I am trying to check if a user has removed iOS MDM profile from mobile directly. (this is for non-supervised phone)
A user can remove profile in online & offline mode.
While online, if a user removes the MDM profile I am able to detect by getting the status of a device.
But, when a user removes the profile by going to offline mode, WSO2 EMM still displays the device as active.
Edited:
My iOS application is also installed on the device. So if there is any objective-c way to detect iOS profile installed on a system will also do the job.
Let me know if you need additional details. Any help will be appreciated.
If user remove the profile while the devices is connected to the EMM sever (online) an unregistered request will be send to the server in sever side device will be listed as unregistered.
If user remove the profile while device is not connected to the EMM sever(offline), the device will be in the inactive state until the device is property connected to the emm sever.
Related
I have installed WSO2 IoT server 3.1.0. The server is running successfully. I am able to log in. I have created few apps in publisher and published them. When I access the app store from my android device. I am not able to install these apps.
Picture 1:
Picture 2:
Problem :
When I click on the "NEXT" button , nothing happens. And app is not downloaded.
CheckList:
User have access to installing the apps.
Device is successfully enrolled with the IoT server.
Same credentials are being used to accessing the app store as for enrolling the device.
Questions:
Do WSo2 APP manager and devicemgt solution are pre integrated in IoT server or do I have to do it manually?
If these services are pre-configured then how can I make sure that it is correctly configured?
Will a list of enrolled devices is shown, when a user clicks on install?
IF someone can give some insights that would be much helpful.
I want to setup all my devices as COPE. WSO2 EMM setup is complete and working fine. Only thing is left is to sign the system service application with the firmware key. I am using Google devices only (Android one, Motorola G2). From where I can find the key and password to sign the application.
Is there any other alternative way to get the application signed?
As per documentation, "Sign the application via the device firmware signing key. If you don’t have access to the firmware signing key, you have to get the system application signed via your device vendor."
But I am not able to find the device firmware signing key.
Any guidance will be really helpful.
There are couple of COPE enrollment types WSO2 IoT server supports,
1. Device owner mode
2. Kioski mode
3. System application
The first 2 options can be used with any out of the box Android device. However system app is targetted towards original equipment manufacturers(OEM) who builds Android devices and maintain their own Android versions. This mean they maintain a version of Android OS image and does the installation to some customer device. If you are an OEM, you should have these keys with you. If you are not an OEM and still needs to use out of the box devices such as Motorola or Samsung to install system app, you need to form a partnerships with those vendors to get the sign the system service app. Unless you need to perform operations such as reboot or firmware upgrade. You do not need systrm service app. In that case i would recommend you to go for option 1 or 2. What are the features that you are looking at? Also it is best to seek wso2 professinal services if thats an option for you https://wso2.com/contact/
I am facing problems while connecting with the emm store from my device.
I want to know what changes I have to make so that I can access emm store and can download the apps on my device. Any help will really be appreciated. I am not able to understand this
You do not have to perform any android configurations for the emm server in order to enroll android devices. EMM server contains configurations for android.
In the documentation you are provided with instructions how to modify
the agent app to use https protocol rather than http protocol and
generate a new .apk file.
In order to connect your login to store and install applications to your device you need to provide related permissions to the related user. Use the carbon console for grant permissions
Good day
Ime looking to bring the EMM onboard in our already successful WSO2 environment but just need some help.
1) The latest EMM (2.0.0) seem to not be able to restrict/enforce the applications a device is allowed to have installed. I want to have only white listed apps installed on a device. Is this possible?
2) If a policy disables functionality e.g. the camera, all the user has to do is click on the app, deregister from EMM and bypass the policy as needed. After the user is done he/she can just register again. This does introduce the risk of a user installing unwanted software on a COPE device thus compromising the device.
3) If you have a COPE device registered and the user uninstalls the EMM app, do you loose all the monitoring functionality and control?
Thanks in advance for you assistance. :-)
Please see the answers in line.
1) That whitelisting and blacklisting part is still in progress. With a future release you should be able to block the Google play app, Apple app store app etc. and enforce only the whitelisted apps to your devices.
2) Yes that is where the monitoring helps. It needs to track whether the user has removed the app or not. Anyway if you have policies created in advance and assigned it to roles with enforce selection even after they enroll again it should get pushed back to that device.
3) Yes it is. Specially in Andorid it rely on this agent app. Other platforms like iOS will have the OS based MDM capability where this will not have any effect. Anyway Android is also going towards the same profile concept in newer Android versions. Apparently we are going to support them in a future release. For the existing versions that is how Android has provided the APIs.
I have one question regarding removing devices in EMM 1.1.0.
In my scenario device was stolen so we want to wipe whole data on the device and remove it from inventory.
When i click wipe, device is cleared but still exists in inventory... so i click enterprice wipe but device is no more comminication with WSO2 server and device is not removed from inventory.
From other hand:
When i click wipe enterprice device is no more managed from EMM but is not formated and user data can still be accessd on the device...
Is there a posibility to do Both wipe whole data and remove it from EMM?
AFAIK Enterprise Wipe currently unregisters the device from EMM server and clears the agent's (app) data. Wipe will do a factory reset to the device.
Depends on the platform. In iOS it only has enterprise wipe which only wipes out the enterprise portion from your device. For Android its not the case where it has both the options where wipe erase out entire phone data. Anyway in both the cases device will be removed form EMM database and should not get displayed in the EMM portal.