Jump to:navigation, search
Wiki

Devices

From Securepoint Wiki





























{{#vardefinition:headerIcon|fa-fw fal fa-mobile-alt}}

In dieser Seite werden die Variablen für unterschiedliche Sprachen definiert.
Diese Seite wird auf folgenden Seiten eingebunden


































































































































































































Operation and configuration scope of the devices in the Mobile Security Portal

Last adaptation to the version: 2.16(04.2026)

New:
Last updated: 
notempty
This article refers to a Beta version
Access: portal.securepoint.cloud  Mobile Security iOS/iPadOS Devices  oder   Mobile Security Android Devices

Technical requirements

For proper operation, compatibility must be ensured.


Note on DEP profiles without PIN
  • For security reasons, enrollment will only be possible if all iOS/iPad devices have been assigned a DEP profile with PIN
  • All DEP profiles without a PIN must then be deleted
  • Further information can be found in the Wiki article Apple DEP settings

Introduction

This wiki article explains how to create and manage devices in the Mobile Security Portal.
Devices are basically divided according to the operating system:   iOS or   Android

Overview of device management

General Options

Filter displayed devices
Search Filters the display
Device managment
Narrow down search: (only iOS)
notempty
New as of: 2.14
  • Based on the filters set, the device tiles are dynamically displayed or hidden
  • Clicking on a filter changes its state:
    1. Gray: The filter is not applied Default
    2. Green: The filter is applied
      Devices must contain this value
    3. Red: The filter is applied in negation
      Devices with this value are excluded
  • The following static filters are always present: DEP, Logged in, Supervised, Status report, VPN-Config, Cloud Shield
  • Depending on the input in the search field, further dynamic filters are displayed and can be used
    Name, ID, Model, Serial number, IMEI, Phone, Operating mode, Store account, User, Device profile, DEP profile, Tags, License
 Sort
Clicking this button opens a menu where tiles can be sorted according to specific criteria
Name Name
ID Internal ID
Serial number Serial number
Profile Assigned profile
Contact Time since last contact
Ascending/Descending Displays the search results alphabetically ascending/descending
  Send invite
Send invite
Sends an invitation email to one or more recipients for the enrollment of iOS or Android devices.
Further information can be found in the wiki articles iOS-Enrollment invitation email and Android-Enrollment invitation email
  Enroll new device

See article: Enrollment Android or Enrollment iOS
You have reached the device limit

In order to add additional devices, additional licenses must be purchased
notempty
Your licenses are not sufficient 
to license all logged-out devices.
Please extend your licenses if neccessary.

In order to add additional devices, additional licenses must be purchased
 Download CSV

Starts the download of a csv file of IOS or Android devices in the tenant
  OS update

Triggers a two-step update process. Depending on the current status, the download or the installation of the update is triggered
List view / Grid view
/

Switch between list and grid view
Refresh

Refresh the display

Action for selected items

If one or more devices are selected, this selection area is displayed.
To select devices, click on the icon of the device type.
The following actions are then available for selection
Delete		 Removes the device from the portal.
notempty
Caution: If an iOS device is removed from the portal while it is in Lost mode, it can only be unlocked with proof of purchase directly from Apple!
notempty
 Android: If the delete command is selected and the Android device is offline for longer than 30 days, the delete process is not executed and the data is retained
Updates (only iOS) The button Ok opens the dialog Confirm Update. There the update type is selected:

Default: Download or install the update, depending on the current state Download only: Download the software update without installing it. Install asap: In iOS and tvOS, install a previously downloaded software update. By  Confirm the selected update type will be applied to all selected devices.

The dialog window for selecting the update type

Device Options

The button at the top right of each device tile provides the following options depending on the status of the device:
  Show details (see below) (only if already configured)

  Renew MDM Profile (IOS only) The MDM profile is renewed
  Download MDM profile (iOS only) The MDM profile to which this device is assigned can be downloaded. If the profile on the device has been deleted, it can be manually transferred to the device and reinstalled there.
 Assign DEP profil (iOS only) Assigns a DEP Profile to the unit after the next factory reset.
This defines the installation steps, the type of unit management and the user management (multi-user) in the initialisation process).
notempty
Ther are only DEP profiles with PIN permitted!
 Remove DEP-Profil (iOS only) Removes a DEP profile from the device. The next time the factory reset is performed, the user is shown all the iOS installation steps.
  Delete		 Removes the device from the portal.
notempty
Caution: If an iOS device is removed from the portal while it is in Lost mode, it can only be unlocked with proof of purchase directly from Apple!
notempty
 Android: If the delete command is selected and the Android device is offline for longer than 30 days, the delete process is not executed and the data is retained

Details displayed in the device tile

Device Type
Android iOS unbekannt (nur bei nicht konfigurierten Geräten)
Device Alias: Edit with Freely configurable (a0a0 interne ID) Limited to 120 characters.
Icons
Bei allen Geräten Logged In Indicates whether the device is connected to the MDM or if the connection has been removed
  Android: The device management has been removed from the device settings
Logged Out
Assigned to a VPN Configuration Indicates whether the device has a profile that is part of a transfer network in the VPN configuration (ASC)
Not Assigned to a VPN Configuration
Terms not accepted Indicates that the license terms/terms and conditions have not yet been accepted

Clicking on the device tile opens a window where these can be accepted

Unconfigured Indicates that the device has not yet been configured
 iOS only
notempty
New as of: 2.12
 Supervised Indicates whether the device is integrated in supervised mode, i.e., whether the device is present in Apple Business Manager or Apple School Manager
Unsupervised
Status Reporting Enabled Indicates whether status reports are enabled for the device
Status Reporting Disabled
DEPDEP Indicates whether a DEP profile has been assigned to the device
DEPNo DEP
Cloud Shield active Indicates whether Cloud Shield is active for the device
Cloud Shield inactive
 Android only
LostLost See below: Operations
NewNew The device was added within the last 24 hours.
Details
Caption Description
  model e.g: Apple - iPad (10th generation) - iOS 18.1
  Serial number 123456abcdef
  IMEI 123456789012345
  Phone Phone number of the eSIM card
  Ownership
 COPE (Corperate owned, Personal enabled) or BYOD
notempty
New as of:2.8
Only displayed in the device details
  Operating mode Not configured Profile Owner (COPE) or Device Owner (COBO)
  Store-Account active / inactive. Shows whether a login was detected in the Apple App Store or Google Play Store.
  Users User With you can select a user created in the user administration.
If it is a BYOD device, the registered user can no longer be changed.
  Device profile
Device profile assigned to this device
Pending The device profile could not yet be applied.
Partially installed Not all settings of the profile could be applied. If necessary, check whether VPP licences are available for all apps.
 DEP Profiles iOS only: DEP Profiles assigned to the device
notempty
Ther are only DEP profiles with PIN permitted!
  tags Associated tags
  Contact xy hours / days / months ago. With the device can be pingled.
 Licence Displays the license type used with the internal ID. Clicking on this label opens the details page for this license in list-general Licenses .

Device Details

Overview

  Overview
Device status
Device status (iOS only)
Caption Value
  Battery Level N/A Display only after a manual update
  Storage Capacity N/A
Device Summary
 Registered on Date and time of registration in the portal
  Device ID 1234abcd-5678-abcd-efab-123
  Device Type ANDROID / iOS
  model Phone69
  Manufacturer Manufacturer
  IMEI 123456789012345
  OS
For  Android and  iOS below iOS 17 and non-DDM devices
  • A button is displayed when an update for the operating system is available
  • The update can be performed via this button
For  DDM iOS devices
notempty
New as of: 2.14
  • A button is displayed when an update for the operating system is available
  • A dialog window opens where the update can be scheduled
  • The Version details of the update version are displayed there
  • At Time, the time when the update should be performed can be set
    If the device is not operational at the target time, the system forces the software update one hour after the next restart or as soon as all necessary prerequisites (e.g., minimum battery level) are met. When a new firmware update is released by Apple, the configured enforcement time is automatically discarded.
  • At Optional Help URL, a help URL can be entered that is displayed to the user during the update notice and can be used to provide additional information (e.g., IT notes or support contact)
 Confirm If an update has been scheduled, it will be displayed in the device summary
 Edit scheduled update The update can be edited
 Cancel update The update is canceled
 Scheduled Update: XYZ This label is displayed in the device tile when an update is scheduled
 Update outdated If an outdated update has been configured, a corresponding warning is displayed in the dialog window and this label is displayed in the device tile
  Serial number 1a1a1a1a1a1a
Network Summary
  ICCID 1234 5678 9012 3456 7890
  Network Operator e.g.: Telekom.de
  Bluetooth-MAC 0a:0a:0a:0a:0a:0a
  WIFI MAC 0b:0b:0b:0b:0b:0b
  Roaming Enabled No
  Data Roaming No
  Device Locator Enabled Yes
  Network tethered Yes
Inventory
  Buyed on N/A
  Warranty ends on N/A
  External inventory link N/A
Sim slot 0 Primary
  IMEI 123456789012345
  Phone +491500000000
  Carrier info N/A
Apple DEP
 Profile DEP profile used
 Profile status Display whether the profile is already in use
 Profile assignment time Date and time when the profile was transmitted to the device
Sim slot 1
  IMEI 123456789012345
  Phone +491500000000
  Carrier info N/A

Operations

  Operations
available for Device Operations Description
  Enable Lost Mode
When the 'Lost Mode' is activated, a customizable message is sent to the device.
The dialog window in the MDM portal

The message on the iPhone
notempty
This button is clickable from Android version 11 for COBO and Android version 13 for COPE.

When the Lost Mode is activated, a customizable message including the company name, address, email address, and phone number is sent to the device.
The dialog window in the MDM portal
  1. Lost Mode activated
  2. The device starts ringing
  3. Two buttons appear: My device & Device found
  4. If no action is taken and the device continues to ring, the location will be sent after 5 minutes
  5. Interaction with the device
    1. My device button
      1. The device stops ringing and after its unlocked, lost mode is deactivated in the portal
      2. The device does not send its location
    2. Device found button
      1. The device stops ringing but remains locked with the PIN
      2. After 5 minutes, the device sends its location

Further information on this can be found in the following Wiki article.

The device is locked. Unlocking only possible via the portal.
There are also two additional buttons:
  Localize
notempty
Only available if the device is logged in as COPE.
Only available if the device is logged in as »Supervised«.
  • The device is located via GPS and displayed on a map.
  • A message 'Your device has been located' appears on the device.

  Start ringtone
  • A ringtone is played on the device.

tv not available with tvOS
  Lock Locks the device. Unlocking is possible using the authentication methods stored in the device (PIN, password, etc.).
(only iOS): A dialog window opens in which a message can be transferred. This message is displayed on the device.
The dialog window in the MDM portal

The message on the iPhone


tv not available with tvOS

  Reboot Performs a reboot of the device
  Shutdown Shut down the device
tv not available with tvOS
  Removes password
notempty
Only available if the device is logged in as COPE.
Removes the password to unlock the device.
tv not available with tvOS
 Reset password
notempty
Only available if the device is logged in as COPE.

Requires the entry of a new password with additional settings:
New password     New password, for the screen lock
No credentials    Don't ask for user credentials on device boot.
Up to three pin requests are possible:
  1. PIN for the encryption of the device
  2. PIN for the screen lock
  3. PIN for access to the SIM card
Lock device    Lock the device after password reset.
notempty
New as of: 2.7
notempty
The device must be accessible so that the password can be reset.
The progres can be tracked in the  Log tab (see below).
  Wipe Data
notempty
Only available if the device is logged in as COPE.

Resets the device and restores the delivery configuration.

To perform a factory reset for Android devices, the device tile must be deleted.
 Deactivate device All apps are deactivated. Exception:
  • Phone app
  • Settings
  • Play Store
    • Show settings
    • Applications updated
    • No new installations / uninstallations
    • No opening of applications
notempty
New as of: 2.12
  Delete app data
  • Starting from Android version 9
    • Deletes all data from all supported apps on the device
    • Data in external storage or accounts transferred via MDM may remain intact
    • The button will only appear if at least one app is present on the device
      Hand over property
    notempty
    Only available if the device is logged in as COPE.

    • All apps and data within the work profile will be deleted
    • The work profile on these devices will be removed
    • The apps and data in the personally used area remain unchanged
     Update from iOS x to y An operating system update is available and can be applied
    tv not available with tvOS
      Locate
    notempty
    Only available on fully managed devices (COBO / COSU)

    Only available if the Activate locating function button has been enabled in the assigned profile under Locating.
  • Permissions must have been granted on the device for this.
    Further notes in the wiki on locating under Android.

    • SIM Cards

     SIM Cards  Android only
    notempty
    Adding and deleting an eSIM is done via asynchronous communication with Google.
    Therefore, changes may only be displayed after several minutes and only after clicking the Refresh button in the table.
    Caption Description
    Search Filters the entries
    Phone Number Phone number of the eSIM card
    ICCID ICCID of the eSIM card
    Network Operator Network operator of the eSIM
    SIM Type Card type of the eSIM
    Status Status of the eSIM card
    Configuration Mode Shows the configuration mode of the eSIM card
    Actions  Delete eSIM Deletes the eSIM
     eSIM
    notempty
    This button is only visible for Android devices from version 15 onwards.

    notempty
    If multiple eSIMs are to be provisioned on a single device, it is recommended to allow a delay of several minutes between consecutive executions of the command.

    Clicking this button opens a dialog window where a new eSIM can be added.
    The following inputs are required:
    Activation Code
    		Activation Code
    The activation code for the eSIM profile is provided by the network operator
    notempty
    The required input format is in the form: 1$SM-DP+Address$Activation code
    SM-DP+Address: The Subscription Manager Data Preparation Plus address
    Activation Status Not Defined
    The activation status of the eSIM profile after downloading
    • Not defined: The activation status of the eSIM is not specified. By default, the eSIM profile is not activated on private devices and is activated on company-owned devices.
    • Activated: The eSIM is automatically activated after downloading. If this is set as the activation status for private devices, the command will be rejected.
    • Not activated: The eSIM profile is downloaded but not activated. In this case, the user must manually activate the eSIM on the device.
    Refresh the display

    Applications

     Applications
    notempty
    This tab is only available if the device is logged in as COPE.
    A list of all installed applications.
    The first time it is displayed it may take several minutes.
    Caption Description
    Applications on the device
    Search Filters the entries
    Name Display name on the mobile device. '(sortable)
    Version Version number '(sortable)
    Package Package name (sortable)
    Status Status of the application (sortable)
      Send uninstall request
  • (iOS only) Unanaged devices: Prompts the device user to uninstall the app.
  • (iOS only) Managed devices: Uninstalls the app.
    •  Keyed app states Opens a dialog window that displays the configuration of the application
     Download CSV
  • (iOS only) Creates a comma-separated text file with the installed apps, the respective version number, the package name and the installation type Managed if the app was installed as such.
    •  Delete app data  (Only Android) Pressing these buttons deletes the data from the app.
    If the user changes frequently, the device does not have to be completely reintegrated each time
    .

    Profiles

      Profiles  iOS only
    Caption Description
    Profile
    The refresh button retrieves the profile status from the unit again.
    select a file By clicking on this text, a profile or profile part that was created, for example, in the Apple Configurator 2 in the format .mobileconfig can be additionally imported to the device.
    Search Filters the entries
    Profile ID of the overall profile
    Part Display of the assigned profile
    User Profiles can be assigned to the device or to a specific user.
    Actions  Send uninstall request

    declarations

     declarations  iOS only
    notempty
    New as of: 2.11
    notempty
    This tab only contains information if the device supports declarative management.

    Shows the current status of the declarative management (Apple Declarative Device Management (DDM)) of the device.

    This is divided into Configurations and Managed Configurations.

    Configurations
    Caption Description
    Type Shows the type of the configuration
    For example, com.apple.configuration.management.status-subscriptions indicates that in the device profile under the
    Status Reporting{{{2}}}
    tab, the option MDM installed apps Vorlage:ButtonOn is active.
    Identifier The identifier of the configuration
    Useful for the audit log
    Linked Entities Shows the entities (apps) that are linked to the configuration
    Applied Indicates whether the configuration is applied or not
    Actions Actions that are possible with the configuration
     Show details Opens a dialog window displaying the details of the configuration
    Managed Configurations
    Caption Description
    Type Shows the type of the managed configuration
    For example, com.apple.asset.data indicates that there are apps with managed configurations under  Mobile Security iOS/iPadOS  Apps .
    Identifier The identifier of the configuration
    Useful for the audit log
    Linked Entities Shows the entities (apps) that are linked to the configuration
    Applied Indicates whether the configuration is applied or not
    Actions Actions that are possible with the configuration
     Show details Opens a dialog window displaying the details of the configuration

    Operations log

     Operations log
    Caption Description
    Search Filters the entries
    Date (sortable)
    Type Status Type: Status, App Uninstall Request, App_List, Profile_List, Install Restriction Profile, Install Security Profile, Lock
    Direction  incoming Transfer from device to server
     outgoing Transfer from server to device
    Status Status messages:
    •  Received
    •  confirmed
    •  Revoked
    •  N/a
    •  Pending
    •  Error
    Info Information on error messages
    Actions Possible actions:  Revoke

    Policy

    Policy  Android only
    Caption Value Description
    Devices profile previously created profile Allows direct modification of the assigned profile.

    Non compliance details

     Non compliance details  Android only
    Information on why policies were not adhered to.
    If a profile cannot be fully implemented, the exact point at which implementation was not (yet) possible is shown here, e.g.: APP_NOT_INSTALLED / IN_PROGRESS
    Retrieved from "https://wiki.securepoint.de/index.php?title=MDM/Geraete&oldid=103297"