XenMobile MDM is a robust mobile device management solution that delivers role-based management, configuration and security for both corporate and employee-owned devices. Upon user device enrollment, IT can provision policies and apps to devices automatically, blacklist or whitelist apps, detect and protect against jailbroken devices, and wipe or selectively wipe a device that is lost, stolen or out of compliance. Users can use any device they choose, while IT can ensure compliance of corporate assets and secure corporate content on the device.

XenMobile MDM management and security capabilities

Deploy

• Deployment choices: on-premises, cloud, or hybrid
• Mobile data security from a secure architecture (no LDAP or solution data in the DMZ, only three ports open inbound)
• Benefit from a scalable mobile device management server architecture that features industry-standard HA with active-active clustering at all tiers
• MSPs benefit from a multi-tenant console to administer several XenMobile MDM servers from a single console

Configure

• View deployment summary and initiate bulk actions from a customizable, one-click dashboard
• Establish role-based access to administrative console
• Define and enforce allowed device types, OS, and patch levels; support all major device types, including non-C2DM Androids
• Secure all mobile touch points – email, content, apps and intranets with integrated mobile security
• Differentiate between employee-owned versus company-issued devices (and establish policies for each); enable auto-tagging from asset or configuration management databases
• Configure packages of policies and applications in an intuitive, mix-and-match way for ease of deployment, ongoing administration, and change management
• Configure device enterprise access, including Wi-Fi, VPN, and APN, and corporate email
• Integrate directly and in real-time with LDAP
• Integrate with certificate services and PKI
• Configure mobile device security such as encryption of data-at-rest and passcodes
• Configure third-party email container for Android devices
• Restrict mobile device resources and applications
• Blacklist and whitelist applications, prevent apps from launching
• Lock and prevent removal of mobile device management profile
• Benefit from common deployment templates and default policies

Provision

• Ensure policy compliance prior to device enrollment
• Simplify user enrollment options and automatic MDM server discovery to reduce support calls
• Distribute mobile applications via an enterprise application store
• Push to and remove mobile applications from devices
• Distribute policies and applications by user, role, group, and device type
• Support Apple Volume Purchase Program with automatic license tracking and account draw-down

Secure

• Enforce passcode policy, including length, complexity, and change parameters; ascertain passcode history
• Enable two-factor authentication
• Remotely locate, track, and lock device; auto-lock device after inactivity period
• Remotely wipe or selectively wipe device; auto-wipe device after failed login attempts
• Set up geo-fencing and geo-tracking to set up a location perimeter for securing devices
• Initiate automated compliance actions based on non-compliance, unmanaged, rooted devices, passcode policy, perimeter breach, or blacklisted/whitelisted apps
• Block or allow unauthorized or non-compliant devices from corporate network (including unmanaged, jailbroken/rooted, and ones not adhering to the blacklist/whitelist)
• Mobile application security to prevent apps from launching with Mobile Application Control
• Mobile data security by blocking data synchronization to Apple iCloud
• Get additional mobile app security by granting granular mobile application access and secure app communications with Mobile Application Tunnels
• Gain mobile security visibility with Mobile Security Intelligence; integrate with SIEM solutions
• Set dynamic, context-aware policies to restrict device resources or wipe secure doc container
• Secure line-of-business devices with granular controls through integration with Samsung SAFE

Monitor and Support

• Remotely locate and track devices
• Remotely lock, wipe, and selectively wipe devices
• Provide remote support and troubleshooting, including support-to-device VOIP and chat
• Provide secure remote access to intranets and web apps through a secure corporate browser for additional mobile device security
• Protect mobile apps by adding mobile app security services using the app SDK to make them business-ready
• Maintain inventory of hardware details, mobile applications, device details and statistics
• Report on service details such as roaming, location, telecom expense and service, and user inactivity; disable voice and data roaming
• Report on user-owned vs. corporate-issued devices
• Report on unmanaged devices, including whether they are allowed or blocked per policy
• Report on mobile incidents and compliance with Mobile Security Intelligence; integrate with SIEM solutions
• Support mobile business objectives with advanced mobile application performance, intelligence, and security

Decommission

• Identify inactive devices
• Fully wipe devices, returning them to factory settings
• Disable full wipe capability to prevent full wipe from occurring in any instance
• Selectively wipe devices, removing business apps and data while leaving personal data intact