Remote Device Management (RDM) is a set of practices around monitoring and controlling smartphones, tablets, and desktops in an organization from a centralized location. An RDM software enables IT to set up devices over the air, troubleshoot issues, and protect the data from malicious actions and thefts.
Remote work isn't working for you? Maybe you're doing it wrong. Download the kit and get access to some resources that'll cover the tips and best practices for remote work management.
Featured Resource
Remote work success kit
Features of Remote Device Management
By logging into the Hexnode MDM portal, various actions such as locating and wiping data from lost devices, changing ownership, and clearing passwords can be easily enforced.
In this blog post, we shall be covering in-depth on how remote management can help in benefiting the end-users of your organization.
Set up remote ring
The remote ring feature comes in handy in situations when you need to locate a misplaced device. Sound will be played even when the device is muted. For this remote device management feature to work make sure that the device is enrolled with Hexnode MDM and is connected to the network. It is supported on supervised iOS, Android, and Windows devices. If the iOS device fails to connect to the network while the lost mode is enabled, you can hard reset it manually and try connecting it once again. Hexnode MDM’s lost mode feature is supported on both Android and iOS platforms.
In Android, a custom message can be displayed on the screen. The following wildcards are used to show the details:
- %devicename%
- %imei%
- %serialnumber%
- %name%
- %email%
- %deviceid%
In iOS and Windows the ring can be stopped in 2 minutes, users can also choose to stop the ring on their own by pressing on the power button once.
Wipe the data
To avoid the risk of sensitive corporate information falling into the wrong hands, you can choose to wipe the data in two ways – by going for a complete wipe or a corporate wipe. A complete device wipe will delete all the data and reset the it into its original factory settings. You can go for corporate data wipe if you don’t want to delete the device completely. Corporate data wipe will delete all the Wifi networks, email configurations, VPNs and APNs. It leaves the personal and user-configured data untouched. In addition, a corporate wipe will also clear all the enterprise applications.
In order to perform a corporate data wipe, you can either delete the policy that is associated with the network, configuration settings, or disenroll the device. This action once initiated cannot be stopped halfway. The process will be complete as soon it is wiped completely. If you are going for a complete wipe, all the corporate data, as well as the personal data will be deleted. After the device has been wiped, Hexnode MDM will no longer be able to manage it. It would have to be re-enrolled once again. The device details however will be stored in the portal.
Android devices with Hexnode MDM as a system app can be re-enrolled automatically as soon as it is switched on and connected to the internet. Supervised iOS devices enrolled via Apple Configurator will not be connected with Hexnode after a complete wipe. Devices enrolled via DEP on the other hand once re-enrolled can connect to the Hexnode console after it has been completely wiped. Devices added to DEP via Apple Configurator can connect to the portal after a 30-day provisional period. To wipe data from Mac, a Find my Mac PIN would be required. The automatic device wipe feature is available on iOS, Android, and Windows. Admins can even set up an automatic wipe if the user enters an incorrect password for a specific number of times.
Lock the device
A device once locked can only be accessed when the user enters the correct password/passcode. This secure remote device management functionality is supported on iOS, Android, Windows, and macOS. iOS users will get an hour to enter the passcode, if the passcode has not been set within that time period the device would be locked and the user will only be allowed to access the passcode configuration page. In Android, a prompt will appear on the screen asking users to set the password in accordance with the requirements that have been set in the policy. In the case of Windows, a prompt will appear on the screen asking users to click on ‘OK’ to change the password. The password requirement on Mac will only be reflected if the user tries to change the password after the policy has been applied.
Users can implement remote lock in two ways, you can either go to Manage tab in Hexnode console and click on the ‘Lock Device’ option displayed below or select it from the Actions drop down list. You can also enable auto-lock by associating a policy to it.
Schedule regular scans
In order to fetch the details and check whether policies have been successfully associated, the device needs to be scanned. The scan can be done automatically or manually. A manual scan will be useful in situations when the admin wants to get the latest information. A regular scan can let admins know whether the device is reachable or not. Based on the requirements of the organization, admins can schedule automatic scans on a weekly or daily basis. Under the ‘Scheduled Device Scan’ option which you can find in the portal, just add the required values to initiate the automatic scan in time settings.
Admins can scan the location by clicking on the ‘Scan Device Location’ option from the Actions drop-down list. This feature will be disabled by default. To enable this option a location tracking policy would have to be associated.
Change the owner and device ownership
When you assign the device to a new owner the policies that have been associated with the old user will be removed and the policies assigned to the new user will be reflected on the device. This remote device management feature makes it easy for admins to maintain the assets used within the organization and assign them to new users. The device-based restrictions however will still be retained even if the device passes on to a new owner. While setting the passcode, users must make sure that it meets the strongest passcode requirements. If the password policy of the old user has a stronger password criterion than the new user, then the user will not be required to set a new passcode.
The Device Ownership tag can be used to identify whether the device is corporate-owned or personal owned. Hexnode supports both these ownership types. Users can either pre-configure the ownership type or choose it during the enrollment process. In the Hexnode MDM console, the default ownership type of all the devices will be corporate by default, except in the case of profile owner mode, where the ownership type will be personal.
Rename
Admins can rename a device or set a friendly name for it from the console. Once renamed, the change will be reflected on the portal as well as on the device. The friendly name on the other hand will only be seen on the portal and the Hexnode app. This feature is only supported on supervised iOS devices. Admins can rename in bulk and use wildcards to fetch and display the device and user details that have been entered in the Hexnode console. The collective name feature can be used when the admin wishes to set the same name for a specific set of selected devices. They can be differentiated from each other by appending numbers to it. You can set distinctive names for each selected device, by entering the friendly name you wish to give to each individual device and click on ‘Done’. The change will be reflected right away.
Import contacts
Admins can import contacts into a device and update them at a later date. The contact information will be stored in a VCF format. Once the contacts have been exported, a VCF file will be generated. This VCF file can then be pushed onto the target device via the Hexnode MDM console. This feature is only available in Android for now. The existing contact records can be updated by adding a new contact or deleting an existing one.
Clear password
Think about a situation when an employee leaves your organization and forgets to clear the password before leaving. In such cases, the admin can clear the password from the console. This secure remote device management feature supported on both iOS and Android, ensures that the company assets stay protected even after an employee leaves. In Android Enterprise enrolled devices, the password token can be activated from the Hexnode for Work app. By clicking on ‘Activate’, the admin will have the authorization to clear the work profile password. In profile owner mode the work profile password can only be cleared via the action mentioned above. After a user enters the incorrect password for a specific number of times, the device will be disabled for some time. Users will then be able to clear the password from the portal only after the lock-out period is complete.
Power off
The device can be turned off via Hexnode MDM. However, admins must make sure that the end-user is not working on the device while it’s being turned off as no prompt will be displayed on the screen of the user once the action is initiated. This feature is supported on iOS, Samsung Knox, rooted Android and devices that have Hexnode MDM as the system app. Prior to powering off, admins have to ensure that the device is enrolled with Hexnode MDM and is connected to a secure network. In the case of Samsung Knox devices, a KPE Premium License Key has to be added to the portal.
Restart
This feature is supported on supervised iOS, Samsung Knox, Windows, and rooted Android devices. After the policy has been associated, the device will restart immediately. No prompt will appear here either once the action is initiated so the admin must make sure that the user is not working on any important task at the moment. Other policies that have been configured on the device will not affect the reboot. A windows device will take 5 minutes to restart once the action has been pushed.
Enable and disable personal hotspot
Available in iOS, this feature allows admins to enable or disable personal hotspot. By enabling personal hotspot, the device can be connected to an iPhone or iPad through WiFi, Bluetooth, or USB. Once it gets connected, a list of devices joining your network will be displayed. This would depend on the carrier and model of the iPhone.
Change the ringtone
This is a useful remote device management feature to incorporate in organizations where various functionalities such as settings, wallpaper, and ringtone needs to be customized based on the requirements of the company. Supported on Android 2.2 and above, before setting the ringtone, users must aware of a few pre-requisites. Only audio files having an extension of .mp3 are allowed and the file size has to be below 350 KB. You cannot change the ringtone in Profile Owner enrolled devices.
Remote content management
Through content management users can have easy access to all the essential files and resources. This feature allows admins to push the files on the specified location on the user’s device and delete them securely when they are no longer required.
Fix troubleshooting issues through remote view and control
Admins can offer real-time assistance to employees and fix various troubleshooting issues quickly with the remote view and control feature. While the remote view feature is supported on both iOS and Android, it is only in Samsung Knox and rooted Android devices where admins can control the devices from their PC.
By enabling remote view in iOS, admins can monitor in real-time and immediately resolve the issues the end-user may be facing. Once the view has been set up, a screen broadcast icon will appear, you will be required to tap on it to start the screen broadcasting with Hexnode.
For iOS devices running on OS version 11, the broadcast message will not be available under the Remote View section in the Hexnode app. You need to head on to settings to include Screen Recording. After this is done you will have to open the Control Centre and tap on the Screen Recording button. Select the Hexnode app icon from the pop up that appears and finally tap on the Start Broadcast to begin screen broadcasting with Hexnode.
The Remote View and Control feature gives admins complete control over viewing and controlling the screens of the end users. Android enterprise devices enrolled as Profile Owner can access the apps in the work container by installing the Hexnode Remote View app.
Broadcast messages
You can send messages to the end-user through the ‘Broadcast Message’ feature found within the actions list in the console. If you are sending messages to a large number of users at a time, wildcards can be included within the messages to display the details. The messages will come as a pop-up and can be saved for future references. In Profile Owner, the messages can be viewed from ‘Messages’ in the Hexnode for Work app.
Delete and disenroll devices
Admins can make use of this remote device management functionality to disenroll the device of an employee who is longer working in the organization. When you disenroll an extra slot will be available in the portal to enroll another device. You can delete a pre-approved device from the list by clicking on ‘Delete Device’ from Actions. Once disenrolled, all the data will be removed from the Hexnode MDM server, thus a proper backup of the data will be necessary before you start the disenrollment process.
Delete user, device group or user group
When a user, device group, or a user group is deleted all the policies that have been associated with the user or group will be deleted. This is different from deleting a device as only pre-approved devices can be deleted from the device list. When a user is deleted, all the devices associated with that user will either be disenrolled or be assigned to a new user. A default user, an Active Directory user, and users of DEP devices cannot be deleted. While deleting a user group or device group the policies associated with those groups will be deleted. However, policies that have been associated with the device or user will remain on the device.
Enforce OS updates on iOS and Android devices
Admins can enforce OS updates on supervised iOS devices via the Hexnode portal. In order to download an update with size larger than 100 MB, the device has to be connected to a WiFi network. If an update is found but the passcode is wiped, you will be required to set it up later.
On iOS devices running on version 10.3 and later, the software update will not require DEP enrollment, devices prior to that will need DEP enrollment. While selecting the ‘Update OS’ option from the Actions drop down list, the user will be presented with two choices – in ‘Download Only’ the system updates will only be downloaded on the device and won’t be installed, the ‘Download and Install’ option downloads the system updates over the air and installs it once the download process is complete. Some software updates would require the system to be either plugged in or have 50% battery charge.
Admins can deploy OS updates on ROM customized Android devices running on versions 5.0 or higher. This would only work if the Hexnode System Agent App is present in the system app directory and is signed by the OEM vendor. Before the ‘Update File URL’ is uploaded, you have to make sure that the firmware package is bootable via ADB sideload to prevent bricking.
The Benefits
- Offer immediate assistance to users
- Push necessary files
- Resolve troubleshooting issues immediately
- Send messages
- Manage the company assets in an efficient manner
Bottomline
In order to guard the safekeeping of the company assets against hackers, admins have to setup appropriate network restrictions to ensure that the corporate data stays protected. Smoothing the way for your employees to work as productively in home as they do in office is vital especially in the current situation, where the need for maintaining social distancing is more important than ever.
Share your thoughts