MDM Policy

Posted on Nov 08, 2018 in General - Blog Home

WaZa MDM Policy consists of various configurations (e.g. Security, Location, Geofence etc) for managing mobile devices. A MDM Policy is assigned to a user group(s). A user group consist of user(s) and like wise a user can have multiple device connected to WaZa MDM Service. Any change in the MDM Policy is immidately propagaed down to the device(s) level.

To create a new MDM Policy, go to the menu option New/Update Policy under Policies. The policy name and sync interval fields are manadatory. In addition to setting the sync interval and enabling mobile device location tracking, you can also enforce MDM policy to be only applied to official devices (non rooted) by selecting the option "Offical Devices".


WaZa MDM Policy currently supports the following three device management types.

For advanced device management types (Dedicated Device, Device Owner or Work Profile) Android For Work enrolment is required.

Basic
Basic device management is a light weight device management type that does not require Android EMM enrollment. Certain advance device management features like Application Policy, some of the advanced Security Policy features are also not available. We would recommend using Basic device management when location tracking or geofencing is required.

Dedicated Device (COSU/Kiosk Mode)
Dedicated Device or COSU/Kiosk Mode device management can be used to manage mobile devices that are Dedicated for a specific purpose e.g employee facing corporate environment or customer facing for display or kiosk in an showroom, outlet setup. Dedicated device management type can only be setup on a new or factory reset device. WaZa MDM supports NFC as well DPC indentifier provisioning. Learn more about Dedicated Device - COSU or Kiosk Mode.

Device Owner
Device Owner device mangement mode supports almost all the various device management options available in WaZa MDM.

Like Dedicated Device management type, Device Owner management type can only be setup during the initial setup of a new or factory reset device. Provisioning of Devic Owner mode is similar to Dedicated Device as mentioned above. We would recommend Device Owner mode for company owned devies. Learn more about Device Owner.

Work Profile
Work Profile management option becomes available once Android EMM enrolment is complete. During the Work Profile provisioning flow a Work Profile is created by WaZa MDM mobile application and MDM plocies are applied only to the Work Profile. Certain policies like Bookmark, Wallpaper are not availble for Work Profile management type, while Password policy provides an option to apply Password policy only to work profile inaddition to device wide (main profile). We would recommend Work Profile mode for employee owned devies. Learn more about Work Profile.

You can setup the following WaZa MDM Policy compoments on the Create/Update Policy page.

Application
Application policy is available for Dedicated Device, Device Owner or Work Profile device management types. With Application policy you can silently whitelist, deploy or uninstall any Android application available at Google Play store as well as any private or in-house Android applications. Application policy also supports setting up and automatically applying managed-configurations, permissions & application defaults. Follow the link to learn more about MDM Application Policy.

Bookmark
WaZa MDM bookmarks are similar to shortcuts, they are placed on the mobile device's home screen when the MDM policy is applied. Maximum of four bookmarks are allowed in a single MDM Policy.

Name and URL fields are required for setting up a bookmark. The Name field is used as display name of the bookmark. Incase there is no logo setup at Settings > Customer tab, default WaZa MDM logo will be used when a bookmark is created on device's home screen. Bookmark policy is not available for Work Profile device management type.

Geofence
You can setup upto 4 geofences for a single MDM Policy. Inaddition to geofence monitoring, you can setup notifications such as sending an email or displaying a notification on the mobile device itself. Follow the link to learn more about Geofence.

Email
Currently WaZa MDM supports Email configuration for Samsung devices. WaZa MDM supports IMAP, POP3 & EXCHANGE protocol.

For EXCHANGE protocol type, a client certificate can be setup from the certificate drop down menu as shown below. To select a client certificate (for EXCHANGE protocol) from the drop down menu, a certificate needs to be uploaded. You can upload the certificate to WaZa MDM Service Account (Settings > Digital Certificate tab).

OTA Update
WaZa MDM OTA Update policy lets you configure how and when OTA updates can be installed. You can choose between installing OTA update as soon it's available, windowed install or postponing install for 30 days. OTA Update policy is only available for Dedicated Device or Device Owner management types.

Password
WaZa MDM password policy supports various password restrictions. You can enforce mobile device's password complexity to be from a simple password (e.g. numeric) to complex (alpha-numberic, mixed-case with special characters). You can setup Work Profile or Main Profile (device wide) Password polices pane. The Work Profile tab is only available when Work Profile is selected as the Device Management type.

Security
WaZa MDM security policy supports device encryption as well disabling bluetooth or device's camera. Once the mobile device is encrypted, the encryption cannot be removed unless the device is reset. Disable USB debugging and intallation of unknown sources are blocked by default for Dedicated Device, Device Owner or Work Profile management types.

Wallpaper
To setup a wallpaper, simply select an image by hitting the Browse button as shown below. Supported image types are PNG, JPG and the size should be less then 500kb. Wallpaper policy is not available for Work Profile device management type.

Wifi
WaZa MDM supports all the major Wifi security types (EAP, WEP, WPA/WPA2 and no security) for Wifi setup.

For EAP wifi security type, you can configure client and CA certificates. To select a client or CA certificate (from the drop down menu as shown below), a certificate needs to be uploaded. The certificates can be uploaded to WaZa MDM Service Account (Settings > Digital Certificate tab).

Certian Wifi security types require user credentials (user-id (indentity) and/or password). You can either setup the credentials within the wifi configuration or have the mobile device user enter them on their device. WaZa mobile application will prompt the user for wifi credentials, if the option "Prompt User for Wifi Credentials" is selected.