Hello people!
Hope each one of you are doing ok!

Well, 

We currently have a environment with more than 3400 devices, mostly Androids and we're facing a problem, because some devices have a general purposes in some stores and sometimes we have more than one person using them. The thing is, we have devices missing for more than 2 years now, we're getting close to have 1000 devices missing , that's a lot, no? 
We have some difficult to track the last access on this devices, so what I want to know is if there's any way we can track the last person to use the device.
Is there any way to make the device passcode the same as the AD? 
Is there any workaround someone here on the community can think of to deal with it?
Maybe a VPN?
We want to do this with every device, even those who are linked to just one user.

Imagine the financial lost we had because we lost track of a thousand devices and this is what we've tracked so far, we have in total a 1603 devices that does not report for more than 30 days.


Anyway, thank you everyone.

------------------------------
Adeilson Oliveira
------------------------------

Something to consider is the inconsistency of location services.  In order for MaaS to produce location information, there are some very stringent requirements.  MaaS requires location logs on the device to produce the information in the dashboard.  This means the device must have an active connection, location services must be turned on, on the device and the device must be able to triangulate location using WiFi, cell towers or satellite.  If any of these variables are not available you will not get location information.  When you ping a device for location the same holds true. The user has the ability to turn off location on most android devices and a data connection is solely at the control of the user.  Bottom line, location information is never going to be consistent.  Why?  Device manufacturers see their devices a consumer-centric first, then they address business requirements second.  API's and hooks in the operating system are provided to MDM vendors accordingly for MDM related functionality based on the device manufacturer's preference.

------------------------------
Mitch Lauer
ConnecTel Wireless
Pittsburgh, PA
412-339-5765
mlauer@ConnecTelWireless.com
------------------------------

Original Message:
Sent: Thu May 11, 2023 01:28 PM
From: Adeilson Oliveira
Subject: Active Directory Authentication

Hello people!
Hope each one of you are doing ok!

Well, 

We currently have a environment with more than 3400 devices, mostly Androids and we're facing a problem, because some devices have a general purposes in some stores and sometimes we have more than one person using them. The thing is, we have devices missing for more than 2 years now, we're getting close to have 1000 devices missing , that's a lot, no? 
We have some difficult to track the last access on this devices, so what I want to know is if there's any way we can track the last person to use the device.
Is there any way to make the device passcode the same as the AD? 
Is there any workaround someone here on the community can think of to deal with it?
Maybe a VPN?
We want to do this with every device, even those who are linked to just one user.

Imagine the financial lost we had because we lost track of a thousand devices and this is what we've tracked so far, we have in total a 1603 devices that does not report for more than 30 days.


Anyway, thank you everyone.

------------------------------
Adeilson Oliveira
------------------------------

Hi Adeilson
For the MaaS360 workplace it is possible to set the lock screen passcode to the same value as the AD password. So if going into MaaS360 Secure Mail, Secure Browser and Secure Documents (Editor/Viewer) clients you could use this. I would suggest you test this before rolling out in production. 
Unfortunately this option isn't available for Android Enterprise (device-level) policy - am assuming your devices are in AE. 
There is an option in the Passcode settings which is to "Disallow Unified Password", forcing the user to use a different value for unlocking the device and then the work profile - meaning they need to pay attention to which screen they are on - but with a risk of locking the device after a number of incorrect attempts. 

An alternative in terms of getting most recent information is to use Web Services call from your data centre to our platform. Documentation: 
https://www.ibm.com/docs/en/maas360?topic=services-maas360-api-reference-web
You can contact Support and request Web Services be switched on and they can create a security key to allow the calls to come in. 
In addition they will provide the most recent version of the Web Services documentation. 
You can take a number of actions using Web Services (REST API) calls suchc as locate or lock device, mark as lost or found, and so on. 

Hope this helps. 
Best

------------------------------
Eamonn O'Mahony
Technical Client Success Manager
IBM Security
Dublin, Ireland
------------------------------

Original Message:
Sent: Thu May 11, 2023 01:28 PM
From: Adeilson Oliveira
Subject: Active Directory Authentication

Hello people!
Hope each one of you are doing ok!

Well, 

We currently have a environment with more than 3400 devices, mostly Androids and we're facing a problem, because some devices have a general purposes in some stores and sometimes we have more than one person using them. The thing is, we have devices missing for more than 2 years now, we're getting close to have 1000 devices missing , that's a lot, no? 
We have some difficult to track the last access on this devices, so what I want to know is if there's any way we can track the last person to use the device.
Is there any way to make the device passcode the same as the AD? 
Is there any workaround someone here on the community can think of to deal with it?
Maybe a VPN?
We want to do this with every device, even those who are linked to just one user.

Imagine the financial lost we had because we lost track of a thousand devices and this is what we've tracked so far, we have in total a 1603 devices that does not report for more than 30 days.


Anyway, thank you everyone.

------------------------------
Adeilson Oliveira
------------------------------