mdm proposal en
DESCRIPTION
Device Management ServiceTRANSCRIPT
![Page 1: Mdm Proposal En](https://reader034.vdocument.in/reader034/viewer/2022042604/577cc4671a28aba711992da5/html5/thumbnails/1.jpg)
Proposal for Local Contract in Thailand
SB Telecom(Thailand)Co.,Ltd.
Device Management Service
![Page 2: Mdm Proposal En](https://reader034.vdocument.in/reader034/viewer/2022042604/577cc4671a28aba711992da5/html5/thumbnails/2.jpg)
1
Service Outline
Device Management Service
![Page 3: Mdm Proposal En](https://reader034.vdocument.in/reader034/viewer/2022042604/577cc4671a28aba711992da5/html5/thumbnails/3.jpg)
2
Management of
device information
Remote control of devices Remote eraseSecurity installation without
recollecting devices Security in case of emergency
Centralized administration of smartphones and tablet devices from a remote site
Service Overview
Integrated management
of user’s information by obtaining device
information
Remote control of devices
enables to reduce
administrative cost
Information leakage risk avoided
quickly when terminals are lost or
stolen
User’sservice desk
●24-hour a day, every day
●A substitute device available when lost*
●Vicarious execution of line suspension*
![Page 4: Mdm Proposal En](https://reader034.vdocument.in/reader034/viewer/2022042604/577cc4671a28aba711992da5/html5/thumbnails/4.jpg)
3
System Overview
Device management server
Administrator
Service offering via cloud network enables your administrator to manage devices remotely
Settings for device registration
(MDM profile)Managed device
iOS
Managed deviceAndroid
Installation of software management (BCAgent)
![Page 5: Mdm Proposal En](https://reader034.vdocument.in/reader034/viewer/2022042604/577cc4671a28aba711992da5/html5/thumbnails/5.jpg)
4
Functions iOS Android
Basic Service
(1)Dashboard ○ ○
(2)Collecting configuration information of the target device ○ ○
(3)Register user information of device ○ ○
(4)Remote device configuration ○ ○
(5)Security policy settings ○ ○
(6)Group management ○ ○
(7)Simple bulk setting ○ -
(8)Function of bulk registration of accounts ○ -
(9)Application distribution ○ -
(10)Application start-up control ー ○
(11)Anti-Virus ー ○
(13)Language settings (Japanese/English/Chinese/Korean) ○ ○
(14)Remote lock / Remote wipe ○ ○
(15)Clear passcode ○ ー
(16)*Service desk for administrators ○ ○
(17)*Service desk for end users
(Remote lock / Remote wipe / Clear passcode alternative operation)○ ○
*Inquiries about terminals or carriers are not covered.
Services List
![Page 6: Mdm Proposal En](https://reader034.vdocument.in/reader034/viewer/2022042604/577cc4671a28aba711992da5/html5/thumbnails/6.jpg)
5
Offer Price
Contract with SB Telecom Thailand Pte Ltd
Basic service (monthly)
200THB/ID
*The minimum usage period is one month.
*Monthly usage fee: Free of charge for the first month
![Page 7: Mdm Proposal En](https://reader034.vdocument.in/reader034/viewer/2022042604/577cc4671a28aba711992da5/html5/thumbnails/7.jpg)
6
iPhone/iPad and GalaxySⅡ/Ⅲ are available !
GalaxySⅡGalaxySⅢiPhone iPad
Available Models
*Android terminals are applicable only with Sing Tel.
![Page 8: Mdm Proposal En](https://reader034.vdocument.in/reader034/viewer/2022042604/577cc4671a28aba711992da5/html5/thumbnails/8.jpg)
7
Precautions for Use
Precautions Details
For iO
S
Prepare the Safari Web browser
To obtain an MDM certificate, prepare the Safari Web browser distributed by Apple Inc. The certificate cannot be obtained on the Internet Explorer.
Prepare a personal computer to create a configuration profile
Creation of a configuration profile requires Windows or Macintosh that supports configuration utility distributed by Apple Inc.
Check the in-house firewall setting
Use a TCP5223 port for Wi-Fi model.
MDM certificate requires regular update
Yearly updates are required before the MDM certificate expires. Be sure to manage the Apple ID and password that were used to apply the certificate for they are required for update. If the update is not conducted before the expiration date, the device registration will be necessary again.
Obtaining Apple ID for MDM certificate is recommended
If personal Apple ID is used, update may become cumbersome and complicated due to the administrator change, among others. For the above reasons, it is recommended to obtain a new dedicated Apple ID for the MDM certificate.
Conduct remote wipe before the line is stopped
Remote wipe is not conducted after the line is stopped.Furthermore, note that even if a remote wipe is attempted after the line is restored, it will not be performed until after the device restarts.
![Page 9: Mdm Proposal En](https://reader034.vdocument.in/reader034/viewer/2022042604/577cc4671a28aba711992da5/html5/thumbnails/9.jpg)
8
Precautions for Use
Precautions Details
For A
nd
roid
Communication charges incurred
Note that a certain amount of communication charges is required because MDM agent software regularly conducts polling communication with servers.
Oth
ers
Calling the help desk may be charged
Depending on customers’ environment, fixed phones or mobiles cannot be connected to the toll-free phone number of SOFTBANK TELECOM Corp.In such a situation, call another telephone number (requiring call charge).
For initial login, set the administrator email address as the mailing list
Notification regarding the violation of policy or the expiration date of the MDM certificate are emailed to the specified administrator email addresses.For the above reasons, for initial login, it is recommended that the administrator mailing list contain all involved people.
![Page 10: Mdm Proposal En](https://reader034.vdocument.in/reader034/viewer/2022042604/577cc4671a28aba711992da5/html5/thumbnails/10.jpg)
9
Basic Service
Device Management Service
![Page 11: Mdm Proposal En](https://reader034.vdocument.in/reader034/viewer/2022042604/577cc4671a28aba711992da5/html5/thumbnails/11.jpg)
10
Clear and intelligible indication of status of devices
Examples of summary indications:
Information update status
Policy violation
Profile application status summary
Device waiting for information update
Remote wipe stand-by device
Dashboard Function
![Page 12: Mdm Proposal En](https://reader034.vdocument.in/reader034/viewer/2022042604/577cc4671a28aba711992da5/html5/thumbnails/12.jpg)
11
Configuration Information Gathering of Terminals (iOS)
List of device information to be gathered with iOS terminals
Device information
・UDID
・device name/model name
・iOS version
・serial number
Network information
・phone number
・ICCID
・MAC address of Bluetooth
Security information
・Installed configuration profile
・installed certificate
・List of applied restrictions
・Existence of a set passcode
Installed application information
・ installed applications
(application ID, name, version, size, data size)
・Installed provisioning profile
・ Free space available
・IMEI
・Modem firmware
・MAC address of Wi-Fi
・Network of SIM carrier
・Carrier setting version
![Page 13: Mdm Proposal En](https://reader034.vdocument.in/reader034/viewer/2022042604/577cc4671a28aba711992da5/html5/thumbnails/13.jpg)
12
Configuration Information Gathering of Terminals (Android)
List of device information to be gathered with Android terminals
Device information
・device name
・model name
・Android OS version
Network information
・Network of SIM carrier
・APN name
・Use state of APN
・MAC address of Wi-Fi
Security information
・Making a passcode obligatory
・passcode type
・Shortest length of a passcode
・Information about the use of
the camera
Installed application information
・installed applications
(name,version,package name)
・Information about the use of Wi-Fi
・Information about the use of Bluetooth
・Information about the use of
external memory
・Installed "policy"
・phone number
・IMEI
・MAC address of Bluetooth
・ Use state of C2DM
![Page 14: Mdm Proposal En](https://reader034.vdocument.in/reader034/viewer/2022042604/577cc4671a28aba711992da5/html5/thumbnails/14.jpg)
13
•User’s name•Employee’s ID•Department
Administer device information with user information
Administrator
To register user’s informationTo gather device information
User’s informationManaged devices
Registration of Device User Information
![Page 15: Mdm Proposal En](https://reader034.vdocument.in/reader034/viewer/2022042604/577cc4671a28aba711992da5/html5/thumbnails/15.jpg)
14
Remote application of policy
1) Make policy 2) Register policy in server
3) Apply policy to managed devices
Remote Configuration of Devices
Android device
Management screen (For Android device)
iPhone Configuration Utility (For iOS device)
Device management
server
iOS device
![Page 16: Mdm Proposal En](https://reader034.vdocument.in/reader034/viewer/2022042604/577cc4671a28aba711992da5/html5/thumbnails/16.jpg)
15
Remote Configuration of Devices (iOS) 1)
*The above items are subject to configurable items with configuration profile.
Remotely configurable items with iOS terminals
Account・Exchange ActiveSync
・IMAP/POPmail
Passcode policy
・A device passcode is necessary.
・Simple values are permitted.
・Alphanumeric values are required.
・Shortest length of a passcode
・Minimum number of composite
characters
Device function
・permission of application installation
・Permission of camera use
・Permission of FaceTime
・Permission of import of the screen
・Permission of automatic
synchronization during roaming
Appliaction・Permit the use of YouTube
・Permission of use of iTunes Store
iCloud・Permission of backup
・Permission of synchronization of documents
・Permission of Photo Stream
・VPN・WiFi
・Expiry of a passcode
・Time that elapses before automatic lock
・passcode history
・Grace period of device lock
・Permissible number of input failures
・Permission of voice dial
・Permission of purchase within application
・Request for a store password upon
purchase without fail
・Permission of multi-player game
・Permission of addition of friends to GameCenter
・Permission of use of Safari
・Setting of security of Safari
・LDAP・CalDAV
・Reference calendar・CardDAV
![Page 17: Mdm Proposal En](https://reader034.vdocument.in/reader034/viewer/2022042604/577cc4671a28aba711992da5/html5/thumbnails/17.jpg)
16
Remote Configuration of Devices (iOS) 2)
Remotely configurable items with iOS terminals
Content rating・Permission of inappropriate music and Podcast
・Region of rating
・Permissible content rating
Other Settings
・Qualification information
・Web clip
・SCEP setting
・APN setting
*The above items are subject to configurable items with configuration profile.
![Page 18: Mdm Proposal En](https://reader034.vdocument.in/reader034/viewer/2022042604/577cc4671a28aba711992da5/html5/thumbnails/18.jpg)
17
Remote Configuration of Devices (Android)
Remotely configurable items with Android terminals
Passcode policy setting
・Request for a passcode
・Expiry of a passcode
・Passcode type
・Backlight lighting time
・Number of failures to input passcode until local wipe
・Number of failures to input a passcode until local lock
・Number of failures to input a passcode until erase of external
memory
Device control setting
・Control of camera use・Control of Wi-Fi use・Control of Bluetooth use・Control of external memory use
![Page 19: Mdm Proposal En](https://reader034.vdocument.in/reader034/viewer/2022042604/577cc4671a28aba711992da5/html5/thumbnails/19.jpg)
18
Common configuration information such as ExchangeActiveSync
server address, use of SSL
Individual configuration information such as account, email address
and password
AdministratorDevice management
server
Configuration profile(Common)
Registration
Common
Individual
CSV file(Account information)
+
Bulk registration
Bulk Registration of Accounts (iOS)
Bulk registration of accounts (Exchange ActiveSync, VPN)
![Page 20: Mdm Proposal En](https://reader034.vdocument.in/reader034/viewer/2022042604/577cc4671a28aba711992da5/html5/thumbnails/20.jpg)
19
iOS devices
1) Install policy
Android devices
Install security policy to detect devices violating policy
Installation of Security Policy
2) Policy check conducted when gathering
device information
Detect devices violating policy
Device management
server
Administrator
![Page 21: Mdm Proposal En](https://reader034.vdocument.in/reader034/viewer/2022042604/577cc4671a28aba711992da5/html5/thumbnails/21.jpg)
20
Installation of Security Policy
Item Description iOS Android
OS versionDetect devices with OS other than designated its version
○ ○
Installed applicationDetect devices with any application installed other than designated ones
○ ○
Check of IMEIDetect devices with IMEI different from registered one*IMEI: international mobile equipment identity
○ ○
Installed “configuration profile”
Detect devices with configuration profile other than delivered one
○ -
Detection of SIM replacement
Detect devices with SIM information different from previously registered one
○ -
Check of UDIDDetect devices with UDID different from registered oneUDID: Unique Device Identifier
○ -
![Page 22: Mdm Proposal En](https://reader034.vdocument.in/reader034/viewer/2022042604/577cc4671a28aba711992da5/html5/thumbnails/22.jpg)
21
Group Management
A single device may belongs to two or more groups, each of which is
administered by its own administrator
Provide group(s) to each device
All devices
1 2 3 4 5 6 7
Group CGroup A
Group B
Administrator A looks at devices 1 thru 3
Administrator B looks at devices 3 and 4
Administrator C looks at devices 5 thru 7
Contract Administrator looks at all devices
![Page 23: Mdm Proposal En](https://reader034.vdocument.in/reader034/viewer/2022042604/577cc4671a28aba711992da5/html5/thumbnails/23.jpg)
22
Simple Bulk Setting
Operation on device management screen enables to prepare
configuration profile for setting passcode and placing restrictions
on functions without using iPhone configuration utility.
Prepare configuration profile in management server
![Page 24: Mdm Proposal En](https://reader034.vdocument.in/reader034/viewer/2022042604/577cc4671a28aba711992da5/html5/thumbnails/24.jpg)
23
Japanese, English, Chinese, and Korean are available!
Language Setting
English
简体中文
한국어
![Page 25: Mdm Proposal En](https://reader034.vdocument.in/reader034/viewer/2022042604/577cc4671a28aba711992da5/html5/thumbnails/25.jpg)
24
2) User visits the site to tap on application’s icon
Manifest
1) Administrator registers application and Manifest file in management server
*The capacity of in-house applications is less than 20 MB; the number of these applications is up to 10.
*For using in-house applications, customers are required to conclude iOS Development Enterprise Program (iDEP) with Apple.
Application Distribution(iOS)
Remote delivery of in-house applicationDesignate link for AppStore applications
3) in-house application is installed in device
Administrator
User
![Page 26: Mdm Proposal En](https://reader034.vdocument.in/reader034/viewer/2022042604/577cc4671a28aba711992da5/html5/thumbnails/26.jpg)
25
Warning statements appear during application start-up,controlling users’ application usage!
Application Start-up Control (Android)
Application control Uninstallation instruction
Control start-up of specified applications Prompt user to uninstall specified applications
![Page 27: Mdm Proposal En](https://reader034.vdocument.in/reader034/viewer/2022042604/577cc4671a28aba711992da5/html5/thumbnails/27.jpg)
26
Anti-Virus (Android)
Target deviceAndroid
Device management server
AdministratorBCDMAnti-Virus
In the administrator site,virus/rooting detection is indicated.
*Applicable devices will be discussed separately. *Customers have to handle any devices infected by viruses, or any rooting devices.
Detection!
Virus detection androoting detection
are indicated.
Access to an unauthorized Website is blocked on the device side.
Anti-Virus software by installed on the Android devices!
![Page 28: Mdm Proposal En](https://reader034.vdocument.in/reader034/viewer/2022042604/577cc4671a28aba711992da5/html5/thumbnails/28.jpg)
27
Remote Lock, Remote Wipe, Clear Passcode
1) Send request to server to perform remote erase of managed devices
2) Perform remote erase of managed devices
Missing devices
Clear Passcode
Perform remote lock/wipe of devices and Clear passcode
Administrator Device management server
Remote Lock Remote Wipe
![Page 29: Mdm Proposal En](https://reader034.vdocument.in/reader034/viewer/2022042604/577cc4671a28aba711992da5/html5/thumbnails/29.jpg)
28
SOFTBANK TELECOM Help Desk
Telephone support for administrators
Alternative operation for Remote lock, Remote wipe, and Clear passcode
SOFTBANK TELECOM Corp.Help Desk
Support hours
24/7A lost mobile device report
Remote wipe result report
Response to inquiry regarding MDM
Users
Administrator
SOFTBANK TELECOM
Service desk for administrators and users available in English and Chinese!
![Page 30: Mdm Proposal En](https://reader034.vdocument.in/reader034/viewer/2022042604/577cc4671a28aba711992da5/html5/thumbnails/30.jpg)
29
Information Revolution - Happiness for Everyone