Proposal for Local Contract in Thailand

SB Telecom(Thailand)Co.,Ltd.

Device Management Service

1

Service Outline

Device Management Service

2

Management of

device information

Remote control of devices Remote eraseSecurity installation without

recollecting devices Security in case of emergency

Centralized administration of smartphones and tablet devices from a remote site

Service Overview

Integrated management

of user’s information by obtaining device

information

Remote control of devices

enables to reduce

administrative cost

Information leakage risk avoided

quickly when terminals are lost or

stolen

User’sservice desk

●24-hour a day, every day

●A substitute device available when lost*

●Vicarious execution of line suspension*

3

System Overview

Device management server

Administrator

Service offering via cloud network enables your administrator to manage devices remotely

Settings for device registration

（MDM profile）Managed device

iOS

Managed deviceAndroid

Installation of software management （BCAgent）

4

Functions iOS Android

Basic Service

（1）Dashboard ○ ○

（2）Collecting configuration information of the target device ○ ○

（3）Register user information of device ○ ○

（4）Remote device configuration ○ ○

（5）Security policy settings ○ ○

（6）Group management ○ ○

（7）Simple bulk setting ○ －

（8）Function of bulk registration of accounts ○ －

（9）Application distribution ○ －

（10）Application start-up control ー ○

（11）Anti-Virus ー ○

（13）Language settings (Japanese/English/Chinese/Korean) ○ ○

（14）Remote lock / Remote wipe ○ ○

（15）Clear passcode ○ ー

（16）*Service desk for administrators ○ ○

（17）*Service desk for end users

(Remote lock / Remote wipe / Clear passcode alternative operation)○ ○

*Inquiries about terminals or carriers are not covered.

Services List

5

Offer Price

Contract with SB Telecom Thailand Pte Ltd

Basic service (monthly)

200THB/ID

*The minimum usage period is one month.

*Monthly usage fee: Free of charge for the first month

6

iPhone/iPad and GalaxySⅡ/Ⅲ are available !

GalaxySⅡGalaxySⅢiPhone iPad

Available Models

*Android terminals are applicable only with Sing Tel.

7

Precautions for Use

Precautions Details

For iO

S

Prepare the Safari Web browser

To obtain an MDM certificate, prepare the Safari Web browser distributed by Apple Inc. The certificate cannot be obtained on the Internet Explorer.

Prepare a personal computer to create a configuration profile

Creation of a configuration profile requires Windows or Macintosh that supports configuration utility distributed by Apple Inc.

Check the in-house firewall setting

Use a TCP5223 port for Wi-Fi model.

MDM certificate requires regular update

Yearly updates are required before the MDM certificate expires. Be sure to manage the Apple ID and password that were used to apply the certificate for they are required for update. If the update is not conducted before the expiration date, the device registration will be necessary again.

Obtaining Apple ID for MDM certificate is recommended

If personal Apple ID is used, update may become cumbersome and complicated due to the administrator change, among others. For the above reasons, it is recommended to obtain a new dedicated Apple ID for the MDM certificate.

Conduct remote wipe before the line is stopped

Remote wipe is not conducted after the line is stopped.Furthermore, note that even if a remote wipe is attempted after the line is restored, it will not be performed until after the device restarts.

8

Precautions for Use

Precautions Details

For A

nd

roid

Communication charges incurred

Note that a certain amount of communication charges is required because MDM agent software regularly conducts polling communication with servers.

Oth

ers

Calling the help desk may be charged

Depending on customers’ environment, fixed phones or mobiles cannot be connected to the toll-free phone number of SOFTBANK TELECOM Corp.In such a situation, call another telephone number (requiring call charge).

For initial login, set the administrator email address as the mailing list

Notification regarding the violation of policy or the expiration date of the MDM certificate are emailed to the specified administrator email addresses.For the above reasons, for initial login, it is recommended that the administrator mailing list contain all involved people.

9

Basic Service

Device Management Service

10

Clear and intelligible indication of status of devices

Examples of summary indications:

Information update status

Policy violation

Profile application status summary

Device waiting for information update

Remote wipe stand-by device

Dashboard Function

11

Configuration Information Gathering of Terminals (iOS)

List of device information to be gathered with iOS terminals

Device information

・UDID

・device name/model name

・iOS version

・serial number

Network information

・phone number

・ICCID

・MAC address of Bluetooth

Security information

・Installed configuration profile

・installed certificate

・List of applied restrictions

・Existence of a set passcode

Installed application information

・ installed applications

(application ID, name, version, size, data size）

・Installed provisioning profile

・ Free space available

・IMEI

・Modem firmware

・MAC address of Wi-Fi

・Network of SIM carrier

・Carrier setting version

12

Configuration Information Gathering of Terminals (Android)

List of device information to be gathered with Android terminals

Device information

・device name

・model name

・Android OS version

Network information

・Network of SIM carrier

・APN name

・Use state of APN

・MAC address of Wi-Fi

Security information

・Making a passcode obligatory

・passcode type

・Shortest length of a passcode

・Information about the use of

the camera

Installed application information

・installed applications

（name,version,package name）

・Information about the use of Wi-Fi

・Information about the use of Bluetooth

・Information about the use of

external memory

・Installed "policy"

・phone number

・IMEI

・MAC address of Bluetooth

・ Use state of C2DM

13

•User’s name•Employee’s ID•Department

Administer device information with user information

Administrator

To register user’s informationTo gather device information

User’s informationManaged devices

Registration of Device User Information

14

Remote application of policy

1) Make policy 2) Register policy in server

3) Apply policy to managed devices

Remote Configuration of Devices

Android device

Management screen （For Android device）

iPhone Configuration Utility （For iOS device）

Device management

server

iOS device

15

Remote Configuration of Devices (iOS) 1)

*The above items are subject to configurable items with configuration profile.

Remotely configurable items with iOS terminals

Account・Exchange ActiveSync

・IMAP/POPmail

Passcode policy

・A device passcode is necessary.

・Simple values are permitted.

・Alphanumeric values are required.

・Shortest length of a passcode

・Minimum number of composite

characters

Device function

・permission of application installation

・Permission of camera use

・Permission of FaceTime

・Permission of import of the screen

・Permission of automatic

synchronization during roaming

Appliaction・Permit the use of YouTube

・Permission of use of iTunes Store

iCloud・Permission of backup

・Permission of synchronization of documents

・Permission of Photo Stream

・VPN・WiFi

・Expiry of a passcode

・Time that elapses before automatic lock

・passcode history

・Grace period of device lock

・Permissible number of input failures

・Permission of voice dial

・Permission of purchase within application

・Request for a store password upon

purchase without fail

・Permission of multi-player game

・Permission of addition of friends to GameCenter

・Permission of use of Safari

・Setting of security of Safari

・LDAP・CalDAV

・Reference calendar・CardDAV

16

Remote Configuration of Devices (iOS) 2)

Remotely configurable items with iOS terminals

Content rating・Permission of inappropriate music and Podcast

・Region of rating

・Permissible content rating

Other Settings

・Qualification information

・Web clip

・SCEP setting

・APN setting

*The above items are subject to configurable items with configuration profile.

17

Remote Configuration of Devices (Android)

Remotely configurable items with Android terminals

Passcode policy setting

・Request for a passcode

・Expiry of a passcode

・Passcode type

・Backlight lighting time

・Number of failures to input passcode until local wipe

・Number of failures to input a passcode until local lock

・Number of failures to input a passcode until erase of external

memory

Device control setting

・Control of camera use・Control of Wi-Fi use・Control of Bluetooth use・Control of external memory use

18

Common configuration information such as ExchangeActiveSync

server address, use of SSL

Individual configuration information such as account, email address

and password

AdministratorDevice management

server

Configuration profile(Common)

Registration

Common

Individual

CSV file(Account information)

＋

Bulk registration

Bulk Registration of Accounts (iOS)

Bulk registration of accounts (Exchange ActiveSync, VPN)

19

iOS devices

1) Install policy

Android devices

Install security policy to detect devices violating policy

Installation of Security Policy

2) Policy check conducted when gathering

device information

Detect devices violating policy

Device management

server

Administrator

20

Installation of Security Policy

Item Description iOS Android

OS versionDetect devices with OS other than designated its version

○ ○

Installed applicationDetect devices with any application installed other than designated ones

○ ○

Check of IMEIDetect devices with IMEI different from registered one*IMEI: international mobile equipment identity

○ ○

Installed “configuration profile”

Detect devices with configuration profile other than delivered one

○ －

Detection of SIM replacement

Detect devices with SIM information different from previously registered one

○ －

Check of UDIDDetect devices with UDID different from registered oneUDID: Unique Device Identifier

○ －

21

Group Management

A single device may belongs to two or more groups, each of which is

administered by its own administrator

Provide group(s) to each device

All devices

１ ２ ３ ４ ５ ６ ７

Group CGroup A

Group B

Administrator A looks at devices 1 thru 3

Administrator B looks at devices 3 and 4

Administrator C looks at devices 5 thru 7

Contract Administrator looks at all devices

22

Simple Bulk Setting

Operation on device management screen enables to prepare

configuration profile for setting passcode and placing restrictions

on functions without using iPhone configuration utility.

Prepare configuration profile in management server

23

Japanese, English, Chinese, and Korean are available!

Language Setting

English

简体中文

한국어

24

2) User visits the site to tap on application’s icon

Manifest

1) Administrator registers application and Manifest file in management server

*The capacity of in-house applications is less than 20 MB; the number of these applications is up to 10.

*For using in-house applications, customers are required to conclude iOS Development Enterprise Program (iDEP) with Apple.

Application Distribution（iOS）

Remote delivery of in-house applicationDesignate link for AppStore applications

3) in-house application is installed in device

Administrator

User

25

Warning statements appear during application start-up,controlling users’ application usage!

Application Start-up Control (Android)

Application control Uninstallation instruction

Control start-up of specified applications Prompt user to uninstall specified applications

26

Anti-Virus (Android)

Target deviceAndroid

Device management server

AdministratorBCDMAnti-Virus

In the administrator site,virus/rooting detection is indicated.

*Applicable devices will be discussed separately. *Customers have to handle any devices infected by viruses, or any rooting devices.

Detection!

Virus detection androoting detection

are indicated.

Access to an unauthorized Website is blocked on the device side.

Anti-Virus software by installed on the Android devices!

27

Remote Lock, Remote Wipe, Clear Passcode

1) Send request to server to perform remote erase of managed devices

2) Perform remote erase of managed devices

Missing devices

Clear Passcode

Perform remote lock/wipe of devices and Clear passcode

Administrator Device management server

Remote Lock Remote Wipe

28

SOFTBANK TELECOM Help Desk

Telephone support for administrators

Alternative operation for Remote lock, Remote wipe, and Clear passcode

SOFTBANK TELECOM Corp.Help Desk

Support hours

24/7A lost mobile device report

Remote wipe result report

Response to inquiry regarding MDM

Users

Administrator

SOFTBANK TELECOM

Service desk for administrators and users available in English and Chinese!

29

Information Revolution - Happiness for Everyone