with tvOS
      Removes password notempty
    Only available if the device is logged in as COPE.
    Removes the password to unlock the device.
    tv not available with tvOS
     Reset password    		 notempty
    Only available if the device is logged in as COPE.

    Requires the entry of a new password with additional settings:
    New password     New password, for the screen lock
    Require entry    Don't allow other admins to change the password again until the user has entered it.
    No credentials    Don't ask for user credentials on device boot.
    Up to three pin requests are possible:
    1. PIN for the encryption of the device
    2. PIN for the screen lock
    3. PIN for access to the SIM card
    Lock device    Lock the device after password reset.
    notempty
    New as of: 2.7
     notempty
    The device must be accessible so that the password can be reset.
    The progres can be tracked in the [ Log tab (see below).
      Wipe Data notempty
    Only available if the device is logged in as COPE.

    Resets the device and restores the delivery configuration.

    To perform a factory reset for Android devices, the device tile must be deleted.
     Deactivate device All apps are deactivated. Exception:
    • Phone app
    • Settings
    • Play Store
      • Show settings
      • Applications updated
      • No new installations / uninstallations
      • No opening of applications
      Hand over property notempty
    Only available if the device is logged in as COPE.

    • All apps and data within the work profile will be deleted
    • The work profile on these devices will be removed
    • The apps and data in the personally used area remain unchanged
     Update from iOS x to y An operating system update is available and can be applied
    tv not available with tvOS
      Locate notempty
    Only available on fully managed devices (COBO / COSU)

    Only available if the Activate locating function button has been enabled in the assigned profile under Locating.
  • Permissions must have been granted on the device for this.
    Further notes in the wiki on locating under Android.

    • SIM-Karten

     SIM-Karten  Android only notempty
    New as of: 2.11
    notempty
    Das Hin­zu­fü­gen und Lö­schen ei­ner eSIM ge­schieht über asyn­chro­ne Kom­mu­ni­ka­ti­on mit Goog­le.
    Da­her wer­den Än­de­run­gen un­ter Um­stän­den erst nach meh­re­ren Mi­nu­ten und nur nach Be­tä­ti­gen des Ak­tua­li­sie­ren-Knopfs in der Ta­bel­le dar­ge­stellt.
    Caption Description
    Search Filters the entries
    Telefonnummer Telefonnummer zur eSIM-Karte
    ICCID ICCID der eSIM-Karte
    Netzbetreiber Netzbetreiber der eSIM
    SIM-Typ Kartentyp der eSIM
    Status Status der eSIM-Karte
    Konfigurations-Modus Zeigt den Konfigurations-Modus der eSIM-Karte an
    Actions  eSIM löschen Löscht die eSIM
     eSIM notempty
    Diese Schaltfläche ist erst für Androidgeräte ab Version 15 sichtbar.

    notempty
    Wenn mehrere eSIMs auf einem einzelnen Gerät bereitgestellt werden sollen, empfiehlt es sich, zwischen den aufeinanderfolgenden Ausführungen des Befehls eine Verzögerung von einigen Minuten einzuplanen.

    Über diese Schaltfläche öffnet sich ein Dialogfenster, indem eine neue eSIM hinzugefügt werden kann
    Dort werden folgende Eingaben benötigt:
    Aktivierungscode Aktivierungscode
    Der Ak­ti­vie­rungs­code für das eSIM-Pro­fil wird vom Netz­be­trei­ber zur Ver­fü­gung ge­stellt
    Aktivierungsstatus Nicht definiert
    Der Ak­ti­vie­rungs­sta­tus des eSIM-Pro­fils nach dem Her­un­ter­la­den
    Auswahlmöglichkeiten:
    • Nicht definiert: Der Aktivierungsstatus der eSIM ist nicht angegeben. Standardmäßig ist das eSIM-Profil auf privaten Geräten nicht aktiviert und auf unternehmenseigenen Geräten aktiviert.
    • Aktiviert: Die eSIM wird nach dem Herunterladen automatisch aktiviert. Wenn dies als Aktivierungsstatus für private Geräte festgelegt wird, wird der Befehl abgelehnt.
    • Nicht aktiviert: Das eSIM-Profil wird heruntergeladen, aber nicht aktiviert. In diesem Fall muss der Nutzer die eSIM manuell auf dem Gerät aktivieren.
    Refresh the display

    Applications

     Applications
    notempty
    This tab is only available if the device is logged in as COPE.
    A list of all installed applications.
    The first time it is displayed it may take several minutes.
    Caption Description
    Applications on the device
    Search Filters the entries
    Name Display name on the mobile device. '(sortable)
    Version Version number '(sortable)
    Package Package name '(sortable)
    Status Status of the application (sortable)
      Send uninstall request
  • (iOS only) Unanaged devices: Prompts the device user to uninstall the app.
  • (iOS only) Managed devices: Uninstalls the app.
    •  Keyed app states Opens a dialog window that displays the configuration of the application
     Download CSV
  • (iOS only) Creates a comma-separated text file with the installed apps, the respective version number, the package name and the installation type Managed if the app was installed as such.
    •  Delete app data  (Only Android) Pressing these buttons deletes the data from the app.
    If the user changes frequently, the device does not have to be completely reintegrated each time
    .

    Profiles

      Profiles  iOS only
    Caption Description
    Profile
    The refresh button retrieves the profile status from the unit again.
    select a file By clicking on this text, a profile or profile part that was created, for example, in the Apple Configurator 2 in the format .mobileconfig can be additionally imported to the device.
    Search Filters the entries
    Profile ID of the overall profile
    Part Display of the assigned profile
    User Profiles can be assigned to the device or to a specific user.
    Actions  Send uninstall request

    Deklarationen

     Deklarationen  iOS only notempty
    New as of: 2.11
    notempty
    Dieser Reiter hat nur dann einen Inhalt, wenn das Gerät die deklarative Verwaltung auch unterstützt.

    Zeigt den aktuellen Status der deklarativen Verwaltung (Apple Declarative Device Management (DDM) ) des Gerätes an.

    Dieser ist eingeteilt in Konfigurationen und Verwaltete Konfigurationen.

    Konfigurationen
    Caption Description
    Type Zeigt den Typ der Konfiguration an
    Beispielsweise beschreibt com.apple.configuration.management.status-subscriptions dass im Geräte-Profil im Reiter Statusmeldung die Option MDM installierte Apps    aktiv ist.
    Identifikator Der Identifikator der Konfiguration
    Nützlich für den Auditlog
    Verknüpfte Entitäten Zeigt die Entitäten, die Apps, an welche mit der Konfiguration verknüpft sind
    Angewendet Zeigt an, ob die Konfiguration angewendet wird oder nicht
    Actions Aktionen, die mit der Konfiguration möglich sind
     Show details Öffnet ein Dialogfenster, indem die Details der Konfiguration angezeigt werden
    Verwaltete Konfigurationen
    Caption Description
    Type Zeigt den Typ der verwalteten Konfiguration an
    Beispielsweise beschreibt com.apple.asset.data dass unter  Mobile Security iOS/iPadOS  Apps Apps mit verwalteter Konfiguration vorhanden sind.
    Identifikator Der Identifikator der Konfiguration
    Nützlich für den Auditlog
    Verknüpfte Entitäten Zeigt die Entitäten, die Apps, an welche mit der Konfiguration verknüpft sind
    Angewendet Zeigt an, ob die Konfiguration angewendet wird oder nicht
    Actions Aktionen, die mit der Konfiguration möglich sind
     Show details Öffnet ein Dialogfenster, indem die Details der Konfiguration angezeigt werden

    Operations log

     Operations log
    Caption Description
    Operations log
    Search Filters the entries
    Date (sortable)
    Type Status Type: Status, App Uninstall Request, App_List, Profile_List, Install Restriction Profile, Install Security Profile, Lock
    Direction <- Transfer from device to server
    -> Transfer from server to device
    Status Status messages:
    Received
    Acknowledged
    Sent
     Pending
    Revoked
    Error
    Info Information on error messages
    Actions Possible actions: {spc

    Policy

    Policy  Android only
    Caption Value Description
    Devices profile previously created profile Allows direct modification of the assigned profile.

    Non compliance details

     Non compliance details  Android only
    Information on why policies were not adhered to.
    If a profile cannot be fully implemented, the exact point at which implementation was not (yet) possible is shown here, e.g.: APP_NOT_INSTALLED / IN_PROGRESS
    Retrieved from "https://wiki.securepoint.de/index.php?title=MDM/Geraete&oldid=99239"