Alma
Evans

Track your lost device and prevent a data breach with Hexnode MDM

Alma Evans

Feb 8, 2019

9 min read

As BYOD grows in popularity so do the security risks associated with it. With the massive growth of mobile devices in businesses over the past few years, the potential for data breaches is also rising. Mobile gadgets are more vulnerable to theft and can be easily lost if not managed carefully. Such a loss or theft can possess a severe threat to your organization – breach of your most valuable corporate data. They might contain corporate logins, emails, and other sensitive information. So, before the worst things can happen, you should be aware of the ways to track your lost devices and protect them.

Track your lost device’s location with inbuilt tools

Your gadget will have some inbuilt remote tracking features which allow you to track your lost device from the web or another device.

Find My Device for Android

Lost Android device
Lost Android device

 
You can use Google’s Find My Device service to track your lost Android phone, tab, or Wear OS watch if you have added a Google account to the device. On heading on to the Find My Device site and signing into your Google account, all devices associated with the Google account can be seen on a map to track them. You can remotely find, lock, or erase the device and play a sound even if it’s set to vibrate or silent. Even if the device’s current location can’t be tracked, it’s last known location can be found with this security service from Google.

Find My iPhone for iOS/macOS

A misplaced Macbook
A misplaced Macbook

 
Find My iPhone can be used to get back your lost iPhone, iPad, iPod touch, Mac, Apple Watch or AirPods. AirPod or Apple Watch paired with an iPhone will set up themselves while turning on Find My iPhone on the iPhone. You can sign into your iCloud account and locate your gadget on a map, play a sound to find it, use lost mode to lock it or wipe all your data remotely. For iOS 13, iPadOS 13 and macOS Catalina, Find My iPhone and Find My Friends services are integrated into a single app called Find My app.

Find My Device for Windows

A misplaced Windows laptop
A misplaced Windows laptop

 
Find My Device allows an admin to locate and lock a lost desktop, tablet, laptop, Surface, or, Surface Pen from his Microsoft account. To enable the feature, you need administrator access on the system, the system must be signed in using a Microsoft account and Find My Device should be turned on before you can use it. For this, you should head on to the Find My Device website. You can track the locations of all the devices associated with the Microsoft account there and remotely lock your device or change/reset the device password for added security.

Other vendor-specific security tools

Find My Mobile from Samsung

A lost Samsung device
A lost Samsung device

 
Find My Mobile is a security service to track your Samsung phones in situations where they can fall into wrong hands. To use the service, you must be signed in to your Samsung account on the lost phone. If a phone is found lost, you can go the Find My Mobile site and sign in with the Samsung account to locate the phone. There is a host of controls to help you with your missing phone including remote ringing, locking, wiping, retrieving messages, setting guardians for giving them the authority to perform the above actions, and finally data backup. There is another feature, unlock option, intended for the scenario in which an authorized user forgets the password to unlock his phone.

Blackberry Protect

A lost Blackberry device
A lost Blackberry device

 
When it comes to Android, there are other anti-theft solutions including BlackBerry Protect which works in association with your Blackberry account. Just like the Find My Device, Blackberry Protect also provides options to track, lock, ring, and erase phones along with provisions to mark them as stolen, display a custom message on the lock screen with details on how to contact the owner, and remotely change the device password. Only that it has some limitations for the number of phones tracked in this way, the maximum number being seven. When a phone is categorized this way, Blackberry Protect automatically backs up all the data to the cloud. Thus, the data can be recovered and migrated to a new phone later. If the phone relates to a BlackBerry Enterprise Server, BlackBerry Protect cannot be used.

Limitations of built-in tools

  • iOS devices can be tracked only if the device is logged into iCloud and Find My iPhone is enabled on the missing device.
  • To use Google Find My Device on a lost Android device the device must be logged into a Google account, Find My Device should be turned on, and the device must be visible on Google Play.
  • In the case of Windows, Find My Device works only with Windows 10. It must be signed into the lost device using the Admin’s Microsoft account, and the missing device should have the Find My Device feature turned on. The feature doesn’t work if work or school account is added to the device.
  • If the device doesn’t have a protected screen lock, unauthorized users can perform a factory reset and access the phone. The phone will not be associated with your Google account (if it’s Android) and Google will be having no provision to track the phone in this case.

Track your lost device with MDM

location tracking to track your lost device
Location tracking using MDM

 
You can use a Mobile Device Management (MDM) solution to track and protect your lost or stolen devices. MDM has a lot of features to pinpoint your missing device and to safeguard the confidential data in it. A set of additional mobile security functionalities that are not found with the in-built tools helps you to easily track your lost devices with Hexnode MDM.

Configuring location tracking

Location tracking feature allows you to monitor and track the location of your managed iOS, Android or Windows devices. Only that the devices must be connected to the internet and location services must be enabled on them. Just push the Location Tracking policy to turn the automatic location tracking on and to set the tracking interval. For Samsung Knox, LG GATE, and Kyocera business phones, location tracking can be enforced by permanently enabling location services via Android Restrictions.

On-demand location tracking

Scan device location action
Scan device location action

 
It’s possible to track your lost device’s location instantly using the Scan Device Location action. The feature works for iOS, Android and Windows devices.

Location History

Check location history to track your lost device
Check location history to track your lost device

 
You can obtain the location history of a device from the device details page. The location history can be filtered based on the date if needed.

Disabling location mocking

Devices with mocked locations
Devices with mocked locations

 
Android devices (6.0+) can spoof their GPS location. By configuring MDM mock location restriction policy, you can disable location mocking on your Samsung Knox and LG GATE devices and make sure that you are getting the exact location details.

Remote lock and wipe actions

Remote lock using Hexnode
Remote lock using Hexnode

Remote wipe using Hexnode
Remote wipe using Hexnode

 
Remotely lock the device and wipe the data that it holds in the case a device is lost or stolen and make sure that your corporate security is not compromised.

Enabling Lost mode on Android and iOS devices

Enable lost mode
Enable lost mode

 
The Lost mode is used to lock the missing device down with a custom message and phone number. It’s to keep the data on your lost device safe and secure. The device must be connected to mobile data or Wi-Fi.

Lost mode for iOS

The Lost mode can be enabled on a supervised iOS device managed by MDM. Here also Find My iPhone must be enabled. The admin will have to disable the lost mode from the MDM console itself for anyone to use the device.

Lost mode for Android

You can enable or disable the lost mode for Android devices instantaneously from the MDM console. The device will be locked down to kiosk mode displaying only a custom message and phone number to call to return. Exiting from this mode needs the Exit Password under Kiosk Global Settings.

Android lost mode settings
Android lost mode settings

 
For Android devices, a lost mode can be enabled automatically if the device is found inactive for a specific number of days. Admin can configure this under Android lost mode settings (Admin > General Settings > Android Lost Mode Settings). Admin can enable auto lockdown of devices and specify the number of days of inactivity after which the devices should be locked down. You can choose to show the Wi-Fi button and mobile data button in the launcher and display a custom message and contact number.

MDM locking feature for iOS and Android

Management of a DEP-enabled iOS device is much more comfortable as the device gets locked on to the MDM profile and even if the device is wiped the MDM settings will be reinstalled once it is reactivated. So, you can be expressly sure that even if the device is lost or stolen all the possible actions can be done from your MDM console to track and protect your devices.


For Android OEM devices enrolled by configuring the ROM, Hexnode MDM is made a system app and have complete authority over the device. Here, Hexnode gets reinstalled even if the device is wiped. Moreover, with ROM/OEM Enrollment, kiosk mode can be pre-activated and so as soon as the device gets connected to the internet, kiosk mode will be activated. This ensures that even a technically savvy person has limited possibilities on your stolen device and all the MDM features are right there for your aid.

Some security precautions

The scope of data theft has escalated rapidly in this data-driven world and the least we can do is to fortify some basic security strategies rather than waiting for methods to track your lost device.

  • Use a strong password – You can use the MDM password policy to enforce the use of a strong password.
  • Enable encryption – Encrypt your data to ensure that even if the device reaches unauthorized hands, they are unable to access it. MDM policies allow you to manage BitLocker encryption for Windows and FileVault encryption for Mac.
  • Back-up – Regularly back up your data so that even if a device is lost you can have a duplicate copy and start on quickly on a new device.
  • Note key device details – Keep records of the device’s key information like serial number, model number, IMEI number, etc.
Share
  • 40
  •  
  •  
  •  
  •  
    40
    Shares

Alma Evans

Product Evangelist @ Hexnode. Already lost up in the whole crazy world of tech... Looking to codify my thoughts for now...

Share your thoughts