Mobile Device Management Policy

Posted on Sep 08, 2019 in General - Blog Home

WaZa mobile device management policy consists of various configurations (e.g. Security, Location, Geofence etc) for managing mobile devices. A MDM Policy is assigned to a user group(s). A user group consist of user(s) and like wise a user can have multiple device connected to WaZa MDM Service. Any change in the mobile device management policy is immediately propagated down to the device(s) level.

To create a new MDM Policy, go to the menu option New/Update Policy under Policies. The policy name and sync interval fields are mandatory. In addition to setting the sync interval and enabling mobile device location tracking, you can also enforce mobile device management policy to be only applied to official devices (non rooted) by selecting the option "Official Devices".

Setup MDM Policy

WaZa mobile device management Policy currently supports the following three mobile device management types.

For advance mobile device management types (Dedicated Device, Device Owner or Work Profile) Android For Work enrolment is required.

Follow the link to learn more about Mobile Device Management

IT admins can setup the following WaZa MDM Policy components on the Create/Update Policy page.

Application
Application policy is available for Dedicated Device, Device Owner or Work Profile mobile device management types. With Application policy you can silently whitelist, deploy or uninstall any Android application available at Google Play store as well as any private or in-house Android applications. Application policy also supports setting up and automatically applying managed-configurations, permissions & application defaults. Follow the link to learn more about MDM Application Policy.

Managed Application Policy

Bookmark
WaZa MDM bookmarks are similar to shortcuts, they are placed on the mobile device's home screen when the mobile device management policy is applied. Maximum of four bookmarks are allowed in a single mobile device management Policy.

Name and URL fields are required for setting up a bookmark. The Name field is used as display name of the bookmark. In case there is no logo setup at Settings > Customer tab, default WaZa MDM logo will be used when a bookmark is created on device's home screen. Bookmark policy is not available for Work Profile mobile device management type.

Bookmark Policy

Geofence
You can setup up to 4 geofences for a mobile device management policy. In addition to geofence monitoring, you can setup notifications such as sending an email or displaying a notification on the mobile device itself. Follow the link to learn more about Geofence.

Monitor Geofence

Email
Currently WaZa MDM supports Email configuration for Samsung devices. WaZa MDM supports IMAP, POP3 & EXCHANGE protocol.

For EXCHANGE protocol type, a client certificate can be setup from the certificate drop down menu as shown below. To select a client certificate (for EXCHANGE protocol) from the drop down menu, a certificate needs to be uploaded. You can upload the certificate to WaZa mobile device management Service Account (Settings > Digital Certificate tab).

WaZa MDM Email Policy

OTA Update
WaZa MDM OTA Update policy lets you configure how and when OTA updates can be installed. You can choose between installing OTA update as soon it's available, windowed install or postponing install for 30 days. OTA Update policy is only available for Dedicated Device or Device Owner mobile device management types.

OTA Update Policy

Password
WaZa MDM password policy supports various password restrictions. You can enforce mobile device's password complexity to be from a simple password (e.g. numeric) to complex (alpha-numeric, mixed-case with special characters). You can setup Work Profile or Main Profile (device wide) Password polices pane. The Work Profile tab is only available when Work Profile is selected as the mobile device management type.

WaZa MDM Password Policy

Security
WaZa MDM security policy supports device encryption as well disabling bluetooth or device's camera. Once the mobile device is encrypted, the encryption cannot be removed unless the device is reset. Disable USB debugging and installation of unknown sources are blocked by default for Dedicated Device, Device Owner or Work Profile mobile device management types.

WaZa MDM Security Policy

Wallpaper
To setup a wallpaper, simply select an image by hitting the Browse button as shown below. Supported image types are PNG, JPG and the size should be less then 500kb. Wallpaper policy is not available for Work Profile device management type.

Wallpaper Policy

Wifi
WaZa MDM supports all the major Wifi security types (EAP, WEP, WPA/WPA2 and no security) for Wifi setup.

For EAP Wifi security type, you can configure client and CA certificates. To select a client or CA certificate (from the drop down menu as shown below), a certificate needs to be uploaded. The certificates can be uploaded to WaZa MDM Service Account (Settings > Digital Certificate tab).

Certain Wifi security types require user credentials (user-id (identity) and/or password). You can either setup the credentials within the wifi configuration or have the mobile device user enter them on their device. WaZa mobile application will prompt the user for wifi credentials, if the option "Prompt User for Wifi Credentials" is selected.

WaZa Mobile Device Management Wifi Policy