This documentation is for WSO2 Enterprise Mobility Manager 2.0.0. View documentation for the latest release.
Working with Policies - Enterprise Mobility Manager 2.0.0 - WSO2 Documentation
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       
||
Skip to end of metadata
Go to start of metadata

In EMM, administrators can define policies, which include a set of configurations. WSO2 EMM policies are enforced on the EMM users' devices, when new users register with the EMM.

Administrators will have to create a policy via the EMM Console for each mobile device platform supported by EMM. The EMM policy settings will vary based on the mobile OS type. For more information see, EMM policy settings

Policy enforcement criteria 

The following section describes how policies will be enforced on devices that register with EMM:

  • Step 1: Filtering based on the Platform (device type)
    The policies will be filtered based on the mobile platform so it matches the platform of the registered device.
     
  • Step 2: Filtering based on the device ownership type
    Next the policies will be filtered based on the device ownership type (BYOD or COPE) so it matches the device ownership type of the registered device.
     
  • Step 3: Filtering based on the user role or name
    The policies will be filtered again to match the device owners username or role.

  • Step 4: Enforcing the policy
    Finally the policy having the highest priority out of the pool of filtered policies will be enforced on the registered device.  
 Click here to see an example on how it works.

Use case:  The Organization MobX uses WSO2 EMM, and they allow the employees to bring their own mobile devices to work. The devices need to be registered with EMM, and MobX has a set of policies that will be applied on the registered devices to keep inline with the Organization rules and requirements. Tom joins eMax as a Marketing officer, and his personal mobile device is an Android device.

When Tom registers with EMM, the policy that suites best will be enforced on his device as shown below:

  • Initially EMM will filter out all the policies that are configured for the Android platform.
  • Out of the filtered policies EMM will then filter the policies that are configured for BYOD devices.
  • Next it will filter the policies that are configured for the marketing role.
  • After filtering out the policies EMM identifies that there are 5 policies that can be applied to Tom's device. Therefore EMM will check for the policy with the highest priority and then enforce the policy on Tom's device.

Compliance monitoring

Administrators are able to monitor the compliance status of all the devices connected to the EMM server. At the time of configuration, the administrators will be able to specify the compliance monitoring period, which will define the time interval between two compliance monitoring instances. EMM will carryout the admin defined actions (i.e., acknowledge, warning and enforce) when a device is non-compliant with the assigned policy. If the enforced action is selected for a given policy and a user by passes the policy, EMM will re-enforce the policy back again on the users device. (Example: The camera is disabled via the camera restriction policy and the enforce action was selected as the compliance type. If a user through some mechanism enables the camera in the device then the camera restriction policy will be re-enforced on the device again so that the camera on the device will be disabled again.)

 

  • No labels