Jump to:navigation, search
Wiki

Devices

From Securepoint Wiki



























{{#vardefinition:headerIcon|fa-fw fal fa-mobile-alt}}

In dieser Seite werden die Variablen für unterschiedliche Sprachen definiert.
Diese Seite wird auf folgenden Seiten eingebunden



























































































  }}
























































































Operation and configuration scope of the devices in the Mobile Security Portal

Last adaptation to the version: 2.12(12.2025)

New:
notempty
This article refers to a Beta version


Technical requirements

For proper operation, compatibility must be ensured.

notempty
Note on DEP profiles from Portal version 2.8'
  • For security reasons, enrollment will only be possible if all iOS/iPad devices have been assigned a DEP profile with PIN
  • All DEP profiles without a PIN must be deleted
  • Further information can be found in the Wiki article Apple DEP settings

Introduction

This wiki article explains how to create and manage devices in the Mobile Security Portal.
Devices are basically divided according to the operating system:   iOS or   Android

Overview of device management

General Options

Filter displayed devices
Name It can be filtered according to the following special criteria:
Device managment
ID Internal ID
Serial number Serial number
Profile Assigned profile
Contact Time since last contact
Ascending/Descending Displays the search results alphabetically ascending/descending
Search Filters the display
  Send invite
Send invite
Sends an invitation email to one or more recipients for the enrollment of iOS or Android devices.
Further information can be found in the wiki articles iOS-Enrollment invitation email and Android-Enrollment invitation email
  Enroll new device

See article: Enrollment Android or Enrollment iOS
You have reached the device limit

In order to add additional devices, additional licenses must be purchased
notempty
Your licenses are not sufficient 
to license all logged-out devices.
Please extend your licenses if neccessary.

In order to add additional devices, additional licenses must be purchased
 Download CSV

Starts the download of a csv file of IOS or Android devices in the tenant
  OS update

Triggers a two-step update process. Depending on the current status, the download or the installation of the update is triggered
List view / Grid view
/

Switch between list and grid view.
Refresh

Refresh the display

Action for selected items

If one or more devices are selected, this selection area is displayed.
To select devices, click on the icon of the device type.
The following actions are then available for selection
Delete		 Removes the device from the portal. notempty
Caution: If an iOS device is removed from the portal while it is in Lost mode, it can only be unlocked with proof of purchase directly from Apple!
 notempty
 Android: If the delete command is selected and the Android device is offline for longer than 30 days, the delete process is not executed and the data is retained
Updates (only iOS) The button Ok opens the dialog Confirm Update. There the update type is selected:

Default: Download or install the update, depending on the current state Download only: Download the software update without installing it. Install asap: In iOS and tvOS, install a previously downloaded software update. By  Confirm the selected update type will be applied to all selected devices.

The dialog window for selecting the update type

Device Options

The button at the top right of each device tile provides the following options depending on the status of the device:
  Show details (see below) (only if already configured)

  Renew MDM Profile (IOS only) The MDM profile is renewed
  Download MDM profile (iOS only) The MDM profile to which this device is assigned can be downloaded. If the profile on the device has been deleted, it can be manually transferred to the device and reinstalled there.
 Assign DEP profil (iOS only) Assigns a DEP Profile to the unit after the next factory reset.
This defines the installation steps, the type of unit management and the user management (multi-user) in the initialisation process). notempty
From Portal version 2.8 only DEP profiles with PIN are permitted.
 Remove DEP-Profil (iOS only) Removes a DEP profile from the device. The next time the factory reset is performed, the user is shown all the iOS installation steps.
  Delete		 Removes the device from the portal.
notempty
Caution: If an iOS device is removed from the portal while it is in Lost mode, it can only be unlocked with proof of purchase directly from Apple!
 notempty
 Android: If the delete command is selected and the Android device is offline for longer than 30 days, the delete process is not executed and the data is retained

Details displayed in the device tile

Device Type
Android iOS unbekannt (nur bei nicht konfigurierten Geräten)
Device Alias: Edit with Freely configurable (a0a0 interne ID) Limited to 120 characters.
Icons:
 iOS only
notempty
New as of: 2.12
Logged In Indicates whether the device is connected to the MDM or if the connection has been removed
Logged Out
Supervised Indicates whether the device is integrated in supervised mode, i.e., whether the device is present in Apple Business Manager or Apple School Manager
Unsupervised
Status Reporting Enabled Indicates whether status reports are enabled for the device
Status Reporting Disabled
DEP DEP Indicates whether a DEP profile has been assigned to the device
DEP No DEP
Assigned to a VPN Configuration Indicates whether the device has a profile that is part of a transfer network in the VPN configuration (ASC)
Not Assigned to a VPN Configuration
Cloud Shield active Indicates whether Cloud Shield is active for the device
Cloud Shield inactive
Terms not accepted Indicates that the license terms/terms and conditions have not yet been accepted

Clicking on the device tile opens a window where these can be accepted

Unconfigured Indicates that the device has not yet been configured
Enrollment Mode:
 Android only
 Lost  See below: Operations
 New  The device was added within the last 24 hours.
Logged out
  • The connection to the MDM has been terminated
    •   Android: The device management has been removed from the device settings
     Terms not accepted  The license terms and conditions have not yet been accepted. Clicking on the device tile opens a window in which the terms and conditions can be accepted.
     Unconfigured  The device has not yet been configured
    Caption Description
      model e.g: Apple - iPad (10th generation) - iOS 18.1
      Serial number 123456abcdef
      IMEI 123456789012345
      Phone Phone number of the eSIM card
      Ownership
    		 COPE (Corperate owned, Personal enabled) or BYOD
    notempty
    New as of:2.8
     Only displayed in the device details
      Operating mode Not configured Profile Owner (COPE) or Device Owner (COBO)
      Store-Account active / inactive. Shows whether a login was detected in the Apple App Store or Google Play Store.
      Users User With you can select a user created in the user administration.
    If it is a BYOD device, the registered user can no longer be changed.
      Device profile
    Device profile assigned to this device
    Pending The device profile could not yet be applied.
    Partially installed Not all settings of the profile could be applied. If necessary, check whether VPP licences are available for all apps.
     DEP Profiles iOS only: DEP Profiles assigned to the device notempty
    From Portal version 2.8 only DEP profiles with PIN are permitted.
      tags Associated tags
      Contact xy hours / days / months ago. With the device can be pingled.
     Licence Displays the license type used with the internal ID. Clicking on this label opens the details page for this license in list-general Licenses .

    Device Details

    Overview

      Overview
    Device status
    Device status (iOS only)
    Caption Value
      Battery Level N/A Display only after a manual update
      Storage Capacity N/A
    Device Summary
     Registered on Date and time of registration in the portal
      Device ID 1234abcd-5678-abcd-efab-123
      Device Type ANDROID / iOS
      model Phone69
      Manufacturer Manufacturer
      IMEI 123456789012345
      OS Android (7.1.2). A button is displayed when an update of the operating system is available. The update can be performed via this button.
      Serial number 1a1a1a1a1a1a
    Network Summary
      ICCID 1234 5678 9012 3456 7890
      Network Operator e.g.: Telekom.de
      Bluetooth-MAC 0a:0a:0a:0a:0a:0a
      WIFI MAC 0b:0b:0b:0b:0b:0b
      Roaming Enabled No
      Data Roaming No
      Device Locator Enabled Yes
      Network tethered Yes
    Inventory
      Buyed on N/A
      Warranty ends on N/A
      External inventory link N/A
    Sim slot 0 Primary
      IMEI 123456789012345
      Phone +491500000000
      Carrier info N/A
    Apple DEP
     Profile DEP profile used
     Profile status Display whether the profile is already in use
     Profile assignment time Date and time when the profile was transmitted to the device
    Sim slot 1
      IMEI 123456789012345
      Phone +491500000000
      Carrier info N/A

    Operations

      Operations
    available for Device Operations Description
      Enable Lost Mode
    When the 'Lost Mode' is activated, a customizable message is sent to the device.
    The dialog window in the MDM portal
    The message on the iPhone
    notempty
    This button is clickable from Android version 11 for COBO and Android version 13 for COPE.

    When the Lost Mode is activated, a customizable message including the company name, address, email address, and phone number is sent to the device.
    The dialog window in the MDM portal
    1. Lost Mode activated
    2. The device starts ringing
    3. Two buttons appear: My device & Device found
    4. If no action is taken and the device continues to ring, the location will be sent after 5 minutes
    5. Interaction with the device
      1. My device button
        1. The device stops ringing and after its unlocked, lost mode is deactivated in the portal
        2. The device does not send its location
      2. Device found button
        1. The device stops ringing but remains locked with the PIN
        2. After 5 minutes, the device sends its location

    Further information on this can be found in the following Wiki article.

    The device is locked. Unlocking only possible via the portal.
    There are also two additional buttons:
      Localize notempty
    Only available if the device is logged in as COPE.
    Only available if the device is logged in as »Supervised«.
    • The device is located via GPS and displayed on a map.
    • A message 'Your device has been located' appears on the device.

      Klingelton starten
    • A ringtone is played on the device.

    tv not available with tvOS
      Lock Locks the device. Unlocking is possible using the authentication methods stored in the device (PIN, password, etc.).
    (only iOS): A dialog window opens in which a message can be transferred. This message is displayed on the device.
    The dialog window in the MDM portal
    The message on the iPhone


    tv not available with tvOS

      Reboot Performs a reboot of the device
      Shutdown Shut down the device
    tv not available with tvOS
      Removes password notempty
    Only available if the device is logged in as COPE.
    Removes the password to unlock the device.
    tv not available with tvOS
     Reset password    		 notempty
    Only available if the device is logged in as COPE.

    Requires the entry of a new password with additional settings:
    New password     New password, for the screen lock
    No credentials    Don't ask for user credentials on device boot.
    Up to three pin requests are possible:
    1. PIN for the encryption of the device
    2. PIN for the screen lock
    3. PIN for access to the SIM card
    Lock device    Lock the device after password reset.
    notempty
    New as of: 2.7
     notempty
    The device must be accessible so that the password can be reset.
    The progres can be tracked in the [ Log tab (see below).
      Wipe Data notempty
    Only available if the device is logged in as COPE.

    Resets the device and restores the delivery configuration.

    To perform a factory reset for Android devices, the device tile must be deleted.
     Deactivate device All apps are deactivated. Exception:
    • Phone app
    • Settings
    • Play Store
      • Show settings
      • Applications updated
      • No new installations / uninstallations
      • No opening of applications
    notempty
    New as of: 2.12
    		  Delete app data
  • Ab Android Version 9
    • Löscht alle Daten von allen Apps, die dies unterstützen, auf dem Gerät
    • Daten in externem Speicher oder Accounts welche durch das MDM übertragen wurden können erhalten bleiben
    • Schaltfläche wird erst eingeblendet, wenn mindestens eine App auf dem Gerät vorhanden ist
      Hand over property notempty
    Only available if the device is logged in as COPE.

    • All apps and data within the work profile will be deleted
    • The work profile on these devices will be removed
    • The apps and data in the personally used area remain unchanged
     Update from iOS x to y An operating system update is available and can be applied
    tv not available with tvOS
      Locate notempty
    Only available on fully managed devices (COBO / COSU)

    Only available if the Activate locating function button has been enabled in the assigned profile under Locating.
  • Permissions must have been granted on the device for this.
    Further notes in the wiki on locating under Android.

    • SIM Cards

     SIM Cards  Android only notempty
    New as of: 2.11
    notempty
    Adding and deleting an eSIM is done via asynchronous communication with Google.
    Therefore, changes may only be displayed after several minutes and only after clicking the Refresh button in the table.
    Caption Description
    Search Filters the entries
    Phone Number Phone number of the eSIM card
    ICCID ICCID of the eSIM card
    Network Operator Network operator of the eSIM
    SIM Type Card type of the eSIM
    Status Status of the eSIM card
    onfiguration Mode Shows the configuration mode of the eSIM card
    Actions  Delete eSIM Deletes the eSIM
     eSIM notempty
    This button is only visible for Android devices from version 15 onwards.

    notempty
    If multiple eSIMs are to be provisioned on a single device, it is recommended to allow a delay of several minutes between consecutive executions of the command.

    Clicking this button opens a dialog window where a new eSIM can be added.
    The following inputs are required:
    Activation Code Activation Code
    The activation code for the eSIM profile is provided by the network operator
    Activation Status Not Defined
    The activation status of the eSIM profile after downloading
    • Not defined: The activation status of the eSIM is not specified. By default, the eSIM profile is not activated on private devices and is activated on company-owned devices.
    • Activated: The eSIM is automatically activated after downloading. If this is set as the activation status for private devices, the command will be rejected.
    • Not activated: The eSIM profile is downloaded but not activated. In this case, the user must manually activate the eSIM on the device.
    Refresh the display

    Applications

     Applications
    notempty
    This tab is only available if the device is logged in as COPE.
    A list of all installed applications.
    The first time it is displayed it may take several minutes.
    Caption Description
    Applications on the device
    Search Filters the entries
    Name Display name on the mobile device. '(sortable)
    Version Version number '(sortable)
    Package Package name '(sortable)
    Status Status of the application (sortable)
      Send uninstall request
  • (iOS only) Unanaged devices: Prompts the device user to uninstall the app.
  • (iOS only) Managed devices: Uninstalls the app.
    •  Keyed app states Opens a dialog window that displays the configuration of the application
     Download CSV
  • (iOS only) Creates a comma-separated text file with the installed apps, the respective version number, the package name and the installation type Managed if the app was installed as such.
    •  Delete app data  (Only Android) Pressing these buttons deletes the data from the app.
    If the user changes frequently, the device does not have to be completely reintegrated each time
    .

    Profiles

      Profiles  iOS only
    Caption Description
    Profile
    The refresh button retrieves the profile status from the unit again.
    select a file By clicking on this text, a profile or profile part that was created, for example, in the Apple Configurator 2 in the format .mobileconfig can be additionally imported to the device.
    Search Filters the entries
    Profile ID of the overall profile
    Part Display of the assigned profile
    User Profiles can be assigned to the device or to a specific user.
    Actions  Send uninstall request

    declarations

     declarations  iOS only notempty
    New as of: 2.11
    notempty
    This tab only contains information if the device supports declarative management.

    Shows the current status of the declarative management (Apple Declarative Device Management (DDM)) of the device.

    This is divided into Configurations and Managed Configurations.

    Configurations
    Caption Description
    Type Shows the type of the configuration
    For example, com.apple.configuration.management.status-subscriptions indicates that in the device profile under the
    Status Reporting{{{2}}}
    tab, the option MDM installed apps Vorlage:ButtonOn is active.
    Identifier The identifier of the configuration
    Useful for the audit log
    Linked Entities Shows the entities (apps) that are linked to the configuration
    Applied Indicates whether the configuration is applied or not
    Actions Actions that are possible with the configuration
     Show details Opens a dialog window displaying the details of the configuration
    Managed Configurations
    Caption Description
    Type Shows the type of the managed configuration
    For example, com.apple.asset.data indicates that there are apps with managed configurations under  Mobile Security iOS/iPadOS  Apps .
    Identifier The identifier of the configuration
    Useful for the audit log
    Linked Entities Shows the entities (apps) that are linked to the configuration
    Applied Indicates whether the configuration is applied or not
    Actions Actions that are possible with the configuration
     Show details Opens a dialog window displaying the details of the configuration

    Operations log

     Operations log
    Caption Description
    Operations log
    Search Filters the entries
    Date (sortable)
    Type Status Type: Status, App Uninstall Request, App_List, Profile_List, Install Restriction Profile, Install Security Profile, Lock
    Direction <- Transfer from device to server
    -> Transfer from server to device
    Status Status messages:
    Received
    Acknowledged
    Sent
     Pending
    Revoked
    Error
    Info Information on error messages
    Actions Possible actions:  Revoke

    Policy

    Policy  Android only
    Caption Value Description
    Devices profile previously created profile Allows direct modification of the assigned profile.

    Non compliance details

     Non compliance details  Android only
    Information on why policies were not adhered to.
    If a profile cannot be fully implemented, the exact point at which implementation was not (yet) possible is shown here, e.g.: APP_NOT_INSTALLED / IN_PROGRESS
    Retrieved from "https://wiki.securepoint.de/index.php?title=MDM/Geraete&oldid=99788"