Help Center
14 DAY FREE TRIAL
Search Close Search
Search result for "aa"
View all results

No Search Results

14 DAY FREE TRIAL
  1. Help Center
  2. Hexnode Glossary
  3. Glossary

Category filter

UEM Concepts: The Hexnode Glossary of Terms

Jump To

The Hexnode UEM Technical Glossary is a centralized knowledge base designed to bridge the gap between complex mobile device management (MDM) frameworks and day-to-day administrative operations. This directory provides clear, authoritative definitions for the core components of the Hexnode ecosystem

A

Activation Lock

Activation Lock is an Apple security feature, integrated with Find My, designed to prevent unauthorized use of a device after a factory reset. Even if a device is wiped, the associated Apple Account and password are required for reactivation.

For businesses, Hexnode’s configurations based on Activation Lock is critical for maintaining hardware lifecycle management. It allows administrators to bypass or clear Activation Lock on managed devices, ensuring that hardware can be repurposed or recovered even if an employee leaves the company without signing out of iCloud.

See also: How Hexnode simplifies Apple’s Activation Lock feature?

Activation Lock Bypass Code

For supervised iOS devices and macOS systems (with Apple Silicon or T2 chips) enrolled in Hexnode UEM, administrators can bypass Activation Lock using a Hexnode-generated alphanumeric code.

This code is automatically escrowed to the Hexnode portal during enrollment. It allows IT teams to repurpose or unlock devices without requiring the original user’s Apple Account credentials, ensuring hardware remains accessible even after employee offboarding or a factory reset.

Learn how to bypass Activation Lock with Activation Lock Bypass Code

Activity Feed

The Activity Feed is a live, event-based timeline available on the Hexnode Dashboard, as well as individual Device and User pages. It serves as a real-time log for every administrative action, command, and status change within the portal.

Key Capabilities:

  • Real-Time Monitoring: Track the progress of tasks such as policy associations, app installations, and remote wipes.
  • Instant Audit Trail: Review a chronological history of “what, when, and who” for every command.
  • Success/Failure Verification: Quickly identify whether an action was successful or failed with detailed error logs for troubleshooting.

Android Enterprise (AE)

Android Enterprise is Google’s dedicated framework for secure mobile device management (MDM). Formerly known as Android for Work, it provides a standardized set of APIs that Hexnode UEM leverages to manage devices, applications, and corporate data.

Core Management Modes

Hexnode utilizes Android Enterprise to support various deployment scenarios:

  • Work Profile (BYOD): Creates a secure container to separate personal data from corporate apps.
  • Fully Managed Device: Offers total administrative control for corporate-owned hardware.
  • Dedicated Device (Kiosk): Locks devices to specific applications for retail or frontline use cases.

Key Features in Hexnode

Through this integration, Hexnode enables:

  • Managed Google Play: Secure distribution of public and private enterprise apps.
  • Zero-touch Enrollment: Automatic, large-scale provisioning of devices right out of the box.
  • OEMConfig: Advanced, manufacturer-specific settings (like Zebra or Samsung) managed directly through the UEM.

More: Getting Started with Android Enterprise Program

Apple Business

Apple Business is a centralized, web-based portal that serves as the essential bridge between corporate-owned Apple hardware and a Unified Endpoint Management (UEM) solution like Hexnode.

Key Components

ABM integrates two formerly independent Apple deployment programs:

  • Automated Device Enrollment (ADE):Facilitates zero-touch deployment, automatically enrolling devices into Hexnode upon initial activation.
  • Apps and Books: Allows for the bulk purchase and silent distribution of App Store licenses and custom B2B applications.

Why It Matters for Admins

Beyond deployment, Apple Business enables the creation of Managed Apple Accounts and enforces Supervision—a state that grants administrators deeper control over security settings and prevents users from removing the UEM profile.

Start by enrolling your organization in Apple Business.

Apple Push Notification service (APNs)

Apple Push Notification service (APNs) is the foundational cloud-based propagation service required for all Apple device management. It maintains a persistent, encrypted connection between Apple’s infrastructure and every managed Apple device.

Role in Hexnode UEM

APNs acts as the exclusive communication gateway. Because Apple devices do not accept commands directly from third-party servers for security reasons, Hexnode sends commands to APNs, which then “pushes” them to the device.

Key Technical Attributes

  • MDM Protocol Requirement: APNs is the only method supported by the Apple MDM framework for triggering device check-ins.
  • Security: Uses certificate-based trust to ensure that only authorized UEM consoles can communicate with your fleet.
  • Persistence: Enables real-time actions such as Remote Wipe, Lock, and App Deployment even when the Hexnode app is not open on the device.

Critical Requirement: To manage Apple devices, administrators must renew their APNs Certificate annually within the Hexnode portal to maintain the communication link.

Learn more about creating APNs certificate in Hexnode UEM

Apple School Manager

Apple School Manager is a specialized, web-based portal designed for educational institutions to deploy and manage Apple hardware. It acts as the orchestration layer that connects school data to Hexnode UEM for automated device provisioning.

Education-Specific Capabilities

  • SIS & SFTP Integration: Automatically syncs student, teacher, and class rosters by connecting with Student Information Systems (e.g., PowerSchool, Infinite Campus) or Google Workspace.
  • Shared iPad: Facilitates the Shared iPad for Education feature, allowing multiple students to log in to the same device while maintaining a personalized experience.
  • Managed Apple Accounts: Provides schools the ability to create and own accounts for students and staff, offering 200GB of free iCloud storage and collaboration tools.

Role in Hexnode UEM

ASM provides the Automated Device Enrollment (ADE) and Apps and Books frameworks to Hexnode. This allows administrators to “Zero-touch” deploy iPads to students and silently install educational apps without requiring individual Apple Account sign-ins.

App Catalog

An App Catalog is a private, enterprise-managed application repository that serves as a Self-Service Portal for end-users. It allows IT administrators to curate a specific list of approved software, which users can install on-demand.

Key Capabilities

  • Multi-Platform Support: Distribute apps across iOS, Android, Windows, and macOS devices from a single portal.
  • App Variety: Supports the distribution of public store apps (via VPP or Managed Google Play) and custom Enterprise Apps (IPA, APK, MSI, DMG).
  • Compliance & Security: Prevents “Shadow IT” by ensuring users only download software that has been vetted and pre-configured with corporate security policies.

App Configurations (AppConfig)

App Configurations (often referred to as AppConfig) is a standardized framework that allows IT administrators to remotely define application settings and restrictions via Hexnode UEM. Instead of requiring users to manually enter setup data, the UEM server “injects” these configurations directly into the managed app.

Technical Implementation

  • Standardization: Hexnode follows the standards set by the AppConfig Community, ensuring compatibility across a wide range of enterprise applications.
  • Data Format: Settings are typically defined using Key-Value pairs or XML scripts, depending on the platform (iOS Managed App Configuration or Android Enterprise Managed Configurations).
  • Dynamic Variables: Hexnode supports wildcards (e.g., %email%, %username%), allowing a single configuration policy to be personalized for every user automatically.

Common Use Cases

  • Pre-filling Server URLs: Automatically pointing a VPN or Email client to the correct corporate gateway.
  • Security Hardening: Disabling specific features like “Save Password” or “External Sharing” within a corporate app.
  • License Activation: Silently pushing license keys to paid enterprise applications during installation.

Learn how to set up Application Configurations for devices?

App Identifier

An App Identifier is a unique, platform-specific string used to distinguish an application from all others in an ecosystem. In Hexnode UEM, these identifiers are critical for targeting specific apps during deployment, monitoring, and policy enforcement.

Platform-Specific Naming

  • iOS, macOS, iPadOS, & tvOS: Known as the Bundle ID (or Bundle Identifier). It is defined by the developer in Xcode and follows a reverse-DNS format (e.g., com.hexnode.hexnodemdm).
  • Android: Known as the Package Name. It is defined in the app’s manifest file and remains constant throughout the app’s lifecycle on the Google Play Store (e.g., com.hexnode.mobile).
  • Windows: Often referred to as the Product Code (for MSI) or Package Family Name (PFN) (for APPX/MSIX).

Role in Hexnode UEM

Administrators use App Identifiers to perform high-level management tasks, including:

  • App Inventory Management: Tracking versioning and installation status.
  • Allowlisting/Blocklisting: Restricting or allowing apps based on their unique ID rather than just their display name.
  • VPP & Managed Google Play: Linking licenses and enterprise configurations to the correct software package.
  • Per-App VPN: Triggering VPN tunnels for specific applications.

Asset Tag

An Asset Tag is a custom, administrator-defined identifier assigned to a managed device within the Hexnode UEM console. Unlike hardware-coded IDs (like Serial Numbers or IMEIs), Asset Tags are used to align digital device records with an organization’s physical inventory system or internal accounting codes.

Key Benefits for Administrators

  • Inventory Management: Streamlines the tracking of hardware lifecycles by mapping devices to specific departments, purchase orders, or physical locations.
  • Advanced Reporting: Enables admins to generate custom reports and filter the device grid using these unique identifiers.
  • Bulk Identification: Allows for the quick identification of devices during physical audits or hardware refreshes.

Visibility in Hexnode

Asset Tags are prominently displayed in the Device Summary page and can be imported in bulk via CSV or edited individually to maintain a synchronized record of corporate assets.

See also: Asset Tag Automation

B

Background Apps (Kiosk Mode)

Background Apps in Kiosk Mode are specific applications permitted to run silently in the background while a device is locked into a Single App or Multi-App Kiosk. While these applications do not appear on the kiosk home screen and have no visible user interface (UI) for the end-user, they are essential for maintaining the device’s operational integrity, connectivity, and security.

In a highly restricted kiosk environment, the operating system typically suppresses any app not explicitly allowed in the foreground. By configuring apps as “Background Apps,” IT administrators ensure that critical system services and third-party tools continue to function without providing a pathway for users to exit the kiosk or access unauthorized settings.

Common Use Cases:

  • Connectivity and Security: Ensuring that VPN clients and firewall agents remain active to provide secure network access for the foreground kiosk app.
  • Peripheral Integration: Running drivers or service apps for external hardware such as barcode scanners, receipt printers, or credit card readers.
  • Remote Support and Monitoring: Allowing remote view agents or asset tracking tools to transmit device health and location data to the UEM portal in real-time.
  • Authentication Services: Supporting Identity Provider (IdP) agents that handle backend authentication and Single Sign-On (SSO) for the primary kiosk application.

Platform-Specific Implementation:

  • Android: Hexnode allows administrators to add apps to the “Background Apps” list within the Kiosk profile, ensuring they are not killed by the system’s memory management while the kiosk is active.

See also: How to add background apps in Android Kiosk Mode?

BitLocker

BitLocker is Microsoft’s native full-disk encryption (FDE) feature designed to protect data at rest on Windows endpoints. By encrypting entire drive volumes using high-level AES encryption, it ensures that sensitive information remains inaccessible to unauthorized users in the event a device is lost, stolen, or tampered with.

For organizations, BitLocker is a critical component for meeting global data protection mandates such as GDPR, HIPAA, and PCI DSS. Hexnode UEM allows IT administrators to centrally enforce BitLocker policies, monitor encryption status across the entire fleet, and securely escrow recovery keys to prevent data loss due to forgotten passwords or hardware changes.

Supported Drive Types:

  • Operating System Drives: Encrypts the drive where Windows is installed and validates the boot process integrity.
  • Fixed Data Drives: Secures internal secondary drives used for storage.
  • Removable Data Drives (BitLocker To Go): Extends protection to external storage media, such as USB flash drives and portable hard disks.

Key Management Capabilities in Hexnode:

  • Silent Enrolment: Trigger encryption on endpoints without requiring end-user intervention.
  • Recovery Key Escrow: Automatically capture and store the 48-digit recovery password in the Hexnode portal for emergency administrative access.
  • Compliance Monitoring: Real-time reporting on which devices are encrypted and compliant with organizational security benchmarks.

Blocklist

A blocklist is a security management policy used to restrict access to specific applications, websites, or network entities that are deemed unauthorized, unsafe, or non-essential. Unlike an Allowlist (which blocks everything except approved items), a blocklist allows all entities to function by default while specifically targeting and disabling only the items listed by the administrator.

In the context of Hexnode UEM, blocklisting is a proactive measure to safeguard corporate data and maintain employee productivity. When a blocklisted app is detected on a managed device, Hexnode can automatically mark the device as Non-Compliant or trigger administrative alerts.

Core Applications:

  • App Blocklisting: Prevents the installation or execution of specific software. On mobile devices, this can hide the app icon or prevent the app from launching; on desktops, it can kill the process or block the installer.
  • Website Blocklisting: Utilizes URL filtering to prevent users from accessing specific websites or entire web categories (e.g., social media, gambling, or known malicious domains) via managed browsers.

Key Benefits in UEM:

  • Security Enforcement: Mitigates risks from shadow IT, malware, and data-leaking applications.
  • Compliance Automation: Automatically identifies and remediates devices that violate organizational software policies.
  • Productivity Management: Minimizes workplace distractions by restricting access to entertainment or non-work-related platforms during business hours.

BYOD (Bring Your Own Device)

Bring Your Own Device (BYOD) is a corporate policy that allows employees to use their personal smartphones, tablets, and laptops for business purposes. This model supports the modern hybrid workforce by providing users with the flexibility to work from their preferred hardware while ensuring the organization maintains control over corporate data.

In a UEM context, BYOD focuses on the separation of personal and professional data. Unlike corporate-owned deployment models, BYOD management emphasizes user privacy; IT administrators can manage and secure corporate applications and data without accessing or monitoring the user’s personal photos, messages, or private applications.

Management Frameworks:

  • Android Enterprise Work Profile: Creates a dedicated, encrypted container on the device that separates work apps and data from personal content. IT admins have full control over the “Work” side, while the “Personal” side remains private.
  • Apple User Enrollment: A management mode designed specifically for BYOD on iOS and macOS. It uses a separate APFS volume to store managed data and limits the administrator’s ability to perform intrusive actions, such as viewing the device’s full app list or serial number.

Key Benefits in Hexnode:

  • Data Containerization: Ensures that corporate information (emails, documents, and internal apps) stays within a secure, encrypted boundary.
  • Selective Wipe: In the event an employee leaves the organization, administrators can perform a “Corporate Data Wipe” to remove only business-related information, leaving the user’s personal data untouched.
  • Privacy Assurance: Builds trust with employees by technically restricting the UEM from accessing private device information.
  • Cost Efficiency: Reduces the overhead associated with purchasing and maintaining a massive fleet of corporate-owned hardware.

Get started with BYOD

Need more help?
Image of Raise a Ticket Raise a Ticket
Image of Ask Community Ask Community
Image of Chat With us Chat With us
Hexnode Glossary