Search

Language:  
Search for:

Available article translations:

MDM Group Policies

APPLIES TO:
  • Parallels Mobile Device Management

To be able to manage a large number of mobile devices, Mobile Device Management incorporates the ability to set policies to groups of mobile devices. You can configure different policies for each group of devices, and this will be automatically applied to each device assigned to the group. In addition, you can override a group policy for a particular device.

Default Group

By default, all devices are assigned to the Default Group and the default group policy is applied. The default group policy will also push out the AquaMail for MDM app so that you can control email settings on Android Devices.

Once you assign a device to another group that you have created, the default policies will no longer apply.

Grouping Mobile Devices

The first step is to group your mobile devices, for example by department. To group your mobile devices:

  1. From the 'Devices' node, select the devices you wish to group.
  2. Click 'Assign to Group'. Select whether you want to assign the devices to an existing or a 'New Group'.
  3. The devices are now grouped, and they will show up as a group under the 'Group Policies' node.
  4. You can select the group from the 'Group Policies node'. Any changes and settings that you make will be applied to the entire group.

Comprehensive Group Policy options allow you to set up rules that are applied based on the type of device connecting. Each Group Policy has policy tabs based on the type of device; Android Policy, iOS Policy and Windows Policy.

Policies for Android Devices

Group policy settings will not be applied to devices that have the ‘Override Group Policy’ option enabled from Devices > Select device > Policy.

This option enforces the policy set from the device rather than the group that device is added to.

Device Monitoring

Device update interval

Specifies the time interval (in minutes) that the phone will send a status update (location, call history, data usage) to the server.

Enforce monitoring settings

Enforces “Device Monitoring” option on the MDM Client > Profile Status to control the below:

  • Send location Updates
  • Send Call History
  • Send Data Usage Statistics

If this option is disabled, the button shown above will appear on the profile page of the Parallels MDM app, allowing the user to enable or disable these options.

Note - If disabled, information previously collected (location, call history, data usage) is not removed.

Save Call History

Saves the call history of the device/ devices, viewable from Devices > Select a device > Call History tab. If Enforce monitoring settings is disabled, this option is greyed out and will be enabled/ disabled depending on what the user currently has set on the device.

Save Data Usage

Saves the data usage of the device/ devices, viewable from Devices > Select a device >Data Usage tab. If Enforce monitoring settings is disabled, this option is greyed out and will be enabled/ disabled depending on what the user currently has set on the device.

Send Location Updates

This setting defines how location updates are collected and sent to the server. The following options are available:

  • Force Network only - This option sets the device to send location updates via Network only
  • Force GPS / Network - This option sets the device to send location updates via GPS OR Network,
  • Force GPS only - This option sets the device to send location updates via GPS only
  • When Available - The device will send both network and GPS position updates to MDM, depending on which are enabled and available on the device. If both are available, MDM subsequently updates the location history with the position.
  • Off - The device will not send location updates and the devices current position will not be displayed on the map

If Enforce monitoring settings is disabled, this option is greyed out and will be enabled/ disabled depending on what the user currently has set on the device.

Save Location history

Saves the tracking history of the device/ devices, viewable from Devices > Select a device >Location History. If disabled and send location updates is enabled, the devices current location will still be viewable from the map.

Update location

Specifies the minimum distance that a device should move to trigger a new location history entry.

Password Policy

This section allows you to alter the Password Policy settings. You can select:

  • No password policy enforced - User is not required to define a password
  • Password required (Any) - User must define a Pattern, PIN or Password
  • At least a numeric password required - User must define a PIN or Password
  • At least an alphabetic password required - User must define a Password
  • An alphanumeric password required - User must define a Password with both numeric and alphabetic characters.

Administrator Settings

Allow User to sign out

This allows a user to signout from the MDM account and server that it is currently connected to. When enabled the button above will appear on the Parallels MDM app profile page.

Encrypt Storage

This option encrypts the information on your devices. Note that decryption might not be allowed on some devices and that a complete data wipe might be required to decrypt/ encrypt. Use this feature with caution.

Disable Camera

Disables the camera of the device/ devices in the group.

Allow Remote Control Using LAN

Enables Remote Control via Wifi from the Parallels MDM app. When enabled, the user will be prompted with the above on the Parallels MDM apps main page.

MDM App Settings

Allow user to view sent messages

Shows the Message History icon shown above on the MDM app, allowing users to review messages previously received.

Show Status Icon

This option will show the status icon as connected or disconnected in the Android notification toolbar.

Enforce the following app settings

Enables configuration options on the MDM client > Settings, such as:

  • Popup Messages
  • Notification Vibration
  • Notification Sound
  • Map Mode

Popup Messages

Display message received via MDM as a pop up immediately.

Notification Vibration

The phone will vibrate when a message is received.

Notification Sound

A notification sound will be played when a message is received via MDM.

Map Mode

When sending directions with messages, this will show the option as either a traffic or a satellite image.

Policies for iOS Devices

Group policy settings will not be applied to devices that have the Override Group Policy option enabled from Devices > Select device > Policy.

This option enforces the policy set from the device rather than the group that device is added to.

Device Monitoring

The monitoring options are similar to the Policy Options for Android phones:

Device update interval

Specifies the time interval (in minutes) that the phone will send a status update (location, data usage) to the server

Enforce monitoring settings

Enforces the options below on the MDM Client > Settings:

  • Enable Tracking
  • Enable Data Usage

If this option is disabled, the button shown above will appear on the Parallels MDM app, allowing the user to enable or disable these options.

Save Data Usage

Saves the data usage of the device/ devices, viewable from Devices > Select a device >“Data Usage” tab. If “Enforce monitoring settings” is disabled, this option is greyed out and will be enabled/ disabled depending on what the user currently has set on the device.

Send Location Updates

Enforces the MDM app to send location updates to the MDM server.

Save Location history

Saves the tracking history of the device/ devices, viewable from Devices > Select a device >Location History. If disabled and send location updates is enabled, the devices current location will still be viewable from the map.

Update location

Specifies the minimum distance that a device should move to trigger a new location history entry.

Password Policy

iOS devices offer more control of the password policy compared to Android devices, such as:

  • Minimum number of password characters allowed - You may select a value from 1-8 or default.
  • Minimum number of complex characters - Set the number of non-alphanumeric characters allowed in password.
  • Minimum password age - Set the amount of days a password shall be valid for before requiring alterations (default 0 = not enabled).
  • Auto-lock - Set the amount of time in minutes, when idle, the device remains active for, before automatically locking.
  • Password history-How many other passwords you can set before you are able to reuse the same password again.
  • Require Passcode- Set the amount of time a device may remain locked for before requiring the user to enter the password when unlocking the device.
  • Maximum number of incorrect password entries - Set the allowed amount of incorrect password attempts, which when exceeded, shall wipe all data on the device.

Administrator Settings

Disable the App Store

Prevents the user from accessing the Apple App Store

Disable Camera

Prevents the user from accessing the camera app on the iPhone

Disable screen capture

Prevents the user from taking screenshots of the iPhone

Disable Safari Prevents the user from accessing and using the safari browser

Disable iTunes

Prevents the user from accessing and using iTunes

Automatically sync while roaming

Synchronises iOS while the iPhone is roaming

Force iTunes password for all purchases

Forces the use of the iTunes password for all purchases made

Allow untrusted certificates

Allows the installation of untrusted certificates on the iPhone

Allow data roaming Enable, disable or allow the device user to control data roaming on the device.

MDM App Settings

User Settings are also similar to Android policies:

Allow user to view sent messages

Shows the Message History icon shown above on the MDM app, allowing users to review messages previously received.

Enforce the following app settings

Enforces configuration options on the MDM app> Settings, such as:

  • Notification Sound
  • Map Mode

If disabled, the user will be able to configure these options from the MDM app > Settings

Notification sound

A notification sound will be played when a message is received via MDM.

Map Mode

Directions received via MDM will be shown either as traffic, satellite image or both

Policies for Windows Devices

Device Monitoring

The Administrator Settings are also similar to iOS and Android monitoring settings:

Device update interval

Specifies the time interval (in minutes) that the PC will connect with the MDM server. Windows PC’s do not support push. Any commands issued from the MDM portal (lock, wipe or policy changes) will execute when this device connects.

Enforce monitoring settings Enforces the options below on the MDM application > Settings:

  • Send Location Updates

Send Location Updates

Enforces the MDM application to send location updates to the MDM server.

Note - Windows PCs require a built in GPS or GPS capable dongle configured from Control Panel > Location and Other Sensors in order to send location updates.

Save Location history Saves the tracking history of the devices in the group

Update location Specifies the minimum distance that a device should move to trigger a new location history entry.

Password Policy

Password Settings for Windows devices include:

  • Required Password on Device - Your device will be required to have a password set.
  • Minimum number of password characters allowed - This is the minimum number of characters that you can set for a password.
  • Maximum password Age - Number of days that the password will be valid for before it needs changing.
  • Password history - How many other passwords you can set before you are able to reuse the same password again.
  • Auto-Lock - The amount of time the device is allowed to remain idle before the screen locks automatically.

Administrator Settings

Allow user to change MDM account

This option allows a user to logoff from the current MDM account and logon to another.

Allow user to disconnect

This allows a user to disconnect from the MDM server. The device will no longer communicate with the MDM server once disconnected.

Show Status icon Enables/Disables showing the MDM Status icon on the Windows taskbar.

Search words:

Policies

MDM

Group Policies




a3b6e8445f5cd10b485b0e96fe5ee277

FEEDBACK
Was this article helpful?
Tell us how we may improve it.
Yes No