MDM

Easier device enrollment with Windows Autopilot, real-time issue resolution, and policy support for better control of Android devices with Entgra UEM 6.1

Leave a Comment / Blog, MDM, Tech / By Viranga Gunarathna / April 10, 2024 / Android Device Management, MDM, Mobile Device Management, UEM, Unified Endpoint Management, Windows Device Management

Entgra UEM 6.1, the successor to Entgra UEM 6.0, is now available for use.

The latest version of our unified endpoint management (UEM) product has several benefits for Windows and Android device users. Windows device users will benefit from streamlined device setup through Autopilot enrollment and faster real-time technical support with remote screen share. This release also introduces new device operations to enhance management capabilities. Android device users can now enforce pre-approved input methods for better management of data usage. Entgra UEM 6.1 comes with UI enhancements that give you improved navigation and usability, while platform improvements include convenient tenant deletion.

This blog explores each of these new benefits by device type in detail and other platform improvements.

For Windows Device Users

Simpler Device Setup with Windows Autopilot Enrollment

Use Windows Autopilot deployment for a straightforward, hassle-free device setup and configuration for your corporate Windows devices. This feature provides:

Zero Touch Deployment: Autopilot supports zero-touch deployment scenarios, where you can provision and configure devices remotely sans any physical interaction. This is especially useful for large-scale remote workforces.

One-time setup: Autopilot eliminates the need for repetitive manual deployment tasks, such as device activation, user account creation, and app deployment. This one-time setup streamlines the process and saves significant time for your administrators.

No OS imaging required: With Autopilot enrollment, you can effortlessly distribute applications, documents, and configurations to enrolled devices in bulk. This gives you a simplified deployment process by shortening the time-consuming OS imaging process.

Controlled Administrative Permissions: Autopilot helps enforce security policies by limiting the creation of local administrator accounts on devices. This ensures that only authorized personnel can control administrative permissions across your devices.

Less TCO: By streamlining the deployment and management process, Autopilot can help reduce the Total Cost of Ownership (TCO) associated with managing Windows devices. This is often achieved by minimizing the time and resources required for manual setup and configuration, thus leading to cost savings in the long run.

Interactive Real-Time Technical Support Facilitated by Remote Screen Share

The new remote screen share support feature empowers your IT admins to promptly identify and resolve issues directly by viewing your users’ screens in real-time.

This feature has a significant impact on your troubleshooting process and improves the overall efficiency of your support operations. With instant visual inspection and diagnosis, your IT teams can expedite solutions, enabling employees to resume their tasks quickly and reduce instances of downtime. There are further cost saving benefits for your business as your team does not have to make on-site visits for technical issue resolution unless absolutely necessary.

We have plans to develop our real-time technical support feature further in upcoming product releases.

Tailored Device Management Through Device Operation Enhancements

This release expands on our existing suite of remote operations available for Windows device users. The additions are discussed further below.

Device Info: You can request detailed device information directly from enrolled Windows devices. This includes crucial data such as hardware specifications, system configurations, and more, enabling administrators to gain deeper insights into their device ecosystem to support management and decision-making.

Application List: Gain up-to-date information about your software landscape across your Windows devices with the “Application List” functionality. Triggering this operation allows you to download the Microsoft Application list from enrolled devices, providing visibility into installed applications and their versions.

Security Info: With the “Security Info” feature, you can request comprehensive security information from enrolled Windows devices. This includes vital data regarding device security settings, defender details, encryption status, and more, empowering administrators to ensure compliance with security policies and proactively address any vulnerabilities.

Firewall Info: Gain deeper visibility into the network security posture of Windows devices with the “Firewall Info” functionality. By triggering this operation, administrators can request device firewall information from enrolled Windows devices. Use this data for better network security management, threat detection, and response capabilities.

For Android Device Users

Updated Data Security With Pre-Approved Input Methods

Android device users can now regulate the use of keyboards and input methods, reducing the occurrences of data breaches and keylogging incidents.

This feature presents you with various options to customize input methods so that you have the flexibility to adapt the policy based on your enterprise needs. You have the choice to either restrict input methods solely to trusted pre-installed or system-provided keyboards, ensuring a heightened level of security, or alternatively, define a specific list of user-installed packages deemed acceptable as input methods.

This level of granularity empowers you to fine-tune your device management strategy, enhancing security while maintaining operational flexibility.

Block Apps From Using Metered Connection With Improved App Usage Configuration

The improved App Usage Configuration policy gives you the ability to restrict specific applications from accessing the internet when your device is connected to a network with metered or limited data usage, such as cellular data networks.

Manage your data usage more effectively, avoid unexpected overage charges, and save financial resources with this feature. You can also ensure that essential apps or services take priority.

Agent Compatibility for Android 14 and 13

Entgra UEM 6.1 provides comprehensive compatibility with Android versions 14 and 13 for its agent. This ensures a smooth integration of diverse device fleets, offering enhanced management capabilities across a range of Android devices.

Platform and UI Improvements For All Devices

Faster Tenant Deletion

Admins have an advanced feature to efficiently manage subtenants and their data, all accessible within a single console interface. Deleting tenants and clearing relevant data becomes less time-consuming because you do not have to switch between multiple consoles. Furthermore, admins can still maintain control over your multi-tenant environments.

Revamped Windows Defender Page and Enhanced Search Functionality

Continuing our mission to keep improving our product user interface and give administrators a smoother navigation experience, Entgra UEM 6.1 introduces features to this end. You can now conveniently search for apps using package names within the application restriction policy, easing app management tasks.
Furthermore, enhancements to the Windows Defender single-device page provide a more intuitive user experience.

Experiment with these features by signing up for your 14-day free trial today or reach out to us for a live demo. Our product documentation has more details to help you get started too. Stay connected with us to learn about future product updates to Entgra UEM.

App Management Made Easier: Using Entgra UEM For App Lifecycle Management

Blog, MDM, Tech / By Viranga Gunarathna / June 6, 2023 / EMM, MAM, MDM, UEM, Unified Endpoint Management

We all know Unified Endpoint Management (UEM) solutions provide comprehensive end-to-end Mobile Application Management (MAM) capabilities for businesses. You can effortlessly manage and monitor apps on multiple mobile devices from one central place.

Application Lifecycle Management (ALM) is one of the core features of UEM when it comes to mobile app management. At Entgra, we understand the challenges of managing app lifecycles and have developed a cutting-edge solution that takes the complexity out of the process, making things easier and user-friendly for you.

Entgra UEM provides ALM capabilities. In this blog, we will explore these capabilities in detail to highlight how they simplify app lifecycle management stages and enhance the overall management experience.

Before you begin: What is ALM?

ALM is the process of managing the entire lifecycle of applications deployed on your endpoints.

It enables you to manage the lifecycle of an app from its inception to retirement. You can ensure they are installed correctly, monitor their performance, and update them without causing any inconvenience to your end users. Your team members can collaborate at each stage of the app lifecycle, facilitating real-time updates.

Entgra’s approach to ALM

The ALM feature in Entgra UEM is comparable to having a personal assistant for your apps. You can manage your applications from start to finish within a centralized platform. It covers everything from creating and deploying apps to updating and retiring them.

Let us take a brief look at the entire ALM process.

Admins can create their apps via the Entgra app publisher. Once you create an app, it automatically comes with its lifecycle. From this point onwards, you are able to oversee and manage each stage of the app’s lifecycle.

Now let’s delve further into each stage.

Created – Suppose that you want to create a specific corporate app exclusively for your employees. Once you create this app, it belongs to the first stage of the app’s lifecycle. Now you have full control over each stage of the app’s lifecycle.

In-Review – This stage is entirely for accurate and secure app publishing. You can review your app thoroughly and determine whether the app is suitable for publishing in the app store. In this review process, you can add the app to a “Rejected” stage if it detects any fault in the app or if it is not in compliance with company policies.

Approve – After reviewing the app with the necessary parties, you can approve it for publishing.

Publish – Publish the app in the corporate app store. The app will only be visible in the app store after it completes this process. There is an additional perk. Even after publishing your app, you can change its status.

Block – You can block an app for a certain period of time either to publish or deprecate at a future date.

Deprecated – These are the outdated apps that no longer suit your app store. In both cases, the app will be hidden from your app store automatically to prevent installations.

Retired – Eventually, you can retire your apps. You can terminate the app’s process at this stage since this is the final stage of an app’s life cycle.

Fast-tracking app publishing

The latest version of Entgra UEM has made app publishing even faster and more convenient.

You can save and publish an app in a single step. This eliminates the need to follow all the lifecycle stages manually. This is particularly useful in scenarios where it is not necessary for a user to complete all the lifecycle stages.

Within the app creation step, admins can decide whether they want to publish the app or not at the same time. If you want to publish the app, it will be published in the app store immediately without any review. This denotes that you can directly transfer the app from the “Created” stage to the “Published” stage of its lifecycle.

This ALM feature helps to prevent UEM admins from making mistakes when managing any kind of app by providing clear, concise directions. As fantastic as this feature is, it is only available to users with appropriate permissions. You can control who has access to this feature as required to prevent any misuse.

At Entgra, we always strive to offer our customers the best possible UEM experience. Do browse through our blogs and documentation to learn all about our products and feature updates. We even have an Entgra UEM evaluation option available for new and trial users.
If you have any questions, we’re here to help. Feel free to reach out to us for assistance through the Entgra support portal.

Streamlining Device Management With Entgra UEM: Trigger Operations Simultaneously Across Your Device Fleet

Blog, MDM, Tech / By Viranga Gunarathna / May 29, 2023 / EMM, MDM, UEM, Unified Endpoint Management

Did you know Entgra UEM has a feature that enables you to trigger operations simultaneously in device groups? Thanks to this feature, you can execute multiple commands across a group of devices all at once with a simple click.

We will discuss how this feature saves you time and resources, making device management more efficient.

Say goodbye to manual device-by-device actions

As an IT administrator, you no longer have to perform repetitive tasks on individual devices manually. You can now centralize device management with Entgra UEM.

Our UEM feature gives you the ability to group devices together based on various criteria such as their operating system (OS), enrollment mode, location, or any other specific need. This flexible grouping mechanism allows for a more tailored approach to device management.

Once your devices are organized into groups, you can effortlessly trigger desired operations and apply them simultaneously to all devices within the group. There is no necessity to perform tedious, repetitive tasks on individual devices; instead, you can experience the efficiency of executing commands across multiple devices in one go.

Unlocking hidden perks

Enhanced security and compliance

With this feature, you can take immediate action across a specific group of devices. Whether you are locking devices, changing lock codes, clearing passwords, or performing enterprise wipes, you can swiftly mitigate security risks and address policy violations, keeping your organization protected. If you have a large device fleet, this will be especially helpful.

Efficient deployment of updates and applications

Deploying applications or pushing updates to a large number of devices can be a tedious task. Entgra UEM simplifies this process by enabling you to upgrade the firmware across device groups simultaneously. This ensures seamless application availability and software updates, boosting productivity and reducing manual effort.

Remote troubleshooting and support

Imagine an IT support team responsible for troubleshooting and resolving issues across a diverse device fleet. You can now support personnel remotely to trigger actions such as reboot, file transfer, or device information retrieval across a group of devices simultaneously. This streamlines the support process, reduces downtime, and improves end-user satisfaction.

Bulk actions for device configuration

Trigger operations such as ringing devices, sending messages, applying configurations on apps, or muting devices in bulk, ensuring uniformity and ease of management. This capability enhances operational efficiency and reduces configuration errors.

Check out this short video to learn more about how effortlessly this feature works:

Entgra UEM empowers your organization’s productivity by offering you extensive Mobile Device Management (MDM) features.

Visit our product documentation to learn more. We invite you to experience the capabilities of the latest product version, Entgra UEM 5.2, with our Try-It-Now feature.
If you have any questions or require assistance, please do not hesitate to contact us via our Entgra support portal.

Unlocking the Power of Personalization With Entgra UEM 5.2’s Per-Tenant Theming Feature

Leave a Comment / Blog, MDM, Tech / By Viranga Gunarathna / May 17, 2023 / EMM, MDM, UEM, Unified Endpoint Management

Photo by Tirza van Dijk on Unsplash

The recently released Entgra UEM 5.2 gives you an exciting new feature – per-tenant theming.

With per-tenant theming, Unified Endpoint Management (UEM) administrators now have the power to elevate customization and branding within their tenant environments. This feature enables you to personalize UEM platforms and define unique visual themes and brand identities for different sub-organizations or client groups.

In this blog, we’ll explore how Entgra UEM 5.2 will help you to strengthen your brand presence with per-tenant theming.

Understanding per-tenant theming and its importance

Per-tenant theming is a must-have feature for multitenant UEM environments where multiple organizations or teams use the same console. It helps to create a more intuitive experience for each tenant. Whether you’re in a multitenant environment or simply want to reinforce your organization’s branding, per-tenant theming can help you achieve what you want.

Each tenant or client can customize the user interface (UI) by incorporating branding elements and creating an interface that reflects their unique identity and style. This means that each tenant can have a unique interface and user experience, while still being managed from a single console.

Without per-tenant theming, tenants may have difficulty differentiating their workspace from that of other tenants, resulting in confusion and decreased productivity. Entgra UEM 5.2 helps you to ensure that each tenant’s needs are met by providing each tenant with their own unique theme, ultimately leading to increased satisfaction and productivity.

If you’re looking to create a better user experience for your tenants, per-tenant theming is the way to go.

How it works

Per-tenant theming works by enabling you to create different themes for each tenant of the UEM solution. You can easily customize the UEM console with unique logos, favicons, app titles, etc., giving each tenant a distinct look and feel that represents your organization’s brand identity. Additionally, you can customize the branding of your tenants based on sub-organizations, teams, or any other categories you prefer to use.

Let’s say you have a multinational corporation (ABC Tech) with several workspaces in different regions and each region must be reflected in the UEM console. With per-tenant theming, you can customize the console according to each region. This means the UEM console can then display the appropriate theme for each region based on their login credentials. This saves time and resources for you and provides a better user experience for your employees in each region. Employees will instantly connect with the platform, resulting in increased engagement, productivity, and overall satisfaction.

https://youtu.be/XsxNFJp2aos

Other benefits of per-tenant theming

Apart from creating better user experiences, per-tenant theming offers you other benefits.

Stronger brand identity

Your brand is everything. Per-tenant theming empowers you to showcase it. Incorporate your company logo, add titles, and design the UEM platform to match your unique identity. With this level of customization, every endpoint interaction becomes an opportunity to reinforce your brand, build trust, and leave a lasting impression on your employees and clients.

User-friendly customizations

Implementing per-tenant theming within a multitenant UEM environment is a breeze. With just a few clicks, tenants can upload their brand assets, change logos, and make design modifications without needing extensive technical expertise. It’s a user-friendly process that puts the power of customization in the hands of organizations of all sizes.

Consistency

By maintaining consistency in per-tenant theming, organizations can create a unified and cohesive experience for their users. With a consistent look and feel across different tenants, you can create a sense of unity that reflects your organization’s values.

Flexibility for sub-organizations and teams

Multitenant UEM environments often consist of sub-organizations and teams with diverse needs. Per-tenant theming caters to this diversity by customizing the UEM experience for each entity. It’s all about giving your sub-organizations and teams the flexibility to create an interface that aligns with their specific requirements.

If you’re ready to take your UEM experience to the next level, consider exploring the per-tenant theming feature in Entgra UEM 5.2 and see how it can benefit you!

To learn more about the latest Entgra features, visit our product documentation. And do not forget to try out the product with our Try It Now feature to experience the latest features and updates.

We are always happy to answer any questions you may have. Reach out to us here.

A Simpler Device Enrollment Experience for Entgra Cloud Users With Entgra UEM 5.2

Leave a Comment / Blog, MDM / By Viranga Gunarathna / April 17, 2023 / MDM, Mobile Device Management, UEM, Unified Endpoint Management

We are pleased to announce the release of Entgra UEM 5.2, giving you a more streamlined, hassle-free device onboarding experience – especially if you are a new or trial Entgra Cloud user who is onboarding your first device.

At Entgra, we are always listening to our customers and striving to improve our products. We found that some users encountered challenges during the device enrollment process when analyzing feedback. Furthermore, we wanted to shorten our support response times.

The result is Entgra UEM 5.2. You can now enjoy a guided enrollment experience, eliminating any confusion along the way. And if you still need help or guidance, our support team is just a live chat message away, ready to answer your questions as quickly as possible. In addition, you can expand your brand identity and experience a more scalable device location tracking facility with the latest version of our product.

In this blog, we will explain how these exciting new features and improvements will enhance your device onboarding experience.

What you need to know about Entgra UEM 5.2

Whether you are a new user or an existing customer, we designed Entgra UEM 5.2 to ensure that your experience with our platform is smoother and more efficient than ever before. Here’s a detailed compilation of the feature enhancements in this version:

Self-guided enrollment

This provides a wizard-based, simple, and clear direction for the best mode of enrollment suited to your requirements. You can complete the enrollment process easily and without any assistance from our end. This feature eliminates the guesswork for users who are unsure about which enrollment mode to choose – a major concern for many of our customers.

Guided UI tour

Navigate Entgra UEM easily and discover all available features/functionality quickly. This feature is particularly useful for new users who may be unfamiliar with the product or for those who want to explore new features you may not have used before. By providing a guided tour, we can ensure you have a seamless onboarding experience and gain the most from Entgra UEM.

Live chat

You now have instant access to our support team so that we can address your queries/concerns as early as possible. This feature ensures that customers receive prompt and efficient support when they need it. This is particularly helpful for evaluation users who may have questions or need assistance during their trial period.

Disable unwanted apps

Disable unwanted apps from your device launcher without having to block list them. This feature helps to keep your device launcher clean and organized, making it easier to find and access the apps you need. This can help to improve productivity and save time in the long run too.

Agent labeling

Label your device agent as required by simply sending a notification to the device. This is helpful for customers who have many devices and need to keep track of them efficiently. Yet another time consuming task is eliminated as you now have a more convenient way to label your device agent and there is no need to enter the label for each device manually.

Per tenant theming

Personalize the Entgra UEM to match your brand identity. You can easily customize the appearance of your Entgra UEM platform, giving each tenant a distinct look and feel that represents your organization’s brand theme. Customize branding assets such as logos, favicons, app titles, etc. to create a seamless and unified experience for your tenants.

Device tracking enhancements

Leverage the benefits of Traccar with its latest enhancements. You have complete visibility and control over your devices in a more scalable way. Track them in real-time on a map and monitor their movements. The new improvements also enable you to obtain your devices’ historical activities, adding an extra layer of security to Entgra UEM and providing valuable insights into your device fleet.

Learn more

We are committed to delivering the best possible experience for our customers and hope you find this latest release valuable and user-friendly.

To learn more about Entgra UEM 5.2, visit our product documentation. And do not forget to try out the product with our Try It Now feature to experience the latest UEM features.

We are always happy to answer any questions you may have. Reach out to us here.

How is Mobile Device Management shaping Banking, Financial Services, and Insurance Companies in Sri Lanka?

Leave a Comment / Blog / By Entgra / February 9, 2023 / EMM, MDM, UEM, Unified Endpoint Management

If we are to describe the modern banking, financial services, and insurance industry (BFSI) in one word, we would say complex. With the onset of digitalization, many customer services are now online; banking and insurance mobile apps are increasingly becoming the norm. Apart from this transformation of customer services, traditional banks are facing competition from neobanks – technology-driven, agile banking and financial service providers. Neobanks often have lower operational costs as they are mainly online-based. Similarly, “born digital” insurers that leverage technologies such as artificial intelligence (AI) are competing with established insurance companies. We have also seen the rise of super apps that offer consumer services through third party integrations with several digital payment options (i.e., WeChat, Grab, AliPay, Gojek, to name a few). To stay ahead of these new disruptive developments and remain relevant to younger, digital native consumers, traditional BFSI companies are adopting digital-first strategies.

Competition is not the only factor that contributes to the complexity of today’s banking and financial services industry. As more services are available online and accessible from mobile devices, there are significantly higher security risks. In 2020, the BFSI industry was the top target for cyberattacks. The number of devices used in this industry is rising due to digitalization. Microfinance and insurance companies also have a mobile workforce, where employees travel to many locations to support their customer base.

The BFSI industry in Sri Lanka and digitalization

The BFSI industry in Sri Lanka is undergoing rapid growth. Innovation has become the defining characteristic of this growth, as institutions strive to differentiate their products and services. Digital onboarding, QR based payments, digital wallets, mobile applications, and mobile payments are some of these new services. With innovation and greater device use, device security inevitably becomes a major concern for the industry. Enterprise Mobility Management (EMM) has a pivotal role to play in catering to this innovative landscape and making it secure for all the customers. In this highly sensitive market, even the Central Bank of Sri Lanka (CBSL) introduced explicit guidelines to ensure the protection and security of mobile devices so that users are not exposed to threats in an uncontrollable manner.

Any digital-first strategy must then address flexibility, efficiency, and security. Discussions around device management and security often lead to Mobile Device Management (MDM). Let us start with some basics. MDM is a software solution that empowers IT admins to manage, monitor, and secure devices across different operating systems in an enterprise IT ecosystem. Banks, financial services providers, and insurance companies cannot control customers’ devices – but you can control your own devices and provide secure services to your customers.

In this blog we will delve into some common challenges faced by organizations and how you can address them by implementing an MDM strategy.

Mobility challenges in the BFSI industry

Challenges in the BFSI industry vary – they range from securing data to ensuring that corporate devices are used for their intended purposes. Each organization will have their own challenge. Some common issues are:

Centralized management of devices

One of the biggest challenges in Sri Lanka’s BFSI industry is the lack of a proper system that manages devices and tracks their usage. The latter is to monitor whether the field sales agents are not misusing corporate devices by using these devices to view non-related videos, play games, install improper wallpapers or apps that can lead to a loss of productivity or damage the organization’s reputation.

Launching apps and pushing app updates

In the microfinance industry, field sales agents are required to visit remote areas where the WiFi connectivity could be weak and/or challenging. Under these circumstances, pushing app updates is a daunting task.

Data security

The BFSI industry possesses large volumes of sensitive data. It is vulnerable to cyber-attacks. Any compromises in data security are costly for an organization’s reputation and will have an adverse impact on its business operations. The BFSI industry faces immense pressure to protect data in case a device is stolen or lost and must have the ability to erase all data stored in a device.

Benefits of an MDM strategy

Centralized device, app, and data management

An IT ecosystem with many different types of devices, apps, and data will have multiple endpoints. With unified endpoint management (UEM) capabilities, you will be able to centralize all your UEM functions in one place – regardless of the operating systems that your devices use.

Faster onboarding of new customers and team members

The MDM solution will oversee identity management – authentication, passwords, and authorization. The onboarding of new customers can become an online, device based function – which is more efficient and faster than dealing with cumbersome manual tasks. Similarly, granting the right authorization for your team members to use corporate devices will become a simpler task.

Mitigating effects during security breaches

Lost or misplaced devices, or any loss of data from apps need quick responses. MDM solutions provide geotracking capabilities to locate devices remotely, plus the ability to lock devices and delete data in the case of a security breach. This way, you can prevent the mishandling of devices and your all important data.

Remote troubleshooting

MDM solutions provide remote troubleshooting capabilities which is especially helpful if you have team members working in many geographic locations i.e., based in the field. In the event of device problems, these team members are not dependent on admins who are based elsewhere to solve such issues.

Device usage control and SIM lock-in

Restrict enterprise device use to required apps only through app blacklisting features to ensure that devices are used for work-related purposes. Moreover, you can also bind mobile SIM data to these apps only so that you do not incur any additional costs with your data packages.

Business intelligence

MDM solutions give you device usage statistics that you can view on dashboards. The data gives you insights into team performance and any app upgrades required.

Extensive integrations and customizations

You can customize the solution to suit your specific requirements, with the necessary dashboards, reporting, and analytics features.

At Entgra, we understand each of the challenges faced by the BFSI industry and we have a highly customizable product that will enable you to respond to rapid changes. Entgra MDM is a centralized device management and unified endpoint management platform that helps you manage your many device identities securely. You have access to a host of features such as remote device management, analytics and dashboards, and simplified device enrollment. Learn more here and start the conversation with us.

The Digital Pedagogy Learning Curve: Education 4.0, MDM, and Opportunities

Leave a Comment / Education, MDM, Tech / By Viraji Ogodapola / January 18, 2023 / Academic Institues, Digital Pedagogy, Education 4.0, MDM

We have come a long way since the times when education was a privilege for the chosen elite, attainable by virtue of class, religion or gender. And a long time from when sacred scriptures had to be memorized by a trusted few to transfer knowledge from one generation to the next.

The ancient Greeks had laws in place to ensure that formal education was primarily for males and for non-slaves. In early Mesopotamia, only the royal offspring and sons of the rich or the professionals had the entitlement to be schooled, i.e., access to reading and writing. The Chinese resorted to rote memorization for teaching over 40,000 characters in their language.

In the light of such absurdities, today we are in a position to pat our own backs gleefully for being able to read ridiculous ancient teaching practices leisurely. We are also able to grasp the fact of our learning habits, too, having leapfrogged tremendously from etching on wax tablets and oral recitals to browsing content in our devices conveniently today.

Given the enormity of the knowledge we have amassed and hoarded in numerous tricky technical formats in the present day, what is required of the sentient being now is the aptitude with which to retrieve and apply just the right resources for the problem at hand. The finesse of crafting the best with what we’ve got. The learner’s armor today, in that sense, is very much personalized to the individual, in how and what works best for each individual.

Education 4.0

The evolution of digital pedagogy has been rapid and unprecedented. And definitely expedited by the pandemic.

We have now entered an era of innovation-driven, immersive learning experiences aided by digitized tools and techniques for effective knowledge retention and application. Today’s students are digital natives in every sense of the word – they are exposed to digital technologies at a very young age and understand how to use them, often in a very sophisticated manner.

In an ideal flipped classroom that we are headed to, the students embark upon actual problem-solving during the class hours, while reading up on theory and learning lessons have been moved out of the scope of the classroom. Students can watch lectures online, download relevant notes, and discuss/explore their ideas through online forums or discussion groups. This type of blended learning strategies reinforces active student engagement and knowledge application within the classroom.

Progression of education from 1.0 to 4.0:

Education 1.0 > Education 2.0 > Education 3.0 > Education 4.0

In that sense, Education 4.0 is a jump-start from its version 1.0, naturally called for, and vastly aided by the technological advancements of its counterpart, the fourth industrial revolution. Industry 4.0 has thrust us with smart technology, Artificial Intelligence (AI), big data, Virtual Reality (VR), Augmented Reality (AR), and robotics.

We must now shift our focus to empowering the next generation of learners, harnessing the culled knowledge with advanced technology for betterment – ideally in accordance with our Sustainable Development Goals for education [SDG 4]

Are we there yet?

Education 4.0 involves the use of tablets, laptops, smartphones, and various other devices as supportive tools for learning. Aimed at instilling the 4Cs the century calls for, our students are now being trained to think critically, make the most of their creativity, and communicate and collaborate effectively with their peers. With the students having a big say in the how of it today, learning has become a highly personalized experience to be indulged in from anywhere, at any time.

Such a transformation calls for an equally elaborate and sophisticated response from educational institutions. These institutions must be prepared to address challenges that arise with infrastructure, services, and facilities for students and teachers alike.

Visionary institutes like the Avinya Academy already have programs designed for empowering the next generation student that extend beyond the required skill sets – these students are equipped with the knowledge to be proficient in life and career fundamentals the future calls for.

Riding on the waves of the latest trends in tutelage, academies must incorporate and leverage progressive technology to provide the fitting educational foundation for these self-paced learners so that they can become the global digital citizens of tomorrow.

Device strategies for educational institutions

Cyber-physical learning curricula comprise course work requiring interactive, immersive learning experiences using varied e-learning tools and techniques. Possessing one’s own device is only the starting point here for the exciting escapade that awaits the learner. As such, academic institutions are better positioned to identify the exact student requirements and address the demand justifiably without calling for unwarranted problems.

Most academic institutions today provide students with centrally administered mobile devices. A strategic plan for effective device management customized to the institute’s guidelines can help manage entire fleets of devices effortlessly.

Entgra’s comprehensive Mobile Device Management (MDM) solutions present purpose-built plans for educational institutions. With its centralized device and unified endpoint management capabilities, the solution enables multiple integration options with third-party platforms.

Reliable Identity and Access Management (IAM) features are imperative for an impregnable, secure Learning Management System (LMS). With our MDM suite’s controlled access permissions, Single Sign On (SSO) and authentication policies, IT administrators can securely onboard large numbers of devices and users swiftly. With a strong foothold on securing privacy and sensitive data, Engtra MDM enables remote locking/wipe-off when subject to security breaches.

These are some of the features we support presently:

For comprehensive device strategy solutions customized to suit your academy, do reach out to us at https://entgra.io/contact-us/, and we shall be happy to help you gear up.

Additional reading resources

Configuring Asgardeo as an External IDP With Entgra MDM Using OIDC

Leave a Comment / Blog, IoT, MDM / By Vigneshan Seshamany / July 28, 2022 / Asgardeo, Endpoint Management, MDM, UEM

Entgra MDM is a unified platform for developing, managing, and integrating Unified Endpoints (UEM), Enterprise Internet of Things (IoT), and Enterprise Mobility Management (EMM).

Asgardeo is an IDaaS developed by WSO2. It is a developer-friendly platform for managing user identities and accessing management seamlessly. This blog will explain the configurations that you need to do on Asgardeo and Entgra MDM.

What is an external IDP?

In a nutshell, an external identity provider is a service that manages and stores user identities. It provides authentication and authorization services to other applications and services. Although Entgra MDM has an in-built identity server that can leverage all identity and access management (IAM) related services, it also provides flexibility to developers as they can connect with external IDPs.

Configuring Asgardeo

First, create an Asgardeo account and the rest is easy. Use the following link to sign up.

Creating an organization

The concept of organization is something similar to the term tenant of WSO2 Identity Server. Create an organization by clicking on the dropdown menu on the top-left corner of the page.

This will prompt a simple form where we have to enter the name of the organization we are trying to create. (Note: this will allow only simple alphabetic characters and does not support other numerical, special characters or capital letters.)

For the purposes of this blog, I’ve created an organization named “devorganization”. Once the organization is set, create a new OIDC application.

Creating a new OIDC application

Click “Develop” on the top menu of the Asgardeo console and it will take you to the following page.

Then click on the “New Application” button and choose “Standard-based application”.

Give a name to the application and make sure to choose OIDC as the protocol. Check “Management application” if the application needs to access any management APIs of the organization. Finally, click on “Register” to create the application.

Inside the application settings, go to protocols and update the grant types as follows:

Add https://localhost:9443/commonauth as the Authorized redirect URL. This is the URL to which the Asgardeo will redirect after completing authentication.

Creating new custom user-attributes

When using external IDPs, although the users will be stored inside the external IDP, they might have to be provisioned inside Entgra MDM using just-in-time provisioning (JIT). Map attributes such as username, role, etc. with the local attributes. To create a new attribute, click “Manage” on the top menu and then navigate to the attributes section.

Click on “Attributes” and then proceed to “New attributes” to add a new attribute. Create a couple of attributes for username and role, namely the “asgardeo-username” and “asgardeo-role”.

After creating the attributes, it will redirect you to the configuration page of the attribute. Under this configuration, check the two configurations below and click on the update button to save the configurations.

These two configuration will enable the display of these attributes in the user profile and make them mandatory.

Configuring the scopes

Configure the scopes to map the above attributes against “openid” scope, so that these attributes will pass during JIT provisioning. Under the “Manage” section, click on “Scopes”.

Click the edit icon of the “Open ID” scope and then click the “New Attribute” button inside it to add an attribute to this scope.

Check the “Asgardeo Username” and “Asgardeo Role” attributes and click on the “Save” button

Go to the created application and edit the user attributes as follows and click “Update” to save these changes:

Creating a new user account

You must then create a new user account to test the Asgardeo authentication flow. Under the “Manager” section, click on the “Users” section to view the user management page. Click on the “Add User” button to create a new user.

Create a new user by filling out the following fields along with a temporary password.

After creating the user account, go to the user’s profile and update the attributes that were created earlier and click on the “Update” button to save the changes.

Changing the subject claim of Asgardeo to username

By default, the User ID is set as the subject claim in Asgardeo. Entgra MDM will be looking for a username under the subject claim of the ID token. Therefore, we might have to update the subject claim of Asgardeo using their management APIs. Invoke the following APIs using the CURLs provided in the given order to change the subject claim.

Generate an access token using the client credentials of the application.

curl --location --request POST 'https://api.asgardeo.io/t/<organization_name>/oauth2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'client_id=<client_id>' \
--data-urlencode 'client_secret=<client_secret>' \
--data-urlencode 'scope=internal_application_mgt_view internal_application_mgt_update'

Search for all the applications under the organization and find the application-ID of the application you have created.

curl --location --request GET 'https://api.asgardeo.io/t/<organization_name>/api/server/v1/applications' \
--header 'Authorization: Bearer <access_token>'

Retrieve the application details using the above application-ID.

curl --location --request GET 'https://api.asgardeo.io/t/<organization_name>/api/server/v1/applications/<application_id>' \
--header 'Authorization: Bearer <access_token>'

Patch the application by changing the sub-claim to asgardeo_username. Change the values of the claim mappings and requested claims, based on the response received in step 3.

curl --location --request PATCH https://api.asgardeo.io/t/<organization_name>/api/server/v1/applications/<application_id>' \
--header 'Authorization: Bearer <access_token>' \
--header 'Content-Type: application/json' \
--data-raw '{
   "claimConfiguration": {
       "dialect": "LOCAL",
       "claimMappings": [
           {
               "applicationClaim": "http://wso2.org/claims/asgardeo_username",
               "localClaim": {
                   "uri": "http://wso2.org/claims/asgardeo_username"
               }
           },
           {
               "applicationClaim": "http://wso2.org/claims/asgardeo_role",
               "localClaim": {
                   "uri": "http://wso2.org/claims/asgardeo_role"
               }
           }
       ],
       "requestedClaims": [
           {
               "claim": {
                   "uri": "http://wso2.org/claims/asgardeo_username"
               },
               "mandatory": true
           },
           {
               "claim": {
                   "uri": "http://wso2.org/claims/asgardeo_username"
               },
               "mandatory": true
           }
       ],
       "subject": {
           "claim": {
               "uri": "http://wso2.org/claims/asgardeo_username"
           },
           "includeUserDomain": false,
           "includeTenantDomain": false,
           "useMappedLocalSubject": false
       }
   }
}'

Configuring Entgra MDM

So far we have completed the Asgardeo configuration successfully. Now let’s move on to configuration of Entgra MDM.

Creating a new user role

To explore various features of Entgra’s web applications, a user might need certain permissions. You have to create a new role for that and assign a few permissions. Inside the carbon console, click on “Add” under the “Users and Roles” section and then click on “Add New Role”. Let’s create a role called “test-role” and then click “Next” to add permissions.

You can now see a permission tree with a list of permissions. Click on the “device-mgt” permission and it will choose the child permissions automatically.

Adding a new Identity Provider

Log into the carbon console of Entgra MDM via https://localhost:9443/carbon and click on “Add” under the Identity Provider sections on the left vertical menu. You will see the following page and can configure the basic configuration as shown below:

Configure the “Claim Configuration” as shown below. Here we are mapping the Asgardeo Role attribute with our internal role claim.

Configure the “Role Configuration” as shown below. We are trying to map the “Asgardeo Role” attribute value against an internal role named “Internal/devicemgt-user” that is already configured inside the product.

Configure the” Federated Authenticators” as shown below. Replace the client-id and client-secret with your Asgardeo application’s credentials.

The endpoints are as follows:

Authorization Endpoint URL: https://api.asgardeo.io/t/devorganization/oauth2/authorize
Token Endpoint URL: https://api.asgardeo.io/t/devorganization/oauth2/token
Callback URL: https://localhost:9443/commonauth
Userinfo Endpoint URL: https://api.asgardeo.io/t/devorganization/oauth2/userinfo
Logout Endpoint URL: https://api.asgardeo.io/t/devorganization/oidc/logout
Additional Query Parameters: scope=openid

Configure the Just-in-Time provisioning to “Silent provisioning”.

Configuring Service Provider

Entgra MDM comes with multiple web applications. Each of these web applications will have a service provider created inside the carbon console. To view the service providers, navigate to the Service Providers page. For this tutorial purpose, let’s try to configure Entgra’s Endpoint Management application with Asgardeo. Edit the Endpoint Management application’s service provider from the Service Providers page. If you cant see the service provider, try to log in to the endpoint management application at least once through the following URL: https://localhost:9443/endpoint-mgt.

Under the service provider, change the Authentication type to “Federated Authentication” and chose “Asgardeo” as the identity provider.

Voila! Now, we have successfully configured an Entgra MDM application, to SSO with Asgardeo IDaaS. Now you can log in to the https://localhost:9443/endpoint-mgt application using Asgardeo.

I hope that you found this blog useful. If you have any questions, do reach out to us here.

How a Mobile Device Management (MDM) Solution Works in the Healthcare Industry

Leave a Comment / Blog, MDM / By Vichitra Godamunne / January 20, 2022 / Healthcare Industry, MDM, Mobile Device Management

Image credits: RODNAE Productions from Pexels

More Devices Mean More Challenges

The healthcare industry is one of the best examples where a multitude of devices are used daily by a large number of people, ranging from healthcare professionals to patients and visitors. Over the years the sheer number of devices used in the healthcare industry has grown and the Internet of Things (IoT) healthcare market is estimated to grow to USD 260.75 billion by 2027.

Increasingly, mobile computing devices such as phones, tablets, and portable computers are used to streamline certain administrative operations such as channelling/ appointment scheduling, report storage, set up self-service kiosks, and displaying information on doctors’ availability.

Devices used in this industry broadly fall within two categories – devices that are solely used for medical purposes and hospital operations, and devices used for patient entertainment purposes during their hospital stay (i.e. tablets with a range of apps that patients can use).

These devices, particularly those used for medical purposes and hospital operations, collect, store, and transmit sensitive personal data about individual health conditions and past medical records. Any data leak, whether accidental or in some cases deliberate, is costly both in monetary terms and reputational damage to the hospital or medical clinic. Moreover, the fact that many hospitals and medical clinics have BYOD policies adds a further level of complexity.

All these developments present a number of challenges to IT teams in this industry. For one, data security is of paramount importance. Secondly, these teams are responsible for device maintenance and oftentimes, this is a manual and time consuming task involving devices placed in many locations where a team member is required to be physically present. Thirdly, devices require frequent security and application updates, and monitoring. Finally, devices have to be replaced when they no longer function properly.

MDM Solutions Have the Capabilities To Empower IT Teams

This is where a Mobile Device Management (MDM) solution helps. Recently a large hospital chain that we worked with decided to use a MDM solution to securely manage all of the devices used across multiple hospital locations throughout the country. This hospital chain required the following:

Centrally managed system – for tablets, phones, and public signage units used for channeling, bookings, and other operational functions.
Automated updates – presently, security, OS, and app updates are performed manually.
Enhanced security – anyone who has access to a device gains access to all the system level settings. Since a majority of these devices are located within public areas, it was impractical to limit physical access.
Onboarding and authorization for devices – management software was not used for device onboarding and devices are connected to the hospital network for internal access.
Prevention of malpractices – eliminate instances where sensitive data is compromised on purpose by any employees and the separation of access for work-related use from personal use where employees use their personal devices.

After working with several vendors in the past, the hospital chain has identified their pain points and the ways through which data leaks can occur. Through Entgra MDM, we have been able to provide the following capabilities to address the hospital chain’s concerns:

Centralized device management

One of the greatest benefits of centralized device management is that IT teams can manage an unlimited number of devices that use varying operating systems (i.e. Android, iOS, Windows, Linux, etc.) using one technology platform.

Data security, access controls, and onboarding

A single technology platform also helps with device and data security. IT teams can use the MDM solution to enable authentication (MultiFactor Authentication or Single Sign On). This way, only authorized employees can gain access to devices for work related purposes only. This is particularly helpful when BYOD policies are in place.

Device lock-in

Device misuse and loss are common concerns in the healthcare industry. In the event that a device is lost or stolen, or of an attempted unauthorized access, IT teams can remotely lock the devices to prevent any data leaks.

Remote maintenance and monitoring

Device maintenance and monitoring are time consuming tasks, requiring many resources from the IT team. Using a MDM solution eliminates this need, as the IT team can now perform these tasks remotely, from any location and need not be physically present at the device locations.

Security, OS, and app updates

A MDM solution enables frequent security and app updates are installed in devices in real time.

Benefits for the Long Term

Once the MDM solution is in place, this hospital chain can look forward to several benefits:

Fewer resources to maintain devices – as they are now protected. At minimum, only one person is needed per hospital to manage these devices.
Improved security – results in minimizing scenarios of data leaks, especially those associated with deliberate intent.
Efficient and effective device monitoring – saving time in the process too. It no longer matters if hundreds of devices are in use at any one time.
Reduction in costs associated with device maintenance – as large teams are no longer required and resources can be better allocated in the long run.

We are well-placed to help anyone in the healthcare industry who is looking to adopt a MDM solution. Get in touch with us here to learn more.