IBM Security MaaS360

Expand all | Collapse all

Maas360+Knox Enrollment DO

  • 1.  Maas360+Knox Enrollment DO

    Posted Tue December 10, 2019 06:35 AM
    Hi Team Maas360,
    can you tell me if adding an account (mdm credential) in the kme portail it's possible to enroll without typing credentials on the device.



    ------------------------------
    Noureddine LAAREJ
    ------------------------------


  • 2.  RE: Maas360+Knox Enrollment DO

    Posted Mon December 16, 2019 07:07 AM
    The last KME deployment I did a few months ago, I contacted IBM to confirm and it isn't supported.

    Might have changed since but I haven't seen anything

    ------------------------------
    Jack Hayden
    ------------------------------



  • 3.  RE: Maas360+Knox Enrollment DO

    Posted Wed January 22, 2020 04:40 PM
    ​... there is an other Problem - during enrollment on the mask where you had to enter your email and account id - if your customer is rebooting the device in this Situation - after the reboot he has an open device where for sure the MaaS360 app is installed but not enrolled! so you cannot manage this device and your customer can do what he want.
    Have you a solution for that?

    ------------------------------
    Walter Schütz
    ------------------------------



  • 4.  RE: Maas360+Knox Enrollment DO

    Posted Thu January 23, 2020 11:51 AM
    MaaS360 pins the agent upon initial boot, but we unpin after a reboot so as not to create a situation where the app is always locked, preventing possible troubleshooting and recovery options.  We're working on enhancements in the future that will lock out features and services when users resets without enrolling, while still unpinning the app.

    ------------------------------
    Matt Shaver
    System Architect
    IBM
    mshaver@us.ibm.com
    ------------------------------



  • 5.  RE: Maas360+Knox Enrollment DO

    Posted Mon January 27, 2020 09:41 AM

    That's good to hear – in cases where the device is stolen, I don't like that the person could reboot the phone and still get through to use the phone. I'm assuming the phone would still register in to MaaS360 as a new device?

     

    Amy Burt

    Mobile Device Coordinator

    O.  660.890.8225

     

    210 Business Hwy 13

    Osceola, MO  64776

    CompassHealthNetwork.org

    Inspire Hope. Promote Wellness

    image009.jpg@01D4A687.D220D5B0

     



    Disclaimer

    The information contained in this communication from the sender is confidential. It is intended solely for use by the recipient and others authorized to receive it. If you are not the recipient, you are hereby notified that any disclosure, copying, distribution or taking action in relation of the contents of this information is strictly prohibited and may be unlawful.

    This email has been scanned for viruses and malware, and may have been automatically archived .






  • 6.  RE: Maas360+Knox Enrollment DO

    Posted Mon January 27, 2020 11:04 AM
    I don't have the full scope of the planned restrictions available, but we're looking at a scenario where the device has downloaded the MaaS360 agent, but has not yet gone through the enrollment process, so there wouldn't be any record of the device in the portal, nor could portal actions be taken.  The app will have a process built in whereby it would enforce a policy that removes device functionality before it is enrolled, then lift those restrictions once enrollment is complete.

    ------------------------------
    Matt Shaver
    System Architect
    IBM
    mshaver@us.ibm.com
    ------------------------------



  • 7.  RE: Maas360+Knox Enrollment DO

    Posted Mon January 27, 2020 11:32 AM

    If the phone is also registered to Samsung KNOX – will it try to force MaaS360 setup in this scenario?

     






  • 8.  RE: Maas360+Knox Enrollment DO

    Posted Mon January 27, 2020 11:50 AM
    If there is a KNOX mobile enrollment profile and the device is not already activated, absolutely.  One potential solution that is easily configurable would be to create a "stolen device" profile in the KME setup portal.  Include a JSON with some generic user enrollment credentials so that the devices marked with the profile automatically enroll in MaaS360 after the app is downloaded.  In that case you'd be able to see the device in the portal and take direct actions.

    ------------------------------
    Matt Shaver
    System Architect
    IBM
    mshaver@us.ibm.com
    ------------------------------



  • 9.  RE: Maas360+Knox Enrollment DO

    Posted Fri February 14, 2020 12:48 PM
    Hi Matt,
    OK but there will always be a limit of 10 devices?

    Noureddine

    ------------------------------
    Noureddine LAAREJ
    ------------------------------



  • 10.  RE: Maas360+Knox Enrollment DO

    Posted Fri February 14, 2020 01:15 PM

    No, we're working on enhancements that will provide easier solutions here.  The 10 device limit is something we imposed (it can be removed) because Google limits the number of devices to a single Play account can be logged in to 10.  This means that if there are 11 devices with the same Google account active in a 24 hour period trying to access Play services, one of them will be automatically logged out.

    Currently each user in the portal gets associated with one Google account, we're working on enhancements that will support extending this number, as well as support for "device accounts" in which each individual device can have it's own unique Google account.



    ------------------------------
    Matt Shaver
    System Architect
    IBM
    mshaver@us.ibm.com
    ------------------------------