Geofencing – Location based MDM restriction
Geofencing is a location-based service in Hexnode UEM that lets you create a virtual fence around a geographical region. Administrators can dynamically associate or disassociate policies with devices located inside or outside a particular area by creating geofences. They may also mark a device as non-compliant when it moves out of a geofence. This feature can be used in association with dynamic grouping and Hexnode policies to adapt to a wide range of use cases like making corporate resources and device configurations available based on device location or creating a compliance-based alert system for devices detected to be outside the geofence.
Creating a geofence region
To create a geofence region,
- Navigate to Admin tab.
- Select the Geofencing sub-tab and click on Create Fence.
- Bring up a region by typing the location in the text box.
- Draw a rectangular fence over the region.
- Click Save.
Applying the Geofence policy
To enforce a configuration or restriction payload along with a geofence policy,
- Navigate to Policies tab.
- Click on New Policy to create a new policy or click on any policy name to edit an existing policy. Enter the Policy Name and Description in the provided fields.
- Navigate to General Settings > Select Geofencing.
- Click on + Add Fence > Select the fence(s) you want from the list > Click OK.
- You may also add other policy configurations. Head on to Policy Targets > + Add Devices, select the required device(s) and click OK.
- Click Save.
Dynamic grouping with Geofencing
Dynamic groups dynamically updates its device listing based on the specified conditions. During the group’s periodic sync, any device satisfying the conditions of the dynamic group at that time gets added to the group, and all the policies applied to the group takes effect automatically on the device added in that group. Similarly, when a device fails to satisfy the conditions of the group, it will be automatically taken off the group and all policies associated on the device through the dynamic group will be disassociated.
On Hexnode, you can dynamically group devices based on whether it is located inside or outside a geofence region. This can be used to create location-aware policies that gets assigned to devices listed on the dynamic group.
To create a Dynamic Device Group,
- Navigate to Manage tab > Device Groups > New Dynamic Group.
- Enter the Group Name and Description.
- Under Choose Geofences/Location Filters, choose one or more locations while selecting either Include or Exclude to group devices to a specific region.
- You can add a criterion by specifying the constraints in Choose Condition filters.
- There can be exceptions to rules. You can include all the exceptional conditions under Add Exceptions. The devices satisfying these conditions will be exempted from dynamic grouping.
- Click on the Preview button to view the list of devices that matches the criteria.
- Click Save group to save the group details.
What happens when a device moves out of the specified fence or enters a restricted area?
In case of Geofencing via Policy
When a device comes out of its specified fence or enters a restricted area, the device will be marked as non-compliant on the Hexnode console. You can configure Notifications settings such that the administrators, as well as the associated users, get notified via email upon device non-compliance.
To enable notifications via email,
- Navigate to Admin tab > Notifications.
- Under Notify the administrators on, check the option Device out of Compliance.
- You can also notify the users when a device goes out of compliance.
Under Notify the associated users on, check the option Device out of Compliance.
- Click Save.
In case of Dynamic groups
When a listed device is discovered outside the geofence region during the periodic group sync, Hexnode will remove the device from the dynamic group. Hexnode will also disassociate all the policies associated with the dynamic group immediately from the device.