Difference between revisions of "Zimbra Next Generation Modules/Zimbra NG Mobile/Mobile Device Management (a.k.a Provisioning)"
m (1 revision imported: Zimbra NG)
Revision as of 13:11, 30 August 2017
Mobile Device Management a.k.a. Mobile Provisioning
Zimbra NG Mobile - Mobile Device Management a.k.a. Mobile Provisioning
What is Mobile Device Management?
Mobile Device Management (MDM - also known as Provisioning) allows an Administrator to define a set of rules and security settings that are applied Over The Air to one or more mobile devices, ranging from PIN policies to Allowed/Blocked app lists and including "one time" commands such as the remote wipe of the entire device.
MDM effectively allows the administrators to limit and restrict the use of corporate mobile devices in order to avoid as many risky or improper behaviours as possible.
On top of this, MDM is also a priceless aid in carrying on "Bring Your Own Device" corporate policies, allowing users to connect their personal mobile devices to the corporate servers reducing the risk of security breaches to a bare minimum.
Provisioning features available on your client
Not all Provisioning features are available on all clients. A good comparison of Exchange ActiveSync clients can be found on Wikipedia
Zimbra Next Generation Modules and MDM
Zimbra Next Generation Modules features advanced MDM features through the Exchange ActiveSync protocol version 14+.
Mobile policies can be enabled at COS and Mailbox level, allowing both a quick "one for many" setup and a user-based customized managment. In both cases, Mobile Management Options are available within the "Zimbra NG Mobile" tab of the appropriate entry upon checking the "Enable EAS14" box.
The following provisioning options are available:
- Enable Mobile Policy: Enable or Disable the use of Mobile Policies for the current user/COS.
- Allow non-provisionable devices: Allow the user to synchronize any device that does not support provisioning.
- Allow partial policy enforcement on device: Allow the user to synchronize any device that does not support one or more applicable policies.
Enforceable Policies are available right below to the "Mobile Devices" list, grouped in the following categories:
- Sync Settings - Set synchronization spans and limits.
- Device Settings - Enable or Disable device features such as Camera, WiFi, Removable Storage or Bluetooth.
- Device Security Settings - Force an unlock code and define the minimum requirements for the code itself.
- Device Applications - Enable or Disable "standard" device applications such as the Browser and POP/IMAP client or unsigned apps.
Two lists are also available for application whitelist/blacklist management:
- Approved Applications - A customizable list of approved applications.
- Blocked Applications - A customizable list of blocked applications that won't be usable on the device.
While conceptually similar, the Mobile Password feature is not part of the Mobile Device Managment and can be used with any version of the EAS protocol.