As the Novell Product Manager for Mobile Device Management it’s great to see rapid development of new capabilities again. After a hiatus earlier in the year, we’ve released 2.9, 2.9.1 and now 3.0. I expect another release or two before the year is out. Today I want to give you a quick overview of what’s new and why you care. I’ll also cover a key feature that we introduced in 2.9.1 since I was too heads down the last release to get a blog out.
With iOS 7.0.1 Apple introduced two key new capabilities – the Device Enrollment Program (DEP) and a new token-based Volume Purchasing Program (VPP). Both of these programs are designed to provide additional control over employer owned resources. In the case of DEP, the program allows you to supervise iOS devices over-the-air and without the need for the Apple iOS Configurator. DEP also allows you to configure those to devices to require enrollment with the MDM server at the time of initial device setup. The new VPP solution provides the ability for companies to purchase applications for their users, deploy those applications an automatically provision the licenses to their users, and then if the user leaves retract the license. This is a significant improvement over the initial Redemption Code based VPP solution offered in iOS 6 in which after license provisioning the license was now owned by the end user.
ZENworks Mobile Management adds support for managing DEP managed devices. Before discussing the hows, there are a few things you should know:
Configuring DEP support in ZENworks for your DEP enrolled devices is a relatively straightforward process. The key steps are:
Once these steps have been done then during the initial iOS welcome wizard the user will be prompted to connect to the ZENworks server with their LDAP or other ZMM credentials. This will cause the device to enroll with ZENworks. Once enrolled any policies or applications assigned will be distributed to the device. The video below shows the end-to-end process.
CAUTION: There is an option in the console to disown a DEP device. This detaches the device from the organization’s record in Apple’s system. This operation is permanent and cannot be undone.
With ZENworks Mobile Management 2.9.1 and higher Apple’s token based VPP solution is supported for devices running iOS 7.0.1 and higher. Devices running iOS 6.x will continue to require Redemption Codes. To use ZENworks Mobile Management in conjunction with VPP do the following:
After these steps are performed it’s simply a matter of assigning the managed applications in the same way as you normally would. When the application is pushed or pulled, the MDM server will check for an available VPP token, and assuming one is available will make a call to Apple’s server indicating that the associated user should be given the token. The application will then be deployed to the device. If the user leaves the company, resulting in all of his devices being removed from the system, then the VPP token is returned to the pool and can be redeployed to another user.
The video below demonstrates how to configure and use VPP 2.0 in ZENworks Mobile Management 2.9.1 and higher:
Our focus for Android has been to embrace the Samsung specific capabilities available in Samsung SAFE and KNOX enabled devices. With this release there are a number of policies for SAFE/KNOX devices that provide significantly improvement capability for securing the Samsung device. This is just the first release of ZENworks to support SAFE and KNOX so you can expect us to continue to push out new SAFE and KNOX capabilities over the next several releases. We also believe this effort will be something we can leverage to quickly support many of the new capabilities that Samsung graciously donated back to the Android project for Android L.
KNOX Enterprise Mobile Management (EMM) is the current name for the set of capabilities that provides enhancement management controls for Samsung devices. In the past this has also been known as Samsung SAFE and Samsung KNOX Standard. KNOX EMM provides a fairly comprehensive set of capabilities for securing and configuring the device. In many cases these capabilities go above and beyond the capabilities offered on the iOS platform. In ZENworks Mobile Management 3.0 the following KNOX capabilities have been introduced:
Future versions of ZENworks Mobile Management will continue to extend on this set of capabilities to include other important capabilities. If you have specific KNOX EMM capabilities you’d like to see added on a priority basis, please let me know.
The video below shows a brief demo of the KNOX EMM capabilities:
KNOX Workspace is the name for Samsung’s BYOD container technology. This technology allows you to deploy applications, email and other configuration within a secure container or workspace on the Android device. KNOX Workspace capabilities require the purchase of a KNOX Workspace license from Samsung or a Samsung KNOX reseller. Once you have acquired a KNOX Workspace license you can inject that license into the ZENworks console and ZENworks will take care of provisioning the license automatically to devices that support KNOX Workspace and that have been configured to have a container.
ZENworks Mobile Management 3.0 provides a limited set of KNOX Workspace management capabilities. These include:
Additional capabilities will be added in the upcoming releases of ZENworks Mobile Management. Many of these capabilities will likely be extended to support Android L in upcoming releases as well. The following video demonstrates KNOX Workspace policies:
ZENworks Mobile Management also provides a few key enhancements that cut across the management platforms. These include:
As you can see we’re still hard at work building out new capabilities to make your job easier when it comes to managing the mobile device in your environment. Until next time I hope you find that these capabilities ease your job and improve your user’s experience.