Today, more than 63% of the population owns mobile phones and tablets. While this opens new possibilities for employee productivity, it also brings new threats of uncontrolled access to networks and confidential data within your organization. WSO2 Enterprise Mobility Manager (WSO2 EMM) offers a complete enterprise mobility management solution to address these pros and cons by enhancing convenience and security for your workforce. The enterprise mobility management capabilities given by WSO2 EMM are bundled within WSO2 IoT Server.
Open source EMM backed by enterprise support
Open source technology brings significant flexibility to your mobile projects. It enables you to get started quickly without time-consuming licensing or legal reviews, and it protects you from vendor lock-in. It gives you the flexibility to take the product in new directions, preserves full flexibility to commercialize your products, and ensures that the code is examined by many parties to ensure its reliability, security, and feature fit. WSO2 is a leading open source vendor that provides enterprise support. To learn more about the benefits of open source, see Why Open Source for Your IoT and Mobile Projects?
Why use WSO2 EMM?
WSO2 EMM provides the essential capabilities required to implement a scalable server-side EMM platform. These capabilities include device management, app management, APIs, analytics, customizable web portals, and transport extensions for MQTT, XMPP, and more. Furthermore, WSO2 EMM is released under the Apache Software License Version 2.0, one of the most business-friendly licenses available today.
You can use WSO2 EMM to:
To learn more about how WSO2 EMM can help your business, see Why Manage Enterprise Mobile Applications and Devices? |
Mobile Device Management (MDM)
WSO2 EMM manages the Android, iOS, and Windows mobile devices of your workforce. Does your organization allow employees to bring their own devices to work, or does it provide corporate-owned devices to employees? WSO2 EMM allows you to enroll Bring Your Own Devices (BYOD) and Corporate Owned, Personally Enabled (COPE) devices.
With WSO2 EMM, you can:
|
Mobile Application Management (MAM)
In addition to managing devices, WSO2 EMM helps you manage your mobile applications. For example, you might want your employees to access only the mobile applications made available to them via the organization's app store and not via the Play Store or iTunes.
With WSO2 EMM, you can:
|
Mobile Identity Management (MIM)
WSO2 EMM supports user and device certificates, authentication, and single sign-on. Therefore, WSO2 EMM ensures that only trusted devices and users can access enterprise data or applications.
With WSO2 EMM, you can:
Want to learn more? See Securing Communication Between Devices and the IoT Platform. |
Supported device operations
Let's take a look at the device operations available on WSO2 EMM.
Android device operations
Before getting to know the different Android operations that are available, let's understand the different Android enrollment types supported by WSO2 EMM.
BYOD enrollment |
|
---|---|
COPE enrollment |
|
The following operations can be carried out on BYOD and COPE Android devices, respectively.
Operation | BYOD | Work Profile | System Service app | COSU | Device Owner app |
---|---|---|---|---|---|
Get the device's runtime information. | √ | √ | √ | √ | √ |
Get the device's current location. | √ | √ | √ | √ | √ |
Get the device's installed application list. | √ | √ | √ | √ | √ |
Ring the device for the purpose of locating the device in case of misplacing it. | √ | √ | √ | √ | √ |
Upload file to a specific folder on the device. | √ | √ | √ | √ | √ |
Download file to a specific folder on the device. | √ | √ | √ | √ | √ |
Enable the silent profile on the device or mute the device. | √ | √ | √ | √ | √ |
Change the provided passcode or lock code. | √ | √ | √ | √ | √ |
Remove the passcode or lock code set by the device owner. | √ | √ | √ | √ | √ |
Send a message to the device. The device administrator can use this device operation to send group messages or even private messages to the Android devices. | √ | √ | √ | √ | √ |
Enterprise wipe a device. When this operation is executed, the device is unregistered from WSO2 EMM. | √ | √ | √ | √ | √ |
Carry out a factory reset on the device. Users with BYOD devices need to provide the PIN, which they entered when registering with EMM, to be able to wipe their device. | √ |
X
| √ | √ | √ |
Lock the device remotely. This is similar to locking the device by pressing the power button. | √ | √ | √ | √ | √ |
Restart the device. This feature is useful when you need to troubleshoot devices. |
X
|
X
| √ | √ |
X
|
Upgrade the firmware on an Android device. For the firmware to be successfully upgraded, the firmware and the device must be compatible. This use case is only applicable to OEM devices. |
X
|
X
| √ |
X
|
X
|
Remotely execute the shell commands on the device's command prompt. | √ | √ | √ |
X
| √ |
Get the device logs of the WSO2 EMM's Android agent application. | √ | √ | √ | √ | √ |
Allow the admin to remotely lock the device. Once the device is remotely locked, only the admin is able to unlock the device. | √ |
X
| √ | √ |
X
|
Install a shortcut link to a web page or web application on the device's home screen. | √ | √ | √ |
X
| √ |
Install an app from the Google play store. | √ | √ | √ | √ | √ |
Install, uninstall, and update mobile applications. | √ | √ | √ | √ | √ |
Remotely view the device's screen. | √ |
X
| √ |
X | √ |
Remotely control the device. |
X
|
X
| √ |
X
|
X
|
View the log of the operating system. | √ | √ | √ |
X
| √ |
Install and update applications in silent mode (that is, without the user's confirmation) via the system service application. |
X
|
X
| √ | √ |
X
|
iOS device operations
The operations listed below can be carried out on Bring Your Own Device (BYOD) iOS devices.
Operation | BYOD |
---|---|
Get device information. | √ |
Get installed applications. | √ |
Receive the location of the device. | √ |
Install, uninstall, and update mobile applications. | √ |
Carry out a factory reset on the device. Users with BYOD devices need to provide the PIN, which they entered when registering with EMM, to be able to wipe their device. | √ |
Lock the device. | √ |
Send a message to the device. The device administrator can use this device operation to send group messages or even private messages to the device users. | √ |
Clear the passcode or lock code set by the device owner. | √ |
Wipe all the profiles and data, including apps provisioned via WSO2 EMM using the enterprise wipe operation. | √ |
Windows device operations
The operations listed below can be carried out on Windows devices.
- Lock devices
- Disenroll or unregister devices.
- Remove the device lock.
- Change the provided passcode or lock code.
- Ring the device.
- Carry out a factory reset on the own device. The device owner needs to provide the PIN, which they entered when registering with WSO2 EMM, to be able to wipe their device.
Supported policy configurations
Policies for Android devices
The mobile device management administrator can add a new policy to a preferred device type, such as BYOD or COPE. The following policies are available for the Android platform.
Policy | Description | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Passcode policy | Define a password policy for the devices. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Restrictions | Allow or disallow users from using the following features on Android devices. Most of the restrictions require the Android work profile to be set up, the system app installed, or the device to be a single-purpose device. Please note that the restrictions mentioned under device ownership application do not work for Samsung devices at the moment.
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Encrypt storage | Encrypt data on the device when the device is locked and make it readable when the passcode is entered. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Wi-Fi | Ability to configure the Wi-Fi access on a device. WSO2 EMM provides advanced Wi-Fi configuration settings, as shown below:
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
VPN | Ability to specify the VPN and per-app VPN settings. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Work-Profile Configurations | Ability to separate the personal and work-related data on your device via the managed profile feature. For more information on how this works, see Data Containerization for Android Device. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Application restrictions | Ability to blacklist and whitelist applications on the Android platform, as described below: Blacklist applications Prevents you from using the applications defined in the policy. For Android operation systems before Lollipop, when the user clicks a blacklisted application, a screen appears that prevents you from using the app. For the Lollipop Android operating systems and later, the blacklisted apps are hidden. Blacklisting can be used on both BYOD and COPE devices. Whitelisting applications Allows you to install only the applications defined in the policy. This feature requires another application, the WSO2 EMM System app, which is signed by the device firmware owner. Therefore, this app is generally used on COPE devices, but if you can get the WSO2 EMM System app signed via a firmware signing key, you can use it on BYOD devices, too. In addition to the above, you can enable application restrictions via the restrictions policy. The restrictions policy has two settings to restrict application installation and uninstallation. To use the restrictions policy, the WSO2 EMM application must have device owner privileges, or the device must have the WSO2 EMM System app installed. |
Policies for iOS devices
The mobile device management administrator can restrict operations on Windows devices by adding a new policy. The following policies are available for the iOS platform.
Policies | Description |
---|---|
Passcode policy | Define a password policy for the devices. |
Restrictions
| Restricts the usage of the camera and other functions. You can allow or disallow users from using the following features on the device:
|
Wi-Fi | Configure the Wi-Fi access on a device. |
Configure settings for connecting to your POP or IMAP email accounts. | |
AirPlay | Configure settings for connecting to AirPlay destinations. |
LDAP | Configure settings for connecting to LDAP servers. |
Calendar | Configure settings for connecting to CalDAV servers. |
Calendar Subscription | Configure settings for calendar subscriptions. |
APN | Specify Access Point Names (APN). |
Cellular Network | Specify Cellular Network Settings on an iOS device. |
VPN | Specify the VPN and per-app VPN settings. |
Policies for Windows devices
The mobile device management administrator can restrict operations on Windows devices by adding a new policy. The following policies are available for the Windows platform.
Policies | Description |
---|---|
Passcode policy | Define a password policy for the devices. |
Restrictions | Restrict the usage of the camera. |
Encrypt storage | Encrypt data on the device when the device is locked and make it readable when the passcode is entered. |
Want to contribute or need help?
- Would you like to contribute to WSO2 EMM and get involved with the WSO2 community? For more information, see how you can participate in the WSO2 community.
- Do you need help on customizing WSO2 EMM to meet your business requirement? We will be glad to assist you! Just send us your requirement.