Samsung MAX-DB9900 Installation guide

MaaS360 Mobile Device Management (MDM)
Administrators Guide
MaaS360.com
Copyright © 2014 Fiberlink® Corporation. All rights reserved.
Information in this document is subject to change without notice. The software described in this document
is furnished under a license agreement or nondisclosure agreement. The software may be used or copied
only in accordance with the terms of those agreements. No part of this publication may be reproduced,
stored in a retrieval system, or transmitted in any form or any means electronic or mechanical, including
photocopying and recording for any purpose other than the purchaser’s personal use without the written
permission of Fiberlink Corporation.
All brands and their products are trademarks or registered trademarks of their respective holders and
should be noted as such.
Fiberlink Corporation
1787 Sentry Parkway West
Blue Bell, PA 19422
April 2014
2
MaaS360.com
Table of Contents
Getting Started ................................................................................................................6
Step 1: Select Platforms .................................................................................................6
Step 2: Add Devices .......................................................................................................14
Step 3: Play .................................................................................................................14
Advanced Configuration Steps ..........................................................................................15
Services .................................................................................................................15
Configure the Enrollment URL, the EULA, and Support Information .........................................16
Login Settings ..........................................................................................................18
The MaaS360 Cloud Extender........................................................................................19
Enabling Auto-Quarantine............................................................................................22
MaaS360 Home Page ..........................................................................................................24
Navigation and the UI .....................................................................................................24
Search .......................................................................................................................24
Snapshots ...................................................................................................................25
My Activity Feed ...........................................................................................................25
My Alert Center ............................................................................................................26
Creating an Alert ......................................................................................................27
Alert Center History...................................................................................................28
Additional Navigation .....................................................................................................29
Devices ..........................................................................................................................31
Inventory ....................................................................................................................31
Device Views ...........................................................................................................32
Actions ..................................................................................................................33
Custom Attributes .....................................................................................................35
Groups .......................................................................................................................37
Advanced Search ..........................................................................................................38
Defining a Group .......................................................................................................39
Customizing Columns .................................................................................................39
Enrollment Requests ......................................................................................................40
Action History ..............................................................................................................42
Exceptions (Exchange ActiveSync and Lotus Traveler Only) .......................................................42
Users .............................................................................................................................44
Directory ....................................................................................................................44
Groups .......................................................................................................................45
Security .........................................................................................................................48
3
MaaS360.com
Policies ......................................................................................................................48
Precedence .............................................................................................................50
Policy Files..............................................................................................................51
Compliance Rules ..........................................................................................................52
Compliance Log ............................................................................................................56
Privacy.......................................................................................................................56
Locations ....................................................................................................................58
Add an Address Based Location .....................................................................................59
Add a Wi-Fi based Location ..........................................................................................60
Applications ....................................................................................................................62
The App Catalog ...........................................................................................................62
Adding an App to the App Catalog .................................................................................62
Viewing an App ........................................................................................................69
Distributing an App ....................................................................................................70
Deleting an App ........................................................................................................71
Distribution Details by Devices ......................................................................................71
Apple Store: Volume Purchasing Program .............................................................................71
Documents ......................................................................................................................74
Content Library ............................................................................................................74
Adding Documents to the Content Library ........................................................................75
Edit .......................................................................................................................76
Distribute ...............................................................................................................78
Delete ...................................................................................................................79
Document Settings ........................................................................................................79
Content Sources ...........................................................................................................80
Expense Management .........................................................................................................82
Creating a New Plan ......................................................................................................83
Changing an Existing Plan ................................................................................................84
Deactivating and Reactivating a Plan ..................................................................................84
Viewing Audit History .....................................................................................................86
Reports ..........................................................................................................................87
Platform Administration ......................................................................................................90
Administrators .............................................................................................................90
Create Portal Administrator .........................................................................................91
Roles and Rights ...........................................................................................................93
Creating a Role ........................................................................................................98
Managing Roles .........................................................................................................100
Administrator Logins Report .............................................................................................102
4
MaaS360.com
Appendix A: Features List ....................................................................................................104
Device Support .............................................................................................................104
Activation and Enrollment ...............................................................................................105
Device Attributes ..........................................................................................................106
Hardware Attributes ..................................................................................................106
Network Attributes ....................................................................................................109
Location Attributes....................................................................................................112
Application Inventory .................................................................................................113
Security and Compliance .............................................................................................114
Running Services .......................................................................................................117
MaaS360 Services ......................................................................................................118
Mobile Data Usage .....................................................................................................119
Browser History (Visited) .............................................................................................120
Browser History (Blocked) ...........................................................................................121
BES (BlackBerry) Device Features ..................................................................................121
Privacy Settings ........................................................................................................123
Actions ......................................................................................................................123
Device Actions .........................................................................................................123
Group Actions ..........................................................................................................125
Policies ......................................................................................................................125
ActiveSync Policies ....................................................................................................125
iOS Policies .............................................................................................................130
Android Policies ........................................................................................................148
Windows Phone Policies ..............................................................................................169
Mac Policies ............................................................................................................172
Secure Browser Policies ..............................................................................................181
Compliance/Rules Engine ................................................................................................185
Apps ..........................................................................................................................185
Documents ..................................................................................................................187
Document Management ..............................................................................................187
Document Policies .....................................................................................................188
Mobile Expense Management ............................................................................................189
End User Portal ............................................................................................................189
Mobility Intelligence Reports ............................................................................................191
Mobile Devices .........................................................................................................191
Computers ..............................................................................................................191
Cloud Extender ............................................................................................................192
5
MaaS360.com
Getting Started
MaaS360 Mobile Device Management is a cloud-based multi-tenant platform that helps to monitor and
manage your smartphones, tablets, and other mobile devices. MaaS360 is a comprehensive mobile device
management solution that supports a variety of mobile device platforms including Apple iOS, Android,
Windows Phones, BlackBerry and others. Ease of use, security and centralized management are some of the
key features of MaaS360.
The MaaS360 system allows you to perform portal administration functions, device management, software
distributions, policy self-service and device compliance functions. Monitor and manage all your mobile
devices from a Web-based portal. The MaaS360 real-time reports include rich intuitive, real-time and
interactive graphical reports.
You can register for a 30 day trial of the MaaS360 Mobile Device Management solution via the MaaS360
website at http://www.maas360.com.
After registering, a success message will appear. Click the green button to continue.
The Quick Start screens will walk you through setting up your account and enrolling devices.
Note: The account you create as part of your trial will continue into Production if you purchase
MaaS360. The devices you enroll as part of your trial will not need to be enrolled again.
You will receive a welcome email containing important information about your trial. Be sure to keep this
information, in case you need support later.
Step 1: Select Platforms
MaaS360 is automatically configured to support Android, Windows Phone and BlackBerry devices. If these
are the only devices you will be using, click Start without iOS to move to the next step, Add Devices.
6
MaaS360.com
If you will be using iOS devices, Apple requires you to have an Apple Push Notification service (APNs)
certificate. MaaS360 will walk you through the process of obtaining this certificate:
1. Click Setup iOS Now. The Safari, Chrome and Firefox web browsers are recommended for this process.
2. Enter a corporate AppleID. You must use the same AppleID every year when renewing your APNs
certificate.
If you don’t have an AppleID, hover over Create ID? and click Apple Website. This will take you to a
page where you can create a corporate AppleID.
Enter the AppleID and click Next.
Note: We strongly recommend that this AppleID belong to your company and not an individual. The
AppleID you use to set up your devices is the same one you will need to renew your certificate
each year. If you use a personal AppleID and the person leaves your company, you will need to
create a new AppleID at renewal time and re-enroll all of your iOS devices using it.
3. The Certificate Signing Request (CSR) will be generated automatically. This process can take up to 5
minutes. Please remain on this page or you will have to redo the previous steps.
7
MaaS360.com
4. The CSR will be emailed to the specified account. You can also click the download link to upload it
right away.
5. After clicking the download link, you will be able to save the file. Saving it will put it in your
Downloads folder by default.
6. Enter the AppleID you used in Step 2 and the password, and then click Sign in.
To skip the steps necessary to generate a PEM file, click Next. Continue with Step #12.
8
MaaS360.com
7. Click the green Create a Certificate button.
8. Check the box next to I have read and agree to these terms and conditions and click Accept.
9
MaaS360.com
9. Now you need to find the file so you can upload it. Click Browse.
10. Find the CSR.txt file in your Downloads folder. Click Open.
11. When the correct file is show in the field, click Upload.
10
MaaS360.com
12. Click Download to download the PEM file. You will also receive this in email just like the CSR.txt file,
but you will be using it in the very next step.
13. Click OK to save the PEM to your Downloads folder.
11
MaaS360.com
14. You will receive a confirmation message. Click Next.
15. Now you have to upload the certificate to MaaS360. Click Browse.
16. Find the file MDM_Fiberlink_Communications.pem in your Downloads folder. Click Open.
12
MaaS360.com
17. Enter a password. This password has no minimum security requirement. To help you remember the
password, you may want to make it the same as your AppleID password.
After entering it in the Create Certificate Password and Confirm Password fields, click Upload.
18. The APNs certificate has been created. Click Close.
19. MaaS360 will automatically take you to the next step, adding a device.
13
MaaS360.com
Step 2: Add Devices
Click the second tab to begin enrolling devices in MaaS360.
1. Information from your enrollment will be automatically entered in the Username, Email Address and
Phone Number fields, but you can override it. Review the Domain field; it is used for email and
wireless set up, and more.
2. Click Send Request.
MaaS360 will send an enrollment request to the specified device.
When the end user gets the enrollment request, they will be directed to download the MaaS360 app. With
just a few taps, they will install the app and the device will begin to send data to MaaS360.
Step 3: Play
Now you can review information about the enrolled device, take actions like Lock, Locate or Distribute App
and more.
14
MaaS360.com
When you are finished, click Close Quick Start to access the MaaS360 Home page.
Advanced Configuration Steps
Services
To review and configure additional services, mouse over the Setup tab and click Services.
You can see the services that have already been set up and make changes.
Note: The items you see on this screen depend on the services you have purchased. For more
information about any additional offerings, please contact your service representative.
Mobile Device
Management
If a platform has been set up for use in MaaS360, the icon will have a green
checkbox in the upper left corner. You must upload an Apple MDM Certificate to
manage iOS devices and a Symantec Code Signing Certificate to use the Windows
Phone 8 Company Hub.
Document Management
Indicates that you can use MaaS360 Document Management.
15
MaaS360.com
Laptop and Desktop
Management
Specifies if you are set up to use MaaS360 to manage your laptops and desktops.
ActiveSync Manager
Specifies if you are set up to use ActiveSync to manage devices that connect to
your corporate Exchange Server using the ActiveSync protocol. Integration with
Exchange 2007, Exchange 2010, Exchange 2013, Office 365 and Microsoft BPOSDedicated is supported.
You will need to download and configure the MaaS360 Cloud Extender.
Lotus Traveler Manager
Specifies if you are set up to use Lotus Traveler to manage devices that connect to
your corporate Domino Server using the ActiveSync protocol or Traveler client.
You will need to download and configure the MaaS360 Cloud Extender.
BlackBerry Enterprise
Server Manager
Specifies if you are set up to use BlackBerry Enterprise Server (BES) to manage
BlackBerry devices in your enterprise.
You will need to download and configure the MaaS360 Cloud Extender.
Enable End User Portal
The MaaS360 End User Portal allows your users to perform actions on their own
devices. When you enable it, MaaS360 will display a log in link that you can send to
your users:
Note: The MaaS360 Cloud Extender is discussed in detail later in this document.
Before making a change, you will be prompted to enter your log in password as a security precaution.
When you are finished, click Close.
Configure the Enrollment URL, the EULA, and Support Information
Access the Deployment Settings screen, which is found on the Setup tab.
These enrollment settings are applicable to all your users. Make your changes, as needed, and click the
Save button at the bottom of the page.
16
MaaS360.com
Corporate Identifier to be
used in your Enrollment
URL
Your corporate identifier must be entered by your users when they enroll their
devices.
Select Default User
Authentication Mode
Specify how much authentication future device enrollments will require. You can:
•
•
•
Send a passcode to the user’s corporate email address, and require them to
enter it during the enrollment process
Require the user to enter their corporate Active Directory credentials when
enrolling and authenticate against it
Both of the above
The MaaS360 Cloud Extender is required.
Device Platforms allowed
to enroll
Specify which device types are allowed to enroll in MaaS360.
Advanced Management
for Corporate iOS Devices
Specify if you want to use advanced management for corporate iOS devices.
Select Default App Store
Region for iOS devices
Choose a default app store region from the pull-down menu. Users can change it in
their individual app catalogs.
17
MaaS360.com
Prompt user to accept
your corporate usage
policy while adding a new
device
Corporate Information
If checked, MaaS360 will display your usage policy to your users. They must read the
policy and agree to it before downloading the MaaS360 app.
When this box is checked, MaaS360 will allow you to browse to your usage policy and
upload it.
Any prompts for over-the-air actions scheduled for iOS 7 devices use the iOS Services
Hostname.
If you want to display a support email address and phone number in case your users
need to contact you, enter the information in the respective fields. The information
will appear in the MaaS360 app on the devices.
Alert administrator on
new device discovery
Check the box if you want an email to be sent to an administrator when a new device
is reported from your corporate email server or a new device.
MaaS360 will allow you to specify which devices should trigger the alert:
•
•
•
All devices
Smartphones and tablets only
Laptops and desktops only
It will also let you enter the email address that will be used for the notifications.
Login Settings
If you want to require portal administrators to use strong authentication, select Login Settings from the
Setup menu.
Select the login settings you want, then click Save.
18
MaaS360.com
Configure Strong
Authentication
Select the checkbox to display the options.
Allow administrators to
log in only from
previously registered
devices
MaaS360 will flag any device that has never been used to access it before, and will
send the owner an email with a passcode. The person who is trying to log in must
enter that passcode before accessing the portal.
2-Factor Authentication
Devices will be subject to the registration process and the administrators will have to
enter their credentials when they log in.
This only happens once—the device is automatically registered when the log in is
successful.
The MaaS360 Cloud Extender
If you wish to gain visibility into your existing email platforms for Microsoft Exchange, Lotus Traveler,
Office 365 or your BlackBerry Enterprise Server, you will need to install the MaaS360 Cloud Extender.
Installing the Cloud Extender also allows you to use your corporate Active Directory or LDAP for self-service
enrollment and visibility into your existing groups for management. The Cloud Extender can also be used
to integrate with your Certificate Authority to push certs to devices to be used for email, wireless or VPN
authentication.
Mouse over Setup and click Cloud Extender. Click the links to download the Cloud Extender and to request
the license key.
For detailed installation instructions, refer to the MaaS360 Cloud Extender Installation Guide.
Enterprise Integration
You can see details about your MaaS360 Cloud Extender configuration by mousing over the Setup menu and
clicking Cloud Extender.
19
MaaS360.com
This screen shows the steps to download the Cloud Extender, and lists your integration options.
For more information, refer to the Cloud Extender Installation Guide.
Cloud Extender Settings
Mouse over the Setup tab and select Cloud Extender Settings.
20
MaaS360.com
This screen shows the different settings configured for your Cloud Extender and allows you to change them.
You can click Edit to change the settings, or select an action from the menu in the upper right corner.
View Audit History will allow you to see the changes that have been made previously.
21
MaaS360.com
Enabling Auto-Quarantine
If you are using ActiveSync, MaaS360 can put all devices that attempt to access your corporate resources
into quarantine automatically until an administrator approves them.
To configure Auto-Quarantine, perform the following steps:
1. Click Setup > Cloud Extender Settings.
2. Click Edit.
3. Change the Auto-Quarantine Settings to enable the feature, and provide an email address that will
receive notifications about quarantined devices.
4. Click Save and Publish when you are finished. The policy will not go into effect until it has been
published.
The sample configuration shown above will do the following:
•
Any existing device will be grandfathered into an allowed list
22
MaaS360.com
•
Enrolled devices will be auto-approved
•
Manual Exchange configurations will be quarantined and the administrator will be notified
23
MaaS360.com
MaaS360 Home Page
MaaS360 has been designed to make it easy for you to get information and take action quickly and easily.
Navigation and the UI
The MaaS360 user interface provides an easy-to-use tab and menu navigation layout, allowing quicker
access to the available applications.
Tabs correspond to a related set of applications or tasks available to the portal user.
The menus show the individual workflows, reports, etc. for the portal user. To access the menus, mouse
over the tab and the menu will appear. Click once to access the item.
Click
to return to the Home page.
When looking at an item from a list, you can click
Click
to return to the full list.
to refresh the data.
Search
If you begin typing in the Search field, MaaS360 will give you possible matches to choose from among the
devices, users, apps and documents in your environment.
24
MaaS360.com
When you see the item you want, you can take action by clicking the link below it; you can view, locate,
distribute an app, etc. In the example above, you can click the Locate link under Marketing2968 iPad to
display a map that shows the device’s location.
Snapshots
MaaS360 also gives you a snapshot of your environment at the top of the screen.
You can click one of the plus signs
to add a device, user, app or document.
The text of each snapshot is a link.
•
Devices: Access the Device Inventory
•
Users: Access the User Directory
•
Apps: Access the App Catalog
•
Docs: Access the Content Library
My Activity Feed
My Activity Feed shows you important updates, in much the same way that social networking sites do. The
list of new devices, rule violations (compliance events highlighted in red), etc. is updated in real time, and
you can click on them to see details about the activity.
25
MaaS360.com
The Home page icon shows the number of new activities that have been added to the feed. In this
example, there is one new activity:
You can use the filter to display specific types of activities.
My Alert Center
The Home page also displays My Alert Center, a dashboard of important information that you can
customize to meet the needs of your organization.
26
MaaS360.com
The alerts are red, green or blue. Security alerts can be red or green, depending on if the situation needs
attention. Information alerts are blue.
Each administrator can customize their own alerts. They are not specific to administrators or global unless
you want them to be.
•
Click
to add an alert
•
Click
to refresh the data
•
Click
to see Alert Center history
•
Click
for the key to the alert color coding
Alerts are set up using the MaaS360 Advanced Search feature.
You can click on an alert to see the definition of the alert, and a list of the devices to which the alert
applies:
Click the device names to see even more information about them.
Creating an Alert
To create an alert, click the plus sign on the Home page.
The Add Alert screen is displayed.
27
MaaS360.com
Name & Description
Enter the name and description of the alert. The description will appear when you
mouse over the alert.
Type
Specify if it is a security alert or and information alert. Security alerts will appear
red or green, depending on whether the situation requires attention. Info alerts will
always appear blue.
Scope
Indicate if the alert should be visible to you alone, or to you and the entire
organization.
Condition
Define the alert.
Search for
Specify if the alert should apply to active devices, inactive ones or all devices.
Provide the timeframe for the search; i.e., when the device last reported in to the
system.
With Device Type(s)
Specify if the alert should apply to smartphones, tablets or both.
Define Search Conditions
Enter the criteria that devices must meet to be included in the alert. You can use
Boolean operators if you want.
Define your alert and click Save.
Alert Center History
You can see the changes that have been made to the alerts by clicking
28
at the top of the screen.
MaaS360.com
Click the individual alert to see details about it.
Additional Navigation
There are a few more items at the top right-hand corner of the screen:
•
Search: Begin typing a device name in this field to quickly find a device, user, app or document.
•
Chat Now: Click the icon to chat with a MaaS360 representative.
•
Help: Click the question mark to access help for MaaS360.
•
My Profile: Click your name to see your profile and to change it.
You can see your account number (which you will need if you ever need to contact Customer Support),
your username and your email address.
You can change your background image, your time zone and the language that the portal is displayed
in. You can also sign out of MaaS360.
29
MaaS360.com
•
Click the power icon
to sign out of MaaS360.
30
MaaS360.com
Devices
The Devices tab provides access to screens you can use to see your devices. You can also click the Devices
link on the Home page.
Inventory
Select Devices > Inventory to see the Device Inventory screen, or click the Devices link on the Home page.
The Device Inventory lists your devices.
You can use the filter to find specific devices:
Click the Reset button to remove the filter and see the complete list again.
You can change the columns that are listed by:
1. Click on the down arrow for a column heading
2. Select Columns, and then check the columns you want to include.
31
MaaS360.com
At the top right-hand corner of the screen are additional buttons:
•
Click
•
Click Save Column Preferences to preserve the changes you made to the columns.
•
Click Go to Advanced Search to enter advanced search criteria.
•
Click Add Device to send an enrollment request to a device.
to refresh the information.
Device Views
The first device view is the Summary screen.
Click
to refresh the information.
Additional screens are available by clicking the pull-down menu. Different screens may be listed depending
on the device.
32
MaaS360.com
•
Summary: Basic information about the device, including network and compliance information.
•
Hardware Inventory: Detailed hardware and storage information about the device. Click Edit to
update custom attribute information.
•
Operating System: The OS, OS version, kernel version, API level and more.
•
Network Information: Detailed information about the cellular network, Wi-Fi network and more.
•
Location Information: A map showing the last known location of the device.
•
Security & Compliance: Detailed information about passwords, encryption, the policy, data syncing,
and more.
•
Software Installed: The apps on the device, including the version, size and type.
•
Modules (appears only if the Cloud Extender is installed for use with the BlackBerry Enterprise Server):
The modules on the device, including the version and size.
•
Service Books (appears only if the Cloud Extender is installed for use with the BlackBerry Enterprise
Server): The service books on the device, including the service ID and content ID.
•
Running Services: The services on the device, including the app ID, memory used, and running time.
•
App Distributions: The apps that have been distributed to the device by MaaS360; including when they
were deployed and which ones have been installed.
•
Installed Services: Information about the MaaS360 app that is running on the device.
•
Change History: Information about changes made to the account.
•
Action History: Lists the actions performed on the device.
Actions
You can perform actions on the device from the Device View.
Note: The Actions that appear depend on a number of factors, including the device type and how it
is being managed, and if the Cloud Extender is installed for ActiveSync options, etc. Refer to
Appendix A for details.
33
MaaS360.com
•
Refresh Device Information: Retrieves the most recent data from the mobile device
•
Last Known Location: Locates the mobile device
•
Send Message: Sends a message to it
•
Buzz Device: Sends an alert tone to help locate it in the immediate area
•
Lock Device: Sends a command that will lock it
•
Reset Device Passcode: Clears the current passcode
•
Selective Wipe: Deletes the Wi-Fi profile, Exchange ActiveSync profiles, and Web shortcuts configured
on the device via MaaS360 policy. It can also remove apps and documents, if the appropriate options
were selected when they were loaded into the App Catalog and Content Library, respectively
•
Wipe Device: Erases all data on the device and resets it to the original factory settings. For Android
2.2, the Wipe Device action will reset only the phone memory. However, in Android 2.3, it will reset
both the phone memory and the SD card
•
Change iOS/Android Policy: Allows you to change the policy being enforced on the device
•
Change Plan: Allows you to change the Mobile Expense Management plan
•
Distribute App: Distribute an app to the device
•
Remove Control: Allows you to unregister the device from MaaS360, and MaaS360 cannot manage it
anymore. The first part of the process is a selective wipe of the device
•
Hide Device Record: Marks a device as inactive in MaaS360 reporting, but it does not remove control
on the device. This should only be performed if the device is permanently offline, destroyed, etc.
•
Change Rule Set: Allows you to apply or update the rule set assigned to a device
•
Refresh Device Information (EAS): Refreshes the information shown for the device from Exchange
ActiveSync
•
Block Device (EAS): Prevents the device from accessing your Exchange ActiveSync server
34
MaaS360.com
•
Change ActiveSync Policy (EAS): Changes the policy being enforced on the device. These settings will
be specific to Exchange ActiveSync
•
Remove Device from Exchange Server (EAS): Removes the device records from your Exchange
ActiveSync server
•
Reset Device Passcode (BlackBerry): Clears the current passcode
•
Wipe Device (BlackBerry): Allows you to wipe data and settings deployed from MaaS360
•
Change BES Policy (BlackBerry): Changes the policy being enforced on the device
•
Remove Device from BES (BlackBerry): Removes the device records from your BES server
•
Block Device (Lotus Traveler): Prevents the device from accessing your Lotus Traveler server
•
Wipe Device (Lotus Traveler): Allows you to wipe data and settings deployed from MaaS360
•
Remove Device from Traveler (Lotus Traveler): Removes the device records from your Lotus Traveler
server
•
Change Rule Set (Lotus Traveler): Allows you to apply or update the rule set assigned to a device
•
Hide Device Record (Lotus Traveler): Marks a device as inactive in MaaS360 reporting, but it does not
remove control on the device. This should only be performed if the device is permanently offline,
destroyed, etc.
Custom Attributes
Every device has a set of unique identifiers or attributes that are standard across devices. These attributes
help in creating device groups that share similar attributes.
In addition to the standard attributes, you can also use custom attributes. For example, if you want to
group devices based on their location, you can base your group on the contents of the Office/Location
field.
You can add them as needed from the Hardware Inventory screen. Click Edit at the top of the screen.
Click Save after making your changes.
35
MaaS360.com
One custom attribute, Important Device (Skip Enforcement Action), has special properties. If it is set to
Yes, the device will be exempt from automated enforcement actions.
You can upload a file with custom attributes so you don’t have to update each record individually. Select
Devices > Custom Attributes to see the upload screen.
Available for
Select the group to be updated, or all users.
Process Request
Enter the filename with the information to be uploaded.
Click Upload to upload the file.
Click the Manage Custom Attributes button at the top of the screen to see all the existing attributes.
Click Delete icon
screen.
to delete the custom attribute, and click Back To Results to return to the previous
You can also click the Transaction Log button to see the upload history.
36
MaaS360.com
You can see the file by clicking
, and you can see any errors by clicking
.
Groups
MaaS360 supports two kinds of groups: device groups and user groups. You can see the available groups by
selecting Devices > Groups, or by selecting Users > Groups.
A device group can be a non-editable default device group, an editable public group, a non-editable public
group or a private device group. You can search for devices matching specific search criteria and group
those devices into a device group. A device group can be one of the following types:
•
•
Public—the device group is visible to all administrators, and can be edited and deleted by all
administrators. Actions can only be taken on public groups.
Private—the device group is visibile only to the administrator who created the device group, and can
be edited or deleted by the person who created it.
Mouse over the More link associated with the group to view the available actions for it.
Different actions are available depending on the group.
•
Create Copy of Group: Create a duplicate group that can you can modify.
•
Hide Devices: Mark the devices in the group as Inactive in MaaS360 reporting. The Hide Devices action
does not remove control on the devices.
•
Send Message: Send a notification alert to all devices in the device group. This action is applicable
only for iOS, Android, and Windows Phone mobile devices. The Send Message action for BlackBerry
devices includes the additional Message Type option. Select the PIN option to send an SMS message.
Otherwise, select the Email option to send the alert notification as Email message.
•
Change iOS MDM Policy: Assign a specific policy to iOS devices in the group.
•
Change Android MDM Policy: Assign a specific policy to Android devices in the group.
•
Change Plan: Allows you to edit and assign a specific plan to devices in the group. This action is
available only for devices that have enabled the Mobile Expense Manage module.
37
MaaS360.com
•
Change Rule Set: Assign a compliance rule set to all devices in the device group.
•
Distribute App: Allows you distribute applications to devices in the group.
•
Distribute Document: Allows you distribute documents to devices in the group.
•
Edit Group: Allows you to edit the group.
•
Delete Group: Delete public and private device groups that you have created. It is available for private
groups, but it is not available for device groups with automated actions or to public device groups
created by MaaS360 or other Administrators.
Advanced Search
The Advanced Search allows you to perform basic and advanced searches for devices. Select Devices >
Advanced Search.
Search for
Specify if you want to search for active devices, inactive devices or all devices.
Last Reported
Specify the time period in which the devices last contacted MaaS360.
With Device
Type(s)
The options listed here will vary depending on what you have purchased. Specify the device types
you want to include in the search.
Define Search
Conditions
Specify the category, attribute and value being searched for. For example, to see all the devices
that can support remote wipe, enter the following:
Apply
Specify any Boolean operators that should be used to handle multiple search conditions. Enter the
additional criteria in the text box.
Click
to add a row, and click
to remove one.
Click Search to view results matching the selected criteria. The results will appear in the lower half of the
screen.
Your searches can be used for different purposes:
•
The alerts on the Home page are based on these searches
•
You can use these searches to define groups
•
You can customize the columns that appear in the results section
38
MaaS360.com
Defining a Group
To use a search to define a group, perform the following steps:
1. Click the Create Device Group button.
2. Enter details about the device group in the pop-up box. Enter the name of the group, a description,
and specify if it is public or private. When you are finished, click Save.
The search criteria will be saved and any actions that are performed will be done for all the devices in the
group at that time.
Customizing Columns
You can also change the columns that are displayed. Click the
select Columns. Check all the columns you want to see.
39
icon on a column heading, and then
MaaS360.com
You can save your selections by clicking Save Column Preferences.
Enrollment Requests
You can see a list of the enrollment requests that were sent by selecting Devices > Enrollment Requests.
40
MaaS360.com
Status
Status of the request:
•
•
•
•
New—the request was just sent
Failed—an error prevented the request from being successful
Complete—the device was successfully enrolled
Pending—although the request was sent successfully, the device’s owner
has not yet enrolled the device
Device Name
The registered device name.
Platform
Device’s platform.
Request Date
Date the enrollment request was created.
Domain
Domain provided in the request.
Available for
Group associated with the request.
Email Address
Email address to which the request was sent.
Policy Set
Policy that went into effect for the device when it was first enrolled.
Registration Date
When the device was successfully enrolled.
Error Information
Specifies why the enrollment request failed.
Requested By
Administrator who created the request.
Comments
Any comments about the request. They can only be seen by the administrator.
Enrollment URL
URL included in the request email. The recipient would have accessed the URL to
enroll the device.
Passcode
Passcode that was included in the request email. The user would have needed to
enter it to enroll the device.
At the top of the screen are three buttons:
1. Send Enrollment Request: sends an individual enrollment request
41
MaaS360.com
2. Bulk Enroll: allows you to upload a .csv or .txt file with user information so you can send multiple
enrollment requests simultaneously
3. Bulk Deployment: allows you to enroll multiple devices via the Apple Configurator tool
Action History
MaaS360 can show you all the actions that have been performed on your devices. Click Devices > Actions &
Events to see the list.
Device Name
Name of the device.
Platform
Device the platform is on.
MDM Device ID
Device’s ID.
Action Date
Date the action was taken.
Action
Action that was taken on the device.
Action By
Username of the administrator that performed the action.
IP Address
IP address of the device.
Status
Status of the action.
Comments
Any comments which were included with the action.
Error Description
Describes an error that was found while performing the action.
Exceptions (Exchange ActiveSync and Lotus Traveler Only)
Devices report into both the Exchange ActiveSync/Lotus Traveler servers and into MaaS360. To maintain
data integrity, MaaS360 tries to match the mail server record with the one it receives.
iOS devices send a device serial number to the servers and to MaaS360, so there are rarely any difficulties
matching these records. For other device types MaaS360 uses device-level attributes and built-in logic to
match device pairs.
The mail servers and MaaS360 have the following information from the devices:
1. Email address
2. Device manufacturer
42
MaaS360.com
3. Device types (smartphone, tablet)
MaaS360 has a background process that compares each of them, in order.
In most cases, that is enough information to match the records.
If MaaS360 cannot make an informed decision about which devices belong together, the unmatched records
will appear on the Exceptions report so an administrator can merge the records manually.
The matching process runs approximately every 2 minutes, and the most recent execution time is shown on
the report. Click
to refresh the data.
Click View Merged Devices to see a list of the devices that MaaS360 has merged automatically.
Click the Separate link to undo the merge process. If you separate a record, it will never be eligible for
merging again.
43
MaaS360.com
Users
MaaS360 gives you a quick, easy way to see all your users and device groups. There are two choices on the
Users tab:
Directory
Select Directory from the Users tab to see the User Directory.
You can also click the Users link on the Home page.
The User Directory shows your users.
You can filter the data by status (whether the person is an active or inactive user).
44
MaaS360.com
Click Hide users with no Devices to filter out users who have no devices managed by MaaS360, and View
All Users to see the complete list again.
You can get details about a particular user by clicking the View link.
You can see information about the person, the groups he or she is in, and a list of the devices that they
have.
Click on a device’s name to see the Device View.
Groups
Device groups allow you to deploy policies, apps or documents to similar categories of users.
There are several default groups:
1. System: groups provided by MaaS360
2. Public: can be used by all administrators
3. Private: can only be used by the administrator who created it
Note: Automated policy assignments and app distributions can only be scheduled for public groups.
Select Groups from the Users tab to see all your groups.
45
MaaS360.com
Note: User Groups are also displayed on this screen.
You can see any automatic actions for a device group by clicking the plus sign in the Applied Actions
column.
Click the Show all automated actions to expand the automated actions.
Click Hide all automated actions to collapse them. You can click Show all automated actions to display
them again.
You can perform an action on a device group by selecting it from the pull-down menu:
Note: The items you see on the pull-down menu will vary depending on the services that are
enabled.
•
Hide Devices: Mark the group as inactive in MaaS360 reporting, but does not remove MaaS360’s control
of the devices
•
Send Message: Sends a text message to the devices
•
Change iOS MDM Policy: Changes the policy being enforced on all the iOS devices in the group
•
Change Android MDM Policy: Changes the policy being enforced on all the Android devices in the group
•
Change Plan: This option is not visible unless you are using the Mobile Expense Management module. It
changes the plan in effect for the devices in the group
46
MaaS360.com
•
Distribute Package: This option is only visible if you are using the desktop/laptop module of MaaS360.
It distributes a Windows package to the devices in the group
•
Distribute App: Deploy an app that has already been uploaded to MaaS360 to all the devices in the
group
•
Distribute Document: Distribute a document that has already been uploaded to MaaS360 to all the
devices in the group
•
Change Rule Set: Change the rule set that is being enforced for the device group
•
Configure Patch Settings: This option is only visible if you are using the desktop/laptop module of
MaaS360. It lets you customize the settings for patches you push to the devices in the group
•
Refresh Group: Update the list of devices in the group
•
Edit Group: Change the criteria that defines the members of the group
•
Create Copy of the Group: Copy the group, usually so it can be the basis of a new group
The available actions are slightly different for user groups.
Note: The items that appear on the menu will vary depending on the services that are enabled.
•
View Devices: Show all the devices that belong to the users in the user group
•
Send Enrollment Request: Send an enrollment request to the users in the group
•
Change MDM Policy: Change the policy for the users’ devices. You will be prompted to specify either
iOS or Android
•
Change Plan: This option is not visible unless you are using the Mobile Expense Management module. It
changes the plan in effect for the users in the group
•
Distribute App: Deploy an app to all the users in the group
•
Distribute Document: Send a document to all the users that belong to the group
•
Change Rule Set: Change the compliance rule set that is in force for the group
•
Edit Group: Change the criteria that defines the user group
47
MaaS360.com
Security
MaaS360 gives you the ability to customize the security you use for your devices.
Policies
Select Security > Policies to access the Policies screen.
Name
Name of the policy
(Action Quick Links)
Links you can use to perform common actions directly from the screen:
•
•
•
•
Information icon
View: see the policy
Set as Default: make this policy the default policy for the device type
Audit History: show the changes that have been made to the policy
Delete: delete the policy
Mouse over the icon to see the number of devices that have the policy.
Click the link to see a list of them.
Default
If checked, this is the default policy for the specified device type. It will
automatically be assigned to devices if no other policy is specified.
Status
Status of the policy. Only published policies can be given to users.
Precedence
If a device is included in multiple device or user groups, it could be subject to more
than one policy. The precedence indicates which one will be applied, with the lower
number having the higher priority.
Available For
Specifies the device or user group that the policy can be assigned to.
Note: This requires the Departmentalization feature, which is not enabled by
48
MaaS360.com
default. Contact your account representative for details.
Type
Specifies which platform the policy is designed for. Different platforms have different
policy options.
Version
How many times the policy has been published.
Last Modified
The last time the policy was changed.
Last Published
The last time the policy was successfully published.
A policy will not be published successfully if there are errors. For example, if you
indicate that you want the policy to require a passcode but do not specify any
requirements for the passcode (length, complexity, etc.) you will receive an error and
the policy will not be published.
Click View to see the policy.
Click the Edit button at the top of the screen to change it.
MaaS360 provides many choices so you can make your policy as relaxed or restrictive as you need. These
settings may differ, depending on the platform (iOS, Android, Windows Phone, etc.). The settings are listed
in Appendix A.
Click the tabs on the left side to see the different settings.
49
MaaS360.com
When you are finished making changes, click Save and Publish. Your policy cannot be assigned to any
devices until it has been published.
Precedence
Note: This feature is not enabled by default. Contact your account representative for details.
In MaaS360, policies are dynamically assigned to different device groups, so the policy in force on a device
can change as the circumstances change. For example, you can have a device group for a specific operating
system version and assign a policy to it. When a user upgrades a device, the device would then become
part of the new group and would get the associated policy automatically.
As a result, it is possible for a device to be automatically assigned to multiple groups which have
conflicting policies.
Precedence allows you to prioritize polices so MaaS360 will apply the appropriate one if more than one is
applicable.
Click the Precedence button to view the Change Precedence dialog box, which lists the available iOS and
Android MDM policies.
You can change the policy precedence by dragging a policy box to the desired precedence level. Click Save
to save changes.
50
MaaS360.com
Policy Files
Click the Policy Files button to see uploaded mobile device policy files.
You can upload certificates, images and file containing mobile device settings.
Click the Upload Content button to view the Upload Policy Files pop-up box.
51
MaaS360.com
Enter relevant name in the Content Name field. Select the desired Type. The available content types that
you can upload are Certificates, Images and Device Settings.
•
Certificates: the Certificate type allows you to authenticate and register your mobile devices in
the MaaS360 system.
•
Images: the Image type allows you to associate an image or a picture file with your document.
•
Device Settings: selecting the Device Settings option allows you to upload a policy file that
contains the VPN, EAS and Wi-Fi policy parameters that you wish to apply to all devices that are
registered using the certificate.
Click Browse to select the content file from your local drive, and then click Upload Content. The Upload
Status box displays. Click OK, and the file will appear on the list of policy files.
Click the delete icon
under the Actions column if you wish to remove an uploaded policy file.
Compliance Rules
MaaS360 allows you to apply compliance rules on mobile devices. Compliance Rule sets are conditions that
are checked on devices on real-time basis. If a device is not in compliance with the defined rule sets or
conditions, then appropriate enforcement actions will be taken on the device.
Most mobile device platforms allow users to ignore and override passcode policies and application
restrictions. Rules such as the Enforce MaaS360 Control are useful, especially to track users who
accidentally or willfully try to remove their organization’s device management and control capabilities.
It’s a good idea to use Compliance Rules to enforce actions, even if you already publish policies to your
devices.
Compliance rules allow you to take automated actions when a device is out of compliance. For example,
the following rule will be invoked when a user installs a blacklisted app on a device:
Only devices marked as Important on the View All Devices screen will be exempt from the automated
actions that will occur when a device is out of compliance. It is a custom attribute.
You can choose what action to take, a timeframe for the action (where applicable), and you can send a
custom message to the user.
Select Security > Compliance Rules to access the Compliance Rules screen.
52
MaaS360.com
The existing rules will be displayed.
Rule Set Name
Name of the compliance rule. It must be unique.
(Actions)
Click the link under the name to perform an action:
•
•
•
•
•
Edit: review the rule set and change it
Assign: apply it to group
Make Default/Clear Default: make this rule set the default
Audit: view the audit history of the rule set
Delete: delete the rule set
Available for
Specifies which groups the rules set can be applied to.
Default
If checked, this rule set is the default.
Status
Specifies if the rule set is active or inactive. Click the Show All button at the top of
the screen to include inactive rule sets in the list, and click Hide Inactive to only
display active ones.
Precedence
You can have devices with multiple rule sets assigned to them, depending on how
your groups are set up. In those cases, the rule set with the lower precedence is the
one that will be enforced.
# of Devices
Specifies how many devices have been assigned this rule set. Click on the number to
see a list of those devices.
Last Updated By
Username of the person who last updated the rule set.
Last Updated On
Date of the last update.
Compliance rules allow you to take automated actions under certain circumstances. For more information,
refer to the Mobile Device Management Policies Best Practices Guide.
To create a new one, click Add Rule at the top of the screen. Specify the group it is available for, the rule
set’s name and an existing rule to use as a starting point.
53
MaaS360.com
Click Continue. The Basic Settings tab appears.
Specify the platforms that the rule set will apply to, and enter the email addresses that should receive
alerts for the rule set.
On the Enforcement Rules tab, you can have MaaS360 enforce:
•
Enrollment in MDM
•
Specific operating system versions
•
Support for remote wipe
•
Support for block- and file-level encryption, or no encryption
•
Compliance with corporate app policies for blacklisted, whitelisted and required apps
•
Restrictions for jailbroken and rooted devices
Note: Wipe allows you to wipe out all data on the mobile device and reset it to the original factory
settings. In Android 2.2, the Wipe action will reset only the phone memory. However, in
Android 2.3, the Wipe action will reset both the phone memory and the SD card.
Note: The Block and Wipe enforcement actions are only available with Cloud Extender integration.
For details, refer to the Device Actions section in Appendix A.
Make your changes, and then click the next tab.
54
MaaS360.com
Geo-Fencing Rules can be set up after you’ve created approved locations. You can change the policy in
force on the device based on its location, or specify actions that should take place if the device is removed
from one of the approved locations.
Use the Monitoring Rules to monitor SIM changes, when a user’s device is roaming, and any operating
system version changes.
Make your changes and click the next tab.
Note: Expense Management is available for an additional cost. Please contact your account
representative for more information.
Expense Monitoring Rules apply to mobile data usage. You can monitor both roaming and in-network data
usage, and take action based on the usage thresholds.
55
MaaS360.com
When you are finished making changes, click Save.
Compliance Log
The Compliance Status Overview report displays a list of all devices that are not in compliance with the
configured compliance rules.
Depending on the device compliance status, the Action Status column will display the Executed, Planned
and the NA (Not Available) values. NA is displayed only for devices that are configured to receive
compliance status alerts.
When an out of compliance device is remediated and complies with the set rules, then the device name is
automatically removed from the Compliance Status Overview list.
Privacy
Many employees are concerned about personal information from their devices ending up on corporate
servers. MaaS360’s privacy settings can be used to limit the collection of Personally Identifiable
Information (PII) for personal devices.
Mouse over Security and click Privacy.
56
MaaS360.com
On the Privacy Settings screen, specify how you want to treat PII. Click Save when you are finished.
Restrict Location
Information
Click to stop MaaS360 from collecting location information. This includes physical
address, geographical coordinates and history, IP address and SSID.
Select Applicable
Ownership Types
Specify which devices should be exempt from the collection of location information.
Select Applicable
Device Group
Specify which device group should be exempt from the collection of location
information.
Restrict App Inventory
Information
Click to stop MaaS360 from collecting information about apps. This includes which apps
the user has and data from those apps. Apps distributed from the App Catalog and apps
that are included as part of the corporate security policies will be tracked.
Select Applicable
Ownership Types
Specify which devices should be exempt from the collection of app information.
Select Applicable
Device Group
Specify which device group should be exempt from the collection of app information.
Click View Change History to see changes that have been made over time.
57
MaaS360.com
Locations
Select Security > Locations to set up locations that can be used for geo-fencing rules. Locations can be
based on geographical locations and Wi-Fi networks.
You can see the details about each location, and policies that are using it.
Click the Actions pull-down menu for one of the locations to perform an action on it.
You can edit the location, assign a policy to it, or delete it.
Click the Location Name to see the address and range for the location.
58
MaaS360.com
Add an Address Based Location
Click Add Address based Location.
Enter the address and the range, and then click Search.
Enter the location name and click Add this specific location with Range.
59
MaaS360.com
The location now appears on the Locations screen.
Add a Wi-Fi based Location
Click Add a Wi-Fi based Location from the Locations screen.
Enter the location name, Wi-Fi SSID and MAC address. Click Add.
60
MaaS360.com
61
MaaS360.com
Applications
The app management features of MaaS360 are accessed from the Apps tab.
The App Catalog
MaaS360 allows you to deploy apps to your users quickly and easily. Each app must be loaded into the
MaaS360 App Catalog before it can be distributed.
To access the App Catalog, mouse over Apps and click Catalog.
The App Catalog lists your apps and provides basic information about them.
You can sort and filter your apps by clicking on the column headings.
At the bottom of the screen you can see how much storage you are using, and how much is available. It
also includes token information.
There are links under each app you can use to take action.
Adding an App to the App Catalog
1. Click the Add button to add an app.
62
MaaS360.com
It expands so you can indicate the type of app.
2. Specify if the app will be available to all users or a specific group, even if you do not plan to distribute
the app to them right away.
3. Begin entering the name of the app. MaaS360 will present you with choices as you type.
63
MaaS360.com
4. Specify the app removal, security and distribution options.
Note: The security policies you used when uploading it into the catalog are in effect now.
Different options are displayed depending on the type of app:
•
iTunes App Store App:
o
App Source: Enter the app’s name. Click Change Region if need to change the name of the
country
o
Remove App on
o

MDM Removal & Selective Wipe: The app will be removed if MaaS360’s control of
the device is terminated, or if a selective wipe is performed on the device

Stopping Distribution: The app will be removed if a pending distribution is ended
Security Policies

o
Restrict Data Backup to iTunes: App data will not be backed up to iTunes
Distribute to

None: Load the app into the App Catalog without distributing it

Specific Device: Enter the device name and specify:
64
MaaS360.com


•
•
Instant Install: MaaS360 will prompt the recipient to download the app
•
Send Email: MaaS360 will send them an email telling them about the new
app
Group: Select the group of devices to receive the app and specify:
•
Instant Install: MaaS360 will prompt the recipient to download the app
•
Send Email: MaaS360 will send them an email telling them about the new
app
All Devices: All your devices will receive the app. Specify:
•
Instant Install: MaaS360 will prompt the recipient to download the app
•
Send Email: MaaS360 will send them an email telling them about the new
app
Enterprise App for iOS:
o
App Source: Enter the app’s name
o
Description: Enter a description of the app
o
Category: Enter a classification for the app
o
Screenshot: Upload screenshots for the app
o
Remove App on
o

MDM Removal & Selective Wipe: The app will be removed if MaaS360’s control of
the device is terminated, or if a selective wipe is performed on the device

Stopping Distribution: The app will be removed if a pending distribution is ended
Security Policies

o
Restrict Data Backup to iTunes: App data will not be backed up to iTunes
Distribute to

None: Load the app into the App Catalog without distributing it

Specific Device: Enter the device name and specify:


•
Instant Install: MaaS360 will prompt the recipient to download the app
•
Send Email: MaaS360 will send them an email telling them about the new
app
Group: Select the group of devices to receive the app and specify:
•
Instant Install: MaaS360 will prompt the recipient to download the app
•
Send Email: MaaS360 will send them an email telling them about the new
app
All Devices: All your devices will receive the app. Specify:
•
Instant Install: MaaS360 will prompt the recipient to download the app
•
Send Email: MaaS360 will send them an email telling them about the new
app
65
MaaS360.com
•
Google Play App:
o
App Name: Enter the app’s name. Click Provide URL if you need to find the app in the
Google Play store
o
Remove App on
o
o

MDM Control Removal: The app will be removed if MaaS360’s control of the device
is terminated

Selective Wipe: The app will be removed if a selective wipe is performed on the
device
Security Policies

Enforce Authentication: Users must enter a username and password to receive the
app

Enforce Compliance: Devices must be in compliance to receive the app
Distribute to

None: Load the app into the App Catalog without distributing it

Specific Device: Enter the device name and specify:
•


•
Send Email: MaaS360 will send them an email telling them about the new
app
Group: Select the group of devices to receive the app and specify:
•
Instant Install: MaaS360 will prompt the recipient to download the app.
Instant Install is silent on Samsung SAFE devices
•
Send Email: MaaS360 will send them an email telling them about the new
app
All Devices: All your devices will receive the app. Specify:
•
Instant Install: MaaS360 will prompt the recipient to download the app
•
Send Email: MaaS360 will send them an email telling them about the new
app
Enterprise App for Android:
o
App Source: Upload the file. Click Provide URL to use a URL instead
o
Description: Enter a description of the app
o
Category: Enter a classification for the app
o
Screenshot: Upload screenshots for the app
o
Remove App on
o

MDM Control Removal: The app will be removed if MaaS360’s control of the device
is terminated

Selective Wipe: The app will be removed if a selective wipe is performed on the
device
Security Policies

o
Restrict Data Backup to iTunes: App data will not be backed up to iTunes
Distribute to
66
MaaS360.com

None: Load the app into the App Catalog without distributing it

Specific Device: Enter the device name and specify:


•
Instant Install: MaaS360 will prompt the recipient to download the app.
Instant Install is silent on Samsung SAFE devices
•
Send Email: MaaS360 will send them an email telling them about the new
app
Group: Select the group of devices to receive the app and specify:
•
Instant Install: MaaS360 will prompt the recipient to download the app.
Instant Install is silent on Samsung SAFE devices
•
Send Email: MaaS360 will send them an email telling them about the new
app
All Devices: All your devices will receive the app. Specify:
•

•
Send Email: Recipients will receive an email telling them that the app has been
added to their app catalog
Windows Phone Store App:
o
Windows Phone Store App: Upload the file. Click Provide URL to use a URL instead
o
Distribute to

None: Load the app into the App Catalog without distributing it

Specific Device: Enter the device name and specify:
•

Send Email: MaaS360 will send them an email telling them about the new
app
Group: Select the group of devices to receive the app and specify:
•
•
Instant Install: MaaS360 will prompt the recipient to download the app.
Instant Install is silent on Samsung SAFE devices
Send Email: MaaS360 will send them an email telling them about the new
app

All Devices: All your devices will receive the app. Specify:

Send Email: Recipients will receive an email telling them that the app has been
added to their app catalog
Windows Phone Private App:
o
Windows Phone URL for App: Specify the URL of the app
o
Distribute to

None: Load the app into the App Catalog without distributing it

Specific Device: Enter the device name and specify:
•

Send Email: MaaS360 will send them an email telling them about the new
app
Group: Select the group of devices to receive the app and specify:
•
Send Email: MaaS360 will send them an email telling them about the new
app
67
MaaS360.com
•

All Devices: All your devices will receive the app.

Send Email: Recipients will receive an email telling them that the app has been
added to their app catalog
Enterprise Windows Phone App:
o
Available for: Specify who can receive the app (all users or a specific group)
o
App Source: Upload the file. Click Provide URL to use a URL instead
o
Description: Enter a description of the app
o
Category: Enter a classification for the app
o
Screenshot: Upload screenshots for the app
o
Remove App on

MDM Control Removal: The app will be removed if MaaS360’s control of the device
is terminated
Note: Enterprise Windows Phone Apps are always removed if MaaS360’s control of
the device is terminated or if a selective wipe is performed on it.
o
Distribute to

None: Load the app into the App Catalog without distributing it

Specific Device: Enter the device name and specify:


•
•
Instant Install: MaaS360 will prompt the recipient to download the app
•
Send Email: MaaS360 will send them an email telling them about the new
app
Group: Select the group of devices to receive the app and specify:
•
Instant Install: MaaS360 will prompt the recipient to download the app
•
Send Email: MaaS360 will send them an email telling them about the new
app
All Devices: All your devices will receive the app. Specify:
•
Instant Install: MaaS360 will prompt the recipient to download the app
•
Send Email: MaaS360 will send them an email telling them about the new
app
Web App for iOS:
o
Web App Display Name: Enter the app’s name
o
Web App URL: Enter the complete URL for the app
o
Web App Icon: Specify the icon you want to represent the app
o
Description: Enter a description of the app
o
Category: Enter a classification for the app
o
Remove App on

Stopping Distribution: The app will be removed if a pending distribution is ended
68
MaaS360.com
Note: iOS Web Apps are always removed if MaaS360’s control of the device is
terminated or if a selective wipe is performed on it.
o
o
Policies

Install Automatically: App data will not be backed up to iTunes

Launch in Full Screen: Launch the app in full screen mode on the device

Visual Effects on Icon: The icon will be displayed with standard graphics

Allow Users to Remove: Allow users to remove the app from the device
Distribute to

None: Load the app into the App Catalog without distributing it

Specific Device: Enter the device name

Group: Select the group of devices to receive the app

All Devices: All your devices will receive the app.
5. When you have finished selecting the options you want, click Add.
Note: The Secure Productivity Suite offers many more options for securing apps. For more
information, contact your account representative.
Viewing an App
Click the View link to see detailed information about the app.
You can see:
•
The type of app
•
The category
•
How many devices it was distributed to
•
How many have installed it
•
Any security policies in effect for it
•
An audit trail
69
MaaS360.com
If there are pending distributions, they will be marked with a red X. You can click the X to cancel the
specified distribution.
Distributing an App
Click the Distribute link to choose the options you want for distributing the app. There are different
options depending on the type of app.
Different options are displayed depending on the type of app:
•
•
•
•
iTunes App Store App:
o
Available for: Specify who can receive the app, either all users or a group
o
Target: Specify if it will be deployed to a device, a group or a specific device
o
Instant Install (iOS 5+ devices): If you are using VPP codes for paid apps, recipients will
not have to pay for the app
o
Send Email: Recipients will receive an email telling them that the app has been added to
their app catalog
Enterprise App for iOS:
o
Available for: Specify who can receive the app, either all users or a group
o
Target: Specify if it will be deployed to a device, a group or a specific device
o
Instant Install (iOS 5+ devices): If you are using VPP codes for paid apps, recipients will
not have to pay for the app. In addition, the users will not need to enter a password to get
the enterprise app
o
Send Email: Recipients will receive an email telling them that the app has been added to
their app catalog
Google Play App:
o
Available for: Specify who can receive the app, either all users or a group
o
Target: Specify if it will be deployed to a device, a group or a specific device
o
Send Email: Recipients will receive an email telling them that the app has been added to
their app catalog
Enterprise App for Android:
o
Available for: Specify who can receive the app, either all users or a group
o
Target: Specify if it will be deployed to a device, a group or a specific device
o
Instant Install: Specify if the user will be prompted to install the app and the type of
network:

All Networks

Wi-Fi only

Wi-Fi and in-network cellular
Note: Instant Install is silent for Samsung SAFE devices.
o
•
Send Email: Recipients will receive an email telling them that the app has been added to
their app catalog
Windows Phone Store App:
o
Available for: Specify who can receive the app, either all users or a group
70
MaaS360.com
•
•
•
o
Target: Specify if it will be deployed to a device, a group or a specific device
o
Send Email: Recipients will receive an email telling them that the app has been added to
their app catalog
Enterprise Windows Phone App:
o
Available for: Specify who can receive the app, either all users or a group
o
Target: Specify if it will be deployed to a device, a group or a specific device
o
Send Email: Recipients will receive an email telling them that the app has been added to
their app catalog
Windows Phone Private App:
o
Available for: Specify who can receive the app, either all users or a group
o
Target: Specify if it will be deployed to a device, a group or a specific device
o
Send Email: Recipients will receive an email telling them that the app has been added to
their app catalog
Web App for iOS:
o
Available for: Specify who can receive the app, either all users or a group
o
Target: Specify if it will be deployed to a device, a group or a specific device
Deleting an App
Click the Delete link to delete the app from the App Catalog. It cannot be distributed to anyone if it has
been deleted, and any existing distributions will be stopped (this may remove the app from the devices).
Click Show Deleted Apps to see all the apps that were deleted. You can only view them.
Distribution Details by Devices
Click the More link, and then click Distribution Details by Devices to see information about previous
distributions.
Apple Store: Volume Purchasing Program
The Apple Store Volume Purchase Program (VPP) allows educational institutions to buy iOS apps in
volume and distribute the apps to their users. The Volume Purchase Program allows developers and
organizations to purchase large number of applications at special prices from the Apple Stores.
MaaS360 will allow you to load VPP codes:
1. Find the app and mouse over the More link. Click Upload VPP File.
71
MaaS360.com
2. Browse to the file’s location and select it. Specify the region, and click Override Redeemed Code
Status if you want to make it possible for the status of redeemed codes to be updated.
3. Click Upload.
You can also upload a file when viewing an app by clicking
and then entering the upload information.
You can manage or review the status of VPP codes by performing the following:
4. Find the app. Mouse over More, and then click Manage VPP Codes.
72
MaaS360.com
5. You can see which devices used the codes and how many codes are still available for the app.
6. Click the Upload VPP Codes button to upload another file of codes. Click Clear VPP codes to clear any
unused codes.
73
MaaS360.com
Documents
The Document Management features of MaaS360 are accessed from the Docs tab.
Content Library
MaaS360 allows you to distribute documents and files to your users quickly and easily. Each document must
be loaded into the MaaS360 Content Library before it can be distributed.
To access the Content Library, mouse over Docs and click Content Library.
The Content Library lists your files and provides basic information about them.
Click the highlighted number under Downloads to see the devices that have downloaded the file.
You can sort and filter your files by clicking on the column headings.
There are links under each document you can use to take action.
74
MaaS360.com
Adding Documents to the Content Library
If you wish to add a new document, mouse over Docs and select Content Library.
At the bottom of the page you can see how much free space is still available—you may need to delete
documents before you can add the new one.
Click the Add Documents button to upload documents that you wish to distribute to iOS and Android
mobile devices.
Enter the details about the document.
Available for
Specify the group that can receive the document.
75
MaaS360.com
Select Files
Browse to the file you want to add and select it. You can upload up to 15 files at a
time.
Document Names
Enter the name you want your users to see.
Tags
Enter tags to help your users find the document, separated by a comma.
Security Settings
Specify the security settings that apply to this document:
Download Policies
Distribute to
•
Restrict Export: Users cannot open the document with another app.
•
Restrict Cut/Copy/Paste: Text in the document cannot be cut, copied or
pasted into another app.
Specify the policies that apply to this document:
•
Password Protected: Users must enter a password to access the document
•
Download Automatically: The document will automatically be downloaded
onto the device
•
Hide Doc Preview in App: A preview of the document will not be shown for
file formats like iBooks where preview is not supported
•
Download only on Wi-Fi: To reduce costs, the document will only be
downloaded on a Wi-Fi network
•
Restrict Delete after Download: Prevents users from removing a locally
cached copy of the document
Specify if the document should immediately be distributed to all devices and users, a
specific group, a specific device, or if it should not be distributed immediately
(None).
You can also enter an expiration date when the document will be removed from an
individual device, a group or all users.
Click Save.
When prompted, enter your password and click Continue.
Edit
Click the Edit link to see detailed information about the document.
76
MaaS360.com
You can see information about the distribution, including the size of the file and any security that has been
applied to it. You can also see the version history for the file. Click the red X to delete a distribution.
For iOS devices, you can select Restrict Share and prevent documents from being opened with third-party
apps. On Android devices it will prevent the content from going to the device.
You can also specify the download policies for iOS devices:
•
Download Automatically: The document will automatically be downloaded onto the device
•
Hide Doc Preview in App: A preview of the document will not be shown. This is for file formats like
iBooks where preview is not supported
•
Password Protected: Users must enter a password to access the document
•
Download only on Wi-Fi: To reduce mobile data costs, the document will only be downloaded on a WiFi network
•
Restrict Delete after Download: Prevents users from removing a locally cached copy of the document
After making your changes, click Save.
You can also remove the document from the Content Library by clicking Delete from this screen.
Adding a Version
You may want to send different versions of a document to your users over time.
Select the document, and click the Edit link.
77
MaaS360.com
Click Add Version.
Browse to the new version and click Save.
Enter your password and click Continue.
The version history at the bottom of the screen will reflect the change.
Distribute
To distribute a document, click the Distribute link under its name.
78
MaaS360.com
Specify if an individual device, a group or all users should receive the document. If you want to distribute
the document to more than one target, click
.
You can also enter an expiration date when MaaS360 will remove the document from an individual device,
a group or all users.
Click Distribute.
Delete
To delete a document, click the Delete link under its name.
Document Settings
Select Docs > Settings to specify document policies and behavior.
Restrict Share
Users cannot open documents with third-party apps, email documents, or copy/paste
the content.
Password Protected
Users must enter a passcode to access the document. The passcode will depend on the
enrollment settings. For example, if the enrollment settings specify to use Active
Directory credentials, the credentials entered to access document would be the user’s
Active Directory credentials.
Download only on Wi-Fi
To reduce costs, the document will only be downloaded on a Wi-Fi network.
Restrict Delete after
Download
Prevents users from removing a locally cached copy of the document.
Download
The document will automatically be downloaded onto the device.
79
MaaS360.com
Automatically
Hide Doc Preview in
App
A preview of the document will not be shown for file formats like iBooks where preview
is not supported.
These are the default settings for all your documents.
Content Sources
MaaS360 integrates easily with your public environments, including SharePoint, Windows File Share content
and Intranet sites.
Note: If Private SharePoint is needed, you will need to install the MaaS360 Mobile Enterprise
Gateway. For more information, refer to the MaaS360 Mobile Enterprise Gateway
Administrators Guide.
Click Docs > SharePoint Sites to display the Manage SharePoint Settings screen.
You can see all your sites, the site URLs, the library/folder and the group access permissions.
To add a new site, click the Add New Site button.
Enter the Site Display Name, the Browser URL, Site URL, name of the Library or Folder that you wish to
share, Group Access Permissions and sharing restrictions:
•
View and Share: users can open documents with third-party apps, email documents, and
copy/paste the content
•
Restrict Share: users cannot open documents with third-party apps, email documents, or
copy/paste the content
80
MaaS360.com
Click Save.
Click the Edit link under the site name to edit the settings, and Delete to remove the site.
81
MaaS360.com
Expense Management
Note: This module may not be enabled for all users. Contact your account representative for
details.
The Mobile Expense Management (MEM) module lets you enable mobile data usage tracking for specific
devices.
•
Plans can set up in-network and roaming data usage limits.
•
Alerts can be set up to be automatically triggered when the user reaches or exceeds the specified
threshold criteria. You can also specify the action to be taken by the device on exceeding the data
usage limit. When devices reach the usage threshold limits, the specified alerts are automatically
triggered.
For iOS and Android devices, the MEM feature is enabled only if the selected device is associated with an
MEM plan.
Note: MaaS360 allows you to perform only usage-based tracking and not cost-based tracking.
Mouse over the Expense tab and click Manage Plans to see all your company’s plans.
You can toggle between seeing all the plans and only seeing the active ones by clicking the appropriate
button at the top of the page. The text on the button changes depending on what is being displayed.
You can click on the plan’s name to see details about it.
You can choose an Action from the pull-down menu or click Edit to update the plan.
82
MaaS360.com
•
Deactivate Plan: Make the plan inactive. Any devices currently assigned to the plan will not have a
plan; their usage will not be tracked
•
View Audit History: See the actions that have been taken on the plan, including when it was published
•
Set Default: Make this plan the default plan
Creating a New Plan
To create a new plan, perform the following steps:
1. Click the Create New Plan button.
2. The Create Plan box appears.
3. Specify the group that can have the plan, the plan’s name and a description. Click Continue.
4. Enter the plan details.
First day of the Billing
cycle
Specify the day of the month on which the billing cycle begins.
In-Network Mobile Data
Usage Limit (MB)
Specify the in-network data usage limit.
83
MaaS360.com
Roaming Mobile data
Usage Limit (MB)
Specify the roaming data usage limit.
5. Click Save & Publish when you are finished defining the plan.
The plan can now be deployed to users. It is only available to those in the group you originally specified in
Step #3.
The plan will be in Draft status until it is published. It cannot be used until it is published.
Changing an Existing Plan
1. Find the plan on the Manage Plans screen.
2. Select Edit Plan from the Actions menu:
3. Make your changes to the plan and click Save & Publish when you are finished.
Deactivating and Reactivating a Plan
To deactivate a plan, perform the following steps:
1. Select Expense > Manage Plans.
2. Find the plan you want and select the Actions menu for that plan.
84
MaaS360.com
3. Click Deactivate Plan on the menu. Click Continue when you see the confirmation message.
The status of the plan is now Inactive. MaaS360 will no longer track usage for any devices that were
assigned to it.
To reactivate a plan, perform the following steps:
1. On the Manage Plans screen, make sure all plans are visible. The Show Active and Inactive Plans
toggle should say Hide Inactive.
2. Click on the Actions pull-down menu for that plan, and then select Reactivate Plan.
3. Specify if the plan should be the default plan, and enter a description.
85
MaaS360.com
4. Click Continue. The Confirm Action message appears.
5. Click Continue. The plan has been reactivated.
Viewing Audit History
To see the changes that have been made to a plan, click View Audit History from the Actions menu for
that plan.
The Audit History screen displays changes for a plan, and when they were made.
86
MaaS360.com
Reports
MaaS360 Mobile Intelligence™ reports allows you to use enhanced reporting functions, such as the tabular
presentation of reports to group associated graphs and reports, and to provide easy navigation between the
reports. It also includes filters, which help you generate a variety of real-time reports or narrow down
report details based on your filter criteria.
To access the reports, mouse over the Reports tab and select the report family you want.
Note: The reports that appear on the Reports tab depend on the products you have purchased. The
list you see may be different than what is shown in this document.
Separate reports in each family appear on tabs.
There are filters at the screen to help you manage your data:
•
Personal
87
MaaS360.com
•
Corporate owned
•
Unspecified
•
iOS
•
Android
•
BlackBerry
•
Windows Phone
•
Time period
You can save your filter so you can use it again. Click Save as Custom, and then enter a name and
description for it.
Note: The filter you select for one report in a family is retained for the other reports until you
clear it by clicking Clear on the pull-down menu.
You can subscribe to reports by clicking
.
88
MaaS360.com
You can specify the graphs and reports included in the subscription, the format (PDF or PPT), the email
recipients, the delivery frequency and more.
You can mouse over part of a graph to see the details about it. For example, the following shows that out
of the 7 Android devices, 3 are tablets:
If you click on it, MaaS360 displays the Details Report filtered to show information about those tablets:
The active filters are highlighted (yellow) for the associated columns.
You can choose the type of chart by selecting it from the menu at the bottom of the page.
You can also download the report by clicking Export.
89
MaaS360.com
Platform Administration
Important administration tasks appear under the Portal Administration section of the Setup menu.
Administrators
To find or create a portal administrator, select Setup > Administrators.
The Search Administrators screen appears.
To find an administrator, enter one or more of the following:
•
Username
•
Email address
•
Select a role from the pull-down menu
Click Search.
If you do not enter any of the criteria, all administrators will be displayed.
90
MaaS360.com
The Actions icons apply to the administrator.
Edit the administrator’s information or roles.
Reset the administrator’s password.
Deactivate the administrator.
Delete the administrator.
View the change history for the administrator.
Create Portal Administrator
To create a new portal administrator:
Click Add Administrator at the top of the screen. The Administrator Details screen appears.
Enter the administrator’s email address and username. If the username will be the same as the email
address, click the same as Corporate Email Address checkbox.
Click Next.
91
MaaS360.com
Click to select one or more roles to assign to the new user. When you click to select a role, the role
description appears in the Role Description field.
Note: A MaaS360 Portal Administrator can create Administrator accounts only with equal or lesser
access rights. For example, an administrator who is assigned the Help Desk role can only
create Help Desk accounts, but will be unable to create an account with more access rights
(such as the Administrator).
Click the arrow buttons to move selected options or all options between the fields.
Assign all the roles to the new administrator.
Assign the highlighted role to the new administrator.
Remove the highlighted role from the assignment.
Remove all roles from the assignment.
Click Limit portal administrator access to the specified Managed User Groups if you do not want the user
to have access to any other areas in MaaS360. Note: This is part of Departmentalization, a separate
feature. For details, contact your account representative.
Click Next. The Review Details screen is displayed.
Click Save. You will be asked for your password.
92
MaaS360.com
Enter your password and click Continue.
You will receive a confirmation message. You can now click Create Another Administrator to perform the
process again.
Roles and Rights
There are a number of roles in MaaS360:
•
Read-Only: The Read-Only role provides view-only access to all devices, policies, and applications.
The Read-Only role also allows the administrator to view reports, My Alert Center, devices,
policies, and the Action History report in the MaaS360 System.
•
Help Desk: The Help Desk role provides the administrator with access rights to perform Help Desk
device management actions that include locating an end-user device, sending messages or alerts to
the end-user device, lock a device, or reset device passcode. The Help Desk role also allows the
administrator to view My Alert Center, view policies and reports, manage device enrollments, edit
device views, perform remote control and help desk actions.
•
Administrator: In addition to the access rights of the Read-Only role, the Administrator role
provides access rights to perform device management actions on end-user devices. The
Administrator role allows you to view My Alert Center, view reports and policies and also manage
device enrollments, edit device view, perform policy actions, perform remote control, wipe data
on a mobile device, send messages to end-user devices and perform device deactivation actions.
•
Administrator Level 2: The Administrator Level 2 role provides the Administrator with complete
device management access rights that include the ability to create and manage policies and
applications, The Administrator Level 2 role also allows you to view reports, and My Alert Center,
manage device enrollments, perform device view bulk updates, define custom attributes, manage
MaaS360 Cloud Extenders, perform group level actions, and view and publish policies in MaaS360
system.
•
MaaS360 Service Administrator: The MaaS360 Service Administrator role provides the
administrator with Master Administrator level access rights that include the ability to configure
services and manage administrator accounts. The MaaS360 Service Administrator role also allows
the administrator to view reports and Alert Center notifications, manage device enrollments,
93
MaaS360.com
perform device view bulk updates, define Custom Attributes, manage MaaS360 Cloud Extenders,
perform group level actions, publish policies, and Configure Services.
Role
Right to Access
Category
Description
Administrator
Apps - Read only
App Distribution
View only access to Apps.
Action History
Device Management
Ability to view a global action history across all devices.
Buzz Device
Device Management
Ability to buzz a device through a Device View action.
Change Compliance
Rule Set
Device Management
Ability to change a compliance rule set through a Device View
action.
Change Device Policy
Device Management
Ability to change a device policy through a Device View action.
Change Expense Mgmt
Plan
Device Management
Deactivate Device
Device Management
Device Enrollments Read only
Device View - Read
only
Distribute App for a
device
Distribute Doc for a
device
Ability to change a mobile expense management plan through a
Device View action.
Ability to remove MDM control or hide devices through a Device
View action.
Device Management
View only access to device enrollment requests.
Device Management
View only access to Device View (no actions).
Device Management
Ability to distribute an app through a Device View action.
Device Management
Ability to distribute a doc through a Device View action.
Enable Alerts
Device Management
Enable Alerts for Enterprise Customers.
Locate Device
Device Management
Ability to locate a device through a Device View action.
Lock Device
Device Management
Ability to lock a device through a Device View action.
Manage Device
Enrollments
Device Management
Ability to manage device enrollment requests.
Merge Duplicate
Device Records
Device Management
Refresh Device
Information
Device Management
Reset Device Passcode
Device Management
Selective Wipe
Device Management
Send Message
Device Management
Set Custom Attribute
Value
User Views - Generate
Password
Device Management
Device Management
Ability to manually merge Android or Windows Phone 7 device
records if automated merge cannot identify the devices to
merge.
Ability to issue an on-demand refresh for all information about
the device through a Device View action.
Ability to reset the device passcode through a Device View
action.
Ability to selectively wipe (restrict) corporate data from a
device and revoke the selective wipe from a device through a
Device View action.
Ability to send a message to a device through a Device View
action.
Ability to set custom attribute values through a Device View
action.
Ability to generate passwords for users through the View All
Users workflow.
Users - Read only
Device Management
View only access to User View.
View Custom
Attributes
Device Management
View only access to custom attributes.
Wipe Device
Device Management
Ability to wipe the device or canceling pending wipe action
though a Device View action.
Docs - Read only
Doc Distribution
View only access to Docs.
Doc Distribution
Ability to modify Document settings
Expense
Management
View only access to Expense Mgmt Plans.
Manage Document
Settings
Expense Mgmt Plans Read only
94
MaaS360.com
Role
Right to Access
Category
Description
Mobile Analytics
View only access to Mobile Metrics graphs and ability to propose
new ideas.
Policy Management
View only access to Policies.
Reports
Reports
Ability to view graphs and reports in the Reports tab
Manage Apps
App Distribution
Ability to add, change or delete Apps.
Action History
Device Management
Ability to view a global action history across all devices.
Bulk Upload Custom
Attributes
Device Management
Ability to bulk upload a file to set custom attributes.
Buzz Device
Device Management
Ability to buzz a device through a Device View action.
Change Compliance
Rule Set
Device Management
Ability to change a compliance rule set through a Device View
action.
Change Device Policy
Device Management
Ability to change a device policy through a Device View action.
Change Expense Mgmt
Plan
Device Management
Deactivate Device
Device Management
Device Enrollments Read only
Device Management
View only access to device enrollment requests.
Device Group actions
Device Management
Ability to push actions at a group level.
Mobile Metrics - View
and Propose new
ideas
Manage Policies Read only
Administrator Level 2
Ability to change a mobile expense management plan through a
Device View action.
Ability to remove MDM control or hide devices through a Device
View action.
Device View - Read
only
Distribute App for a
device
Distribute Doc for a
device
Device Management
View only access to Device View (no actions).
Device Management
Ability to distribute an app through a Device View action.
Device Management
Ability to distribute a doc through a Device View action.
Enable Alerts
Device Management
Enable Alerts for Enterprise Customers.
Locate Device
Device Management
Ability to locate a device through a Device View action.
Lock Device
Device Management
Ability to lock a device through a Device View action.
Device Management
Ability to manage Cloud Extenders.
Device Management
Ability to add, change or delete Custom Attributes.
Device Management
Ability to manage device enrollment requests.
Manage Cloud
Extenders
Manage Custom
Attributes
Manage Device
Enrollments
Merge Duplicate
Device Records
Device Management
Refresh Device
Information
Device Management
Remove App
Device Management
Reset Device Passcode
Device Management
Selective Wipe
Device Management
Send Message
Device Management
Set Custom Attribute
Value
Device Management
Ability to manually merge Android or Windows Phone 7 device
records if automated merge cannot identify the devices to
merge.
Ability to issue an on-demand refresh for all information about
the device through a Device View action.
Ability to remove an app through a Device View action.
Ability to reset the device passcode through a Device View
action.
Ability to selectively wipe (restrict) corporate data from a
device and revoke the selective wipe from a device through a
Device View action.
Ability to send a message to a device through a Device View
action.
Ability to set custom attribute values through a Device View
action.
95
MaaS360.com
Role
Right to Access
Category
Description
User Views - Generate
Password
Device Management
Ability to generate passwords for users through the View All
Users workflow.
Users - Read only
Device Management
View only access to User View.
Wipe Device
Device Management
Ability to wipe the device or canceling pending wipe action
though a Device View action.
Manage Docs
Doc Distribution
Ability to add, change or delete Docs.
Doc Distribution
Ability to modify Document settings
Expense
Management
Ability to add, change or delete expense mgmt plans.
Mobile Analytics
View only access to Mobile Metrics graphs and ability to propose
new ideas.
Manage Policies
Policy Management
Ability to add, change, delete and publish policies.
Reports
Reports
Ability to view graphs and reports in the Reports tab
Apps - Read only
App Distribution
View only access to Apps.
Action History
Device Management
Ability to view a global action history across all devices.
Buzz Device
Device Management
Ability to buzz a device through a Device View action.
Device Management
View only access to device enrollment requests.
Device Management
View only access to Device View (no actions).
Enable Alerts
Device Management
Enable Alerts for Enterprise Customers.
Locate Device
Device Management
Ability to locate a device through a Device View action.
Lock Device
Device Management
Ability to lock a device through a Device View action.
Manage Device
Enrollments
Device Management
Ability to manage device enrollment requests.
Merge Duplicate
Device Records
Device Management
Refresh Device
Information
Device Management
Reset Device Passcode
Device Management
Send Message
Device Management
Manage Document
Settings
Manage Expense Mgmt
Plans
Mobile Metrics - View
and Propose new
ideas
Help Desk
Device Enrollments Read only
Device View - Read
only
Set Custom Attribute
Value
User Views - Generate
Password
Device Management
Device Management
Ability to manually merge Android or Windows Phone 7 device
records if automated merge cannot identify the devices to
merge.
Ability to issue an on-demand refresh for all information about
the device through a Device View action.
Ability to reset the device passcode through a Device View
action.
Ability to send a message to a device through a Device View
action.
Ability to set custom attribute values through a Device View
action.
Ability to generate passwords for users through the View All
Users workflow.
Users - Read only
Device Management
View only access to User View.
Docs - Read only
Doc Distribution
View only access to Docs.
Doc Distribution
Ability to modify Document settings
Expense
Management
View only access to Expense Mgmt Plans.
Mobile Analytics
View only access to Mobile Metrics graphs and ability to propose
new ideas.
Policy Management
View only access to Policies.
Reports
Ability to view graphs and reports in the Reports tab.
Manage Document
Settings
Expense Mgmt Plans Read only
Mobile Metrics - View
and Propose new
ideas
Manage Policies Read only
Reports
96
MaaS360.com
Role
Right to Access
Category
Description
Read Only
Apps - Read only
App Distribution
View only access to Apps.
Action History
Device Management
Ability to view a global action history across all devices.
Device Management
View only access to device enrollment requests.
Device Management
View only access to Device View (no actions).
Enable Alerts
Device Management
Enable Alerts for Enterprise Customers.
Refresh Device
Information
Device Management
Ability to issue an on-demand refresh for all information about
the device through a Device View action.
Users - Read only
Device Management
View only access to User View.
Docs - Read only
Doc Distribution
View only access to Docs.
Doc Distribution
Ability to modify Document settings.
Expense
Management
View only access to Expense Mgmt Plans.
Mobile Analytics
View only access to view Mobile Metrics graphs.
Policy Management
View only access to Policies.
Reports
Reports
Ability to view graphs and reports in the Reports tab.
Manage Administrator
Roles
Administrator
Management
Ability to create & manage Roles. Additionally, ability to create
& manage admins.
Manage Apps
App Distribution
Ability to add, change or delete Apps.
Bulk Upload Custom
Attributes
Device Management
Ability to bulk upload a file to set custom attributes.
Buzz Device
Device Management
Ability to buzz a device through a Device View action.
Change Compliance
Rule Set
Device Management
Ability to change a compliance rule set through a Device View
action.
Change Device Policy
Device Management
Ability to change a device policy through a Device View action.
Change Expense Mgmt
Plan
Device Management
Deactivate Device
Device Management
Device Enrollments Read only
Device Management
View only access to device enrollment requests.
Device Group actions
Device Management
Ability to push actions at a group level.
Device Management
View only access to Device View (no actions).
Device Management
Ability to distribute an app through a Device View action.
Device Management
Ability to distribute a doc through a Device View action.
Enable Alerts
Device Management
Enable Alerts for Enterprise Customers.
Locate Device
Device Management
Ability to locate a device through a Device View action.
Lock Device
Device Management
Ability to lock a device through a Device View action.
Device Management
Ability to manage Cloud Extenders.
Device Management
Ability to add, change or delete Custom Attributes.
Device Enrollments Read only
Device View - Read
only
Manage Document
Settings
Expense Mgmt Plans Read only
Mobile Metrics - Read
only
Manage Policies Read only
Service
Administrator
Device View - Read
only
Distribute App for a
device
Distribute Doc for a
device
Manage Cloud
Extenders
Manage Custom
Attributes
Ability to change a mobile expense management plan through a
Device View action.
Ability to remove MDM control or hide devices through a Device
View action.
97
MaaS360.com
Role
Right to Access
Category
Description
Manage Device
Enrollments
Device Management
Ability to manage device enrollment requests.
Manage Users
Device Management
Merge Duplicate
Device Records
Device Management
Refresh Device
Information
Device Management
Remove App
Device Management
Reset Device Passcode
Device Management
Selective Wipe
Device Management
Send Message
Device Management
Set Custom Attribute
Value
User Views - Generate
Password
Users - Read only
Device Management
Device Management
Ability to manage users.
Ability to manually merge Android or Windows Phone 7 device
records if automated merge cannot identify the devices to
merge.
Ability to issue an on-demand refresh for all information about
the device through a Device View action.
Ability to remove an app through a Device View action.
Ability to reset the device passcode through a Device View
action.
Ability to selectively wipe (restrict) corporate data from a
device and revoke the selective wipe from a device through a
Device View action.
Ability to send a message to a device through a Device View
action.
Ability to set custom attribute values through a Device View
action.
Ability to generate passwords for users through the View All
Users workflow.
Device Management
View only access to User View.
Wipe Device
Device Management
Ability to wipe the device or canceling pending wipe action
though a Device View action.
Manage Docs
Doc Distribution
Ability to add, change or delete Docs.
Doc Distribution
Ability to modify Document settings.
Doc Distribution
Ability to modify Sharepoint settings.
Manage Policies
Policy Management
Ability to add, change, delete and publish policies.
Reports
Reports
Ability to view graphs and reports in the Reports tab.
Manage Document
Settings
Manage Sharepoint
Settings
Convert to Customer
Expire Account
Extend Trial
Read-Only Account
Services Configuration
Service
Configuration
Service
Configuration
Service
Configuration
Service
Configuration
Service
Configuration
Restrict the visibility of account as Convert to Customer.
Restrict the visibility of account as Expire Account.
Restrict the visibility of account as Extend Trial.
Restrict the visibility of account as Read-Only Account.
Ability to enable additional services through checklist workflow.
Creating a Role
Administrators can create roles, but only with the access privileges they possess (or with fewer privileges).
To create a role, mouse over Setup and select Roles.
98
MaaS360.com
Click Add Role.
Enter the role’s name and a description. You can either create a new role or copy an existing one to use as
a model.
Creating a Role Based on an Existing Role
If you want to use an existing one, select it from the pull-down menu and then click Next.
The access rights for that role are already selected. You can make your changes, and then click Save.
99
MaaS360.com
Creating a New Role Without Using a Model
If you choose not to use an existing role as a model, select Create new and then click Next.
On the Grant Access Rights screen none of the access rights will be selected.
Select the rights you want to grant to the role, and then click Save.
Managing Roles
To change, delete or view a history of changes that were made to a custom role, mouse over Setup and
select Roles.
100
MaaS360.com
Select the role from the pull-down list on the Manage Role screen.
It will automatically be populated with the description.
Click Delete to delete the role.
Click Change History to see a list of the changes made to the role.
Click the View Changes link for one of the dates to see details.
101
MaaS360.com
If you want to edit a role, click the Edit button on the Manage Role screen.
The existing rights will be selected. Make your changes and click Save.
Administrator Logins Report
Mouse over Setup and click Administrator Logins Report.
The Search Criteria screen appears.
Enter a username, IP address, login date range or authentication status. If you do not enter any criteria, all
the logins will be listed.
Click Search.
102
MaaS360.com
103
MaaS360.com
Appendix A: Features List
Device Support
Exchange
ActiveSync
Lotus
Notes
BlackBerry
Enterprise
iOS
Android
Kindle
Fire
Cloud Extender
Win Phone
7.5
Win Phone 8
Windows
Laptops
Mac
Comments
Requires Native App on Device
Android 2.2+
√
√
√
Android 3.x
√
√
√
Android 4.x
√
√
√
BlackBerry OS 4
√
√
BlackBerry OS 5
√
√
BlackBerry OS 6
√
√
BlackBerry OS 7
√
√
BlackBerry OS 10
√
√
iOS 4.x (iPhone,
iPad, and iPod
Touch)
√
√
√
iOS 5.x (iPhone,
iPad, and iPod
Touch)
√
√
√
iOS 6.x (iPhone,
iPad, and iPod
Touch)
√
√
√
iOS 7 (iPhone,
iPad, and iPod
Touch)
√
√
√
iOS V3.x (iPhone,
iPad, and iPod
Touch)
√
√
√
Day 0
support on
GA of iOS 7
MaaS360.com
Exchange
ActiveSync
Lotus
Notes
BlackBerry
Enterprise
iOS
Android
Kindle
Fire
Cloud Extender
Win Phone
7.5
Win Phone 8
Windows
Laptops
Mac
Requires Native App on Device
Mac OS X Tiger,
Lion, Mountain
Lion
√
QNX
√
Symbian (Nokia)
√
WebOS
√
Windows Mobile
6.1
√
√
Windows Mobile
6.5
√
√
Windows Phone 7
√
Window Phone
7.5 (Mango)
√
Windows Phone 8
√
√
√
√
Windows XP,
Vista, 7
Windows 8
Comments
√
√
√
Activation and Enrollment
Exchange
ActiveSync
Lotus
Notes
BlackBerry
Enterprise
iOS
Android
Cloud Extender
AD Authenticated
Enrollment
Kindle
Fire
Win
Phone
7.5
Win
Phone 8
Windows
Laptops
Mac
√
√
Requires Native App on Device
√
√
√
105
√
√
Comments
MaaS360.com
Exchange
ActiveSync
Lotus
Notes
BlackBerry
Enterprise
iOS
Android
Cloud Extender
√
Certificate based
Enrolled when
Exchange Email is
configured on Device
Win
Phone
7.5
Win
Phone 8
Windows
Laptops
Mac
Comments
Requires Native App on Device
Agent based
Bulk enrollment
Kindle
Fire
√
√
√
√
√
√
√
√
√
√
√
√
√
Push MDM Profiles
OTA
√
Unattended
Enrollment workflow
√
√
Web Based Enrollment
(no app required)
√
√
√
√
√
√
√
√
√
*AD
Required
√
Device Attributes
Hardware Attributes
Exchange
ActiveSync
Lotus
Notes
BlackBerry
Enterprise
iOS
Android
Cloud Extender
Activation Date
√
ActiveSync Device ID
√
ActiveSync GUID
√
ActiveSync Identity
√
Win
Phone
7.5
Win
Phone
8
Windows
Laptops
Requires Native App on Device
√
ActiveSync Agent
Kindle
Fire
√
√
√
√
√
√
106
√
Mac
Comments
MaaS360.com
Exchange
ActiveSync
Lotus
Notes
BlackBerry
Enterprise
iOS
Android
Cloud Extender
Kindle
Fire
Win
Phone
7.5
Win
Phone
8
Windows
Laptops
Requires Native App on Device
API Level
√
Apple Serial Number
√
Application Data
√
√
√
√
√
√
Baseband Version
√
√
Battery Condition
√
√
√
√
Battery Level
√
BES Server
√
√
BIOS Date
√
BIOS Serial Number
√
Build Number
√
√
√
CD/DVD Name
Default Language
√
√
Device Serial Number/PIN
Email Address
√
√
√
√
√
√
√
√
√
√
√
√
√
File System Type
√
Free External Storage
√
√
√
Free Internal Storage
√
√
√
IMEI/ESN
√
√
√
√
√
√
√
√
√
Installed/Activation Date
Mac
√
√
Kernel Version
√
√
√
√
√
√
Last Reported
√
√
√
√
√
√
√
√
√
Managed Status
√
√
√
√
√
√
√
√
√
Manufacturer
√
√
√
√
√
√
√
√
√
107
√
Comments
MaaS360.com
Exchange
ActiveSync
Lotus
Notes
BlackBerry
Enterprise
iOS
Android
Cloud Extender
Kindle
Fire
Win
Phone
7.5
Win
Phone
8
√
√
√
√
Model ID
Modem Firmware Version
√
√
√
√
√
√
√
√
√
√
√
√
√
√
√
Motherboard Serial Number
√
Number of Drives
√
Number of Processor Cores
Operating System
Mac
Requires Native App on Device
Microsoft Auto-Update Status
Model
Windows
Laptops
√
√
√
√
√
√
√
√
√
√
√
√
√
√
√
√
√
√
√
√
OS Architecture (32 vs. 64
bit)
√
√
OS Edition
√
√
OS Patches (Security and
Others
√
√
√
√
Operating System Version
Ownership
√
√
√
√
√
√
√
√
Platform Version
√
Processor Name
√
√
√
Processor Name
√
Processor Speed
√
√
RAM
√
√
√
√
√
Screen Language
√
√
√
√
√
Screen Resolution
√
√
√
√
√
√
√
Screen Width
108
√
√
√
Comments
MaaS360.com
Exchange
ActiveSync
Lotus
Notes
BlackBerry
Enterprise
iOS
Android
Cloud Extender
Kindle
Fire
Win
Phone
7.5
Win
Phone
8
Windows
Laptops
Comments
Requires Native App on Device
Secure Browser Policy
√
Secured Boot ROM
√
√
Service Pack
√
√
√
Timezone
√
√
√
Total External Storage
√
√
√
√
√
Total Internal Storage
√
UDID
Username
Mac
√
√
√
√
√
√
√
√
√
√
√
√
√
√
Volume Free Space
√
√
Volume Label
√
√
Volume Name
√
√
Volume Size
√
√
WMI Status
√
Network Attributes
Exchange
ActiveSync
Lotus
Notes
BlackBerry
Enterprise
Cloud Extender
iOS
Android
Kindle
Fire
Win
Phone
7.5
Win
Phone
8
Windows
Laptops
Mac
Requires Native App on Device
Adapter ID
√
Adapter Type
√
BlackBerry Internet Service
109
√
Comments
MaaS360.com
Exchange
ActiveSync
Lotus
Notes
BlackBerry
Enterprise
iOS
Android
Cloud Extender
Kindle
Fire
Win
Phone
7.5
Win
Phone
8
Windows
Laptops
Mac
Requires Native App on Device
(BIS) Enabled
Bluetooth Mac Address
√
√
Carrier (Current)
√
√
√
Carrier (Home)
√
√
√
Carrier Setting Version
√
Country (Current)
√
√
Country (Home)
√
√
√
√
Device Driver Date
√
Device Driver Name
√
Device Driver Version
√
DHCP Enabled
√
√
DNS Servers
√
√
Gateway
√
√
Direct Connect ID
√
GPS Settings Enabled
ICCID/IMSI
√
√
√
√
International Data Roaming
√
√
IP Address
√
√
√
Last Connection Date - Wi-Fi
√
√
√
Network Type (Current)
√
Phone Number
√
√
√
√
Roaming
√
√
SSID
√
√
√
√
√
110
√
Comments
MaaS360.com
Exchange
ActiveSync
Lotus
Notes
BlackBerry
Enterprise
iOS
Android
Cloud Extender
Kindle
Fire
Win
Phone
7.5
Win
Phone
8
Mac
√
√
√
√
Comments
Requires Native App on Device
Subnet Mask
Supported Frequencies
Windows
Laptops
√
Wi-Fi Mac Address
√
√
√
Personal Hotspot
√
iOS 7 onwards
Do Not Disturb
√
iOS 7 onwards
111
√
MaaS360.com
Location Attributes
Exchange
ActiveSync
Lotus
Notes
BlackBerry
Enterprise
iOS
Android
Cloud Extender
Kindle
Fire
Win
Phone
7.5
Win
Phone
8
Windows
Laptops
Mac
Comments
Requires Native App on Device
Accuracy
√
√
√
√
√
Checked in Location
√
√
Checked in status
√
√
Latitude
√
√
√
√
√
Location (Address)
√
√
√
√
√
Location History
√
Longitude
√
√
√
√
√
Timestamp of Location
Detection
√
√
√
√
√
Find My Device
√
√
iOS 7 onwards
112
MaaS360.com
Application Inventory
Exchange
ActiveSync
Lotus
Notes
BlackBerry
Enterprise
iOS
Android
Cloud Extender
Kindle
Fire
Win
Phone
7.5
Win
Phone
8
Windows
Laptops
Mac
√
√
√
√
√
√
√
√
√
√
√
Requires Native App on Device
Application Bundle Size
√
√
√
√
Application Dynamic Size
√
√
√
√
Application ID
√
√
√
√
√
√
√
√
Application Install Location
Application Name
√
Application Source
√
√
Application Vendor
Application Version
Comments
√
√
√
√
Installation Date
Provisioning Profile Expiry
Date
√
Provisioning Profile ID
√
Provisioning Profile Name
√
iTunes Account Present
√
√
iOS 7 onwards
113
MaaS360.com
Security and Compliance
Exchange
ActiveSync
Lotus
Notes
BlackBerry
Enterprise
iOS
Android
Cloud Extender
ActiveSync Policy
Kindle
Fire
Win
Phone
7.5
Win
Phone
8
Windows
Laptops
Requires Native App on Device
√
Allow installation of NonMarket Apps
√
Allow Mock Locations
√
√
√
Anti-Spyware Details
√
Anti-Virus Details
√
App Compliance State
√
Auto-Backup Configured
√
Auto-Backup Exclusions
√
Auto-Backup Frequency
√
Auto-Sync Enabled
Mac
√
√
√
√
√
√
Automatic Data Backup to
Google Servers Enabled
√
Automatic Restore from Data
Backup on Application
Reinstall
√
Background Data Sync
Enabled
√
Backup and Recovery
√
Bluetooth Enabled
√
Camera Present
√
114
√
Comments
MaaS360.com
Exchange
ActiveSync
Lotus
Notes
BlackBerry
Enterprise
iOS
Android
Windows
Laptops
Mac
Data Encryption
√
√
Data Leak Protection
√
Cloud Extender
√
Configuration Profile Name
√
Configurator Supervised Mode
√
√
√
Win
Phone
7.5
Win
Phone
8
Requires Native App on Device
Certificates
Device Passcode Status
Kindle
Fire
√
√
Device Rooted
Device Wiped
√
Failed Settings
√
GPS Present
√
√
√
√
√
√
√
√
√
Hardware Encryption
√
√
√
√
Jailbreak Detection
√
Last MDM Policy Update Date
√
√
√
Last MDM Policy Update
Source
√
√
√
√
√
√
√
√
√
√
√
Last Policy Updated Date
√
Last Selective Wipe Date
Last Successful Backup Time
√
√
√
Last Wipe Applied Date
√
√
√
Mailbox Approval State
√
√
√
Master Key Vulnerability
status
Maximum Failed Password
Attempts
√
√
√
√
√
√
√
√
115
√
√
√
Comments
MaaS360.com
Exchange
ActiveSync
Lotus
Notes
BlackBerry
Enterprise
iOS
Android
Cloud Extender
Win
Phone
7.5
Win
Phone
8
Windows
Laptops
Mac
Requires Native App on Device
Maximum Passcode Age
(days)
Maximum Time to Lock (min)
MDM or BES Policy
Kindle
Fire
√
Minimum Passcode Length
√
√
√
√
√
√
√
√
√
√
√
√
√
√
√
√
√
√
√
√
√
√
√
NFC enabled
√
√
√
√
Number of Special Characters
√
Other Device Administration
Solutions
Out-of-Compliance Reasons
√
Passcode History
Passcode Quality
√
√
√
Peripheral Protection
√
√
Personal Firewall Details
√
√
Policy Compliance State
√
Policy Version
Remote Wipe Support
√
√
√
√
√
√
√
√
√
√
√
Restrictions Applied
√
√
√
Rule Compliance State
√
√
√
Rule Set Configured
√
√
√
Secure Browser - Last Policy
Update
√
√
√
Secure Browser Policy
√
√
√
Selective Wipe
√
√
√
116
√
Comments
MaaS360.com
Exchange
ActiveSync
Lotus
Notes
BlackBerry
Enterprise
iOS
Android
Cloud Extender
Win
Phone
7.5
Win
Phone
8
Windows
Laptops
Mac
Comments
Windows
Laptops
Mac
Comments
Requires Native App on Device
Settings configured
Settings Failed to Configure
Kindle
Fire
√
Visible Passwords
√
√
√
√
√
√
Android
Kindle
Fire
Running Services
Exchange
ActiveSync
Lotus
Notes
BlackBerry
Enterprise
iOS
Cloud Extender
Win
Phone
7.5
Win
Phone
8
Requires Native App on Device
App ID
√
√
Application Name
√
√
Memory Used
√
√
Running Time
√
√
Service Name
√
√
117
√
√
MaaS360.com
MaaS360 Services
Exchange
ActiveSync
Lotus
Notes
BlackBerry
Enterprise
iOS
Android
Cloud Extender
Kindle
Fire
Win
Phone
7.5
Win
Phone
8
Windows
Laptops
Mac
Requires Native App on Device
Advanced Device
Management SDKs Enabled
√
App ID
√
√
√
Application Name
√
√
√
√
BlackBerry Push Notification
Registration Status
BlackBerry Push Notification
Status
Company Hub
√
DTM Real-time Notification
√
Google Real-time Notification
Registered
√
Installed Date
√
Installed Services
√
√
√
√
List of Modules with versions
and activation time
MaaS360 Agent Version
(Current)
√
√
√
√
√
√
√
√
√
√
√
MaaS360 Agent Version
(Initial)
MaaS360 Device ID
√
118
√
√
Comments
MaaS360.com
Exchange
ActiveSync
Lotus
Notes
BlackBerry
Enterprise
iOS
Android
Cloud Extender
Kindle
Fire
Win
Phone
7.5
Win
Phone
8
Windows
Laptops
Mac
Comments
Windows
Laptops
Mac
Comments
Requires Native App on Device
Microsoft Device Info
Collection
√
√
Microsoft Location Services
√
√
Microsoft Push Notifications
√
√
Primary Google Account
√
Mobile Data Usage
Exchange
ActiveSync
Lotus
Notes
BlackBerry
Enterprise
iOS
Android
Cloud Extender
Kindle
Fire
Win
Phone
7.5
Win
Phone
8
Requires Native App on Device
Daily Mobile Data Usage
(Current Period)
√
√
First day of the Billing cycle
√
√
Monthly aggregate Mobile
Data Usage
√
√
Plan Name
√
√
119
MaaS360.com
Browser History (Visited)
Exchange
ActiveSync
Lotus
Notes
BlackBerry
Enterprise
iOS
Android
Cloud Extender
Kindle
Fire
Win
Phone
7.5
Win
Phone
8
Requires Native App on Device
Allowed Via Exception
√
√
Domain
√
√
First Visit
√
√
Last Visit
√
√
Number of Visits
√
√
Policy Name
√
√
URL Category
√
√
Username
√
√
120
Windows
Laptops
Mac
Comments
MaaS360.com
Browser History (Blocked)
Exchange
ActiveSync
Lotus
Notes
BlackBerry
Enterprise
iOS
Android
Cloud Extender
Kindle
Fire
Win
Phone
7.5
Win
Phone
8
Windows
Laptops
Mac
Comments
Windows
Laptops
Mac
Comments
Requires Native App on Device
Access Time
√
√
Embedded in Page
√
√
Policy Name
√
√
URL
√
√
URL Category
√
√
Username
√
√
iOS
Android
BES (BlackBerry) Device Features
Device Capabilities
Exchange
ActiveSync
Lotus
Notes
BlackBerry
Enterprise
Cloud Extender
Kindle
Fire
Win
Phone
7.5
Win
Phone
8
Requires Native App on Device
Application Control Policies
√
Large Attachment Upload
√
Organizer Data Sync
Encodings
√
Wireless Application Delivery
√
Wireless PIM Data Sync
√
121
MaaS360.com
Email Capabilities
Exchange
ActiveSync
Lotus
Notes
BlackBerry
Enterprise
iOS
Android
Cloud Extender
Kindle
Fire
Win
Phone
7.5
Win
Phone
8
Windows
Laptops
Mac
Comments
Windows
Laptops
Mac
Comments
Requires Native App on Device
Address Lookup Encodings
√
Calendar Encodings
√
Message Encodings
√
PGP
√
S/MIME Encrypted Msg
√
Sent Items Sync
√
Messaging History
Exchange
ActiveSync
Lotus
Notes
BlackBerry
Enterprise
Cloud Extender
iOS
Android
Kindle
Fire
Win
Phone
7.5
Win
Phone
8
Requires Native App on Device
Last Contact
√
Last Time Msg Receive
√
Last Time Msg Sent
√
Result of Last Transaction
√
Uptime
√
122
MaaS360.com
Privacy Settings
Exchange
ActiveSync
Lotus
Notes
BlackBerry
Enterprise
iOS
Android
Cloud Extender
Kindle
Fire
Win
Phone
7.5
Win
Phone
8
Windows
Laptops
Mac
Comments
Requires Native App on Device
Restrict Location Information
√
√
Restrict App Inventory
Information
√
√
iOS
Android
√
√
√
Actions
Device Actions
Exchange
ActiveSync
Lotus
Notes
BlackBerry
Enterprise
Cloud Extender
Allow, Block Device for Email
Access
√
Approve device for Email
Access
√
Change ActiveSync Policy
√
Kindle
Fire
Win
Phone
7.5
Win
Phone
8
Mac
Requires Native App on Device
√
Change BES Policy
√
Change MDM Policy
√
√
√
√
√
√
√
√
Locate Device
√
√
Buzz Device
√
√
Change Rule Set
Windows
Laptop
√
√
√
√
123
√
√
√
Comments
MaaS360.com
Exchange
ActiveSync
Lotus
Notes
BlackBerry
Enterprise
iOS
Android
Cloud Extender
Kindle
Fire
Win
Phone
7.5
Win
Phone
8
Windows
Laptop
Mac
√
√
Requires Native App on Device
Lock Device
√
Lock Device- Display Message
and Callback no.
√
Policy Assignment to AD
Groups
√
√
√
√
√
Policy Assignment to Device
Groups
√
√
√
√
√
√
√
√
√
√
√
√
√
√
√
√
√
√
√
√
√
√
√
√
√
√
Refresh Device Information
Remote Device Wipe (Full)
√
√
Remote Device Wipe
(Selective)
Remove Device from BES
Server
Remove Device from
Exchange Server
√
iOS 7 onwards
√
√
√
√
Configure Patch Settings
Send a Message
√
√
√
√
√
Remove MDM Control
Reset Device Password
√
√
√
Comments
√
√
√
√
√
√
√
√
Distribute App
√
√
√
√
√
√
Change Ruleset
√
√
√
√
√
√
Change Secure Browser
Policy
√
√
√
124
√
MaaS360.com
Group Actions
Exchange
ActiveSync
Lotus
Notes
BlackBerry
Enterprise
iOS
Android
Kindle
Fire
Cloud Extender
Win
Phone
7.5
Win
Phone
8
Windows
Laptop
Mac
√
√
Comments
Requires Native App on Device
Hide Devices
√
√
√
Send Message
√
√
√
Change MDM Policy
√
√
√
Change Plan
√
√
√
Distribute App
√
√
√
Distribute Doc
√
√
√
Change Rule Set
√
√
√
√
√
√
√
√
√
√
Policies
ActiveSync Policies
Exchange
ActiveSync
Description
Allow access to Windows
File Shares
The device
can access
Windows File
Shares
Lotus
Notes
BlackBerry
Enterprise
iOS
Cloud Extender
Android
Kindle
Fire
Win
Phone
7.5
Win
Phone
8
Requires Native App on Device
√
125
Windows
Laptops
Mac
Comments
MaaS360.com
Exchange
ActiveSync
Description
Lotus
Notes
BlackBerry
Enterprise
iOS
Cloud Extender
Allow access to Windows
SharePoint Services
The device
has access to
Windows
SharePoint
Services
√
Allow Attachments to be
downloaded to the
Mobile Device
Attachments
can be
downloaded
to the device
√
Allow Bluetooth
The user can
use
Bluetooth if
the device
supports it
√
Allow Browser
The user can
use the
device’s
browser
√
Allow Camera
The user can
use the
device’s
camera
√
Allow Consumer Mail
The device
can receive
personal
emails
√
Allow Desktop
Synchronization
The device
can be
synchronized
with a
desktop
√
Android
Kindle
Fire
Win
Phone
7.5
Win
Phone
8
Requires Native App on Device
126
Windows
Laptops
Mac
Comments
MaaS360.com
Exchange
ActiveSync
Description
Lotus
Notes
BlackBerry
Enterprise
iOS
Cloud Extender
Allow HTML formatted
Email
The device
can receive
HTML
formatted
emails
√
Allow Infrared
connections
The device
can make
and receive
infrared
connections,
if the device
is equipped
for it
√
Allow Internet sharing
from the Mobile Device
The device
can perform
Internet
sharing, if
the device is
equipped for
it
√
Allow Non-Provisionable
devices
Older devices
that may not
support all
policy
settings can
still connect
to the
Exchange
server
√
Allow Remote Desktop
from the Mobile Device
The device
can connect
to a remote
desktop
√
Android
Kindle
Fire
Win
Phone
7.5
Win
Phone
8
Requires Native App on Device
127
Windows
Laptops
Mac
Comments
MaaS360.com
Exchange
ActiveSync
Description
Lotus
Notes
BlackBerry
Enterprise
iOS
Cloud Extender
Allow Removable Storage
Card
A removable
storage card
can be used
with the
device
√
Allow Unsigned
Applications
Unsigned
apps are
permitted on
the device
√
Allow Unsigned
Installation Packages
Unsigned
installation
packages are
permitted on
the device
√
Allow Wi-Fi
The device
can connect
via Wi-Fi
√
Enable Password
Recovery
The user can
initiate
password
recovery for
the device
√
Include past Calendar
items
The device
can access
old calendar
items
√
Include past Email items
The device
can access
old emails
items
√
Android
Kindle
Fire
Win
Phone
7.5
Win
Phone
8
Requires Native App on Device
128
Windows
Laptops
Mac
Comments
MaaS360.com
Exchange
ActiveSync
Description
Lotus
Notes
BlackBerry
Enterprise
iOS
Cloud Extender
Limit Email size to (KB)
Specify the
maximum
size an email
sent or
received by
the device
can be.
Longer
messages will
be
truncated.
√
Maximum Attachment
size (KB)
Specify the
maximum
size an
attachment
sent or
received by
the device
can be
√
Mobile Device Policy
Refresh interval (hours)
How often
MaaS360
checks to see
if a new
policy has
been
assigned to
the device
√
Require Encryption on
Storage Card
If the device
has a
removable
storage card,
the data on
in must be
encrypted
√
Android
Kindle
Fire
Win
Phone
7.5
Win
Phone
8
Requires Native App on Device
129
Windows
Laptops
Mac
Comments
MaaS360.com
Exchange
ActiveSync
Description
Lotus
Notes
BlackBerry
Enterprise
iOS
Android
Cloud Extender
Require Encryption on
the Mobile Device
The device
must be
encrypted
√
Require Manual
Synchronization while
Roaming
If the device
is roaming, it
can only by
synched
manually
√
Kindle
Fire
Win
Phone
7.5
Win
Phone
8
Windows
Laptops
Mac
Comments
Windows
Laptops
Mac
Comments
Requires Native App on Device
iOS Policies
Exchange
ActiveSync
Description
Passcode Restrictions
Specify how
passcodes are
handled on
the device
Device Restrictions
(MDM 4 API)
Lotus
Notes
BlackBerry
Enterprise
iOS
Android
Cloud Extender
Kindle
Fire
Win
Phone
7.5
Win
Phone
8
Requires Native App on Device
√
√
- Allow Adding Game
Center Friends
The device
can be used to
add Game
Center Friends
√
- Allow Automatic
Synchronization While
Roaming
The device
can be
automatically
synchronized
while roaming
√
130
MaaS360.com
Exchange
ActiveSync
Description
Lotus
Notes
BlackBerry
Enterprise
iOS
Android
Cloud Extender
Win
Phone
7.5
Win
Phone
8
Requires Native App on Device
- Allow Explicit Music
and Podcasts Purchased
from iTunes
Explicit music
and podcasts
can be
purchased
from iTunes
from the
device and
stored on it
√
- Allow In-App
Purchase
Purchases can
be made from
apps on the
device
√
- Allow Installing of
Applications
Apps can be
installed on
the device
√
- Allow Multiplayer
Gaming
Multiplayer
games can be
played on the
device
√
- Allow Screen
Capture
Screen
captures can
be taken with
the device
√
- Allow Use of iTunes
for Media Download
iTunes can be
used to
download files
√
Photographs
can be taken
with the
device’s
camera
√
- Allow Use of Camera
Kindle
Fire
131
Windows
Laptops
Mac
Comments
MaaS360.com
Exchange
ActiveSync
Description
- Allow Use of
Facetime
Lotus
Notes
BlackBerry
Enterprise
iOS
Android
Cloud Extender
Win
Phone
7.5
Win
Phone
8
Requires Native App on Device
Facetime can
be used
√
The device
can use the
Safari browser
√
-Safari : Enable
Auto-fill
When using
Safari, fields
in forms can
be filled
automatically
√
-Safari : Force Fraud
Warning
Safari will
attempt to
prevent the
user from
viewing
websites that
are fraudulent
or
compromised
√
-Safari : Enable
JavaScript on websites
JavaScript on
websites will
be enabled
when browsing
√
-Safari : Block
Popups
Popups will be
blocked when
browsing
√
-Safari : Configure
Cookie settings
The user can
configure
cookie
settings on the
device
√
- Allow Use of Safari
Kindle
Fire
132
Windows
Laptops
Mac
Comments
MaaS360.com
Exchange
ActiveSync
Description
- Allow Use of
YouTube
- Allow Voice Dialing
- Set Ratings for
allowed Movies, TV
Shows and Apps
Lotus
Notes
BlackBerry
Enterprise
iOS
Android
Cloud Extender
Win
Phone
7.5
Win
Phone
8
Windows
Laptops
Mac
Comments
Requires Native App on Device
The user can
access
YouTube on
the device
√
The user can
use voice
dialing on the
device
√
Only movies,
TV shows and
apps with the
specified
ratings can be
accessed on
the device
√
Device Restrictions
(MDM 5 API)
Kindle
Fire
√
iOS 5+ Only
Siri can be
used on the
device
√
iOS 5+ Only
- Allow Siri while
Locked
Siri can be
used when the
device is
locked and no
passcode has
been entered
√
iOS 5+ Only
- Allow untrusted TLS
Prompt
The device
will
automatically
reject
untrusted
HTTPS
certificates
√
iOS 5+ Only
- Allow Siri
133
MaaS360.com
Exchange
ActiveSync
Description
Lotus
Notes
BlackBerry
Enterprise
iOS
Android
Cloud Extender
Kindle
Fire
Win
Phone
7.5
Win
Phone
8
Windows
Laptops
Mac
Comments
Requires Native App on Device
- Configure Roaming
Settings (Data & Voice)
Roaming
settings can
be configured
by the user
√
iOS 5+ Only
- Enforce iTunes
Password Entry
The iTunes
password must
be entered to
download
√
iOS 5+ Only
- iCloud - Allow Cloud
Backup
Data on the
device can be
backed up to
iCloud
√
iOS 5+ Only
- iCloud - Allow
Documents Sync
Documents
can be synced
to iCloud
√
iOS 5+ Only
- iCloud - Allow Photo
Stream Sync
Photos can be
synced to
iCloud
√
iOS 5+ Only
- iCloud - Allow
Shared Photo Stream
Photos can be
shared via
iCloud
√
iOS 6+ Only
Open from Managed to
Unmanaged apps
Files from
managed apps
can be opened
in unmanaged
apps
√
iOS 7+ Only
Open from Unmanaged
to Managed Apps
Files from
unmanaged
apps can be
opened in
unmanaged
apps
√
iOS 7+ Only
134
MaaS360.com
Exchange
ActiveSync
Description
Lotus
Notes
BlackBerry
Enterprise
iOS
Android
Cloud Extender
Kindle
Fire
Win
Phone
7.5
Win
Phone
8
Windows
Laptops
Mac
Comments
Requires Native App on Device
Allow Today View in
Lock Screen
The Today
View can be
seen on the
device lock
screen
√
iOS 7+ Only
Limit Ad Tracking
Ads the user
sees will not
be tracked
√
iOS 7+ Only
Allow over-the-air PKI
Updates
Changes to
the trusted
root
certificates
list will be
allowed
√
iOS 7+ Only
√
iOS 6+ Only
Device Restrictions
(MDM 6 API)
- Allow Passbook
while Locked
Passbook
notifications
will not be
shown on the
lock screen
√
iOS 6+ Only
- Allow submission of
Diagnostic Information
Diagnostic
information
will be sent
automatically
to Apple
√
iOS 6+ Only
- iCloud - Allow
Shared Photo Stream
Photos can be
shared via
iCloud
App Compliance
135
MaaS360.com
Exchange
ActiveSync
Description
Lotus
Notes
BlackBerry
Enterprise
iOS
Android
Cloud Extender
Win
Phone
7.5
Win
Phone
8
Windows
Laptops
Mac
Comments
Requires Native App on Device
- Configure Restricted
Applications (App
Blacklist)
Specify which
apps cannot
be installed on
the device
√
- Configure Allowed
Applications (App
Whitelist)
Specify which
apps are
allowed on
the device
√
- Configure Required
Applications
Specify which
apps are
required on
the device
√
Wi-Fi Profiles
Kindle
Fire
√
- Control Auto Join
Behavior
Specify if the
device will
automatically
join a Wi-Fi
network
√
iOS 5+ Only
- Proxy Settings
Specify proxy
information
for the device
√
iOS 5+ Only
- Connect Priority
If multiple
networks are
available, the
device will
choose the
network with
the lowest
priority. Zero
is the default,
and negative
numbers are
allowed
√
iOS 7+ Only
136
MaaS360.com
Exchange
ActiveSync
Description
Lotus
Notes
BlackBerry
Enterprise
iOS
Android
Cloud Extender
Kindle
Fire
Win
Phone
7.5
Win
Phone
8
Windows
Laptops
Mac
Comments
Requires Native App on Device
AirPrint
- Configure AirPrint
Printer List
Specify
AirPrint
printer
settings
√
iOS 7+ Only
Specify
AirPrint
printer
settings
√
iOS 7+ Only
- Configure Single
Sign On via Kerberos
Specify SSO
settings via
Kerberos
√
iOS 7+ Only
VPN Profiles
Specify VPN
profile
settings
√
Email Profiles
Specify email
profile
settings
√
AirPlay
- Configure AirPlay
destinations
Single Sign On
Exchange ActiveSync
Profiles
- Prevent Moving Mail
to other Accounts
√
Email cannot
be moved or
forwarded to
other
accounts
√
137
iOS 5+ Only
MaaS360.com
Exchange
ActiveSync
Description
Lotus
Notes
BlackBerry
Enterprise
iOS
Android
Cloud Extender
Kindle
Fire
Win
Phone
7.5
Win
Phone
8
Windows
Laptops
Mac
Comments
Requires Native App on Device
- Prevent Third Party
Apps from Sending Mail
The user
cannot send
emails from
third-party
apps on the
devices
√
iOS 5+ Only
- Prevent
synchronization of
Recent Contacts
Recent
contacts are
not synced
√
iOS 6+ Only
LDAP
Specify LDAP
settings
√
CalDAV
Specify
CalDAV
settings
√
Subscribed Calendars
Specify
settings for
calendar
subscriptions
√
CardDav
Specify
CardDav
settings
√
Web clips
Specify web
clip settings
√
Certificates
Specify
certificate
settings
√
- Use of certificates
in Wi-Fi, VPN, Email
Specify if
certificates
will be used
for Wi-Fi, VPN
or email
√
138
MaaS360.com
Exchange
ActiveSync
Description
Lotus
Notes
BlackBerry
Enterprise
iOS
Android
Cloud Extender
Kindle
Fire
Win
Phone
7.5
Win
Phone
8
Windows
Laptops
Mac
Comments
Requires Native App on Device
SCEP
Specify SCEP
settings
√
Access Point Carriers
Specify
settings for
access point
carriers
√
Import iPCU Settings
Import
settings
created in the
iPhone
Configuration
Utility
√
Supervised Settings
Specify the
supervised
settings
√
iOS 6+ Only
- Allow Gamecenter
Gamecenter is
allowed on
the device
√
iOS 6+ Only
- Allow Erotica
Erotica is
allowed on
the device
√
iOS 6+ Only
- Allow iMessage
iMessage is
allowed on
the device
√
iOS 6+ Only
- Enable Siri Profanity
Filter
Enable the Siri
Profanity
Filter
√
iOS 6+ Only
- Allow Removing
Apps
The user can
remove apps
from the
device
√
iOS 6+ Only
139
MaaS360.com
Exchange
ActiveSync
Description
- Allow iBookstore
Lotus
Notes
BlackBerry
Enterprise
iOS
Android
Cloud Extender
Kindle
Fire
Win
Phone
7.5
Win
Phone
8
Windows
Laptops
Mac
Comments
Requires Native App on Device
iBookstore can
be installed on
the device
√
iOS 6+ Only
- Allow Interactive
Installation of
Configuration Profiles
Allow
configuration
profiles to be
installed
interactively
√
iOS 6+ Only
- Allow Account
Modification
The user can
modify the
account
√
iOS 7+ Only
- Allow Cellular Data
Usage Modifications
The user can
change which
apps can use
cellular data
√
iOS 7+ Only
- Allow Find My
Friends Modification
The user can
change the
Find My
Friends app
√
iOS 7+ Only
√
iOS 7+ Only
Specify the
devices that
AirPlay can
connect to
√
iOS 7+ Only
Select to
configure the
global proxy
√
iOS 6+ Only
- Allow Text Define in
Safari
- Whitelist AirPlay
Devices
Global Proxy
- Configure Global
Proxy
140
MaaS360.com
Exchange
ActiveSync
Description
Lotus
Notes
BlackBerry
Enterprise
iOS
Android
Cloud Extender
Kindle
Fire
Win
Phone
7.5
Win
Phone
8
Windows
Laptops
Mac
Comments
Requires Native App on Device
- Allow Bypassing
Proxy to Access Captive
Networks
Global proxy
can be ignored
to access
captive
networks
√
iOS 7+ Only
- Allow Direct
Connection if PAC is
unreachable
If the proxy
automatic
configuration
cannot be
found, a
direct
connection
will be
allowed
√
iOS 7+ Only
App Lock
App lock
settings
- Configure App Lock
Configure the
app lock
√
iOS 6+ Only
-Allow Touch Input
The user can
touch the
screen to
enter data
√
iOS 7+ Only
-Allow Device
Rotation
Turning the
device will
rotate the
display
√
iOS 7+ Only
-Allow Volume Button
Control
The user can
change the
device’s
volume
√
iOS 7+ Only
141
MaaS360.com
Exchange
ActiveSync
Description
Lotus
Notes
BlackBerry
Enterprise
iOS
Android
Cloud Extender
Kindle
Fire
Win
Phone
7.5
Win
Phone
8
Windows
Laptops
Mac
Comments
Requires Native App on Device
-Allow Ringer Switch
Control
The user can
turn off the
ringer
√
iOS 7+ Only
-Allow Sleep/Wake
Button Control
The user can
use the
sleep/wake
controls
√
iOS 7+ Only
-Allow Auto Lock
The device
will
automatically
lock after a
specified
period
√
iOS 7+ Only
-Enable Voice Over
The device
can be set to
provide
voiceovers
√
iOS 7+ Only
-Enable Zoom
The image in
the camera
can be
zoomed
√
iOS 7+ Only
-Enable Invert Colors
The colors in
the display
can be
inverted for
easier
readability
√
iOS 7+ Only
Assistive touch
can be used to
simulate
commonly use
gestures
√
iOS 7+ Only
-Enable Assistive
Touch
142
MaaS360.com
Exchange
ActiveSync
Description
-Enable Speaker
Selection
Lotus
Notes
BlackBerry
Enterprise
iOS
Android
Cloud Extender
Kindle
Fire
Win
Phone
7.5
Win
Phone
8
Windows
Laptops
Mac
Comments
Requires Native App on Device
The user can
select the
speaker that
will be used
√
iOS 7+ Only
The device
will produce
mono audio
√
iOS 7+ Only
-Allow Voice Over
Adjustment
The user can
change the
voiceover
√
iOS 7+ Only
-Allow Zoom
Adjustment
The user can
change the
camera’s
zoom
√
iOS 7+ Only
-Allow Invert Color
Adjustment
The user can
customize the
colors when
inverted
√
iOS 7+ Only
-Allow Assistive Touch
Adjustment
The user can
customize the
assistive touch
feature
√
iOS 7+ Only
Adult content
cannot be
viewed on the
device
√
iOS 7+ Only
The user can
only access
the listed
websites
√
iOS 7+ Only
-Enable Mono Audio
Web Content Filtering
- Limit Adult Content
- Limit Access to
Specific Websites only
143
MaaS360.com
Exchange
ActiveSync
Description
Configure WorkPlace
Settings
Lotus
Notes
BlackBerry
Enterprise
iOS
Android
Cloud Extender
Kindle
Fire
Win
Phone
7.5
Win
Phone
8
Windows
Laptops
Mac
Comments
Requires Native App on Device
√
iOS 5+ only
- Host name of the
ActiveSync Server
The host name
of the
ActiveSync
server
√
iOS 5+ only
- Use SSL
If the
WorkPlace
container can
use SSL
√
iOS 5+ only
- Domain Name
The domain
name of the
WorkPlace
container
√
iOS 5+ only
- Account Username
The username
of the
container
√
iOS 5+ only
- Email Address
The email
address of the
container
√
iOS 5+ only
- Restrict Email
Attachment sharing in
the Container
Email
attachments
received in
the container
cannot be sent
outside it
√
iOS 5+ only
144
MaaS360.com
Exchange
ActiveSync
Description
Lotus
Notes
BlackBerry
Enterprise
iOS
Android
Cloud Extender
Kindle
Fire
Win
Phone
7.5
Win
Phone
8
Windows
Laptops
Mac
Comments
Requires Native App on Device
- Max days to Mail to
sync
The maximum
number of
days before
the mail in the
container
contacts the
server
√
iOS 5+ only
- Max days to Calendar
to sync
The maximum
number of
days before
the calendar
in the
container
contacts the
server
√
iOS 5+ only
- Block use of the
Container when device
is Out-of-Compliance
The user
cannot access
the container
when the
device is out
of compliance
with security
policies
√
iOS 5+ only
- Disable Copy-Paste
outside WorkPlace
Text inside
the container
cannot be
copied or
pasted outside
it
√
iOS 5+ only
- Restrict Contact
Export
Contacts
cannot be
exported out
of the
container
√
iOS 5+ only
145
MaaS360.com
Exchange
ActiveSync
Description
Lotus
Notes
BlackBerry
Enterprise
iOS
Android
Cloud Extender
Kindle
Fire
Win
Phone
7.5
Win
Phone
8
Windows
Laptops
Mac
Comments
Requires Native App on Device
- Enable Secure Browser
Integration
MaaS360
Secure
Browser will
be included in
the WorkPlace
container
√
iOS 5+ only
- Enforce passcode on
WorkPlace
The user must
enter a
passcode to
access the
container
√
iOS 5+ only
- Allow Simple Passcode
The
WorkPlace
passcode can
be simple
√
iOS 5+ only
- Require Alphanumeric
in Passcode
The
WorkPlace
passcode must
be
alphanumeric
√
iOS 5+ only
- Allowed Idle Time
before Auto-Lock
How long the
device may be
idle before it
is
automatically
locked
√
iOS 5+ only
- Minimum Passcode
Length
The minimum
length of the
container
passcode
√
iOS 5+ only
146
MaaS360.com
Exchange
ActiveSync
Description
Lotus
Notes
BlackBerry
Enterprise
iOS
Android
Cloud Extender
Kindle
Fire
Win
Phone
7.5
Win
Phone
8
Windows
Laptops
Mac
Comments
Requires Native App on Device
- Number of Failed
Passcode Attempts
Before WorkPlace Data
is Selective Wiped
How many
times a
passcode can
be entered
incorrectly
before data in
the container
is wiped
√
iOS 5+ only
- Required Number of
Special Characters
The number of
special
characters
that must be
in the
passcode
√
iOS 5+ only
- Maximum Passcode
Age
How old the
passcode can
be before it
can be
changed
√
iOS 5+ only
- Number of Unique
Passcodes Required
Before Reuse Allowed
The number of
unique
passcodes that
must be used
before one
can be reused
√
iOS 5+ only
147
MaaS360.com
Android Policies
Exchange
ActiveSync
Description
Device Passcode Policy
Lotus
Notes
BlackBerry
Enterprise
iOS
Android
Cloud Extender
Kindle
Fire
Win
Phone
8
Windows
Laptops
Mac
Comments
Requires Native App on Device
These settings
apply for
MaaS360, not
for MaaS360
Secure
Productivity
Suite (SPS)
√
√
Specifications
for the device’s
passcode,
including
Pattern,
Numeric,
Alphabetic,
Alphanumeric,
and Complex
√
√
- Minimum Passcode
Length (4-16
characters)
The minimum
length of the
device’s
passcode
√
√
- Minimum Number
of Complex Characters
The minimum
number of
special
characters or
symbols that
must appear in
the passcode
√
- Passcode Quality
Win
Phone
7.5
148
Android
3.0+ only
MaaS360.com
Exchange
ActiveSync
Description
Lotus
Notes
BlackBerry
Enterprise
iOS
Android
Cloud Extender
Kindle
Fire
Win
Phone
7.5
Win
Phone
8
Windows
Laptops
Mac
Comments
Requires Native App on Device
- Maximum Passcode
Age (in Days)
How old the
passcode can
be before it
can be changed
√
- Allowed Idle Time
(in minutes) Before
Auto-Lock
How long the
device may be
idle before it is
automatically
locked
√
- Passcode history
The number of
unique
passcodes that
must be used
before one can
be reused
√
- Number of Failed
Passcode Attempts
Before All Data is
Erased (4-16)
How many
times a
passcode can
be entered
incorrectly
before all data
is wiped
√
Security Settings
149
Android
3.0+ only
√
Android
3.0+ only
√
MaaS360.com
Exchange
ActiveSync
Description
- Enforce Device
Encryption
The data on the
device must be
encrypted if
the device
supports
hardware
encryption. On
SAFE devices,
the passcode
policy will
automatically
require a 6digit
alphanumeric
passcode
- Enforce SD Card
Encryption
Any SD cards
used with the
device must be
encrypted
- Visible Passwords
- Allow USB
Debugging
- Allow SD Card
- Allow SD Card
Write
Lotus
Notes
BlackBerry
Enterprise
iOS
Android
Cloud Extender
Kindle
Fire
Win
Phone
7.5
Win
Phone
8
Windows
Laptops
Mac
Comments
Requires Native App on Device
√
Android
3.0+ &
Motorola
The user can
choose to make
the passcode
visible as it is
being entered
√
A USB device
can be used for
debugging
√
SAFE 2.0+
SD cards are
allowed
√
SAFE 2.0+
Device data can
be written to
an SD card
√
SAFE 3.0+
150
MaaS360.com
Exchange
ActiveSync
Description
Lotus
Notes
BlackBerry
Enterprise
iOS
Android
Cloud Extender
Kindle
Fire
Win
Phone
7.5
Win
Phone
8
Windows
Laptops
Mac
Comments
Requires Native App on Device
- Disable Keyguard
Features
Prevents the
user from
setting
Keyguard
features
√
- Allow Installation
of Non-Google Play
Apps
The user can
install apps
that do not
come from
Google Play
√
- Enforce App
verification before
install
The app will be
verified before
it is installed
√
Android
4.2+
The Clipboard
can be used
√
SAFE 2.0+
Screen
captures can be
taken on the
device
√
SAFE 2.0+
- Backup my data
Current
settings and
app data will
be backed up
to the Google
servers
√
SAFE 2.0+
- Automatic Restore
Backed up
settings and
data will be
restored when
an app is
reinstalled
√
SAFE 3.0+
- Allow Clipboard
- Allow Screen
Capture
151
Android
4.2+
MaaS360.com
Exchange
ActiveSync
Description
Lotus
Notes
BlackBerry
Enterprise
iOS
Android
Cloud Extender
Kindle
Fire
Win
Phone
7.5
Win
Phone
8
Windows
Laptops
Mac
Comments
Requires Native App on Device
- Allow Google Crash
Report
The report will
be sent
√
SAFE 3.0+
- Allow Factory
Reset
The device can
be restored to
factory settings
√
SAFE 2.0+
The device can
be upgraded
over the air
√
SAFE 3.0+
Devices can
sync, send or
receive data
any time
√
- Auto-Sync
The device can
sync
automatically
√
- Camera
The device’s
camera can be
used
√
- Bluetooth
Bluetooth can
be used
√
- Allow USB Mass
Storage
Data can be
stored on a USB
device
√
- Allow USB Media
Player (MTP, PTP)
The device can
be used with a
USB media
player
√
- Allow OTA Upgrade
Device Restrictions
- Enable Background
Data Synchronization
152
√
SAFE 2.0+
MaaS360.com
Exchange
ActiveSync
Description
- Allow Microphone
Lotus
Notes
BlackBerry
Enterprise
iOS
Android
Cloud Extender
Kindle
Fire
Win
Phone
7.5
Win
Phone
8
Windows
Laptops
Mac
Comments
Requires Native App on Device
The device’s
microphone can
be used
√
- Near Field
Communication (NFC)
Devices can
communicate
via NFC
√
- Use Networkprovided Date & Time
The device’s
date and time
data will come
from the
network
√
- Use Wireless
Networks / Google's
Location Service for
Location Detection
Wireless
networks or
Google’s
location service
will be used to
determine the
device’s
location
√
- Use GPS satellites
for Location Detection
GPS satellites
will be used to
determine the
device’s
location
√
- Use sensor aiding
for Location Detection
Sensors will be
used to
determine the
device’s
location
√
- Allow Mock
Locations
Mock locations
can be used.
√
Network Restrictions
153
SAFE 2.0+
SAFE 3.0+
MaaS360.com
Exchange
ActiveSync
Description
- Allow Emergency
Calls only
Lotus
Notes
BlackBerry
Enterprise
iOS
Android
Cloud Extender
Kindle
Fire
Win
Phone
7.5
Win
Phone
8
Windows
Laptops
Mac
Comments
Requires Native App on Device
Only
emergency
calls can be
made from the
device
√
SAFE 2.0+
- Allow Wi-Fi
Wi-Fi can be
used on the
device. There
is no effect on
a Wi-Fi only
device
√
SAFE 2.0+
- Whitelisted SSIDs
Network SSIDs
that are
allowed. Be
sure you do not
whitelist an
invalid SSID
√
SAFE 2.2+
- Blacklisted SSIDs
Network SSIDs
that are
prohibited
√
SAFE 2.2+
Specifies the
minimum
amount of
security the
network can
have
√
SAFE 2.0+
- Wi-Fi Network
Minimum Security
Level
154
MaaS360.com
Exchange
ActiveSync
Description
Lotus
Notes
BlackBerry
Enterprise
iOS
Android
Cloud Extender
Kindle
Fire
Win
Phone
7.5
Win
Phone
8
Windows
Laptops
Mac
Comments
Requires Native App on Device
- Allow user to add
Wi-Fi networks
The user can
add Wi-Fi
networks. This
setting will be
disabled if one
or more Wi-Fi
profiles are
defined in the
device’s
policies.
√
- Allow Data
Network
The user can
add data
networks
√
- Mobile AP
The device can
be a mobile
access point
hot spot. Other
devices can
connect to its
cellular
Internet
connection
√
- USB Tethering
The user can
perform USB
tethering with
the device
√
- Allow SMS & MMS
The device can
be used to send
SMS and MMS
messages
√
155
SAFE 2.0+
SAFE 2.2+
SAFE 3.0+
MaaS360.com
Exchange
ActiveSync
Description
Lotus
Notes
BlackBerry
Enterprise
iOS
Android
Cloud Extender
Kindle
Fire
Win
Phone
7.5
Win
Phone
8
Windows
Laptops
Mac
Comments
Requires Native App on Device
- Allow Data
Roaming
The device can
send and
receive data
while roaming
√
- Allow Sync during
Roaming
The device can
sync with
servers while
roaming
√
SAFE 1.0+
- Allow Voice
Roaming
The user can
make calls
while roaming
√
SAFE 3.0+
- Configure
Restricted Applications
(App Blacklist)
Specify which
apps cannot be
installed on the
device
√
√
- Configure Allowed
Applications (App
Whitelist)
Specify which
apps are
allowed on the
device
√
√
- Configure Required
Applications
Specify which
apps are
required on the
device
√
√
The Google
Play app is
allowed on the
device
√
App Compliance
Native App
Compliance
- Allow Google Play
156
MaaS360.com
Exchange
ActiveSync
Description
Lotus
Notes
BlackBerry
Enterprise
iOS
Android
Cloud Extender
Kindle
Fire
The YouTube
app is allowed
on the device
√
- Allow Email
Email can be
used on the
device
√
√
- Allow Browser
The native
browser can be
used on the
device
√
√
- Allow Settings
The user can
change the
device’s
settings
√
√
- Allow Gallery
The Google
photo app can
be installed on
the device
√
√
- Allow Gmail
Gmail can be
used on the
device
√
√
Google Maps
and navigation
can be used on
the device
√
√
The voice
dialer can be
used on the
device
√
Configure your
Wi-Fi profile
√
- Allow Voice Dialer
Wi-Fi Profile
Win
Phone
8
Requires Native App on Device
- Allow YouTube App
- Allow Google Maps
& Navigation
Win
Phone
7.5
157
√
Windows
Laptops
Mac
Comments
MaaS360.com
Exchange
ActiveSync
Description
Lotus
Notes
BlackBerry
Enterprise
iOS
Android
Cloud Extender
Kindle
Fire
Win
Phone
7.5
Win
Phone
8
Windows
Laptops
Mac
Comments
Requires Native App on Device
VPN Profile
Configure your
VPN profile
√
Motorola,
SAFE 2.0+
Email Profile
Configure your
Email profile
√
SAFE 2.0+
ActiveSync Profile
Configure your
ActiveSync
profile
√
√*
- Host name of the
Server
Host name of
the server
√
√*
- Use SSL
If the device
can use SSL
√
√*
- Account
The account ID
√
√*
- Identity Certificate
The identity
certificate
"Motorola,
SAFE 2.0+,
TouchDown
*,
TouchDown
- Account Display
Name
The account
display name
√
SAFE 1.0+
- Set as Default
Account
This is the
default account
√
SAFE 1.0+
- Accept All
Certificates
All certificates
should be
accepted
√
SAFE 1.0+
- Prompt User to
Install TouchDown
The user will
be prompted to
install the
TouchDown app
√
√*
The license key
for MaaS360
√
√*
- License Key
158
MaaS360.com
Exchange
ActiveSync
Description
Lotus
Notes
BlackBerry
Enterprise
iOS
Android
Cloud Extender
Kindle
Fire
Win
Phone
8
Requires Native App on Device
Exchange Security
Settings
- Configure
TouchDown Passcode
The TouchDown
passcode
√
√*
- Suppress
TouchDown specific
Passcode policy
enforced via
ActiveSync
Suppress any
TouchDownspecific
passcode policy
that is being
enforced by
EAS
√
√*
Encrypt all
emails
√
√*
- Encrypt
Attachments
Encrypt all
attachments
√
√*
- Allow Backup of
Emails and Settings
Allow emails
and settings to
be backed up
to the EAS
server
√
√*
- Disable Copy of
Contacts to Phone
Do not allow
contacts on the
EAS server to
be copied to
the device
√
√*
- Disable Copy-Paste
from Email
Restrict
copying and
pasting from
emails
√
√*
- Encrypt Emails
Win
Phone
7.5
159
Windows
Laptops
Mac
Comments
MaaS360.com
Exchange
ActiveSync
Description
Lotus
Notes
BlackBerry
Enterprise
iOS
Android
Cloud Extender
Kindle
Fire
Device type
that is reported
in the EAS
server
√
- Prevent Moving
Mail to other Accounts
Mail cannot be
moved or
forwarded to
other accounts
on the device
√
- Allow HTML
Formatted Email
Allow emails
formatted in
HTML on the
device
√
√*
- Maximum Email
Size (KB)
The maximum
size for an
email
√
√*
- Include Past Emails
for Selected Date
Range
Old emails for
the date range
can be loaded
onto the device
√
√*
- Include Past
Calendar Items for
Selected Date Range
Old events for
the date range
can be loaded
onto the device
√
√*
The device can
receive
attachments
√
√*
The maximum
size for an
attachment
√
√*
- Maximum
Attachment Size (KB)
Win
Phone
8
Windows
Laptops
Mac
Comments
Requires Native App on Device
- Device Type
reported in Exchange
Server
- Allow Attachments
Win
Phone
7.5
160
√*
SAFE 2.1+
MaaS360.com
Exchange
ActiveSync
Description
Lotus
Notes
BlackBerry
Enterprise
iOS
Android
Cloud Extender
Kindle
Fire
Win
Phone
7.5
Win
Phone
8
Windows
Laptops
Mac
Comments
Requires Native App on Device
- Sync Contacts
Contacts can
be synced with
the server
√
SAFE 2.1+
- Sync Calendar
Calendar
events can be
synced with the
server
√
SAFE 2.1+
- Sync Tasks
Tasks can be
synced with the
server
√
SAFE 2.1+
- Sync Notes
Notes can be
synced with the
server
√
SAFE 2.1+
- Email Signature
Specify the
signature that
will appear at
the bottom of
all emails sent
from the device
√
√*
- Allow User to
change Email
Signature
The user can
change the
email signature
√
√*
- Manual Sync when
Roaming
The device
must be synced
manually when
roaming
√
√*
- Enable TouchDown
Widgets
The user can
use TouchDown
widgets on the
device
√
√*
161
MaaS360.com
Exchange
ActiveSync
Description
Lotus
Notes
BlackBerry
Enterprise
iOS
Android
Cloud Extender
Kindle
Fire
Win
Phone
7.5
Win
Phone
8
Windows
Laptops
Mac
Comments
Requires Native App on Device
- Always Vibrate on
New Email Notification
The device will
vibrate when it
receives a new
email
√
SAFE 1.0+
- Vibrate on New
Email Notification if
device is silent
The device will
vibrate when it
receives a new
email and the
ringer has been
turned off on
the device
√
SAFE 1.0+
- Generic
TouchDown Policies
√
√*
Web Clips (shortcuts)
The device can
use web clips
√
√
Wallpapers
The device can
use wallpapers
√
√
- Allow Pop-ups
The browser
will allow popups
√
SAFE 2.0+
- Allow JavaScript
The browser
will allow
JavaScript
√
SAFE 2.0+
- Accept Cookies
The browser
will accept and
use cookies
√
SAFE 2.0+
Data in forms
will be
remembered
for reuse
√
SAFE 2.0+
Browser Restrictions
- Remember Form
Data for later use
162
MaaS360.com
Exchange
ActiveSync
Description
- Show Fraud
Warning Settings
Lotus
Notes
BlackBerry
Enterprise
iOS
Android
Cloud Extender
Kindle
Fire
Win
Phone
7.5
Win
Phone
8
Windows
Laptops
Mac
Comments
Requires Native App on Device
If the user
attempts to
access a
potentially
fraudulent web
site, warnings
will be
displayed
√
SAFE 2.0+
- Allow Device
discovery via
Bluetooth
The device can
be discovered
by Bluetooth
√
SAFE 2.0+
- Allow Bluetooth
Pairing
The device can
be paired via
Bluetooth
√
SAFE 2.0+
- Allow Bluetooth
Headset devices
Bluetooth
headsets can
be used with
the device
√
SAFE 2.0+
- Allow Bluetooth
Hands-free devices
Bluetooth
hands-free
devices can be
used
√
SAFE 2.0+
- Allow Bluetooth
A2DP (Advanced Audio
Distribution Profile)
devices
Bluetooth A2DP
devices can be
used
√
SAFE 2.0+
- Allow Outgoing
Calls
The device can
be used to
make outgoing
calls
√
SAFE 2.0+
Bluetooth Restrictions
163
MaaS360.com
Exchange
ActiveSync
Description
Lotus
Notes
BlackBerry
Enterprise
iOS
Android
Cloud Extender
Kindle
Fire
Win
Phone
7.5
Win
Phone
8
Windows
Laptops
Mac
Comments
Requires Native App on Device
- Allow Data
Transfer via Bluetooth
Data can be
transferred via
Bluetooth
√
SAFE 2.0+
- Allow Bluetooth
Tethering
Bluetooth
tethering is
available on
the device
√
SAFE 2.0+
- Allow connection
to Desktop or Laptop
via Bluetooth
The device can
connect to a
desktop or
laptop via
Bluetooth
√
SAFE 2.0+
√
SAFE 3.0+
The device is in
kiosk mode. It
is restricted to
specific apps
√
SAFE 3.0+
Specify the
apps that are
allowed on the
device
√
SAFE 3.0+
- Block Task Manager
Task Manager
cannot be used
√
SAFE 3.0+
- Hide System Bar
Hide the
system bar o
√
SAFE 3.0+
The keys on the
device cannot
be used—only
the touch
screen is
available
√
SAFE 3.0+
Kiosk mode
restrictions
- Enable Kiosk Mode
- Allowed apps in
Kiosk mode
- Block Hardware
Keys
164
MaaS360.com
Exchange
ActiveSync
Description
Lotus
Notes
BlackBerry
Enterprise
iOS
Android
Cloud Extender
Kindle
Fire
Win
Phone
7.5
Win
Phone
8
Requires Native App on Device
Action on Disabling
Device Management
What MaaS360
will do if the
user removes
the MaaS360
app
√
√
Warning Message on
Disabling Device
Management
Specify the
message the
user will
receive if the
MaaS360 app is
removed
√
√
User Grace Period to
Determine Device Outof-Compliance
The grace
period before a
device is
considered out
of compliance
√
√
Enforcement Action
when the Device is Out
of Compliance
The action
taken by
MaaS360 if the
device is out of
compliance
√
√
Data Collection Timer
Frequency
How often
compliance
data is
collected from
the device.
Reducing this
will preserve
the device’s
battery
√
√
WorkPlace Settings
√
165
Windows
Laptops
Mac
Comments
MaaS360.com
Exchange
ActiveSync
Description
Lotus
Notes
BlackBerry
Enterprise
iOS
Android
Cloud Extender
Kindle
Fire
Win
Phone
7.5
Win
Phone
8
Requires Native App on Device
- Configure WorkPlace
Settings
Select to
configure
WorkPlace
settings
√
- Host name of the
ActiveSync Server
The host name
of the
ActiveSync
server
√
- Use SSL
If the
WorkPlace
container can
use SSL
√
- Domain Name
The domain
name of the
WorkPlace
container
√
- Account Username
The username
of the
container
√
- Email Address
The email
address of the
container
√
- Restrict Email
Attachment sharing in
the Container
Email
attachments
received in the
container
cannot be sent
outside it
√
166
Windows
Laptops
Mac
Comments
MaaS360.com
Exchange
ActiveSync
Description
Lotus
Notes
BlackBerry
Enterprise
iOS
Android
Cloud Extender
Kindle
Fire
Win
Phone
7.5
Win
Phone
8
Requires Native App on Device
- Block use of the
Container when device
is Out-of-Compliance
The user
cannot access
the container
when the
device is out of
compliance
with security
policies
√
- Disable Copy-Paste
outside Workplace
Text inside the
container
cannot be
copied or
pasted outside
it
√
- Disable Screenshots
Screen
captures
cannot be
taken with the
device
√
- Enable Secure
Browser Integration
MaaS360 Secure
Browser will be
included in the
WorkPlace
container
√
- Use Secure Viewer
The Secure
Viewer can be
used
√
- Enforce passcode on
WorkPlace
The user must
enter a
passcode to
access the
container
√
167
Windows
Laptops
Mac
Comments
MaaS360.com
Exchange
ActiveSync
Description
Lotus
Notes
BlackBerry
Enterprise
iOS
Android
Cloud Extender
Kindle
Fire
Win
Phone
7.5
Win
Phone
8
Requires Native App on Device
- Allowed Idle Time
before Auto-Lock
How long the
device may be
idle before it is
automatically
locked
√
- Require
Alphanumeric in
Passcode
The WorkPlace
passcode must
be
alphanumeric
√
- Minimum Passcode
Length
The minimum
length of the
container
passcode
√
- Number of Failed
Passcode Attempts
Before WorkPlace Data
is Selective Wiped
How many
times a
passcode can
be entered
incorrectly
before data in
the container is
wiped
√
- Required Number of
Special Characters
The number of
special
characters that
must be in the
passcode
√
- Maximum Passcode
Age
How old the
passcode can
be before it
can be changed
√
168
Windows
Laptops
Mac
Comments
MaaS360.com
Windows Phone Policies
Exchange
ActiveSync
Description
Lotus
Notes
BlackBerry
Enterprise
iOS
Cloud Extender
Android
Kindle
Fire
Win
Phone
7.5
Win
Phone
8
Requires Native App on Device
Device Passcode
Restrictions
Specify how
passcodes are
handled on the
device
√
- Allow Simple
Passcode
The device’s
passcode can be
simple
√
- Passcode
Quality
Specifications for
the device’s
passcode
√
- Minimum
number of
character sets (14 chars)
√
- Minimum
Passcode length
(4-18)
The minimum
length of the
container passcode
√
- Maximum
Passcode Age(1730 days)
How old the
passcode can be
before it can be
changed
√
- Allowed Idle
Time (in minutes)
Before Auto-Lock
(1-999)
How long the device
may be idle before
it is automatically
locked
√
169
Windows
Laptops
Mac
Comments
MaaS360.com
Exchange
ActiveSync
Description
Lotus
Notes
BlackBerry
Enterprise
iOS
Cloud Extender
Android
Kindle
Fire
Win
Phone
7.5
Win
Phone
8
Requires Native App on Device
- Number of
Unique Passcodes
Required Before
Reuse Allowed (150)
The number of
unique passcodes
that must be used
before one can be
reused
√
- Number of
Failed Passcode
Attempts Before
All Data Is Erased
(1-999)
How many times
the incorrect
passcode can be
entered before the
device is wiped
√
- Enforce Device
Encryption
The device must be
encrypted
√
- Disable SD
Card
An SD card cannot
be used with the
device
√
Security Settings
Email Profiles
√
Exchange
ActiveSync
Profiles
√
- Account name
for the ActiveSync
Server
The account name
for the EAS server
√
- End users will
see the mailbox
with this name
The mailbox name
displayed to the
users
√
- Host name for
the ActiveSync
Server
The host name for
the EAS server
√
Use SSL
√
- Use SSL
170
Windows
Laptops
Mac
Comments
MaaS360.com
Exchange
ActiveSync
Description
- Domain Name
Lotus
Notes
BlackBerry
Enterprise
iOS
Cloud Extender
Android
Kindle
Fire
Win
Phone
7.5
Win
Phone
8
Requires Native App on Device
The domain name
√
The account
username
√
- Email Address
The email address
for the account
√
- Account Icon
An icon for the
account
√
- Sync Emails
Emails should be
synced with the
server
√
- Sync Calendar
Calendar items
should be synced
with the server
√
- Sync Contacts
Contacts should be
synced with the
server
√
- Sync Tasks
Tasks should be
synced with the
server
√
- Sync Frequency
How often data
should be synced
with the server
√
- Download Email
Period
How often emails
should be
downloaded from
the server
√
- Account
Username
171
Windows
Laptops
Mac
Comments
MaaS360.com
Mac Policies
Exchange
ActiveSync
Description
Lotus
Notes
BlackBerry
Enterprise
iOS
Cloud Extender
Android
Kindle
Fire
Win
Phone
7.5
Win
Phone
8
Windows
Laptops
Mac
Requires Native App on Device
Device Passcode
Restrictions
- Allow Simple
Passcode
The device can
have a simple
passcode
√
- Minimum
Passcode Length
(4-16 characters)
The minimum
length of the
passcode
√
- Minimum
Number of Complex
Characters
The minimum
number of
complex
characters in the
passcode
√
- Maximum
Passcode Age (in
Days)
How old the
passcode can be
before it can be
changed
√
- Allowed Idle
Time (in minutes)
Before Auto-Lock
How long the
device can be idle
before it is
automatically
locked
√
- Passcode
history
Previously used
passcodes
√
- Number of
Failed Passcode
Attempts Before All
Data is Erased (416)
How many times a
passcode can be
entered
incorrectly before
all data is wiped
√
Device Restrictions
172
Comments
MaaS360.com
Exchange
ActiveSync
Description
Lotus
Notes
BlackBerry
Enterprise
iOS
Cloud Extender
Android
Kindle
Fire
Win
Phone
7.5
Win
Phone
8
Windows
Laptops
Mac
Requires Native App on Device
- Restrict System
Preferences
Displays system
restrictions you
can enable
√
- Media: Restrict
Network Media
Restrict access to
network media
√
- Media: Access
Settings for AirDrop
Restrict access to
AirDrop
√
- Media: Restrict
Hard Disk Media
Access
Restrict access to
hard disk media
√
- Media: Allow
Internal Disks
Restrict access to
internal disks
√
- Media: Allow
Internal Disks:
Enforce
Authentication
Allow access to
internal disks, but
users must enter
credentials
√
- Media: Allow
Internal Disks:
Enforce Read Only
Permissions
Allow read-only
access to internal
disks
√
- Media: Allow
External Disks
Allow the use of
external disks
√
- Media: Allow
External Disks:
Enforce
Authentication
Allow access to
external disks, but
users must enter
credentials
√
- Media: Allow
External Disks:
Enforce Read Only
Permissions
Allow read-only
access to external
disks
√
173
Comments
MaaS360.com
Exchange
ActiveSync
Description
Lotus
Notes
BlackBerry
Enterprise
iOS
Cloud Extender
Android
Kindle
Fire
Win
Phone
7.5
Win
Phone
8
Windows
Laptops
Mac
Requires Native App on Device
- Media: Allow Disk
Images
Allow access to
disk images
√
- Media: Allow Disk
Images: Enforce
Authentication
Allow access to
disk images, but
users must enter
credentials
√
- Media: Allow Disk
Images: Enforce
Read Only
Permissions
Allow read-only
access to disk
images
√
- Media: Allow
DVD-RAM
Allow the use of
DVD-RAM
√
- Media: Allow
DVD-RAM: Enforce
Authentication
Allow the use of
DVD-RAM, but
users must enter
credentials
√
- Media: Allow
DVD-RAM: Enforce
Read Only
Permissions
Allow read-only
access to DVD-RAM
√
- Media: Disk
Media Access
Allow the use of
removable disk
media
√
- Media: Allow
Access for CDs &
CD-ROMs
Allow the use of
CDs and CD-ROMs
√
- Media: Require
Authentication for
CDs & CD-ROMs
Users must enter
credentials to use
CDs and CD-ROMs
√
- Media: Allow DVD
Access
Allow the use of
DVDs
√
174
Comments
MaaS360.com
Exchange
ActiveSync
Description
Lotus
Notes
BlackBerry
Enterprise
iOS
Cloud Extender
Android
Kindle
Fire
Win
Phone
7.5
Win
Phone
8
Windows
Laptops
Mac
Requires Native App on Device
- Media: Require
Authentication for
DVDs
Users must enter
credentials to use
DVDs
√
- Media: Allow
access for
Recordable disks
Allow use of
recordable disks
√
- Media: Eject at
Logout
All removable
media will be
ejected at logout
√
- Auto Join
Available networks
will be joined
automatically
√
- Proxy Settings
Information about
the proxy server
√
VPN Profiles
Information about
the VPN
√
Certificate
Credentials
Credentials
needed to add
certificates on the
device
√
Data will be sent
to Apple daily
√
Wi-Fi Profiles
Security & Privacy
- Send diagnostic
and usage data to
Apple
175
Comments
MaaS360.com
Exchange
ActiveSync
Description
- Gatekeeper
- Do not allow user
to override
Gatekeeper setting
Lotus
Notes
BlackBerry
Enterprise
iOS
Cloud Extender
Android
Kindle
Fire
Win
Phone
7.5
Win
Phone
8
Windows
Laptops
Mac
Requires Native App on Device
Specifies where
apps on the device
can come from,
either the Mac App
Store and specified
app developers, or
just the Mac App
Store
√
Prevents the user
from temporarily
overriding the
Gatekeeper setting
by using
<Ctrl>+click to
install any app
√
Software Update
√
- Configure
Software update
server
√
Energy Saver
√
- Energy Saver
Settings for
Desktop
√
- Energy Saver
Settings for
Portable Battery
√
- Energy Saver
Settings for Power
Adapter
√
- Schedule Mac
Power on Timings
√
176
Comments
MaaS360.com
Exchange
ActiveSync
Description
Lotus
Notes
BlackBerry
Enterprise
iOS
Cloud Extender
Kindle
Fire
Win
Phone
7.5
Win
Phone
8
Windows
Laptops
Mac
Requires Native App on Device
- Schedule Mac
Power Off/ Standby
Timings
Printing
Android
√
Configures printers
used by the device
- Configure Printer
Details
√
- Printer Settings:
Set Default
√
- Printer Settings:
Allow user to
modify the list
√
- Printer Settings:
Allow printers that
directly connect to
computers
√
- Printer Settings:
Show Only Managed
Printers
√
- Footer Settings:
Include MAC
Address
√
- Footer Settings:
Font Name
√
- Footer Settings:
Font Size
√
Login Window
177
Comments
MaaS360.com
Exchange
ActiveSync
Description
Lotus
Notes
BlackBerry
Enterprise
iOS
Cloud Extender
Android
Kindle
Fire
Win
Phone
7.5
Win
Phone
8
Windows
Laptops
Mac
Requires Native App on Device
- Window: Heading
Specify the
heading displayed
on the login
window
√
- Window: Message
Specify a message
to be displayed on
the login window
√
- Window: Style
Specify a style for
the login window
√
- Window: Show
Shut Down Button
Display the
shutdown button
on the login
window
√
- Options: Show
password hint
Display a password
hint when needed
and available
√
- Options: Disable
Automatic Login
Disable the
automatic login
√
- Options: Enable
>console login
- Options: Enable
Fast User Switching
√
Different users can
be changed quickly
on the device
√
- Options:
Configure Auto
logout
- Options: Allow
Computer admins
to refresh or
disable
management
√
Administrators can
refresh or disable
management
√
178
Comments
MaaS360.com
Exchange
ActiveSync
Description
Lotus
Notes
BlackBerry
Enterprise
iOS
Cloud Extender
Android
Kindle
Fire
Win
Phone
7.5
Win
Phone
8
Windows
Laptops
Mac
Requires Native App on Device
- Options: Set
computer name to
computer record
name
√
- Options: Enable
external accounts
√
- Options: Allow
Guest User
√
- Options: Start
screen saver
√
Configure Login
Items
- Configure Items
to launch and hide
on login
Specify items to be
launched or hidden
at login
√
- Configure Files
and Folders to
launch and hide on
login
Specify folders to
open at login
√
- Configure
network mounts on
login
Specify network
mounts to be used
at login
√
- Allow User to
suppress opening of
certain items by
using Shift Key
√
Email
- Configure IMAP
Accounts
Settings for IMAP
accounts
√
179
Comments
MaaS360.com
Exchange
ActiveSync
Description
- Configure POP
Accounts
Lotus
Notes
BlackBerry
Enterprise
iOS
Cloud Extender
Android
Kindle
Fire
Win
Phone
7.5
Win
Phone
8
Windows
Laptops
Mac
Requires Native App on Device
Settings for POP
accounts
√
Exchange
ActiveSync
- Prevent Moving
Mail to other
Accounts
√
- Use only in Mail
√
- Configure
Internal and
External Exchange
Hosts
√
- Enforce SSL
√
- Configure no. of
days to sync
180
Comments
MaaS360.com
Secure Browser Policies
Exchange
ActiveSync
Description
URL Filtering Settings
Lotus
Notes
BlackBerry
Enterprise
iOS
Android
Cloud Extender
Kindle
Fire
Win
Phone
7.5
Win
Phone
8
Requires Native App on Device
√
√
√
- Select URL
Categories to Allow or
Block
Specify the
category and
choose the
action to be
taken when the
user tries to
access a site in
that category
√
√
√
- Enter Domain Name
Category Exceptions
Specify any
domains within a
restricted
category that
should be
allowed
√
√
√
- Enter Email Address
for Notifications
Specify the
notification
recipient
√
√
√
- Enable Text
Notification
Provide the text
that will appear
when a user tries
to access a
blocked site, up
to 255
characters. Basic
HTML formatting
is supported
√
√
√
181
Windows
Laptops
Mac
Comments
MaaS360.com
Exchange
ActiveSync
Description
Lotus
Notes
BlackBerry
Enterprise
iOS
Android
Cloud Extender
Kindle
Fire
Win
Phone
7.5
Win
Phone
8
Requires Native App on Device
- Enable HTML
Notification
Provide custom
HTML content
that will appear
when a user tries
to access a
blocked site. You
can upload HTML
files by clicking
the Policy Files
button on the
Policies screen.
√
√
√
- Enable URL Redirect
Provide the URL
that the user will
be sent to when
attempting to
access a blocked
URL
√
√
√
- Send Notification on
Block Events
Specify if the
administrator
should be
notified when a
user attempts to
access a blocked
URL
√
√
√
- Notification
Threshold Events
(occurrences)
Specify how may
time a user can
visit a blocked
site before the
administrator
receives a
notification
√
√
√
182
Windows
Laptops
Mac
Comments
MaaS360.com
Exchange
ActiveSync
Description
Lotus
Notes
BlackBerry
Enterprise
iOS
Android
Cloud Extender
Kindle
Fire
Win
Phone
7.5
Win
Phone
8
Requires Native App on Device
- Notification
Threshold Time (in
hours)
Specify the time
between
multiple
attempts to
access blocked
sites before a
notification is
triggered
√
√
√
- Data Collection
Frequency (in minutes)
Specify how
often data about
the device is
collected
√
√
√
- Visited Site Upload
Frequency (in minutes)
Specify how
often the sites
visited by the
user are
uploaded to
MaaS360
√
√
√
- Data Group
Frequency (in minutes)
Specify when the
visited URL
domain
information will
be rolled up into
MaaS360
√
√
√
- Heartbeat Frequency
(in minutes)
Specify how long
before MaaS360
checks for policy
changes and new
assignments
√
√
√
183
Windows
Laptops
Mac
Comments
MaaS360.com
Exchange
ActiveSync
Description
Lotus
Notes
BlackBerry
Enterprise
iOS
Android
Cloud Extender
Kindle
Fire
Win
Phone
7.5
Win
Phone
8
Requires Native App on Device
- Configure as default
browser on Android
Specify if the
Secure Browser
will be the
default for
Android devices
√
√
- Accept Cookies
Specify if the
device can
accept cookies
√
√
- Disable Print
Prevent the user
from printing
from the device
√
√
- Disable Copy/Paste
Prevent the user
from copying and
pasting text
√
√
- Enable File
Downloads
Allow files to be
downloaded onto
the device
√
√
Mobile Enterprise
Gateway for Intranet
access
Use the MaaS360
Mobile
Enterprise
Gateway for
Internet access
√
√
√
184
Windows
Laptops
Mac
Comments
MaaS360.com
Compliance/Rules Engine
Exchange
ActiveSync
Lotus
Notes
Cloud Extender
BlackBerry
Enterprise
iOS
Android
Kindle
Fire
Win
Phone
7.5
Win
Phone
8
Requires Native App on Device
Enforce Application
Compliance
√
√
√
Enforce Encryption Support
√
√
√
√
Enforce Enrollment
√
√
√
√
√
√
Enforce OS Versions
(Minimum or Specific
versions)
√
√
√
√
√
√
Enforce Remote Wipe
Support
√
√
√
√
√
Monitor OS Version Changes
√
√
√
Monitor Roaming Changes
√
√
Monitor SIM Changes
√
√
Restrict Corp Resources for
Blocked Devices
√
√
√
Restrict Jailbroken (iOS) or
Rooted (Android) Devices
√
√
√
Enable Geofencing
√
√
Apps
185
√
√
Windows
Laptops
Mac
Comments
MaaS360.com
Exchange
ActiveSync
Lotus
Notes
BlackBerry
Enterprise
iOS
Android
Cloud Extender
Kindle
Fire
Win
Phone
7.5
Win
Phone
8
Windows
Laptops
Mac
Comments
Requires Native App on Device
MaaS360 Application
Catalog (Public Apps)
√
√
- Specify Region for all
download
√
- Remove app on MDM
profile removal
√
√
- Remove app on
Selective Wipe
√
√
- Remove app on
Stopping Distribution
√
- Remove app on
Signout from Shared
Device
√
- Restrict backup to
iTunes for app data
√
MaaS360 Application
Catalog (Private Apps)
√
√
- Remove app on MDM
profile removal
√
√
- Remove app on
Selective Wipe
√
- Remove app on
Stopping Distribution
√
- Remove app on
Signout from Shared
Device
√
- Restrict backup to
iTunes for app data
√
√
√
√
√
SAFE 2.0+
SAFE 2.0+
√
√
√
√
√
SAFE 2.0+
SAFE 2.0+
186
MaaS360.com
Exchange
ActiveSync
Lotus
Notes
BlackBerry
Enterprise
iOS
Android
Cloud Extender
Win
Phone
7.5
Win
Phone
8
Windows
Laptops
Mac
Comments
Requires Native App on Device
- Enforce
Authentication
√
- Restrict
Cut/Copy/Paste
√
- Enforce Compliance
Kindle
Fire
√
- Update iOS
Provisioning Profile
√
- Upgrade App
√
√
Restricted Applications
(App Blacklist)
√
√
√
Allowed Applications (App
Whitelist)
√
√
√
Required Applications
√
√
√
Apple Volume Purchase
Program (VPP)
√
-
-
-
Manage Provisioning
Profiles
√
-
-
-
Documents
Document Management
187
Support for
both old
(till iOS
6.x) and
new (iOS
7+) VPP
Programs
MaaS360.com
Exchange
ActiveSync
Lotus
Notes
BlackBerry
Enterprise
Cloud Extender
iOS
Android
Kindle
Fire
Win
Phone
7.5
Win
Phone
8
Windows
Laptops
Mac
Comments
Win
Phone
7.5
Win
Phone
8
Windows
Laptops
Mac
Comments
Requires Native App on Device
Admin driven Document
Distribution
√
√
√
MaaS360 hosted documents
√
√
√
Custom URL support
√
√
√
SharePoint integration
√
√
√
Windows File Share
integration
√
Folder Support
√
Inbuilt Secure Viewer
√
√
Document Policies
Exchange
ActiveSync
Lotus
Notes
BlackBerry
Enterprise
iOS
Android
Cloud Extender
Kindle
Fire
Requires Native App on Device
Restrict Access on
Jailbroken devices
√
Restrict Export
√
Restrict Cut/Copy/Paste
√
Password Protected
√
Download Automatically
√
Download only on Wi-Fi
√
Hide Doc Preview in App
√
√
188
MaaS360.com
Exchange
ActiveSync
Lotus
Notes
BlackBerry
Enterprise
iOS
Android
Cloud Extender
Kindle
Fire
Win
Phone
7.5
Win
Phone
8
Windows
Laptops
Mac
Comments
Requires Native App on Device
Restrict Delete after
Download
√
Allow Whitelisted Apps
√
Restrict Secure Mail
√
Override Persona Policies
√
Mobile Expense Management
Exchange
ActiveSync
Lotus
Notes
BlackBerry
Enterprise
iOS
Android
Kindle
Fire
Cloud Extender
Win
Phone
7.5
Win
Phone 8
Windows
Laptops
Mac
Comments
Windows
Laptops
Mac
Comments
Requires Native App on Device
Monitor In-Network
Mobile Data Usage
√
√
Monitor Roaming
Mobile Data Usage
√
√
End User Portal
Exchange
ActiveSync
Lotus
Notes
BlackBerry
Enterprise
Cloud Extender
iOS
Android
Kindle
Fire
Win
Phone
7.5
Win
Phone 8
Requires Native App on Device
189
MaaS360.com
Exchange
ActiveSync
Lotus
Notes
BlackBerry
Enterprise
iOS
Android
Cloud Extender
Device Visibility
√
√
Kindle
Fire
√
√
√
√
√
Locate Device
√
Lock Device
√
√
√
Refresh Device
Information
√
√
√
√
√
√
√
√
√
√
√
Reset Device
Passcode
√
√
√
√
Win
Phone 8
Windows
Laptops
Mac
Requires Native App on Device
Last Known Location
Remote Device Wipe
(Full)
Win
Phone
7.5
190
√
√
√
√
Comments
MaaS360.com
Mobility Intelligence Reports
Mobile Devices
Exchange
ActiveSync
Lotus
Notes
BlackBerry
Enterprise
iOS
Android
Cloud Extender
Kindle
Fire
Win
Phone
7.5
Win
Phone
8
Windows
Laptops
Mac
Comments
Windows
Laptops
Mac
Comments
Requires Native App on Device
Mobile Devices
MDM Overview
√
√
√
√
√
√
√
√
Hardware Inventory
√
√
√
√
√
√
√
√
Network
√
√
√
√
√
√
BlackBerry Details
√
Apps Installed
√
√
√
√
Security Overview
√
√
√
√
Browser Violations
√
√
√
Mobile Data Usage
Overview
√
√
Mobile Data Usage
Analysis
√
√
√
Computers
Exchange
ActiveSync
Lotus
Notes
BlackBerry
Enterprise
iOS
Android
Kindle
Fire
191
Win
Phone
7.5
Win
Phone
8
MaaS360.com
Cloud Extender
Requires Native App on Device
PC Overview
√
Hardware Inventory
√
Network
√
Operating System
√
Software
√
Windows 7 & 8
Readiness
√
PC Security
√
Anti-Virus
√
Personal Firewall
√
Encryption
√
Backup & Recovery
√
Patches
√
Cloud Extender
Exchange
ActiveSync
Lotus
Notes
BlackBerry
Enterprise
Cloud Extender
Android
√
Cloud Extender for BES
Kindle
Fire
Win
Phone
7.5
Win
Phone
8
Windows
Laptops
Mac
√
√
√
√
Requires Native App on Device
Cloud Extender for Active
Directory Authentication (for
unattended enrollment only)
Cloud Extender for
Exchange/ActiveSync
iOS
√
√
√
192
√
Comments
MaaS360.com
Exchange
ActiveSync
Lotus
Notes
Cloud Extender
Cloud Extender for Lotus Traveler
Cloud Extender for Certificate
Authority integration
BlackBerry
Enterprise
iOS
Android
Kindle
Fire
Requires Native App on Device
√
√
√
193
Win
Phone
7.5
Win
Phone
8
Windows
Laptops
Mac
Comments