This document discusses approaches for managing bring your own device (BYOD) programs. It recommends using Spiceworks mobile device management (MDM) software which allows IT to inventory, monitor, and manage devices running Android, iOS, and Windows Phone. The MDM software provides features like mobile application management, secure document sharing, remote help desk support, and a user self-service portal to help enforce compliance policies for BYOD programs. It also outlines upcoming updates to Spiceworks' MDM integration and mobile apps for iOS, Android, and HTML5 browsers to provide more mobile management capabilities.
3. • Increased Popularity
• User Buys First for Personal Use
• Require Corporate Access
• Email, helpdesk, …
• Devices Come and Go with Employees
BYOD Trends
4. • Impacts on Your IT Network
• IP Address Exhaustion
• Wireless Network Overload
• Confidentiality Concerns
• Who has Access to What?
Bring Your Own Device
5. • Just Ignore this Trend
• It probably won’t catch on!
Approaches to Manage BYOD
17. Mobile App Management
• Enterprise App Catalog
• App security & compliance
management
• Distribute and update apps
• Remove managed apps
• Volume Purchase Program
• App Cloud for hosting &
distribution
17
18. Secure Document Sharing
• On device Doc Catalog container
• Centralized distribution management
• User-based authentication for access
• Alert users on new or updated content
• Cut/paste restrictions & view only
• Versioning & time-based expirations
• Integration with SharePoint
• Doc Cloud for hosting & distribution
18
19. Remote Help Desk Support
• Reset passcode
• Locate lost device
• Buzz lost device
• Selective wipe
• Full device wipe
• Send message
• Change policy
• Remove control
19
35. Spiceworks Mobile
• iPhone
– Apple App Store
• Android Phones
– Google Marketplace
– Direct download from Spiceworks
36. Help Desk View
• See and respond to all of your trouble
tickets
• Create new tickets, close and re-open
existing ones
• Add and edit ticket description and details
• Assign tickets and set priorities, due date
& more
37. Inventory View
• See all the hardware & software on your
network
• Identify if any issues exist with your assets
• Open a ticket for any assets that need
attention
38. People View
• Quickly get contact info for your end
users
• View and update important user details
(Active Directory)
• Take and upload pictures of users to
their profiles
39. Community
• See the day’s most popular IT
discussions
• Talk-shop with and get advice from
other IT pros
• Track the IT-topics you care about the
most
You can take the approach that mobile won’t catch on…
Well, probably not a good idea. Remember the slope of the mobile adoption graph that Scott showed you?
Spiceworks works with what you have, and grows with what you will manage in the future.
Tightly integrated into Spiceworks.Full inventory for all device types – Android, iOS and Window. Both phones & tablets.And its got all the functionality you’ve come to expect from Spiceworks Inventory …HW settings, storage & configurationFull software inventor including OS’, installed apps, etc.And because its integrated into SW we can tie it all into Active Directory and People View
Full software inventor including OS’, installed apps, etc.Full reporting.
Installed Applications,Jail-broken Devices,Disabled Passcodes,Out of date Software ,Storage / Data Thresholds
What about Management? Its not something all of you need but we wanted to be able to provide it as well through our partner – MaaS360 by FiberlinkWipe, Lock, Password Reset, Push Software, Manage policies, and even locate. If you click the Manage dropdown, you can see the extended features that you will have access to once/if you decide you want those features. If you click on the unlock menu item, you will be taken to the signup page
The premium features are provided by MaaS360, and here is Neil Florio, VP Marketing for Fiberlink to walk you through these premium features.
In addition to enrollment into MaaS360 over-the-air (OTA) in minutes, OTA configuration management of policies, profiles and settings are just as fast and easy.You can customize robust device, app and document policies for specific device groups, such as by OS platform (e.g. iOS, Android) or corporate vs. employee-owned, as well as for user groups, such as Executives, Sales, Finance, etc.A comprehensive list of settings and profiles can be configured in these policies:Passcode settings with configurable quality, length and durationEmail, Calendar, Contacts, Wi-Fi and VPN profilesDevice encryption mandatesDevice restrictions for specific features, apps and content ratings. Some examples of iOS device features that can be controlled include camera, FaceTime, Siri, iCloud, Screen Capture, iTunes, YouTube, Game Center, Safari, Voice Dialing, etc.App compliance allows for creating a blacklist or whitelist of apps as well as required apps by your organizationRoaming settings can restrict data and/or voice roaming of mobile devices
MaaS360 provides dynamic, end-to-end security and compliance to continuously monitor devices, be alerted to noncompliance events and/or take automated action.Automated enforcement actions include Alert Administrator, Alert User and Administrator, Block (same as Lock Device to enable the Lock screen with required passcode), Restrict Device (same as Selective Wipe) and Wipe (Full).Some of the enforcement rules that can be configured include:Enforce MDM management – ensure devices are enrolled in MDM and management has not been disabled or removed by the userMinimum OS version – ensure devices are up-to-date with minimum required OS versions to enable proper device securityRemote wipe support – ensure devices support remote wipe capabilitiesSIM change – monitor and alert when a SIM card is changed in a deviceEncryption support – ensure devices support designated levels of encryptionApplication compliance – ensure devices are in compliance with app management policiesJailbreak/Root detection – ensure devices are not jailbroken or rootedRestrict Corporate Resources for Blocked Devices – ensure devices blocked on your mail server can not access other corporate resources such as Wi-Fi or VPN
BYOD (Bring-Your-Own-Device) trends are transforming businesses by reducing IT procurement and support costs and increasing employee productivity and satisfaction. However, users are increasingly concerned with losing their privacy if they use their own personal devices for work.In a recent survey conducted by Harris Interactive and Fiberlink, 82% of respondents consider the ability to be “tracked” an invasion of their privacy. In addition, 76% would not give their employer access to view what apps are installed on their personal device.MaaS360 allows businesses to block the collection of selected personal data - such as location and installed applications. This can be very important for some customers, especially in certain regions of the world where attitudes toward personal privacy are extremely strong. In some areas and industries, IT managers may not be allowed to track personal information (such as the user’s location and installed applications) even on corporate owned devices.MaaS360 can restrict the collection of personal information on a single device, all devices or device group (e.g. Executives, Sales, etc.). Information collection of app inventory, location, IP address and SSID can be disabled by the IT administrator according to your internal policies.
In this mobile age, mobile apps on smartphones and tablets provide great value to organizations by increasing employee productivity and satisfaction.MaaS360 provides an easy to use, on-device enterprise app catalog with full operational and security lifecycle management to distribute, update, manage and secure mobile apps on both personal and corporate-owned devices. This allows organizations to separate business apps from personal apps with the ability to remove any business app and its associated data individually or as part of a selective or full remote wipe.You will be able to leverage a private, customizable enterprise app catalog for iOS, Android and Windows Phones devices. From a secure, web-based portal, public apps and in-house developed apps can be easily added to a catalog and instantly distributed over-the-air (OTA) to all users, groups of users or even individual devices. Users can view and install available apps, and be alerted when apps are updated or added.The MaaS360 AppCloud gives you the option and capability of hosting and distributing your enterprise mobile apps on a globally optimized app distribution network. The MaaS360 AppCloud reduces network load and increases app performance for users. You’ll achieve instant scalability and be able to add a layer of authentication and authorization prior to app downloads for additional security.Encompassing MaaS360 Mobile App Management are robust app security and compliance capabilities.Configure app security policies to create a blacklist or whitelist of apps as well as required apps by your organizationAutomate enforcement of rules for out-of-compliance devices including Alert Administrator, Alert User and Administrator, Block (same as Lock Device to enable the Lock screen with required passcode), Restrict Device (same as Selective Wipe) and Wipe (Full)Restrict native apps on devices, such as YouTube, Safari, Siri, etc.View detailed reports of app compliance events and remediation actionsMaaS360 supports app Volume Purchase Programs (VPP) by allowing the purchase of bulk app licenses by automatically uploading redemption codes. MaaS360 tracks provisioning, manages licenses and monitors compliance, eliminating the need for manual VPP management.
Emailing documents to mobile devices can be a source of data leakage. However, employing heavyweight email security can compromise the native user experiences that employees find most valuable with their smartphones and tablets. Enabling mobile collaboration and enhancing employee productivity anytime, anywhere doesn’t have to compromise sensitive document and data security.MaaS360 Document Management delivers a robust set of capabilities for the lifecycle management to distribute, update, manage and secure documents on mobile devices.You will be able to leverage a private, customizable enterprise document catalog for iOS and Android devices. From a secure, web-based portal, documents, such as PowerPoint presentations, Word documents, PDF documents, Excel spreadsheets, audio, image, and video files, can be easily added to your own catalog and instantly distributed over-the-air (OTA) to all users, groups of users or even individual devices. Users can view, edit and share available documents, and be alerted when documents are updated or added.The MaaS360 Doc Cloud gives you the option and capability of hosting and distributing your documents in the Cloud on a globally optimized content distribution network. The MaaS360 Doc Cloud reduces network load and increases performance for users.MaaS360 Document Management delivers robust document security and compliance capabilities.Set policies on a document-by-document basis that can restrict sharing of documents by sandboxing them in the document catalogLeverage native device encryption to ensure corporate data remains secureAutomate enforcement of rules for out-of-compliance devices including Alert Administrator, Alert User and Administrator, Block (same as Lock Device to enable the Lock screen with required passcode), Restrict Device (same as Selective Wipe) and Wipe (Full)Remotely wipe any distributed documents from devicesView detailed reports of documents, users and devices of compliance events and remediation actionsIntegrated Document Collaboration: MaaS360 enables IT to leverage existing Enterprise document and file sharing environments (e.g. SharePoint and Box) by giving users secure access to sites, libraries or folders on their mobile devices. Integration with these popular collaboration tools allows administrators to automatically give users access to the required sites. Advanced security capabilities include enforcing authentication to access folders, limiting access to a restricted set of sites (or sub-sites), and restricting documents to be shared or opened in 3rd party applications for data loss prevention.Some popular use cases by customers include:Distributing quarterly financial documents to the Board of DirectorsUpdating the product and marketing materials frequently for sales teams to ensure everyone is on the same page of latest features and competitive informationSharing company-wide information such as training materials and HR policiesEnsuring tablets in retail stores have the most up-to-date product and inventory lists
MaaS360 enables remote, central management of mobile devices to help IT organizations to streamline help desk support.The unified MDM web-based portal provides the ability to diagnose and resolve device, user or app issues in real-time, offering complete IT visibility and control and ensuring optimum employee productivity.Comprehensive mobile device management capabilities include:Access device views to diagnose and resolve issuesReset forgotten passcodesLocate lost or stolen devicesBuzz a lost device to create a loud, high-pitched sirenSelectively or fully wipe a deviceSend messages to devicesUpdate configuration settings in real-timeRemove MDM control
MaaS360 allows you to help users help themselves with a self-service portal that provide basic, but commonly used mobile device management actions to more efficiently support your organization.Users will be able to:Lock their own deviceReset their passcodeLocate deviceWipe deviceView their action history with their deviceView their device and network informationView their current security and compliance state
MaaS360 provides a whole new level of centralized visibility into and control over mobile devices, apps and data. The MaaS360 Mobility Intelligence dashboards deliver interactive, graphical summary reports of your mobile IT operations and compliance empowering IT to report in real-time across the entire organization. Through these dashboards, you can drill down to detailed reports and lists to take specific action.Detailed hardware and software inventory reportsConfiguration and vulnerability detailsIntegrated Smart Search capabilities across any attributeCustomizable watch lists to track and receive alerts
Thanks Neil. With that as a backdrop, I want to walk you through enabling MDM in your Spiceworks Installation when 7.0 comes out.From a variety of places, such as this getting started link, Spiceworks will walk you through the steps needed to let your desktop support mobile devices.
The first time you set things up, you pick one as the proof point that everything is working. Once you get past here, you can bulk enable the rest of your devices or enable them one by one – your choice.
If you don’t have Apple devices, the rest of the setup is pretty straight forward. For the Apple case though, we have to take extra steps to setup their certificates.
This first involves steps to validate who you are in order to set up a trust relationship with Apple.
Then a “cross signing request” is issued
You are then promoted to upload this CSR request to the Apple service which will be used to create your installation certificate at Apple.
and then finally we import your Apple certificate into your MDM installation so that it can act on your behalf to manage your devices.Like I said previously, these steps for Apple are obviously not required if you don’t want to manage any Apple IOS devices.
After this, you are ready to enroll your first device.
And there you go. You have one device pending enrollment and a fairly empty looking dashboard. Don’t worry though, soon you will add other devices and it will look more like…
And here we are after enrolling several devices.
So that does it for discussing MDM and Spiceworks 7.0. Now to switch gears and talk about our suite of Spiceworks Mobile applications.
You heard Tabrez talk about our new mobile friendly community. Well, it works today but the main community home page will be the default destination once our next mobile release drops.