The following device commands are used most frequently: Lock/Unlock device O - O O. Reset screen password O - O - Factory reset + Initialize SD Card

Similar documents
Device commands. Device Command. Compliance

Strengths of Knox Manage Kiosk

Knox Mobile Enrollment

Verizon MDM UEM Unified Endpoint Management

NotifyMDM Device Application User Guide Installation and Configuration for Android

The administrator can configure and manage system environment for Knox Manage for efficient operation.

Vodafone Secure Device Manager Administration User Guide

IdeaTab A1000L-F. User Guide V1.0. Please read the Important safety and handling information in the supplied manuals before use.

VMware AirWatch Symbian Platform Guide Deploying and managing Symbian devices

Contents Using the Primavera Cloud Service Administrator's Guide... 9 Web Browser Setup Tasks... 10

3CX Mobile Device Manager

MDM Android Client x - User Guide 7P Mobile Device Management. Doc.Rel: 1.0/

Sync User Guide. Powered by Axient Anchor

MDM Server 5.26 Release Highlights. 7P Mobile Device Management. Rel: 1.0 /

EasiShare ios User Guide

GRS Enterprise Synchronization Tool

COMMUNITAKE ENTERPRISE MOBILITY: USE GUIDELINES

AT&T Business Messaging Account Management

KYOCERA Device Manager User Guide

WorksPad. User Guide

2015 Mobiliya. All Rights Reserved Page 2

Anchor User Guide. Presented by: Last Revised: August 07, 2017

Salesforce Classic Guide for iphone

VMware AirWatch Integration with Apple School Manager Integrate with Apple's School Manager to automatically enroll devices and manage classes

Sophos Mobile user help. Product version: 7.1

Windows 8/RT Features Matrix

User Self-Administrative Web Guide

Sophos Mobile Control Administrator guide. Product version: 5.1

Sophos Central Self Service Portal help


BizMobile Go! Instruction Manual. (ios) Checkin, Profile & Template

device management The following policies can be applied to Knox container of Samsung devices. [Android OS, Samsung Only(Knox2+)]

McAfee Enterprise Mobility Management 12.0 Software

Telenor MDM. Quick Start Guide

Product Guide. McAfee Enterprise Mobility Management (McAfee EMM ) 9.6

Workspace MDM Management Site Manual

Sophos Mobile. administrator help. product version: 9

VMware Workspace ONE UEM Integration with Apple School Manager

MyCardUpdate User Guide Triple E Technologies, LLC

DocAve for Salesforce 2.1

DSS User Guide. End User Guide. - i -

VMware AirWatch Integration with Apple School Manager Integrate with Apple's School Manager to automatically enroll devices and manage classes

Sophos Mobile in Central

Salesforce Classic Mobile Guide for iphone

User Help

Dell EMC OpenManage Mobile. Version User s Guide (Android)

Release Notes and Advisories Guide. BlackBerry UEM Version 12.7 and all maintenance releases

End User Manual. December 2014 V1.0

FileCruiser. Administrator Portal Guide

Sophos Mobile. user help. product version: 8.6

My MessageMedia User Guide

Workspace MDM Management Site Manual

Dell EM+S Intune. Android Enrollment Guide. Version 1.5

VMware AirWatch Chrome OS Platform Guide Managing Chrome OS Devices with AirWatch


Sony Xperia Configurator Cloud User Instructions

Sophos Mobile in Central administrator help. Product version: 7.1

Administering isupport

... 4 Free Signup File Cabinet Selection Access Files & Folders Edit Files & Folders View Files Edit Index Fields

Telenor MDM. Samsung KME Note ( )

Telenor MDM. Samsung KME Note ( )

linkzone User ManUal

VMware AirWatch Android Platform Guide

SIMSme Management Cockpit Documentation

Android User Guide. for version 5.3

Workspace Secure Container for Mobile Devices

VMware AirWatch Tizen Guide

VMware AirWatch Google Sync Integration Guide Securing Your Infrastructure

NotifyMDM Device Application User Guide Installation and Configuration for ios with TouchDown

Dell EMC OpenManage Mobile. Version 3.0 User s Guide (Android)

CLIQ Web Manager. User Manual. The global leader in door opening solutions V 6.1

Deploying VMware Workspace ONE Intelligent Hub. October 2018 VMware Workspace ONE

Compliance Manager ZENworks Mobile Management 3.0.x January 2015

USER GUIDE GigaCentral Android User Guide

Sponsor Documentation

IdeaTab S6000. User Guide V1.0. Please read the safety precautions and important notes in the supplied manual before use.

N4A Device Manager 4.6.0

VMware AirWatch Reports Guide

What is MobiKEY? Definitions

Licensing Guide. BlackBerry Enterprise Service 12. Version 12.0

S2 NetBox v4.8 Basic End-User Admin Training

Introduction to application management

Electronic Appraisal Delivery (EAD) Portal. FHA EAD General User Guide

Pulse Workspace Appliance. Administration Guide

Compliance Manager ZENworks Mobile Management 2.7.x August 2013

SmartPay Express User Guide

VMware AirWatch Chrome OS Platform Guide Managing Chrome OS Devices with AirWatch

Workspace ONE Content for Android User Guide. VMware Workspace ONE UEM

Synway SIMCLOUD System SIMCLOUD. Version Synway Information Engineering Co., Ltd

Administrator Guide. Flexible Storage

ForeScout Extended Module for VMware AirWatch MDM

Mobile Connect for USA Mobility Pagers for BlackBerry

CONTENTS I. DEVICE SETUP II. INSTALLATION III. UNINSTALL RETAIL MODE

Comodo SecureBox Management Console Software Version 1.9

MANAGING ANDROID DEVICES: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

Workplace Online Using a standard web browser, simply login at us.awp.autotask.net using the credentials you ve been given.

Secure Messaging Plus Website. User s Guide

Sophos Mobile on Premise

ipass Open Mobile 2.10.x for Android Quick Start Guide

Knox Manage manages the following application types: Internal applications: Applications for internal use

Transcription:

10 Device management Administrators can install apps on an activated device using device commands and check the profiles settings. Moreover, they can update, delete, or re-install apps installed on users' devices. Using device commands, when administrators collect malicious application information from devices, they also collect logs containing relevant diagnosis information, and can view or download log files. Knox Manage provides the Default Dashboard. To help administrators understand the EMM's operation status, the Default Dashboard displays the number of provisioning devices, number of compliance violations, number of users per organization, and license information. Apart from the Default Dashboard, administrators can create a statistical report based on report queries provided by Knox Manage. They can also use these resources to create a new dashboard. If a device user has notices, one notice can be registered per period. Administrator can send device commands to users, groups, or organizations to manage devices. The following device commands are used most frequently: Section Device Command Android Knox ios Windows Compliance Apply latest Device/App mgmt Profiles O O O O Device Management Lock/Unlock device O - O O Reset screen password O - O - Factory reset + Initialize SD Card O - O Factory reset EMM Send message O O O - Device Confirmation Container Management Collect device/app info O - - - Locate the current position O - O O Lock/Unlock container - O - - Reset container password - O - - Uninstall container - O - - Administrators can check a list of device commands successfully sent to devices in Devices & Users > History > Device Command History. A list of device commands 130

unsuccessfully sent to devices due to network or other system issues can be viewed in Service Overview > Device Command in Queue. Administrators can modify the status of devices. Viewing Dashboard Administers can check the status of Knox Manage users and management status of devices on dashboards. Basic types of dashboards provided by Knox Manage include the Default Dashboard, EMM Dashboard, and Device Location Dashboard. Apart from these, administrators can also create a new dashboard. The dashboard specified by an administrator as the main dashboard is displayed on the initial screen that appears after they log in to the Knox Manage Admin Portal. The dashboards that show device location data on Google Maps are the Default Dashboard and Device Location Dashboard. Location data collected from devices, except for deactivated ones, is displayed. When location data collected from multiple devices is displayed, administrators can search for the location of a specific device by entering its user ID. The Default Dashboard consists of the following areas: Device Status: shows the number of devices by status, total number of devices using Knox Manage, and changes of Knox Manage usage by date. For more information on device status, see Device status. Compliance Violation: displays the number of activated devices with no profile or with tampered OS/ apps. Click on each number to move to Devices & Users > Devices and send device commands. 131

OS Status: shows the number of activated devices by all device platforms. Click the number of devices on the screen, and check the relevant devices in Devices & Users > Devices. Device/User: shows the number of activated devices and users by date. Users by Organization: shows the number of activated users by organization in descending order. Click to check the relevant information in Devices & Users > Users & Organization. Device Command History: shows increase or and decrease of device commands in either daily or weekly basis. Click to check the relevant information in Devices & Users > History > Device Command History. The device command history are shown ordered by recent date. License Status: displays the license expiration date, the total number of devices registered under the license and the number of activated devices. Certificates with less than one week of expiration date are notified as well. Click on specific device numbers under Device Status, Compliance Violence, or OS status on the Default Dashboard to move to Devices & Users > Devices and see more information on devices. To view Dashboard, follow the steps below: 1. Go to Service Overview> Dashboard. 2. Select a dashboard type in the upper right corner. The Default Dashboard, EMM Dashboard, and Dashboard Location Dashboard are the basic dashboards provided by Knox Manage. If there are more dashboards, they are the ones added by administrators in Service Overview > Dashboard & Audit Settings > Dashboard Management. 3. Click on each report to refresh the information of each report. 4. Click next to Dashboard list to modify the Dashboard. To learn more about creating a dashboard using a report, see Adding dashboard using reports. is disabled if View Type is Default Dashboard or the dashboard has been set to Main Dashboard in Service Overview > Dashboard & Audit Settings > Dashboard Management. 132

Adding a notice for devices Administrator can register a notice for a user device along with the notice period. It is not possible to duplicate notices in the same period, and notices are displayed in the device language set by the user. To add a notice for devices, follow the steps below: 1. Go to Service Overview > Notices. 2. Click. 3. Enter notice information and click Save: Notice Period: Notice must start within a month. Content: Enter a notice. Blank is not allowed before or after the notice. Viewing a device list Administrator can see the basic information such as device overview, mobile ID, and platforms as well as other details including devices with tempered OS, device commands history and device diagnosis. The device list provides the following device search and management functions: 133

Search functions: - Search: In the Search box, enter a User Name, Employee No., Email Address, Mobile ID, Model Name, IMEI/MEID, Serial Number, or Tag, and click. - Filters: View the desired items only using Filters by clicking on the right side of each column in the device list. When you apply filters, appears at the top. To reset the search filters, click at the top. - Reset order: When you reposition the items in a column or rearrange the columns, the last state is saved automatically. If you wish to reset it to the initial state, click. Management functions: - Delete: You can delete deactivated devices. - Device location: You can view location data, which has been collected through devices' inventory information, via Google Maps. For more information about location data searches, see Viewing location data by device. - Device command: You can send device commands to activated devices. For more information about the list of device commands, see List of device commands. - Add tags: You can add text tags for an individual device. For more information, see Adding tags per device. - Add multiple tags: Enter the Mobile IDs, IMEIs, and Serial Numbers of multiple devices and tags in an Excel file, and then add them at once. For more information, see Bulk adding tags for multiple devices. - Start Remote Support: Remotely connect to a user's device from the administrator's computer, and switch the device's screen, capture screens, save videos, or send files. For more information, see Remote support. From the device list, you can view profiles applied to the devices, whether a Knox container is created on the devices, and the device control history. Device control history can be viewed by date. KME devices are marked as Y in the KME column while DEP devices are marked as Y in the DEP column. Once the last device command is applied completely, the name of the last command is displayed in blue, and black when it is in progress. For more information on device status, see Device status. Adding device tags You can add a tag by adding text for the information required for a device. You can add multiple tags per device. You can also select Tag as a search condition, and find devices that have the same tag. 134

Adding tags per device To add or modify a tag for a single device, follow the steps below: 1. Go to Devices & Users > Devices. 2. Enter a search term into the search box in the upper-right corner, and click. 3. In the Actions field of the device for which you want to add a tag, click. 4. Enter a tag into the text input field in the "Add Tags" window, and then click. A tag can be up to 20 characters long. You can enter up to 10 tags per device. To delete the tag you just entered, click in the tag list at the bottom. 5. In the "Add Tags" window, click Close. Bulk adding tags for multiple devices To add tags for multiple devices at once, follow the steps below: 1. Go to Devices & Users > Devices. 2. Click in the upper-left corner. 3. In the "Add Multiple Tags" window, click Download Template. 4. Fill out the downloaded Excel file, and save the file. You must fill out at least one of the Mobile ID, IMEI, and Serial Number fields. Priority is determined based on the order of the columns. Example: If you enter a Mobile ID and IMEI, then the device that matches the entered Mobile ID will be entered. If there is no matching Mobile ID, then the tags you enter will be added for the device that matches the entered IMEI. You can add up to 10 tags separated by semicolons (;). 5. Click Browse, select the saved Excel file, and then upload it. 6. Click OK to finish adding the tags. 135

Viewing detailed information of a device Administrator can view detailed information on activated devices, applications installed on devices, and control application. Default Information Device default information consists of security, device profile, network, device location, and SDK installation status of the selected device. For more information on default information by platforms, see Device information by platform. Device Command: Click see List of device commands. to send a device command. For more information, Profile: Click a profile name to view detailed information about the Device Management Profile, App Management Profile, or DEP Profile applied to the device. A DEP profile is only displayed for a DEP device. Lock Device: When a user requests to have their device locked, send an Unlock Code. - When the user enters the unlock code, the device cannot detect forgery and falsification until the profile is re-distributed, and the device remains unlocked. The administrator is advised to guide the user to the device unlock code after solving the cause of the device lock. Password: When a user has forgotten their screen lock password, a temporary password needs to be entered. If a user makes such an inquiry, you send a Reset screen password device command and inform the temporary password. Then, the user is required to enter the temporary password received on their device and set a new screen lock password. 136

- A temporary password is generated according to the rules set forth in the Password policies in Profiles > Device Management Profile > Android Policy > Security. If there are no set password policies, then a random 4-digit password, containing a lowercase letter, uppercase letter, number, and special character, is automatically generated. - Since a screen lock password is generated when the relevant device management profile is saved, if the device is using the existing policy, then there would be no temporary password. To generate a screen lock password, you need to create a new policy, or save the existing policy and then deploy it again. - If you fail to reset the screen lock password because the temporary password did not meet the set password policies, then you need to check the password policies set in the relevant device management profile, and reset the password again in the following order. - Save the device management profile -> Deploy the device management profile -> Re-send the Reset screen password device command - To make sure that the password has been successfully reset, click Device History in Devices & Users > Devices, and check the Device Logs saved under the Reset screen password (Device Command transmit) event. Note: For devices using a Knox container, the screen lock password is available for only Android 8.0 (Oreo) or later. For devices that are running older versions than Oreo, after you send the Reset screen password device command, the user can set a new password on their device without entering a temporary password. When the temporary password contains prohibited words, including prohibited special characters, the password can't be reset. Therefore, it is recommended that you set the Prohibited words policy to "N/A. KeepAlive: KeepAlive regularly checks the connection status between a device and Knox Manage server. If a device is lost or disconnected from the server, KeepAlive provides tighter security. The status of a device that has exceeded the set KeepAlive Expiration days is changed to Disconnected status. - When the device is connected to the server, a blue circle is shown indicating successful connection. Otherwise, a red circle is shown. If KeepAlive Interval (hours) is not set in Settings > Configuration, a gray circle is shown. Attestation: If the Attestation option in the Security area in the Device Management Profile of a device that supports Knox Manage has been set to Use, after collecting the device's Inventory information, a CRC will be performed, and then the result will be displayed. If tampering is detected, the action specified in the Action when verification fails field of the Device Management Profile will be carried out. Device Location: Click Device Location to find the location of the device on Google Maps. 137

Network: Refers to the network information for a device, including the Wi-Fi, Bluetooth, SIM card, Number of calls, and Data usage. - Cumulative data is provided for the Wi-Fi transfer data (in/out), Network transfer data (in/out), Number of call(s), and Number of missed call(s) information. To reset the information above, send the Reset data usage and Reset number of calls device commands in the Device Management area. Application information Administrator can check the information of applications, including Knox Manage, installed on each user device. Application information can be exported as an Excel file. Check whether each application is a mandatory. Check whether each application is tampered. Send device command to process, stop, delete data, or uninstall application. Internal/Kiosk application installation and reinstallation. For ios, administrator can view settings and feedbacks. - Setting Details : View Feedback - If Knox Container is installed on the device, click next to the device ID and select a container. Y in the EMM column indicates system application. 138

Control Application information Administrator can view a white/black list of applications installed on the device. Version of the Knox Manage application on the device Application Package Name White/black list type Events where the application is applied (ios) Checking the collected device location information Device location data is collected and its history is provided. Device location data is collected in the following cases: When the scheduler collects inventory information on a regular basis When a "Locate the current position" device command is sent You can set whether to seek the user's permission for collecting location data from their device. A permission request pop-up opens or doesn't open on the device, depending on whether allow or disallow is selected for the Scheduler policy in the Device Management Profile. Once a Locate the current position device command is sent to Knox Manage on the user's device, the device's location data is sent to the server. The location information command is sent to devices in the following cases: When a user logs into Knox Manage on a device: The latest policy is applied on a device upon device activation and location device command is sent to the device. 139

When the administrator sends a device command: Administrator sends a location device command to active devices from the device list. Location information is also collected regularly along with the inventory information of Android devices. Administrator can set Inventory Collection Period for Android in Settings > Configuration. The device locations collected during the Device Location View Period, which can be set in Settings > Configuration, are shown on Google Maps. In order to track and collect device location, GPS policy on each device must be enabled. A consent for device location collection is required for Bring Your Own Devices (BYOD), but not for Corporate Owned or Personally Enabled (COPE) devices. You can view location data collected from activated devices by device or organization. Viewing location data by device Select one device or multiple devices, and view location data collected from each device on one map. View location data collected from devices in all statuses, except for the ones in the deactivated state. To view location data by device, follow the steps below: 1. Go to Devices & Users > Devices. 2. Search for the device whose location data you wish to view as instructed below: Enter a search term into the search box in the upper-right corner, and click. Check the check box on the device list. Click in the device list's header, and use the Filters. 3. Click Device location at the top of the list. 4. Select the searching condition: Current location: Last location The location history for the registered device during the Device Location History (days) of Device category in Settings > Configuration. - This feature is provided only for Android devices. You can only find the current location for non-android devices. Viewing the device location history via GPX Viewer You can download the location history of a device in GPS Exchange (.GPX) format and check it in GPX Viewer. GPX Viewer is an application that displays Waypoint, Track, and Route information via Google Maps using the location history contained in the GPX file. It needs to be installed on the administrator's computer. 140

To view the location history of each device using GPX Viewer, follow the steps below: 1. Go to Devices & Users > Devices. 2. Search for the device whose location history you need to find, and click in the Actions column. 3. In the "Device location" window, select Location history in 30 days, and click. 4. Click the downloaded.gpx file at the bottom. File name: LocationHistory_{Tenant ID}_{Device ID}.gpx 5. View the Waypoint, Track, and Route information in the location history from GPX Viewer. Viewing location data by organization Check location data of devices by organization. You can only view location data of activated devices within an organization. To view location data of activated devices by organization, follow the steps below: 1. Go to Devices & Users > Users & Organization. 2. Select an organization from the organization chart and select all users on the right side. 141

3. Click Device location at the top of the list. 4. View the list of devices and collected location data on the Device location window. The device list shows a list of all activated devices belonging to the relevant organization. The number of devices from which location data is collected appears on Google Maps. When you click a device, its location is displayed. Devices without location data are shown in the pop-up. Viewing details of device profile Administrator can view derailed information both on profiles deployed on devices and on a group or organization where a device belongs to. Devices are categorized into profile allocation, no allocation and partial allocation. Click the name of each profile to move to detailed information. Device profiles are prioritized in the following order: Profile Group (Device) > Profile Group (User) > Organization. The highest priority profile is applied to devices. If there is a profile but not properly applied to the devices, administrator can send the latest Device Management Profile to the devices. To view the details of the profiles applied to a device, follow the steps below: 1. Go to Devices & Users > Devices. 2. Enter a search term into the search box in the upper-right corner, and click. 142

3. Click a Profile column of the selected device. 4. Click each profile to view detailed information. If a recently applied profile on the activated device is not properly applied, click Device Command. 5. Click OK. Managing device applications Administrator can manage applications installed on a device with device commands. Administrator can activate a deactivated application and delete applications and related data that are no longer used on a device as well. Installing applications on devices Administrators can update or reinstall applications on user devices. In case of ios devices, administrators can only reinstall applications. If a new version of an application exists in the EMM server, applications on user devices are automatically updated. To install applications on devices, follow the steps below: 1. Go to Devices & Users > Devices. 2. Enter a search term into the search box in the upper-right corner, and click. 3. Click a Mobile ID. 4. Click the Application tab in the Device Detailed Information window. 5. Click Install Internal/Kiosk Apps. For ios, click Install Apps. 6. Choose an installation type: Install, Update, or Reinstall. For ios, only Reinstall is available. 7. Click the application to install. 8. Click OK. 143

Deleting device applications Administrators can delete any application installed on user devices. All application data can also be deleted for Android devices. The application data on ios devices cannot be deleted. If Knox Manage is deleted in the Knox Container, the user cannot reinstall Knox Manage application. To reinstall, the user must reinstall the Knox Container. To delete a device application, follow the steps below: 1. Go to Devices & Users > Devices. 2. Enter a search term into the search box in the upper-right corner, and click. 3. Click a Mobile ID. 4. Click the Application tab in the Device Detailed Information window. 5. Click X to delete the application data or click to delete the application. 6. Click OK when the confirmation pop-up appears. Running and stopping device applications Administrator can run or quit applications on user devices by sending a device command. This is applicable only for Android devices. To run or stop applications, follow the steps below: 1. Go to Devices & Users > Devices. 2. Enter a search term into the search box in the upper-right corner, and click. 3. Click a Mobile ID. 4. Click the Application tab in the Device Detailed Information window. 5. Click to start the application, or to stop the application. 6. Click Yes when the confirmation pop-up appear. Importing a list of installed applications Administrator can update the list of installed applications on a user device by sending a device command. To import a list of device applications, follow the steps below: 1. Go to Devices & Users > Devices. 2. Enter a search term into the search box in the upper-right corner, and click. 3. Click a Mobile ID. 4. Click the Application tab in the Device Detailed Information window. 144

5. Click the Installed apps list. 6. Click OK in the Device commands the list of installed apps window. 7. Click OK when the confirmation pop-up appear. Deleting ios app feedback from a device Administrator can delete all feedback of applications by sending device commands to ios devices. To delete device application feedback, follow the steps below: 1. Go to Devices & Users > Devices. 2. Enter a search term into the search box in the upper-right corner, and click. 3. Click Mobile ID. 4. Click the Application tab in the Device Detailed Information window. 5. Click the Installed apps list. 6. Check the Managed to delete the app feedback in the Device Command window, and click OK. 7. Click OK when the confirmation pop-up appear. Changing device status Administrator can change device status by sending a device command to devices. The following changes can be applied depending on the current device status: Activated, Disconnected, Expired: Send a Deactivate service device command to deactivate Knox Manage installed on the device. - You may choose to force-deactivate a device that has lost communication with the system. The user can deactivate the device by entering the offline deactivation code that was received. To learn more about offline deactivation, see Deactivating devices in offline. Provisioning: Change the device's status to Deactivated. Administrator can choose to delete the internal applications installed on Android devices and the Knox Manage-related applications installed on devices with ios 9.0 or above upon deactivation. To set automatic deletion, go to Settings > Configuration and set Delete App upon Unenrollment. To change a device status, follow the steps below: 145

1. Go to Devices & Users > Devices. 2. Click status of a device. 3. Click Yes when the confirmation pop-up appears. Deactivating devices in offline User can deactivate and delete Knox Manage on the device even when the device is disconnected from the server. Administrator can inform the offline deactivation code to the user via phone call and the user must enter the code on the device to successfully deactivate Knox Manage. The administrator may also force-deactivate a device that has lost communication when changing the status of the device. This feature is supported only for Android devices. Device deactivation by user The administrator sends a device deactivation code to the user, and the user enters the deactivation code on the device. Follow the steps below: 1. Go to Device & Users > Devices. 2. Click status icon of the device you want to deactivate. 3. Click Offline Deactivation in the Change status window. 4. Call the user and inform them of the offline code. 5. The user must enter the offline code on the device. For more information about the offline code, see SAMSUNG Knox Manage User s Guide. 6. Click OK. The deactivation device command is sent to the device. Device deactivation by administrator Administrators who wish to force-deactivate a device that has lost communication should follow the steps below: 1. Go to Device & Users > Devices. 2. Click status icon of the device you want to deactivate. 3. In the Change status window, click Device Command, and then click below check box. 4. Click Yes in the Change status window. The deactivation device command is sent to the device. 146

Viewing device status history Administrator can view device status history by date. The offline deactivation code is given only for Android devices. To view device status history, follow the steps below: 1. Go to Devices & Users > Devices. 2. Click Last Updated to view the detailed information. Controlling devices Administrator can send device commands to activated devices by user, organization, group, or device. For devices using Knox container, select Knox container first, and send a device command... Device commands are categorized into Compliance, Application Management, Device Management, EMM, Device Info Sync, Container Management, and Custom Control. Administrator can easily select 10 most frequently used device commands at the Frequently Used in the "Device Command" window. The last device command is recorded on the device list. List of device commands Types of device commands in each device command category, device platforms to which device commands can be sent, functions of device commands, and control methods are described below: 147

Compliance Device Command Apply latest Device/App mgmt profiles Apply latest Device mgmt profile Apply latest app mgmt profile Apply latest internal app info Apply customized event Description [Android, Knox, ios] Send the latest device management profile and application information to the device and control the device with the profile and information. [Android, Knox, Windows] Apply the latest device management profile to the device and control the device with the applied policy. [Android, Knox, ios, Windows] Send the latest application management profile to the device and control the device with the updated EMM Client application policies. [Android, Knox] Send the latest Internal application information and update the device according to the information. [Android, Knox, ios] Control devices with the policies configured for customized event. To run a user-defined event on a device, follow the steps below: 1. Click Apply customized event in the Device Command - Android window, 2. Select the event code in the Device Command - Apply customized event window. If profile has a user-defined event, the event code list appears. 3. Select an item to run. Set on: You can control a device with policies that are set on the customized event. Set off: Remove the customized event from device and control the device with the default policies set on the profile. 4. Click OK. To check the policies applied on Apply customized event, follow the steps below: 1. Go to Profiles > Device Management Profile. 2. Click a Profile Name from the list. 3. Click Event tab in the Device Management Profile window. 4. Click Event management and check the event type, and click the Event name. 5. Check the policies for Android, ios, and Knox containers. 148

Device Command Start gate access event Description [Android, ios] Control devices with the policies configured for Start gate access event. To run the Start gate access event on a device, follow the steps below: 1. Click Start gate access event from the compliance group. 2. Select an event code in the Device Command window. If there is a Start gate access event configured on the profile designated for the device, access code is shown on the list. 3. Select the item to run. Set on: Controls devices with polices configured on the Start gate access event. Set off: Remove the Start gate access event from the device and control the device with the default policies set on the profile. 4. Click OK. To check the policies applied for Start gate access event, follow the steps below: 1. Go to Profiles > Device Management Profile. 2. Click the Profile Name from the list. 3. Click Event tab in the Device Management Profile window. 4. Click Event management, check the event type and click the Event name. 5. Check the policies for Android, ios or Knox containers. Unlock EAS Detect jailbreak [Android] Set whether to use Exchange ActiveSync. Set on: Start using Exchange ActiveSync on the device. Set off: Stop using Exchange ActiveSync on the device. [ios] Collect jailbreak information and check OS tampering status. 149

Application Management Applications registered in Applications > Internal/Public/Kiosk Applications are listed on the device command window. Device Command Install Run Stop Delete Data Description To install and update the selected application on a device, follow the steps below: 1. Click Install from App Management. For Android, Internal/Kiosk apps can be installed or updated. For Knox container, Internal apps can be installed or updated. For ios, Internal/Public apps can be installed or updated. 2. Select Installation Type in the Device Command- App Install window. Install or Update Reinstall 3. Select the application and click OK. 4. Click OK when the confirmation pop-up appears. To run the selected application on a device, follow the steps below: 1. Click Run in App Management group. For Android, Internal/Kiosk apps can run. For Knox container, Internal apps can run. 2. Choose an application to run in the Device Command-App Run window, and click OK. 3. Click OK when the confirmation pop-up appears. To stop the selected application on a device, follow the steps below: 1. Click Stop in App Management group. For Android, Internal/Kiosk apps can be stopped. For Knox container, Internal apps can be stopped. 2. Select an application to stop in Device Command- App Stop window, and click OK. 3. Click OK when the confirmation pop-up appears. To delete data of the selected application on a device, follow the steps below: 1. Click Delete Date in App Management group. For Android, Internal/Kiosk app data can be deleted. For Knox container, Internal app data can be deleted. 2. Select an application in the Device Command - App Delete Data window, and click OK. 3. Click OK when the confirmation pop-up appears. 150

Device Command Uninstall Enable/Disable app running Description To delete the selected application on from a device, follow the steps below: 1. Click Uninstall in App Management group. For Android, Internal/Kiosk apps can be uninstalled. For Knox container, Internal apps can be uninstalled. For ios, Internal/Public apps can be uninstalled. 2. Select an application in the Device Command - App Uninstall window, and click OK. 3. Click OK to the confirmation pop-up. To enable or disable selected application from running, follow the steps below: 1. Click Enable/Disable app running in App Management group. This feature is supported only for Android devices. Internal/Kiosk apps can be configured. 2. Choose whether to enable or disable app running in the device command window. Allow: The selected application is allowed to be run on a device. Disallow: The selected application is not allowed to run on a device. 3. Choose an application and click OK. 4. Click OK when the confirmation pop-up appears. 151

Device Management Device Command Lock/Unlock device Reset screen password Factory reset +Initialize SD Card Factory reset Power off device Reboot device Reset SD card Initialization blocked information (Supervised) Reset data usage Reset number of calls Description [Android] Set whether to lock a device. Select whether to lock or unlock the device. When you select Lock Device, and enter a reason for locking the device and a phone number at which the user can be contacted when the device becomes lost. Then, the entered information appears on the locked device screen. [ios] You cannot lock the ios device, but you can block some of the features to enhance security using the lock device command. [Windows] You can only lock the devices. [Android, ios] Reset the user's screen lock password to a temporary screen lock password. For more information, see the screen lock password in Default Information of device detailed information. [Android] Reset all data in the device and external SD card. [Android, ios, Windows] Reset a user device but not the SD card. [Android] Turn off the device. [Android] Reboot the device. [Android] Initialize the external SD card of the device. [ios+supervised] Initialize the block settings on the device. [Android] Among the Android device's inventory information, resets the Data usage. Wi-Fi transfer data (in/out) Network transfer data (in/out) [Android] Among the Android device's inventory information, resets the Number of call(s) and Number of missed call(s). Number of call(s) Number of missed call(s) 152

EMM Device Command Deactivate service Sync app auto-removal property when service is deactivated Send message Lock screen Unlock EMM Client Delete account Collect audit logs Collect logs Description [Android, ios, Windows] Deactivate EMM service on the device. [ios] If you change the value of Delete app during Unenrollment process in the server configuration, send the device command to sync the app auto-delete property when it is deactivated for managed apps. [Android, Knox, ios, Tizen Wearable] Send an emergency message to the device. The message icon is shown on the status bar of the device. To send a message, follow the steps below. 1. Click Send message in EMM Management group. 2. Enter the title and content of the message in the Device command window and click OK to send message. 3. Click OK when the completion pop-up appears. [Android, Knox, ios, Windows] Lock the device screen. The camera cannot be used when the screen is locked. To lock a screen, follow the steps below: 1. Click Lock Screen of EMM Management group. 2. Click OK when the confirmation pop-up appears. [Android, Knox, ios, Windows] To unlock the EMM Client, follow the steps below: 1. Click Unlock EMM Client of EMM Management group. 2. In the device command window, select a device command to send, and click OK. [Android, Knox, ios, Windows] Delete EMM account registered in the EMM Client. [Android, Knox, ios] Collect EMM audit logs of the device. When the log size exceeds the maximum size, logs are automatically sent to the server, but the log file may be lost. For more detailed information, see Audit events. [Android, Knox, ios] To collect a log from the device, follow the steps below: 1. Click Collect logs of EMM Management. 2. In the device command window, select either Client or Agent, and click OK. 3. Click OK in the completion pop-up. 153

Device Command Collect diagnosis information Update user information Update license Update system app Description [Android, ios] To collect a device log to diagnose the cause of device lock, follow the steps below: 1. Click Collect diagnosis information of EMM Management group. 2. In the "Device control - Collect diagnosis information" window, click OK. 3. Click OK when the confirmation pop-up appears. [Android, Knox, ios, Windows] Update the device user information. Save changes of the user activation status/username/user settings (Secure Browser homepage URL information, Bookmark information) and license information [Android] Update and re-enroll the Knox Manage license for controlling SAMSUNG Galaxy devices. Update EMM on user device for a new patch or upgrade. The agent information registered in the Knox Manage server is sent to a device, which automatically selects the appropriate agent to request installation files from the server. 154

Device Info Sync Device Command Collect H/W Status Installed apps list Collect device/app info Locate the current position Send SIM card authentication Description [Android, ios, Windows] Update the device inventory. After sending the device command, check the status of H/W as follows: 1. Go to Devices &Users > Devices, and click the mobile ID of the device. 2. In the Device Detailed Information window, go to Details to check information. [Android, ios, Windows] Update the information of installed applications. For ios devices, select whether to delete application feedback, and send device command. To check the list of installed applications after sending device command, follow the steps below: 1. Go to Devices & Users > Devices, and then click the mobile ID of the device. 2. Click Application tab in the Device Detailed Information window, and check the list of installed applications. [Android, ios, Windows] Collect application and inventory information from the device. To check after sending device control, follow the steps below: 1. Go to Devices & Users > Devices, and click Mobile ID of the device. 2. Check the basic information and the app tabs in the Device Details window. [Android, ios, Windows] Show the current location of the device. To check the location of a device after sending the device command, follow the steps below: 1. Go to Devices & Users > Devices, and click the mobile ID of the device. 2. Go to Details section in the Device Detailed Information window, and check Location. [Android] Authenticate the device SIM. 155

Device Command Send SD card authorization [Android] Perform the authentication process of the external SD card on the device. Status report Description [ios] Check the service connection status of device. To check the status of device after sending the device command, follow the steps below: 1. Go to Devices & Users > Devices, and click the mobile ID of the device. 2. In the Device Detailed Information window, go to Security section and check KeepAlive. : The device is connected to the EMM server. : The device is disconnected to the EMM server. : KeepAlive is not configured. 156

Container management Device command Lock/Unlock container Reset container password Description [Knox] Lock the Knox container. User cannot access the Knox container unless the administrator sends the unlock container device command. [Knox] Reset the Knox container password. Enter the current password first, and then enter new password to change. Note: The following restrictions apply to devices running Android 8.0 or later: If the device user is currently using One Lock, then One Lock is disabled upon resetting the Knox Container Password. If the container is password locked, then the user is asked to give permission upon resetting the password for the first time. When the user selects the notification and enters the Knox Container Password shown in Device Detailed Information in the Admin Portal, the Knox Container Password is reset. - Users who are using One Lock or who Swipe to unlock their Knox container don't need to give permission. Uninstall container [Knox] Uninstall the selected Knox container. Inventory information is updated on the server upon container deletion. Custom control Device command Select Description [Windows] Select and send CSP registered in EMM to a device. The CSP list appears when you click Select. Select a CSP from the list and click Process. To register a CSP, in the TMS Admin Portal, go to Management > Service Profile, click, and then go to Settings > Windows 10 > CSP Configuration. Sending a device command To control a device application, follow the steps below: 1. Depending on the target to send device command, go to Devices & Users > Devices, Users & Organization, or Group. 2. Enter a search term into the search box in the upper-right corner, and click. 3. Select a device, and click action of the selected device. 157

The is only enabled for activated devices. 4. In the Device Command window, select a command and click OK. For devices that use a Knox container, select a device command from the Knox container tab. 5. Click OK. Viewing device command history Administrator can see device command history and related audit logs by date. The list of device commands that are not properly applied can be viewed in Service Overview > Device Command in Queue. Administrator can also see the details about the results of device commands, and collect the device control audit logs for each event. For more information on audit log items, see Viewing Audit logs. To view a device command history, follow the steps below: 1. Go to Devices & Users > Devices. 2. Enter a search term into the search box in the upper-right corner, and click. 3. Click in Device History of the device list. 4. Click the Device Command tab in the "Device History" window. 5. Click Device Command Type to view the audit result of the device command. Viewing device command detailed history Administrator can view the device command logs by device platform and date. For more information on audit log items, see Viewing Audit logs. To view command logs run on devices, follow the steps below: 1. Go to Devices & Users > History > Device Command History. 2. Enter User ID or Mobile ID and click. 3. Click Device Command Type to view detailed audit of the device command. 158

Viewing a device command history by group The device command logs are displayed per each platform. 1. Go to Devices & Users > History > Group Command History. 2. Enter date, Group ID or Organization, and click. 3. Click a Group/Organization. Viewing device diagnosis history Knox Manage allows administrators to collect diagnosis information for the user device. Administrators can also download and view device diagnosis information when a device is either locked or unlocked. 159

Device diagnosis information: Administrator can collect device diagnosis information by sending a device command to devices. If a device receives the device command, server-related audit logs and device logs are recorded. Administrator can download the records as an Excel file to check the details. - For more information on the audit event list for device diagnosis, see Audit events. Device lock/unlock history: If a device is locked due to OS or app tampering, the device can be unlocked by sending the device unlock command. All histories on device lock or unlock is recorded on Audit log. To view a device diagnosis history, follow the steps below: 1. Go to Devices & Users > Devices. 2. Enter a search term into the search box in the upper-right corner, and click. 3. Click in the Device History field, and then select the Diagnosed Information tab in the Device History window. 4. Enter Collected Date in Diagnosis Information or Device Logs tab and the detail information appears. 5. Click OK. Collecting device audit logs Administrator can collect device audit logs from activated devices, and save as an Excel file. To collect device audit logs, follow the steps below: 1. Go to Devices & Users > Devices. 2. Enter a search term into the search box in the upper-right corner, and click. 160

3. Click in the Device History field, and then select the Audit Logs tab in the "Device History" window. 4. Click Collect Audit Log. A device command to collect log is sent to the device. 5. Click to save the list as an Excel file. Sending a message You can send an E-mail or SMS to users. Knox Manage message service, based on the SMTP e-mail delivery service, cannot check the delivery result of the E-mail. Successful e-mail delivery refers to successful delivery from the Knox Manage server to the SMTP server. For SMS, the Knox Manage server only records whether the message has been sent regardless of the success result. Administrator can find out the result whether the SMS has successfully delivered to user devices with twiliosmssender and amazon- SMSSender. You can send a general e-mail or an e-mail containing the URL and registration information required for Knox Manage installation. Use a preset message template when sending an E-mail or SMS. To add a new template, go to Settings > Device > Message Template. The message sending history can be checked in Devices & Users > Send Message History. For more information on message template management, see Managing message templates. Administrator must check the user information if an e-mail or SMS is not sent to the user. If an e-mail address or telephone number is not registered in the user information, Send button is disabled. To send an e-mail or SMS to users, follow the steps below: 161

1. Go to Devices & Users > Users & Organizations. 2. Search for a user using the organization chart or keyword search. 3. Click or next to the selected user. 4. In the Send E-mail or Send SMS window, select the message template, and click OK. Click to view the detailed information on the selected template. 5. Click Yes when the confirmation message appears. The e-mail is sent. If e-mail related settings are not valid, a warning message appears. Viewing a send message history Administrator can view details about the sent e-mails or SMS. E-mail delivery failure can also be checked from the message list. Knox Manage message service is based on the SMTP e-mail delivery service; therefore, administrator cannot check the delivery result of the E-mail. Successful e-mail delivery refers to successful delivery from the Knox Manage server to the SMTP server. Knox Manage server only records whether the message has been sent regardless of the success result. Administrator cannot check if the message has been sent successfully to the user. To view history of the sent messages, follow the steps below. 1. Go to Devices & Users > History > Send Message History. 2. Enter Receiver ID, or E-mail / Mobile No. and click. Log Date: Date and time when the e-mail or SMS was sent. Subject: Click to view details of the e-mail or SMS sent to users. Receiver ID: User ID of the e-mail receiver. Send Type: Message type: either SMS or e-mail. E-mail/Mobile No.: E-mail address or phone number of the recipient. 162

Server Transmission Result: Result of the e-mail that was sent to the SMTP server: Success or Failed. - If an e-mail was not sent, you can view the reason in the Log Details window. Sender: Admin Portal ID of the administrator who has sent the e-mail or SMS. Supporting devices remotely When an Android device user requests support, an administrator can provide remote support through Remote Support Viewer (hereinafter RS Viewer) installed on their computer. To receive remote support, the user has to launch the Remote Support Agent (hereinafter RS app) on the device. The administrator can share the user's device screen through RS Viewer, and remotely switch the device's screen, capture screens, save videos, and send files. Administrators can also support multiple users remotely at the same time. Administrators can provide remote support using one of the following two methods, depending on whether they are logged in to the Admin Portal. While logged in: Administrators can connect to the Remote Support service in Devices & Users > Devices. While logged out: Launch RS Viewer installed on the computer, enter the same ID and password as the ones used in the Admin Portal, and then connect to the Remote Support service. - For more information, see Remote support. To support a user device remotely, follow the steps below: 1. Go to Devices & Users > Devices. 2. Enter a search term into the search box in the upper-right corner, click and find the device. 163

3. In the Actions column of the device, click. 4. In the "Start Remote Support" window, enter the phone number of the device that needs remote support. The window displays the device's Mobile Number, which can be modified. 5. Check whether the RS app is installed on the device that needs remote support, and instruct the user to launch the app on their device. If it is not installed yet, instruct the user to download and install the RS app from Google Play on their device. 6. Click Run. If the RS Viewer is not yet installed on the administrator's computer, then click the provided link, download the RS Viewer, and install it. - For more information about how to install RS Viewer, see Installing RS Viewer. An SMS message containing the same 6-digit access code as the one sent for RS Viewer is sent to the user's device. Then, it is automatically entered on the login screen of the RS app. 7. The administrator can provide remote support on the RS Viewer screen, which now displays the user's device screen. The administrator can switch the user's device screen, capture screens, save videos, and send files remotely. - For more information about the Remote Support service, see "Remote Support." 8. To end the remote support session, click the X in the upper-right corner of RS Viewer, and then click Disconnect or Exit. Alternatively, the user may tap the End button in the RS app to end the remote support session. Disconnect: Ends the remote support session while keeping the RS Viewer window open. Exit: Ends the remote support session and also closes the RS Viewer window. 164

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback