Mobile Device Management Policy

Posted on Sep 08, 2019 in General - Blog Home

What is Mobile Device Management Policy?

WaZa mobile device management policy consists of various configurations (e.g. Security, Location, Geofence etc) for managing mobile devices. A MDM Policy is assigned to a user group(s). A user group consist of user(s) and like wise a user can have multiple device connected to WaZa MDM Service. Any change in the mobile device management policy is immediately propagated down to the device(s) level.

Mobile Device Management Types

WaZa mobile device management policy supports the following mobile device management types.

• Basic
• BYOD - Work Profile
• Kiosk Mode (COSU) - Dedicated Device
• Device Owner

For advance mobile device management types (Kiosk Mode - Dedicated Device, Device Owner, BYOD - Work Profile) Android For Work enrolment is required.

Mobile Device Management Policy - Setup

To create a new MDM Policy, go to the menu option New/Update Policy under Policies. The policy name and sync interval fields are mandatory. In addition to setting the sync interval and enabling location tracking, you can also enforce mobile device management policy to be only applied to official devices (non rooted) by selecting the option "Official Devices".

IT admins can setup the following WaZa MDM Policy components on the Create/Update Policy page.

• Application
• Bookmark
• Geofence
• Email
• OTA Update
• Password
• Security
• Wallpaper
• Wifi

Application

Application policy is available for Kiosk Mode, Device Owner or BYOD mobile device management types. With Application policy you can silently whitelist, deploy or uninstall any Android application available at Google Play store as well as any private or in-house Android applications. Application policy also supports setting up and automatically applying managed-configurations, permissions & application defaults. Follow the link to learn more about MDM Application Policy.

Bookmark

WaZa MDM bookmarks are similar to shortcuts, they are placed on the mobile device's home screen when the mobile device management policy is applied. Maximum of four bookmarks are allowed in a single mobile device management Policy.

Name and URL fields are required for setting up a bookmark. The Name field is used as display name of the bookmark. In case there is no logo setup at Settings > Customer tab, default WaZa MDM logo will be used when a bookmark is created on device's home screen. Bookmark policy is not available for BYOD mobile device management type.

Geofence

You can setup up to 4 geofences for a mobile device management policy. In addition to geofence monitoring, you can setup notifications such as sending an email or displaying a notification on the mobile device itself. Follow the link to learn more about Geofence.

Email

WaZa MDM supports IMAP, POP3 & EXCHANGE protocol. To configure EXCHANGE protocol type, a client certificate can be setup from the certificate drop down menu as shown below. To select a client certificate (for EXCHANGE protocol) from the drop down menu, a certificate needs to be uploaded. You can upload the certificate to WaZa mobile device management Service Account (Settings > Digital Certificate tab).

OTA Update

WaZa MDM OTA Update policy lets you configure how and when OTA updates can be installed. You can choose between installing OTA update as soon it's available, windowed install or postponing install for 30 days. OTA Update policy is only available for Kiosk Mode or Device Owner mobile device management types.

Password

WaZa MDM password policy supports various password restrictions. You can enforce mobile device's password complexity to be from a simple password (e.g. numeric) to complex (alpha-numeric, mixed-case with special characters). You can setup Work Profile or Main Profile (device wide) Password polices pane. The Work Profile tab is only available when BYOD is selected as the mobile device management type.

Security

WaZa MDM security policy supports device encryption as well disabling bluetooth or device's camera. Once the mobile device is encrypted, the encryption cannot be removed unless the device is reset. Disable USB debugging and installation of unknown sources are blocked by default for Kiosk Mode, Device Owner or BYOD mobile device management types.

Wallpaper

To setup a wallpaper, simply select an image by hitting the Browse button as shown below. Supported image types are PNG, JPG and the size should be less then 500kb. Wallpaper policy is not available for BYOD device management type.

Wifi

WaZa MDM supports all the major Wifi security types (EAP, WEP, WPA/WPA2 and no security) for Wifi setup.

For EAP Wifi security type, you can configure client and CA certificates. To select a client or CA certificate (from the drop down menu as shown below), a certificate needs to be uploaded. The certificates can be uploaded to WaZa MDM Service Account (Settings > Digital Certificate tab).

Certain Wifi security types require user credentials (user-id (identity) and/or password). You can either setup the credentials within the wifi configuration or have the mobile device user enter them on their device. WaZa mobile application will prompt the user for wifi credentials, if the option "Prompt User for Wifi Credentials" is selected.