Workspace MDM Management Site Manual 8. Appendix (Web site ver 8.1.1) 1
1 Appendix... 3 1.1 Function list... 4 1.2 Easy Setup procedure... 8 1.3 Input method of import data... 10 1.4 Details on CSV for import and export... 11 1.5 VPP Application Distribution procedure... 12 1.5.1 About VPP token... 12 1.5.2 Uploading VPP token to management site... 13 1.5.3 Checking VPP License... 14 1.5.4 Association between device and user... 15 1.5.5 Assigning tentative license / Applying assignment... 17 1.5.6 License collection... 22 1.5.7 Creation of Application Management Policy... 24 1.5.8 Creation of Application Distribution setting... 25 1.5.9 Assignment of Application Distribution setting... 26 1.5.10 Allowance of assignment on ios device... 27 1.6 Issue new password / Reset password... 28 1.6.1 Setup... 28 1.6.2 Check password reset mail... 30 1.7 Renewing expired password... 32 1.8 Advanced Functions... 33 1.8.1 Contents Distribution (Silent Installation)... 33 1.8.2 USB Setting... 34 1.9 Icon list... 36 2
1 Appendix This chapter describes other information required for management and operation. 3
1.1 Function list Following functions are available. Refer to Management to see a detailed description. "" denotes unavailable functions. Function name Android ios Mac Windows Windows 10 Mobile Organization Organization Chart Organization / User Organization / User Organization Organization / User Organization / User Import Organization (New) Organization / User Organization / User Import Organization (Edit) Organization / User Organization / User Export Organization Organization / User Organization / User Zone Zone Management Various Settings Various Settings Policy Various Settings Various Settings Zone Policy Configuration Various Settings Various Settings User User Organization / User Custom user info Organization / User Import User Data (New) Organization / User Import User Data (Edit) Organization / User Export User Data Organization / User Assets Network Assets Assets Assets Additional Asset Item Assets Bulk Asset Settings Assets Import Asset Data (New) Assets Import Asset Data (Edit) Assets Asset Report (Export) Assets Export Unmanaged Asset Assets ( 1) Application Report Assets Message Assets Network management Assets ( 1) Certificate Client Certification Management Various Settings Various Settings Upload client certificates in bulk Various Settings Various Settings CA Certificate Management Various Settings. Various Settings Admin Log Various Settings Notification Settings Various Settings Portal Settings Various Settings 4
Function name Android ios Mac Windows Windows 10 Mobile Activation Restriction Various Settings Settings LDAP Setting Various Settings Account policy setting Various Settings Setting Personal Settings Various Settings Restrictions Application Prohibition Windows App Filtering Windows SD Card Camera Windows 10 Mobile Bluetooth Windows 10 Mobile Screen Lock Windows Remote Lock Using the management site Remote Wipe Using the management site WiFi Filtering Windows Web Filtering Various Settings Windows Browser History Various Settings Call Restriction Application Detection ios Secure Shield External Device Windows USB Appendix Windows 10 Mobile CD / DVD / Bluray Windows 5
Function name Android ios Mac Windows Windows 10 Mobile NFC Windows 10 Mobile Setup Application Distribution ios Windows Application Catalog ios WiFi Bookmark Various Settings Various Settings Contact List Encryption Windows Proxy Windows Content Distribution Policy of Content Distribution NFC kitting setting Configuration profile ios Upload Configuration Profile ios Roaming Settings ios Home Screen Layout ios Application Management Policy ios Original Application Registration ios System Setting / Diagnosis Windows System Security Windows MS Office License Management Windows 6
Function name Android ios Mac Windows Windows 10 Mobile Others Setting Templates ios Windows Windows 10 Mobile Register Apple Push Certificate Setting for All Agents Setting for Selected Agents Setting Backup Location Data Management App Manager ios Mac OS Mac OS Windows Windows 10 Mobile Windows Windows 1: This function is available only when Windows agent is used and device detection is ON 7
1.2 Easy Setup procedure Easy Setup simplifies initial setup when introducing Optimal Biz. By using this function, you can set various settings such as device password policy and backup in bulk. 1 Click the banner of Easy Setup wizard at the top of the top screen. 2 The start screen shows. Click [Start]. * To cancel Easy Setup, click [End](A). (A) «If you use ios and Mac, and Apple Push Certificate is not registered» The screen urging registration of Apple Push Certificate shows. Click [Register Apple Push Certificate] to register Apple Push Certificate. 8
3 Security setting screen shows. Click [Set]. * If you do not want to set, click [Skip] (A). To return to the previous screen, click [Back] (B). * The password policy of the device, Encryption, Backup, Antivirus function can be set. Recommended items are fixedly entered for setting contents (policy). You can change the settings at any time from the menu. (B) (A) 4 Destination setting of email notification screen shows. 1. Enter the administrator's email address and the mailing list of the department that manages devices. * To add an field, click [Add] (A). 1 5 2. Click [Set]. * Email you when problems occur on managed devices. Device Authentication screen shows. Click [Completed]. * Since the URL of the agent application shows, please do kitting referring to it. When authentication is completed, the contents set in step 3 are reflected on the device. (A) 2 6 Complete Setting screen shows. Click [Open Assets]. * You can check the authentication status of the device. 9
1.3 Input method of import data This section shows how to import data. * Input method of import data User Field GUID [S] User type [F] Password Other objects that start with [F] Objects that start with [G] Method Do not change. (* Displayed only when importing updated data) Enter Administrator, Reader or User In the case of new data: Between 4 and 20 characters. In the case of updated data: The password is displayed by * and cannot be changed. Must be between 4 and 20 characters. If you input 8 * characters, it will not be updated. Enter a corresponding value. Enter a registered category name. If there is no Custom user info, the object will not be displayed. * Input method of import data Device Field GUID [S] User [S:iOS] Configuration Profile Objects that start with [G] Objects that start with [C] Objects that start with [I] Objects that start with [P] [S:iOS:Exchange]SSL [S:iOS:Exchange] Sync previous emails Other objects that start with [S:iOS:Exchange] Objects that starts with [S: Method Do not change. (* Displayed only when importing updated data) Enter a registered user name. Enter the setting name of a registered configuration profile. Enter a registered category name. If there is no registered Additional Asset Item (Category), the object will not be displayed. Enter a value of an Additional Asset Item (Add Information). If there is no registered Additional Asset Item (Add Information), the object will not be displayed. Unable to change. ON: Use optional packages; Empty (No input data): Do not use optional packages. Enter ON, or OFF. Enter No limit, 1 day, 3 days, 1 week, 2 weeks or 1 month Input a corresponding value. Enter the Setting Group name. (* If competing with setting template, setting template takes priority.) * Input method of import data Organization Field GUID [F] Organization Name [S] Parent Organization Name [S] Inherit Permission [S:OS Name] Setting group name or setting templates Example) [S:Android] Setting Templates [S:iOS] Roaming Settings Method Do not change. (* Displayed only when importing updated data) Must be 100 characters or fewer. Control characters are not allowed. Duplication in the same upper organization group is not allowed. Enter a registered organization. In the case of inheriting permission from a parent organization, enter "ON". In the case of not inheriting permission of parent organization, leave it blank. Enter a Setting Group name. (* If competing with setting template, setting template takes priority.) * In the case of inheriting this from a parent organization, leave it blank. [S:OS Name] Setting group name (Inheritance) Example) [S:Android] Application Prohibition (Inheritance) [S:iOS] Roaming Settings (Inheritance) In the case of inheriting from a parent organization, enter "ON." * To set another setting group instead of inheriting from parent organization, leave it blank. 10
1.4 Details on CSV for import and export Format A CSV file is comprised of multiple records. Record is delimited by line feed code. Record also has multiple fields. The fields are divided by a comma (%x2c). There are escape fields and not escaped fields. If double quote (%x22), comma (%x2c), CR (%x0d) or LF (%x0a) are included, add a double quote to a string and escape it. If a double quote (%x22) is included, replace it with two double quotes (%x22%x22) and escape it. CSV format which can be imported is defined in RFC4180. Example GUID,[F]Name,[F]Phonetic Name,[F]User ID,[F]Email Address,[F]Password,[M]Role user1,user1, user 1,user1,user1@example,********,Role1 user2,user2, user 2,user2,user2@example,********,Role2 In the case that escape fields are included GUID,[F]Name,[F]Phonetic Name,[F]User ID,[F]Email Address,[F]Password,[M]Role user1,user1, user 1,user1,user1@example,********, Role1,Role2 user2,user2, user 2,user2,user2@example,********, Role1,Role2 Character Code Japanese: SHIFTJIS (cp932) Others: UTF8 * If the character cannot be displayed by "Shift_JIS", "?" mark is registered instead of that character. Line Feed CR+LF (When importing and exporting) 11
1.5 VPP Application Distribution procedure Volume Purchase Program (VPP) provided by Apple lets you manage and distribute paid Apple applications. VPP makes it easy to purchase paid application licenses in bulk and distribute to multiple users, organizations or devices at the same time. * This feature only supports applications purchased by VPP. Other items (i.e. ibooks) purchased through VPP are not supported. * If license authority or user invitation is set by other function (i.e. other MDM), VPP will not manage these licenses. * Even when a license is authorized by this function, you cannot distribute if distribution from AppStore is canceled. * A token is valid for one year. Like ios ID, you need to update your token once a year. * Allocation of VPP licenses to devices is supported for ios 9 and later operation systems. Keep in note that when a license is allocated to a device with an OS earlier than ios 9, VPP application is not distributed. 1.5.1 About VPP token A VPP token is a token to link a VPP account to a management site. A VPP token has information about type and volume of licenses purchased through the VPP program. By uploading this VPP token from "VPP License" (refer to "ios ApplicationVPP License" in ios ), you can manage and distribute VPP licenses in the management site. The preparation below is required when you obtain a VPP token from Apple. Preparation for email address Enrollment of DUNS number (standard company code registration) It may take few days to enroll. After preparation is completed, register an account for Apple's Volume Purchase Program at "http://www.apple.com/jp/business/vpp. It may require 2 or 3 hours to issue an account. After the registration of accounts is completed, you can purchase applications in bulk by using a VPP License. After you purchase applications, download the VPP token. 12
1.5.2 Uploading VPP token to management site Click the management site [Menu] and click [VPP License] under the "ios Application" panel. Click the [Admin] tab to upload the VPP token. 1 2 3 4 1 Enter any account name of the VPP token in "Account Name." 2 Click [Browse] to select the VPP token to upload. 3 Type the AppleID in Notes section. 4 Click [Save]. * The AppleID used to retrieve the VPP token should be recorded in the Notes field. Click [Save]. 13
1.5.3 Checking VPP License After the VPP token upload has been completed, click the [Application] tab to view a list of purchased applications. You can assign those applications to a user in the next step. 14
1.5.4 Association between device and user A VPP license is allocated to users, organizations or devices. User Create a user from the User page (refer to UserUser in Organization / User ), and then link this user to the device in the "Assets" page (refer to Using the management site Assets in Using the management site ) under the "Division" option. Organization Create a user from the User page (refer to OrganizationOrganization in Organization / User ), and then link this organization to the device in the "Assets" page (refer to Using the management siteassets in Using the management site ) under the "Division" option. However, when you choose to use an organization, you need to set a parent organization in User page. 15
Asset If user (organization) is not selected, allocate VPP license from the Asset page (refer to Using the management siteassetsvpp setting (ios only) in Organization / User ). If user (organization) is selected, VPP license set in User (Organization) page in VPP setting on the Asset page and cannot be edited. 16
1.5.5 Assigning tentative license / Applying assignment Allocate licenses to users (organizations), or devices. The following 3 steps are required to grant VPP application license. 1. Creation of a VPP template (optional setting) 2. Temporal assignment of licenses (Target: User / Organization / Device) 3. Applying license assignment In order to allocate VPP licenses to devices via organization, associate device and organizations using following methods. A VPP template applied to organization is then passed down to the device. 1. Make a device belong directly to organization. 2. Make a device belong to a user who is a member of organization. 1.5.5.1 #1:Creation of VPP template (optional setting) When application licenses need to be granted to each users (organizations) or devices, a template can be created to include multiple applications. Apply this template to users, organizations or devices to easily grant multiple application licenses at once. Refer to "ios ApplicationVPP Setting Template" in ios 1 2 3 4 1. Enter any template name in "Template Name." 2. Click the pull down menu at "VPP License" and specify the VPP token that you uploaded. 3. Add applications to the template. 4. Click [Save]. 17
1.5.5.2 #2:Temporal assignment of licenses (Target: User / Organization / Device) From any of "VPP Setting" in the User page, "VPP Setting" in the Assets page or "VPP Setting" in the Organization page, allocate temporary licenses. <<Using the VPP setting template>> 1 Select a VPP setting template. ("#1: Creating VPP template (optional)": Refer to page 17) 2 (For Organization page only): Select "User" or "Devices" as the "VPP License Target. 3 Click [Save]. <<When not using a VPP setting template>> 1 (For Organization page only): Select "User" or "Devices" as the "VPP License Target. 2 (For all pages): Select from uploaded VPP tokens under "VPP License. 3 (For User page only): When multiple ios devices belong to a target user, use the "Invitation" option. This option specifies which ios device to send the invitation request to. Send Automatically: Out of multiple ios devices, the first device to sync with the server automatically joins the VPP service. (This option only works when devices have different Apple IDs.) Send Manually: Manually select which device joins the VPP service. 18
* If the restriction items ("Allow App installation" or "Allow App installation from App Store"), which are used not to display "AppStore" in the stage of the Upload configuration profile, are activated, VPP invitation cannot be completed. 4 (For all pages): Finally, below the "Grant VPP Application License" panel, click the [+] button to add applications. After adding all the applications to distribute, click the [Save] button to save new setting. Next, a temporary license needs to be applied. * If the VPP setting is applied to all User / Device / Organization, setting are applied in following priority. User > Device > Organization When applying a VPP setting to devices and organizations, make sure that no VPP application license is already allocated to the user or device. When a VPP setting is already applied to the organization which a user or device belongs to, the VPP setting page displays VPP setting details applied by the organizationwide setting. When ignoring the organizationwide setting and applying exceptional VPP settings for a specific user, click on the [Exceptional setting for this user] button on the user page. When setting exceptional settings for a specific device, click on [Exceptional setting for this device] on the assets page. <<User page>> 19
<<Assets page>> 20
1.5.5.3 #3:Applying license assignment Apply a tentative assignment that has set in the previous steps as a formal assignment. Click the management site [Menu] and click [VPP License] under the "ios Application" panel. Click "Application" tab, and confirm (1) number of "Unallocated" application of target application must be positive, and more than "0. (If it is zero, it means there is no tentative assignment to apply.) Next, click [Refresh] ( 2 on top of the page). The number of "Unallocated" applications becomes "0" and the number of "Allocated " columns increase according to the number of licenses applied. 2 1 * When "All" is smaller than "Unallocated, a license cannot be applied. For this case, collect licenses and decrease the number of licenses allocated to users and devices. For details, refer to page 22, "License collection. * Reload the page if the changes are not displayed. * When "Unallocated" remains unchanged after allocating a temporary license, check the target user's "VPP Setting" tab or the target device's "VPP Setting" tab. When an empty VPP application license is applied to a device or user, the number of "Unallocated" may not reflect the actual setting. 21
1.5.6 License collection Collect licenses and decrease the number of licenses allocated to users. In the same page from any of "VPP Setting" in the User page, "VPP Setting" in the Assets page or "VPP Setting" in the Organization page for when the temporary license was allocated (page 19), remove allocated applications. 1 2 1 Click [Edit] at the bottom of the screen and click the [x] button at "Grant VPP application license" to delete licenses you want to collect. 2 Click [Save]. Next, apply collected tentative licenses. 22
This is similar to applying a license assignment (on page 21), open management site [Menu] and click [VPP License] in "ios Application" panel. Click the "Application" tab and confirm that 1 the number of "Revocable Licenses" of the target application is a positive number (If the number is zero, it means there are licenses to collect). Next, click [Run] in the "Collect" column of the target application. The number of "Revocable Licenses" applications becomes "0" and the number of "Used" column decreases according to the number of licenses collected. 2 1 * Reload the page if the screen does not update. * When "Revocable Licenses" remains unchanged after allocating a temporary license, check the target user's "VPP Setting" tab or the target device's "VPP Setting" tab. When an empty VPP application license is applied to a device or user, the number of "Revocable Licenses" may not reflect the actual setting. 23
1.5.7 Creation of Application Management Policy Prepare for Application Distribution. First, create an application policy with the "Use VPP license" option enabled. Open [Menu] and click [Application Management Policy] under "ios Application." 1 2 1 Enter a policy name in [Policy Name]. 2 Be sure to check [Use VPP License] at "Grant VPP Application License. This application policy will be required to be set for "Application Distribution setting" in the next step. 24
1.5.8 Creation of Application Distribution setting Open [Menu] and click [Application Distribution] under [ios Application]. 1 2 3 4 5 1 Enter a name in [Name]. 2 Enter the Store ID of the application to distribute in [Store ID]. Refer to "ios ApplicationApplication DetectionInput values of Application Detection " in ios to search for a Store ID. 3 Be sure to select the "Management" checkbox. 4 Specify whether to allow "Backup. 5 In "Policy, specify the application policy created in the previous step, "Application Management Policy. 25
1.5.9 Assignment of Application Distribution setting When you distribute an application to a device, open [Assets] and click the [Others] tab. Click [Settings] (refer to "Using the management siteassetssettings" in Using the management site to assign an application distribution setting. If you distribute an application to an organization, open [Menu], click [Organization] ("Organization OrganizationOrganization" in Organization / User ) and select the [ios Setting] of the target organization. Select the application distribution setting in the previous step, [Application Distribution] sets. * When you assign a setting group to an organization, the [Application Distribution] setting on the device screen "(Follow parent organization)" needs to be selected. 26
1.5.10 Allowance of assignment on ios device When a VPP license is assigned to user, the following message is displayed on the target device (This message is displayed right after Sync is executed on the "Asset" page on the management site). The user needs to agree to the VPP assignment as follows: Please note that when the VPP license is directly applied to the device, the application is distributed with no following confirmation message.) * This message is not displayed on the target device if VPP license is directly applied to devices. 1 Tap [Continue]. * Screen images for the assignments permission prompt is as displayed in ios9. Depending on the ios version, a different prompt may be displayed. 2 Tap [Agree] on the "Terms and Conditions" page. You may be required to enter your Apple ID before this page can be displayed. * If you agree to the terms when apps are distributed for the first time, no confirmation message will be displayed again (unless users are deleted from the management site). If you cancel in the middle of confirmation, a confirmation message is not displayed again until a sync is executed from the management store. No applications are distributed until the confirmation is made. * After the agreement, you can install silently if the device is set to [Monitoring mode]. (If using ios 8 or later, you may need to allow this assignment again.) * Application distribution timing : An application is distributed at the sync time after the user taps [Agree] on the "Terms and Conditions" page. Sync timing depends on the communication status of the device. 27
1.6 Issue new password / Reset password Issue new password or reset password from login page. To use this function, "Password reminder" must be enabled at the Account policy setting" page. Refer to "Admin Account policy setting" in Various Settings for more details. 1.6.1 Setup 1 Enter the management site URL in the highlighted address bar and press [Enter]. 2 The login page has been displayed. Click on the "New user? Forgot your password?" link below the [Login] button. 28
3 The send mail page is displayed. Enter [Company Code] and [email address]. * In some cases, [Company Code] may already be entered. 4 Click [Submit]. If you do not receive an email, please check your email address and contact customer support. For customer support, contact the seller of this product. 29
1.6.2 Check password reset mail 1 Password reset mail is sent to the registered email address. Title (example): (Service Name) Management Site: Instructions for password setup Sender address (example): xxxxxx@optim.co.jp * Depending on your email settings such as for the spam filter, the setup mail may not be received. If you do not receive the email, please check your mail settings. * The title, mail body and sender address of password reset email can be modified in the Service Provider site's "Custom 2 Screen page. Click on the URL provided in the password reset mail. 3 The password reset page is displayed. Enter a new password in [Password] and enter the same password again in [Confirm Password]. 30
4 The dashboard has been displayed. 31
1.7 Renewing expired password When a user account password expires, the user is no longer able to login to the management site. In this case, renew the password according to the website instructions. A user's "Password Expiration" can be set in "AdminAccount policy setting" in Site User Manual Various Settings. 1 The password expiration message is displayed on the login page. 2 1 Enter a new password in [Password] and enter the same password again in [Confirm Password]. 2 Click [Change setting and login]. 1 2 3 The dashboard has been displayed. Keep a record of the modified password. 32
1.8 Advanced Functions "AdvanceMdmModule" must be installed on the device to access advanced functions. You can install "AdvanceMdmModule" when activating the Android Agent license. To be more specific, when activating a license according to "Android User Manual, the following screen is displayed between Step 1 and Step 2. Tap [Install] to install the "AdvanceMdmModule. Follow the rest of the procedure to complete the Android Agent License activation. 1.8.1 Contents Distribution (Silent Installation) This feature silently installs applications uploaded to the management site (apk files) to devices. No user operation is necessary. The application is installed automatically. 1.8.1.1 Setting for service provider site In order to use this function, the following setting has to be made on the service provider site. 1. Click [Functional Package] and open the functional package screen. 2. Create package with "Contents Distribution" and "Silent Installation (Advanced)" enabled. 3. The package created in step 2 has to be allocated to companies using the Advanced function. * The procedure for making packages and allocating them can be confirmed with "Create functional package" and "Edit company information" in the "Service Provider. 1.8.1.2 Setting on Management Site In order to use this function, the following setting has to be made on the management site. 1. Click [Contents Distribution Policy] and open the Contents Distribution Policy. 2. Select the "Install APK files automatically" option. Refer to " Android SetupContent Distribution" in. 3. The package created in step 2 has to be applied via Bulk Asset Settings or individual asset setting. * Before setting the management site, the service provider setting is required. 1.8.1.3 Behavior on Android Device Distributed application is silently distributed to devices. No user operation is necessary. The application is installed automatically. 33
1.8.2 USB Setting This function manages USB storage access when an Android device detects USB device. 1 2 No. Object Function 1 Name Enter a group name. 2 USB Connection Allows or prohibits USB connection. Allow: Allows USB function. Prohibit: Prohibits USB function. 1.8.2.1 Setting for service provider site In order to use this function, the following setting has to be made on the service provider site. 1. Click [Functional Package] and open the functional package screen. 2. Create a function package with "USB (Advanced)" enabled. 3. The package created in step 2 has to be allocated to the company using the Advanced function. * The procedure for making packages and allocating them can be confirmed with "Create functional package" and "Edit company information" in the "Service Provider. 34
1.8.2.2 Setting on Management Site In order to use this function, the following settings have to be made on the management site. 1. Click [USB] from menu. 2. Fill out the required fields, then click [Save]. 3. Package created in step 2 has to be applied via Bulk Asset Settings or individual asset setting. * Before setting the management site, the service provider setting is required. 1.8.2.3 Behavior on Android Device This function manages USB storage access when an Android device detects a USB device. 1.8.2.4 Input values of USB Set setting groups according to the rules below. Field Restriction Name Must be 1 to 30 characters long. USB Connection Select from the following: Allow Prohibit 35
1.9 Icon list The following are icons displayed on the management site. Android Icon Device GALAXY Tab FOLIO 100 LifeTouch Others iphone / ipad Icon Device iphone ipad Windows Icon Device Tablet Desktop PC Laptop Windows 10 Mobile Icon Device Smartphone 36
iphone / ipad Icon Device Smartglass Devices for asset management Icon Device Icon Device Internet TV Storage Recorder PDA STB Printer AV Amp Tablet Digital Camera Smartphone Digital Video Camera Other PCs Audio Cell Phone Player IP phone Projector Router Photo frame FAX Other AV devices Switching Hub Desktop PLC Modem 37
Icon Device Icon Device Laptop Wireless LAN Modem Coaxial Cable Modem Other Network devices Portable Game Machine Home Robot Others related to Home Other Entertainment devices Game Machine Others 38