[MUSIC PLAYING] Hello, my name is James Rico. I'm a sales engineer with Quest Software. Today, we are going to looking at the unique features of KACE Cloud Mobile Device Manager. Today, we're faced with a growing number of remote workers using various operating systems, and it is imperative we effectively manage those devices to keep your data secure. So let's get started by taking a look at how KACE Cloud Mobile Device Manager can help you do that.
We'll start by talking about enrolling your devices and how enrollment-based management is different than traditional device management. So typically, in the old days, you'd have a Windows machine. We'd have an agent, we put on there and some sort of server or application that we would be managing, that endpoint via that agent. With the KACE Cloud MDM, we're going to do in an enrollment-style-based management. So a user will log into their device, authenticate, and then we're going to drop a profile on that endpoint and manage that device.
So there's a couple of ways you can do that. I'm logged into our KACE Cloud MDM product right now. If I go over to the Settings tab, we can take a look at there's some different integrations we can do back here.
So from the Android side of things, we can tie into Google Play. If you have Samsung Knox devices, we can integrate with Samsung Knox. If you have Mac OS, Apple OS, or any of the iOS devices or even Apple TV, we can tie in with the Apple school account or Apple business account and do DEP enrollment. On the Windows side of things, there's a manual enrollment, and there's also a autopilot enrollment that can be done in conjunction with Azure AD.
So again, what this will allow you to do is a user can get a new device that's been reset or it's brand new out of the box experience. They can log into that device with their company email, they'll authenticate, and then whatever profile you've built out in the KACE Cloud MDM will get provisioned against that endpoint.
So at a high level, we're looking at the library screen here right now. These are the high level categories of things we can do and manage against those endpoints. So basically you can set it up and make it ready for the user to do their work.
There are two types of enrollment. So there's a company-owned experience, like the company owns the device. And there's also a BYOD experience. So every company probably has this experience. So you'll issue somebody a laptop, but then they also have their personal mobile device that you would also want to provision so they can get their work email or have access to work resources. So you're one person with multiple devices, so with MDM, we're able to manage that.
If it is a BYOD device or a device that's already in use in the field, like someone's already using this, so you don't want to do a reset, it is a company-owned device, so you do need to hook into that and start managing it. So we can do that by, again, allowing the user to enroll that device. So I'm on the Device tab, and here in the middle, if I click on Enrollment Options, I can click on Enrolled Devices.
And when we open that up, on the right side pane over here, we'll have instructions for enrolling devices. So it defaults to Android for Work, but if I open that up, maybe I have an iOS device. Then my set of instructions down here will change, and I can copy this to the clipboard, email these instructions to a user or put them in a KB article somewhere where they can access it. And they're basically going to click on your enrollment URL, and that's going to be tied to your tenant.
So when they click that, they'll get prompted to answer a few questions. Basically do you want to allow this device to be managed, is it company-owned or BYOD. So we'll tap through that. And then when they're finished, we're going to be managing that endpoint. So we'll be able to drop configurations, drop restrictions on it, applications, all the things you'd want to do to manage that endpoint.
OK, so now we've got our devices enrolled. Again, being a Windows, Mac, Android, iOS, and they're all going to show up in the center pane. And just for the demonstration, we'll suppose we've already set up and configured those items and people are actively using them.
So what are some unique features and things you can do by using an enrollment style of management against an endpoint? So one thing is we'll go ahead and grab a virtual machine here, and I've got set up for testing, we'll take a look at it. But we can do device actions against that. So the name of the machine is right here. So this is a Windows 11 Pro machine. It's enrolled, it's in compliance, it's responding.
So one of the things about enrollment-style management is we're really managing for a device to be in a state. So you've set up configurations, applications, things you want to be on there, and we're constantly monitoring that to make sure that device is in a compliant state. So once it's there, what are things we may want to do?
So some device actions we might run against an endpoint or we want to update an inventory. So we want to tell that device, say, I need to know your status right now and give me a detailed inventory of the device, the configuration, the application. So that's a device action you can run.
If I go to More Actions here, we can do other things-- unenroll, reset, delete the device, restart the device, shut the device down. Because this is a Windows device or there's Windows-specific features or actions we can do. We can run a Clean PC. If we're managing the bitlocker recovery keys, we can rotate the keys. We can wake the device up. Clean PC is actually a unique Windows feature that it keeps the user's profile but resets Windows and removes all the applications to put it in a clean state for use.
And we'll take a look at a couple of the devices. So here's an iPhone, and this happens to be a personal-owned device. It's enrolled. It's not in compliance, so there's a compliance issue. I can click the button here and see what that issue is.
And down here, it looks like it's not reported as a location in the allotted amount of time. We'll come back to that in a minute, and we'll talk about that, but it's easy to find out why the device is not compliant. And it is responding as a six hours ago. This happens to be my personal device that's in here. And again, I can see security information here.
But up here at the top, I have some options. So I can lock the device, force an inventory. And again, I have these same set of things like we did in the Windows device. But what's different, because it's iOS, then we have another set of updates. So we can check for an operating system update. We can update the operating system, put it in lost mode, enable/disable that. We can play the lost mode sound. We can clear user restrictions and remove the activation lock.
So these controls, them have a little picture of a phone, and then this says the EP, they require the device to be in a company-owned state or supervised mode is the iOS term they use when they talk about that. So it needs to be a company-owned or supervised device for these controls to be applicable to a device.
Activation lock would be a company-owned device. You have a DEP enrolled, and a user enters their own iTunes information and sets up Find My iPhone on the device. And then if they terminate or lose the phone or turn it back in or whatever, if they don't unlock that device, it's got an activation lock. And Apple's done that so people can't steal a phone and re-use it easily. Well, the remove activation lock will allow you to click a button and remove that activation lock so you can reset the device and give it to a new employee or whatever you need to do with that at that time.
And let's go and take a look at a Android device. We'll open that up. Again, same summary information. We can lock inventory. The More Actions is very similar, the same stuff.
But here, we can clear the wallpapers, set the passcode. There is an Android agent we installed during the provisioning of the device, and we can refresh the Manage Play account. So again, different OSs will have different things available that you can set against. And next, we'll pull up a Mac OS device, take a look at that.
And if we come in here and take a look, I've got a Check for OS Updates, Update the Operating System, Enable Remote Desktop, Disable Remote Desktop, Firmware Password Set and Clear, and Wake up the Device. One of the things Apple has done recently a couple of versions back was require an MDM tool to update the operating system. So we can multi-select devices in here and tell that endpoint to update the operating system.
So a lot of things are going on in here. Device actions are very handy. A device is lost, stolen, you need to help, somebody do some troubleshooting, those are very good and key things you can do with that.
Next, we'll take a look at location tracking. Again, that's a big thing that people would typically like to do with mobile device management and company-owned devices. So if we go into Location Rules here, I can set up basically a policy for location tracking against my devices. So I can have one or more policies.
So if I have different groups of devices or maybe use cases for devices, I can specify different policies based on that. But I would really just come in here and fill in the blanks and make the selections I want. So I'll just call this Test. On detail level, we can tell it not to collect data, so no location tracking, or we can do on-demand location tracking. So it only will track location when we say locate this device.
The next set of options are really how frequently the device is going to check in, and it's going to be based on movement of the device. So low power, it's going to check in every one kilometer. Balanced is every 100 meters, and the highest accuracy is 10 meters. So it'll ping in every 10 meters. And there's some customs so you can do your own balance if you like.
So suspension limits is going to allow a user on their phone to suspend tracking and I'm toggling the number of hours here, but it can be hours, minutes or days. So you can set up or somebody can suspend tracking on their device. Again, it's typically a company-owned device, and it basically turns off or suspends a location tracking. So if they have a medical appointment or a legal appointment, whatever it may be, they can suspend that tracking.
Now it is a company-owned device, so you do have the right to know where it's at and be able to retrieve it if you need to, so there's a compliance option there. If we check that, I can have it say, hey, this device is not compliant if it hasn't checked in in x amount of hours. So possibly if I set my compliance for three hours, maybe I set the compliance limit to nine hours.
So they snooze it more than three times, it'll show up as non-compliant, and then I can call the user up, send them an email. Say, hey, we're just trying to make sure things are OK. You need to enable tracking on your device, or maybe they just give you a valid reason, and it's OK, and you don't worry about it for a few more days.
So that's basically how you set up location tracking. Let's go back over to the devices, and I'll pull my iPhone up. And if I go to Location under iPhone, and basically it's going to pull up a map. Then you can see it's got a lot of check-ins and it's been some different places. Down here at the bottom is where it's checking in from, and I can Zoom in or out of the map as I need to. If I click on it, it'll expand out and show where it's been.
One of the nice things here, we actually show address of where a device is. So you can pinpoint where a device has been or where it may be at now. It's very helpful.
Today we looked at the challenges of a remote workforce with various operating systems. People that have multiple devices and how we're able to manage them. With KACE Cloud MDM, we have some unique features. We talked about different ways to enroll a device, profile-based management, device actions, location tracking, all those things are available to you that are not in some traditional endpoint management solutions that you might use.
For more information about how KACE Cloud MDM can help you, please visit us at quest.com. You can sign up for a 14-day trial. We'll have a QR code up here so you can just scan that with your phone if you'd like, and we look forward to helping you.