MDM Policy

Posted on Nov 08, 2018 in General - Blog Home

WaZa MDM Policy consists of various configurations (e.g. Security, Location, Geofence etc) for managing mobile devices. A MDM Policy is assigned to a user group(s). A user group consist of user(s) and like wise a user can have multiple device connected to WaZa MDM Service. Any change in the MDM Policy is immidately propagaed down to the device(s) level.

To create a new MDM Policy, go to the menu option New/Update Policy under Policies. The policy name and sync interval fields are manadatory. In addition to setting the sync interval and enabling mobile device location tracking, you can also enforce MDM policy to be only applied to official devices (non rooted) by selecting the option "Offical Devices".

WaZa MDM Policy currently supports the following three device management types.

Basic device management is a light weight device management type that does not require Android EMM enrollment. Certain advance device management features like Application Policy, some of the advanced Security Policy features are also not available. We would recommend using Basic device management when location tracking or geofencing is required.

Device Owner
Device Owner device mangement mode supports almost all the various device management options available in WaZa MDM. You will need to first complete Android EMM enrolment before Device Owner option can be selected for an MDM Policy.

Device Owner management type can only be setup during the initial setup of a new or factory reset device. To provision Device Owner mode, during the initial setup when you are prompted to add an account, enter the following code "afw#wazamdm.afw". The system will then automatically download the WaZa MDM Android application from Google Playstore and launch the login screen of WaZa MDM Android application. Login to the WaZa MDM application to start the device management flow. We would recommend Device Owner mode for company owned devies.

Work Profile
Work Profile management option becomes available once Android EMM enrolment is complete. During the Work Profile provisioning flow a Work Profile is created by WaZa MDM mobile application and MDM plocies are applied only to the Work Profile. Certain policies like Bookmark, Wallpaper are not availble for Work Profile management type, while Password policy provides an option to apply Password policy only to work profile inaddition to device wide (main profile). We would recommend Work Profile mode for employee owned devies.

You can setup the following WaZa MDM Policy compoments on the Create/Update Policy page.

Application policy is available for Work Profile or Device Owner device management modes. With Application policy you can silently whitelist, deploy or uninstall any Android application available at Google Play store as well as any private or in-house Android applications. Application policy also supports setting up and automatically applying managed-configurations, permissions & application defaults. Follow the link to learn more about MDM Application Policy.

You can setup upto 4 geofences for a single MDM Policy. Inaddition to geofence monitoring, you can setup notifications such as sending an email or displaying a notification on the mobile device itself. Follow the link to learn more about Geofence.

WaZa MDM bookmarks are similar to shortcuts, they are placed on the mobile device's home screen when the MDM policy is applied. Maximum of four bookmarks are allowed in a single MDM Policy.

Name and URL fields are required for setting up a bookmark. The Name field is used as display name of the bookmark. Incase there is no logo setup at Settings > Customer tab, default WaZa MDM logo will be used when a bookmark is created on device's home screen. Bookmark policy is not available for Work Profile device management type.

Currently WaZa MDM supports Email configuration for Samsung devices. WaZa MDM supports IMAP, POP3 & EXCHANGE protocol.

For EXCHANGE protocol type, a client certificate can be setup from the certificate drop down menu as shown below. To select a client certificate (for EXCHANGE protocol) from the drop down menu, a certificate needs to be uploaded. You can upload the certificate to WaZa MDM Service Account (Settings > Digital Certificate tab).

WaZa MDM policy supports various password restrictions. You can enforce mobile device's password complexity to be from a simple password (e.g. numeric) to complex (alpha-numberic, mixed-case with special characters). You can setup Work Profile or Main Profile (device wide) Password polices pane. The Work Profile tab is only available when Work Profile is selected as the Device Management type.

WaZa MDM security supports device encryption as well disabling bluetooth or device's camera. Once the mobile device is encrypted, the encryption cannot be removed unless the device is reset. Disable USB debugging and intallation of unknown sources are blocked by default for Work Profile and Device Owner management types.

To setup a wallpaper, simply select an image by hitting the Browse button as shown below. Supported image types are PNG, JPG and the size should be less then 500kb. Wallpaper policy is not available for Work Profile device management type.

WaZa MDM supports all the major Wifi security types (EAP, WEP, WPA/WPA2 and no security) for Wifi setup.

For EAP wifi security type, you can configure client and CA certificates. To select a client or CA certificate (from the drop down menu as shown below), a certificate needs to be uploaded. The certificates can be uploaded to WaZa MDM Service Account (Settings > Digital Certificate tab).

Certian Wifi security types require user credentials (user-id (indentity) and/or password). You can either setup the credentials within the wifi configuration or have the mobile device user enter them on their device. WaZa mobile application will prompt the user for wifi credentials, if the option "Prompt User for Wifi Credentials" is selected.