Abstract: Systems and methods are provided for optimizing and securing an enterprise voice service accessed by an external voice assistant device. An enterprise voice assistant installed on a client device acts as an enterprise voice service for an external voice assistant device. The enterprise voice assistant receives a voice query from the external voice assistant device. The voice query is processed using a machine learning model to extract an intent and at least one slot. The extracted intent and at least one slot are used to determine whether a response to the voice query can be generated using local enterprise data that was previously received and stored by the client device from a management server. The response is generated based on the determination by using the local enterprise data or by sending the extracted intent and at least one slot to and receiving the response from the management server.

Abstract: Examples described herein include systems and methods for performing distributed encryption across multiple devices. An example method can include a first device discovering a second device that shares a network. The device can identify data to be sent to a server and calculate a checksum for that data. The device can then split the data into multiple portions and send a portion to the second device, along with a certificate associated with the server for encrypting the data. The first device can encrypt the portion of data it retained. The first device can receive an encrypted version of the second portion of the data sent to the second device. The first device can merge these two portions and send the merged encrypted data to the server, along with the checksum value. The server can decrypt the data and confirm that it reflects the original set of data.

Abstract: Disclosed are various approaches for dynamically creating content to present to a user based on an identified intent, or other context, associated with a message (e.g., email). A message that is received from a message server can be analyzed to identify the message content within the message prior to distributing to the recipient client device. Trained intent identification models can be applied to the identified message content to determine an intent, or other type of context, associated with the message. Upon identifying the intent, the message header can be modified to include the intent prior to forwarding the message to the recipient client device. The client device can then display a user interface including the message and a user interface element corresponding to a third-party service. The user interface element can be dynamically generated to include an action component that upon selection, triggers an action associated with the intent.

Abstract: Examples described herein include systems and methods for performing distributed encryption across multiple devices. An example method can include a first device discovering a second device that shares a network. The device can identify data to be sent to a server and calculate a checksum for that data. The device can then split the data into multiple portions and send a portion to the second device, along with a certificate associated with the server for encrypting the data. The first device can encrypt the portion of data it retained. The first device can receive an encrypted version of the second portion of the data sent to the second device. The first device can merge these two portions and send the merged encrypted data to the server, along with the checksum value. The server can decrypt the data and confirm that it reflects the original set of data.

Abstract: Disclosed are various approaches for remote working experience optimization. In some examples, a management service receives task execution data and corresponding user data for multiple client devices. The management service inputs target user context data along with the task execution data and the corresponding user data into a prediction model to identify a task and a task schedule that indicates a time to download and cache task content. Instructions are transmitted for a management agent to download and cache the task content according to the task schedule.

Abstract: Disclosed are various approaches for facilitating single sign-on (SSO) for third-party services that are accessible through messages (e.g., email) received by a user. A user can receive a message that includes an embedded URL or link that opens in a third-party service that requires authentication. Instead of requiring the user to enter authentication credentials for accessing the third-party service, a tunnel service can be used to intercept requests for authentication and redirect the requests to an identity manager that can issue a SSO token following an authentication of the user and device. Upon supplying the third-party service with the SSO token, the user can access the content associated with the third-party service without entering authentication credentials.

Abstract: Disclosed are various examples for securing enterprise resources using a virtual private network. At least one computing device that can authenticate a client device for a virtual private network (VPN) connection based on a first device identifier received from the client device and a second device identifier received from a remote management service. The at least one computing device can determine that a network event associated with the client device has been observed and execute a machine learning routine to identify a pattern of access for the client device. A network access anomaly is determined in response to a network interaction of the client device deviating from the pattern of access for the client device. A remedial action is performed based on an anomaly type associated with the network access anomaly.

Abstract: Disclosed are various examples for securing enterprise resources using a virtual private network. A client device can send a first unique device identifier for the client device to a remote management service upon enrollment. When a virtual private network application is first executed, the client device can send a second unique device identifier to the remote management service, where the remote management service is configured to store the second unique device identifier in association with the first unique universal identifier. During subsequent executions of the virtual private network application, the virtual private network service can authenticate the client device by comparing the first unique device identifier and the second unique device identifier to a device identifier received from the remote management service. A machine learning routine can be employed to identify anomalies as the virtual private network application is executed.

Abstract: Example methods and systems for context-aware network policy enforcement are described. In one example, a computer system may detect a request for a client device to access a destination server. The computer system may extract, from the request, connection information identifying a connection to be established for the client device to access the destination server; and map the connection information to contextual information associated with the client device or a user operating the client device, or both. Based on the contextual information, the computer system may apply one or more network policies to determine whether to allow or deny access by the client device to the destination server. In response to determination to allow the access, a first response may be generated and sent to allow establishment of the connection. Otherwise, a second response may be generated and sent to block establishment of the connection.

Abstract: Systems herein include a managed content application that can place markers for conversations within secure documents. A separate social application can serve as the platform for the conversations, allowing for efficient conversations that can occur in real time. The markers can be stored with the documents and identify the conversation, allowing users to retrieve historical conversations that occurred on the social application from within the document. This can allow users to quickly come up to speed without having to rehash the conversations with the original participants. Document security can also be maintained without sacrificing conversation efficiency of the social application.

Abstract: Systems and methods are provided for optimizing and securing an enterprise voice service accessed by an external voice assistant device. An enterprise voice assistant installed on a client device acts as an enterprise voice service for an external voice assistant device. The enterprise voice assistant receives a voice query from the external voice assistant device. The voice query is processed using a machine learning model to extract an intent and at least one slot. The extracted intent and at least one slot are used to determine whether a response to the voice query can be generated using local enterprise data that was previously received and stored by the client device from a management server. The response is generated based on the determination by using the local enterprise data or by sending the extracted intent and at least one slot to and receiving the response from the management server.

Abstract: Systems and methods are included for improved interorganizational collaboration. An agent on a server can crawl through data files to identify keywords relating to a product. The agent can create tags and assign the keywords to the tags. The agent can crawl through user-related data files to identify potential support users. The support users can be mapped to tags in a database. A user interacting with a chat application can request help with the product. The agent can extract keywords from the request and use them to identify a tag. The agent can map the tag to support users and using an algorithm can select a support user to send the help request to. If the support user denies the request or does not respond, the agent can send the request to another support user. Once a support user accepts the request, the agent can connect the users.

Abstract: Systems herein include a managed content application that can place markers for conversations within secure documents. A separate social application can serve as the platform for the conversations, allowing for efficient conversations that can occur in real time. The markers can be stored with the documents and identify the conversation, allowing users to retrieve historical conversations that occurred on the social application from within the document. This can allow users to quickly come up to speed without having to rehash the conversations with the original participants. Document security can also be maintained without sacrificing conversation efficiency of the social application.

Abstract: Disclosed are various approaches for dynamically creating content to present to a user based on an identified intent, or other context, associated with a message (e.g., email). A message that is received from a message server can be analyzed to identify the message content within the message prior to distributing to the recipient client device. Trained intent identification models can be applied to the identified message content to determine an intent, or other type of context, associated with the message. Upon identifying the intent, the message header can be modified to include the intent prior to forwarding the message to the recipient client device. The client device can then display a user interface including the message and a user interface element corresponding to a third-party service. The user interface element can be dynamically generated to include an action component that upon selection, triggers an action associated with the intent.

Abstract: Disclosed are various approaches for dynamically creating content to present to a user based on an identified intent, or other context, associated with a message (e.g., email). A message that is received from a message server can be analyzed to identify the message content within the message prior to distributing to the recipient client device. Trained intent identification models can be applied to the identified message content to determine an intent, or other type of context, associated with the message. Upon identifying the intent, the message header can be modified to include the intent prior to forwarding the message to the recipient client device. The client device can then display a user interface including the message and a user interface element corresponding to a third-party service. The user interface element can be dynamically generated to include an action component that upon selection, triggers an action associated with the intent.

Abstract: Disclosed are various approaches for facilitating single sign-on (SSO) for third-party services that are accessible through messages (e.g., email) received by a user. A user can receive a message that includes an embedded URL or link that opens in a third-party service that requires authentication. Instead of requiring the user to enter authentication credentials for accessing the third-party service, a tunnel service can be used to intercept requests for authentication and redirect the requests to an identity manager that can issue a SSO token following an authentication of the user and device. Upon supplying the third-party service with the SSO token, the user can access the content associated with the third-party service without entering authentication credentials.

Abstract: Disclosed are various examples for securing enterprise resources using a virtual private network. A client device can send a first unique device identifier for the client device to a remote management service upon enrollment. When a virtual private network application is first executed, the client device can send a second unique device identifier to the remote management service, where the remote management service is configured to store the second unique device identifier in association with the first unique universal identifier. During subsequent executions of the virtual private network application, the virtual private network service can authenticate the client device by comparing the first unique device identifier and the second unique device identifier to a device identifier received from the remote management service. A machine learning routine can be employed to identify anomalies as the virtual private network application is executed.

Abstract: Disclosed are various examples for generating, storing, and loading drawings separate from a file. A request can be received to generate a drawing in a file. A data object can be generated corresponding to the drawing. The data object can include characteristics of the file proximate to an area in the file associated with the drawing. The data object can be stored in a data store associated with the file. A request can be received to open the file. The file can be loaded from the data store. The position of the drawing within the file can be determined based on a stored data object. The file can be rendered including the drawing at the determined position.

Abstract: Examples described herein include systems and methods for performing distributed encryption across multiple devices. An example method can include a first device discovering a second device that shares a network. The device can identify data to be sent to a server and calculate a checksum for that data. The device can then split the data into multiple portions and send a portion to the second device, along with a certificate associated with the server for encrypting the data. The first device can encrypt the portion of data it retained. The first device can receive an encrypted version of the second portion of the data sent to the second device. The first device can merge these two portions and send the merged encrypted data to the server, along with the checksum value. The server can decrypt the data and confirm that it reflects the original set of data.

Abstract: Examples described herein include systems and methods for performing distributed encryption across multiple devices. An example method can include a first device discovering a second device that shares a network. The device can identify data to be sent to a server and calculate a checksum for that data. The device can then split the data into multiple portions and send a portion to the second device, along with a certificate associated with the server for encrypting the data. The first device can encrypt the portion of data it retained. The first device can receive an encrypted version of the second portion of the data sent to the second device. The first device can merge these two portions and send the merged encrypted data to the server, along with the checksum value. The server can decrypt the data and confirm that it reflects the original set of data.