cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Restricting unauthorized devices for Enrollment

Go to solution
Former Member

on ‎02-24-2015 11:39 AM

0 Kudos

Hi,

I am not sure if i am writing this question in the right place or not but anyways I want to check,

When we create a enrollment process and and give that to some of the admin's on how to use and also the users who will be using there devices will also come to know of the process on how it works, So if they try to do it in a personal device without the company permission there might be a possibility of a security breach so is there a way we can come to know which device that we see in the Afaria Admin console are provided by the company and which one are personal devices which are not authorized?

If this is not the right place please suggest me were can i find the answer for this.

Thanks.                             

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎02-24-2015 12:40 PM
0 Kudos

Hello Raja Ram,

This is the right place to post the Afaria questions.

Yes, we can differentiate the corporate/personal devices as per your requirement.

1.Firstly, make sure you enroll the device.
2.Login to the admin console UI.

3.Click on the enrolled device -> go to Owner -> Under drop down you find two options "Corporate" and "Personal".

4.Select the Owner type you wish to have.

PS: By default, the owner for the enrolled devices will be "Personal". You can change it by clicking on the Owner.

Hope this helps you to clear the queries.

Kind Regards,
Sushmitha
SAP Mobile Secure Cloud

Show replies
Show replies
Former Member
‎02-24-2015 1:15 PM
0 Kudos

Hi Sushmitha,

Thank you for the information, may be i did not explain myself clearly.

My question was how to restrict user or any one, to take advantage and enroll there personal devices(without company permission) so that they can access emails in there personal devices as well, even though they have been provided with corporate device.

Because of this some sensitive info like emails and other info will be under security risk.

former_member228655
Participant
‎02-24-2015 3:23 PM
0 Kudos

Hi Raja,

Are you saying you would like to block email access on personal devices? If so then you can create a dynamic group for corporate devices and link it to EAS policy so that ONLY corporate devices gets email. You can also create a dynamic group for personal devices and add this group in Block Group so that you can take remediate personal device. 

Thanks,
Sejal Patel

SAP Active Global Support

Former Member
‎02-25-2015 5:51 AM
0 Kudos

Thank you for the info, but that does not answer my question.

Below are few questions that i have regarding this.

1) How to stop users enrolling there personal devices(it is just we trust them not to do that or tell them not to do that)

2) If they have enrolled there personal devices without company permission, How to identify which         device is a personal and which one is corporate in the Afaria Admin console.

Thanks.

Former Member
‎02-25-2015 9:12 AM
0 Kudos

Hello Raja Ram,

I understand your concern here.

1. One cannot enroll the device in Afaria without company permission which would be a security breach. Afaria will not stop the users enrolling their personal devices as it has come with BYOD devices as well. All you have to do is requesting the users to not enroll the devices without company permission.

2. Once the device is enrolled, as I told you earlier we can have a look at the device owner -"Personal" or "Corporate". However, we cannot differentiate the user enroll with/without company permission. Once the user has assigned a role let say admin, device helpdesk etc. they can enroll any number of devices both corporate and BYOD, not leading to security breach.

Hope this helps!!

Kind Regards,
Sushmitha
SAP Mobile Secure Cloud

rakshit_doshi
Active Contributor
‎02-25-2015 9:21 AM
0 Kudos

Dear Raja Ram,

There is a way to do this as well. When you create an enrollment policy there is an option called as Automatically approve which is by default checked. You can remove that thing and then publish the enrollment policy. With this whenever the user tries to enroll (either personal/corporate) during enrollment process itself it will stop alerting the user that the device is unapproved. You can also restrict the push of policies once the device is enrolled. With this you can avoid the security breach. The Admin can see which all devices are not approved and can manually approve it from the Admin Console.

For the second question, it is difficult to identify the device as particular OS registers itself as by default type like Android and iOS devices always register themseleves as personal device, Windows Phone registers itself as Company Device.

Hope this helps,

Thanks,

Rakshit Doshi

Answers (0)

Ask a Question