Provisioning and Mobile Device                                  Management for iPhones, iPads,                            ...
What will I learn today?>   Mobile Device Lifecyle>   Options for Configuring Exchange ActiveSync>   Provisioning iPhone a...
Mobile Device Lifecycle                                                New Device                                         ...
Options for Configuring Exchange ActiveSync  1) ActiveSync enabled for all      • Good for the end user      • Not good fo...
Provisioning iPhone for ActiveSync                      MORE Webinar Series   © 2010 Fiberlink Communications   5
Provisioning iPhone for ActiveSync                      MORE Webinar Series   © 2010 Fiberlink Communications   6
Provisioning Android Device for ActiveSync                      MORE Webinar Series   © 2010 Fiberlink Communications   7
Provisioning Android Device for ActiveSync                      MORE Webinar Series   © 2010 Fiberlink Communications   8
Provisioning Android Device for ActiveSync                      MORE Webinar Series   © 2010 Fiberlink Communications   9
MDM Architecture> Limitations with ActiveSync    Not designed for secure Mobile Device Management    No Auto Quarantine ...
MaaS360 Mobile Device Management> Offers Exchange ActiveSync Manager as well as iOS and Android  Mobile Device Manager for...
MaaS360 MDM Simple Enrollment…                         Simple Installation…                      MORE Webinar Series      ...
OTA CONFIGURATION MANAGEMENT & DEVICE ENROLLMENTThe user then receives their one-time password and a link to enroll their ...
The user is then guided through the process of installing MaaS360 MDM on their iOS device. At theconclusion of this 2 minu...
MaaS360 MDM for Android                      MORE Webinar Series   © 2010 Fiberlink Communications   15
Demo of MaaS360 MDM                      MORE Webinar Series   © 2010 Fiberlink Communications   16
Questions or follow-up?                                                                Donna Lima Wrap-up                 ...
Upcoming SlideShare
Loading in …5
×

Provisioning and Mobile Device Management for iPhones, iPads, and Androids

3,154 views

Published on

Learn how to provision and manage iOS devices like iPhone and iPad, and Android devices. Also learn mobile device management with MaaS360 by Fiberlink.

Learn more: http://www.maas360.com/products/mobile-device-management/

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
3,154
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
81
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Exchanged Based MDM Solution vs an agent based solution
  • 3 steps to the mobile device lifecycle: Provisioning, Management and De-Provisioning.Provisioning includes setting up a new device for a new employee or adding one for an existing user. Getting them associated to the mail server so they can get their email, calendar and contacts.Management is IT Day to Day Management of these Mobile Devices so whether it’s policy changes, changing a password for a user, deploying new software etc there are certain tasks that the IT team deals with on a daily basis.De-Provisioning so if an employee leaves or a device is lost, actions are to be taken to wipe that device and remove it from the Mail Server. One thing they all have in common is that they need to be done in a Secure manner, so how do we do this in one secure place? That is where a Mobile Device Management Platform, such as MaaS360 comes into play. We will dive deeper into that as we go along.
  • Enabling ActiveSync in the most secure way1) Least Secure and not recommended. Def Thumbs up for the End User and Thumbs Down for the Security Team. If your users know the Exchange Server information they can easily sync to your Exchange Server and gain immediate access to the Exchange Server. IT has no control over who is connecting to your Exchange Server with their mobile devices and there is no easy way in Exchange to see what mobile devices are associated.****Lookout for Clint Adam’s webinar in two weeks as he will dive deeper into Optimized Management of iPhones and Androids with Exchange 2007 and 20102) Most Secure, however not user friendly for employees and also the IT team must be involved in every activation and go into Exchange and enable Active Sync per user as it is requested which adds on additional work.3) Recommended: Happy Medium for the Security Team and for the most part the End User as they can still initiate the request for the activation, however the IT team has the control to either block or allow the device to connect to Exchange. Cannot do w/ 2007, can do with 2010 however you need to run a powershell command to do so, not an easy task to turn on. With MaaS360 MDM we make it available for Exchange 2007 and 2010 and setup is as easy as a checkbox in the MaaS Mobile Device Configuration Setup. We will go into this further in our demo in a few minutes.
  • Let’s say you are going to use Auto Quarantine for Active Sync and now you want to have users register.To add an Exchange account to your iOS device, tap Settings > Mail, Contacts, Calendars > Add Account > Microsoft Exchange.On the next screen, enter your complete email address, domain, username, password, and a description (which may be anything you like). Ask your Exchange Server administrator if you are unsure of the domain. If you are unable to view your folder list, or are unable to send or receive email, leave the domain field blank. Your iOS device will now try to locate your Exchange Server using Microsoft's Autodiscovery service. If it cannot locate the server, you will see the screen on the right. Enter your front-end Exchange Server's complete address in the Server field. Contact your Exchange Server administrator if you are unsure of the address. After successfully making a connection to the Exchange Server, you may be prompted to change your device passcode to match whatever policies may have been set on your server.
  • Choose which type or types of data you would like to synchronize: Mail, Contacts, and Calendars. Note that by default, only three days' worth of email is synchronized. To synchronize more, go into Settings, then Mail, Contacts, Calendars, select your Exchange account, and tap on Mail days to sync.Note that after configuring an Exchange ActiveSync account, all existing contact and calendar information on the iOS device is overwritten. Additionally, iTunes no longer syncs contacts and calendars with your desktop computer. You can still sync your iOS device wirelessly with MobileMe services.
  • To add an Exchange Email Account on your Android device, from the applications list, select “My Accounts”. Select Add Account and from the set up accounts menu select the icon for Corporate Sync.You will need the below information to setup an Exchange Account on your phone:Enter: Domain name\\user nameEnter PasswordUse secure connection should be checked.Enter Email addressEnter Exchange Server AddressTap on Next  to submit settings. Handset will check with server and verify if successful you can then select Done.You will need to review and adjust your exchange settings after set-up to make sure you have the appropriate sync settings to get email.
  • On this screen, make sure your email setting for "sync messages" goes back far enough in time to pull email from your corporate account or it will not show up in the inbox. You will need to review and adjust your exchange settings after set-up to make sure you have the appropriate sync settings to get email in the Email Settings. To do so, Open up the applications list on your device and open up the email application, your default email account will be displayed (which is also adjustable in the email settings menu), press the menu button and select email settings, the email settings menu will then be displayed.
  • You will need to review and adjust your exchange settings after set-up to make sure you have the appropriate sync settings to get email in the Email Settings. To do so, Open up the applications list on your device and open up the email application, your default email account will be displayed (which is also adjustable in the email settings menu), press the menu button and select email settings, the email settings menu will then be displayed. To edit each option, simply tap on the setting and that will bring you into another menu to adjust the settings.
  • Usershave been provisioned, they are getting their email on their devices, now we need to decide on an MDM Architecture.So once you have decided on how you want to setup ActiveSync in your environment, it’s now time to decide on a Mobile Device Management Strategy and Platform. By just having ActiveSync in your environment you are limiting yourself in regards to security and control on Mobile Devices.Policy Management – since you can only assign one policy per mailbox you cannot Policy Assignment – no easy way without a lot of digging and clicking in Exchange to determine what Mobile Device Policy a particular user’s mailbox is in.Viewing Mobile Devices – no easy way at a glance to see how many and what particular mobile devices you have in your environment. You must dig into each users mailbox one by one to see who has a mobile device and the properties associatedActions are limited – Limited to only what basic actions ActiveSync offers so wipe, remove , etc. No ability to do a selective wipe if an employee has a personally owned device and leaves, the only wipe you can do sets it back to factory defaults, no ability to only remove the corporate data.
  • Mobile Device Manager for iOS 4.0 and above and Android 2.2 and above Leverage Apple MDM API’s in iOS4Note: The Apple APNS (Application Push Notification Service) Cert is required to be uploaded to the MaaS Portal to manage iOS devices. This is something that Apple requires to allow over the air pushes to work with any MDM platform, not just MaaS360. You can request this from Apple, cost is $299 for unlimited devices.No App is required to be installed since the iOS is built with mdm api’sSystem Setup, Over-the-Air (OTA) Configuration Management, Device Enrollment, some key Help Desk Operations, and review our extensive reporting capability.Quarantine easily set up with a Check Box for 2007 and 2010.Action History/Audit Trail of who did what
  • MaaS360 MDM offers a simple and quick enrollment for your iOS and Android Devices as well as a quick installation for integration with Exchange Activesync for example for devices other than iOS and Android such as Windows Mobile, etc.Enrollment on iOS is easy. Simply upload your APNS Cert to MaaS360 and send an enrollment request to your device(s). Follow the steps and you’ll be managing via the Apple MDM API in minutes.Android follows a similar workflow, but without the Cert. Send an enrollment request and the user will be automatically directed through the install process. From downloading the android agent from the marketplace to completing installation… you will be managing this device shortly.Managing your ActiveSync connected devices is just as easy… Install our Cloud Extender on your network so that it can talk to Exchange… in no time, all your devices will be in MaaS360 and ready for simple management.Of course… we offer over the phone assistance and documentation (both Admin and User) for this whole process.
  • Here are some screen shots of what the use sees on their device once the enrollment request is sent.First – the one-time passcode is sent to the users corporate email account. This is for security purposes.Second – an SMS text message can be sent to the users iPhone, which gives the user a simple link to start the process.Then – Upon clicking on the link, the user is guided through the enrollment process which requires them to enter their passcode, accept the Terms &Conditionss, and start the profile install.
  • Once the user accepts the T&Cs, then the iPhone follows it’s enrollment and profile installation process. As a result, the user will have a profile on their device that grants the company, via MaaS360, to have real-time visibility and control of that device.Notes:By design by Apple, the user has the ability to at any point, remove this profile. And, if they do, all of the corporate settings, emails, and attachments will be permanently deleted also. So, it’s a user centric design (by Apple), but it also respects the privacy of corporate settings and email.Shown on the far right are the two profiles that the user sees in their General>Profiles settings on their iPhone. One is the MDM handshake and the other is the MDM Policy.
  • Similar to the iOS enrollment, the IT administrator will send the user a MaaS360 enrollment request via the MaaS360 portal with a URL link provided, either through email or SMS. To enroll the device, access the URL from your mobile device's browser. You can use a QR Code if it’s provided in the email. You will be directed to the Android Market to install MaaS360 MDM for Android. Since Android doesn’t have the MDM api built in to it’s OS yet, it is required that you install our MaaS360 App.Once MaaS360 is successfully installed, you will launch the application, This displays the Mobile Device Management page, which outlines the steps to enrolling your device. There are three steps to enrolling your device: authentication, accepting terms and accepting MaaS360 as a Device Administrator for your device. Depending on which method of authentication your company has decided to use, you may be prompted to either enter a passcode or your corporate credentials. Enter your corporate username and password or the passcodeYou must agree to the end user license agreement for your phone to be enrolled This step allows MaaS360 to be accepted as a Device Administrator. Enrollment will continue only after you accept. The device then asks if you wish to add MaaS360 as a Device Administrator. At this point your device has been successfully enrolled. The message indicates that corporate policies and resources assigned by your IT Administrator will be downloaded to your device.
  • Use FireFoxmdm_dlimaHome Page ViewView All DevicesUser with iOS installed: Actions: To selective wipe, “remove iOS control”Change Policy, click on user, Actions, Change iOS Policy, Change ActiveSync PolicyManage/Create PoliciesHow to enable auto quarantineReporting
  • Lastly I wanted to provide an overview of our upcoming webinars. We also have Past Webinars posted and lots of how to content at our MaaSters Center. Here you can find mobile device management best practices, common blackberry solutions and over 300 articles and posts including training videos and free tools.
  • Provisioning and Mobile Device Management for iPhones, iPads, and Androids

    1. 1. Provisioning and Mobile Device Management for iPhones, iPads, and Androids By Donna Lima© 2010 Fiberlink Communications MORE Webinar Series © 2010 Fiberlink Communications
    2. 2. What will I learn today?> Mobile Device Lifecyle> Options for Configuring Exchange ActiveSync> Provisioning iPhone and Android Devices> MDM Architecture> Demo of MaaS360 MDM Platform MORE Webinar Series © 2010 Fiberlink Communications 2
    3. 3. Mobile Device Lifecycle New Device  Association  QuarantineRemove Device Remote Wipe D IT Workflow MORE Webinar Series © 2010 Fiberlink Communications 3
    4. 4. Options for Configuring Exchange ActiveSync 1) ActiveSync enabled for all • Good for the end user • Not good for the Security and IT teams 2) ActiveSync disabled globally and enabled per mailbox • Most Secure 3) Auto Quarantine (2010) • Recommended MORE Webinar Series © 2010 Fiberlink Communications 4
    5. 5. Provisioning iPhone for ActiveSync MORE Webinar Series © 2010 Fiberlink Communications 5
    6. 6. Provisioning iPhone for ActiveSync MORE Webinar Series © 2010 Fiberlink Communications 6
    7. 7. Provisioning Android Device for ActiveSync MORE Webinar Series © 2010 Fiberlink Communications 7
    8. 8. Provisioning Android Device for ActiveSync MORE Webinar Series © 2010 Fiberlink Communications 8
    9. 9. Provisioning Android Device for ActiveSync MORE Webinar Series © 2010 Fiberlink Communications 9
    10. 10. MDM Architecture> Limitations with ActiveSync  Not designed for secure Mobile Device Management  No Auto Quarantine in 2007, difficult to enable in 2010  No out of the box reporting without scripting and third party application (such as crystal reports)  Specific device information is not pulled (network info, software installed, OS etc)  Inconsistent data from mobile devices> Administration Challenges  Policy Management- Only one policy per mailbox  Policy Assignment  Viewing mobile devices in your environment  Actions are limited MORE Webinar Series © 2010 Fiberlink Communications 10
    11. 11. MaaS360 Mobile Device Management> Offers Exchange ActiveSync Manager as well as iOS and Android Mobile Device Manager for additional capabilities> Helps organizations at-a-glance understand their mobile device posture (real-time) on their Exchange infrastructure> Helps organizations extend mobile device management operations to other teams, if desired> Eases and extends day-to-day Exchange management functionality for mobile device issues and cases> Adds Quarantine and Device Approval workflows to Exchange 2007 Environments> Able to have multiple policies> Selective Wipe with iOS> Push out VPN/Wireless Profiles with iOS and Android MORE Webinar Series © 2010 Fiberlink Communications 11
    12. 12. MaaS360 MDM Simple Enrollment… Simple Installation… MORE Webinar Series © 2010 Fiberlink Communications 12
    13. 13. OTA CONFIGURATION MANAGEMENT & DEVICE ENROLLMENTThe user then receives their one-time password and a link to enroll their device. Notice, there isno iTunes App Store download required with MaaS360. Email with one-time passcode MORE Webinar Series © 2010 Fiberlink Communications
    14. 14. The user is then guided through the process of installing MaaS360 MDM on their iOS device. At theconclusion of this 2 minute process, MaaS360 has real-time visibility and control of MaaS360. MORE Webinar Series © 2010 Fiberlink Communications
    15. 15. MaaS360 MDM for Android MORE Webinar Series © 2010 Fiberlink Communications 15
    16. 16. Demo of MaaS360 MDM MORE Webinar Series © 2010 Fiberlink Communications 16
    17. 17. Questions or follow-up? Donna Lima Wrap-up dlima@fiberlink.com> Up-coming Webinars (http://maasters.maas360.com/webinars/)  March 17 - Optimized Management for iPhones, iPads, and Androids with Exchange 2007 & Exchange 2010> Past Webinars (http://links.maas360.com/webinars/)  Managing Personal Mobile Devices In Your Business with Philippe Winthrop  Solving the Android Fragmentation Dilemma  Financial Services: Benchmarking your Smartphone IT Operations> Plus lots of How-To content at the MaaSters Center  Mobile Device Management Best Practices • http://links.maas360.com/mdm/  Mobile Device Management Strategy Series from Lopez Research • http://links.maas360.com/mdmstrategy/  Mobile Device Management Glossary • http://links.maas360.com/mdmglossary/  Over 300 articles and posts including training videos and free tools • http://maasters.maas360.com/ MORE Webinar Series © 2010 Fiberlink Communications 17

    ×