Abstract: A management system manages a plurality of information handling systems by creating custom policies for each information handling system based on information gathered from or about each information handling system indicating, e.g., the user's intent, use, request for usage, security posture, productivity needs, and/or behavior. The management system creates custom policies to avoid unnecessarily impacting a user's productivity.

Abstract: An information handling system operating a low power communications engine comprising a wireless adapter for communicating on a low power communication technology network (such as LPWAN) for receiving low power communication technology data traffic for at least one always-on remote management service for the information handling system, a controller receiving a power status of the information handling system indicating a battery power level and determining a first threshold priority level based on the battery power level, the controller executing code instructions for a low power communications engine to detect a first priority level of data traffic incoming to an active low power communication technology wireless link from a packet header designation of priority level.

Abstract: A device management system includes a system management information handling system (IHS) that is coupled to a network. A first device is included in the device management system and is not configured to communicate with the system management IHS. A plurality of user IHSs are each configured to communicatively couple to the first device and are each configured to communicatively couple to the system management IHS through the network. Each of the plurality of user IHSs is configured to retrieve device information from the first device when that user IHS is communicatively coupled to the first device. Each of the plurality of user IHSs is configured to provide the device information for the first device to the system management IHS when that user IHS is communicatively coupled to the system management IHS through the network.

Abstract: An information handling system operating a low power communications engine comprising a wireless adapter for communicating on a low power communication technology network for receiving low power communication technology data traffic for at least one always-on remote management service for the information handling system, a controller receiving a location status of the information handling system via the low power communication technology network indicating a location or network, where the controller executes code instructions for a low power communications engine to assess a location trust level from an environment characteristics analysis engine to determine whether the location status is a trusted zone location or an untrusted zone location utilizing binary classification machine learning based on input variables including data relating to history of activity at the location or on the network learned by the environment characteristics analysis engine from reported operational or network activity, and the co

Abstract: A first device management system is assigned to have primary responsibility for management of an information handling system. A record of operating characteristics of the information handling system is maintained by a process executing at the information handling system. Primary responsibility for management of the information handling system is transitioned from the first device management system to a second device management system based on rule based analysis of the operating characteristics.

Abstract: An information handling system operating a low power communications engine comprising a wireless adapter for communicating on a low power communication technology network (such as LPWAN) for receiving low power communication technology data traffic for at least one always-on remote management service for the information handling system, a controller receiving a power status of the information handling system indicating a battery power level and determining a first threshold priority level based on the battery power level, the controller executing code instructions for a low power communications engine to detect a first priority level of data traffic incoming to an active low power communication technology wireless link from a packet header designation of priority level.

Abstract: A system, method, and computer-readable medium for performing a secure userless device software deployment operation. The secure userless device software deployment operation enables a client information handing system and a server information handling system to independently and deterministically construct a host reference (such as a host universal resource locator (URL)). In certain embodiments, the host reference is used for the SaaS connection based on a fixed portion plus a unique portion created using a client's public key as an identifier. In certain embodiments, the secure userless device software deployment operation leverages a management system to broker a SaaS service deployment. In certain embodiments, the secure userless device software deployment operation securely attaches a managed userless device to a tenant based SaaS offering by leveraging a connection plug-in and temporary/ephemeral URL architecture with a one-time use construct.

Abstract: Systems and methods for protected local backup. In an illustrative, non-limiting embodiment, an Information Handling System (IHS) may include one or more processors and a memory coupled to the one or more processors, the memory including program instructions stored thereon that, upon execution by the one or more processors, cause the IHS to: receive, via a file system filter driver, a request targeting a file system within a storage device, wherein the file system filter driver is owned by a backup application; and reject the request, via the file system filter driver, in response to the request having been issued by an application other than the backup application.

Abstract: Software services are managed from a single machine performing a service. Service providers offering SaaS applications solicit the single machine. Each service provider provides roles and device requirements for performing the corresponding SaaS. The single machine maintains a database that logs the software services offered by the service providers. Whenever a software service is needed, the single machine inventories its client devices for their resource capabilities and compares to the device requirements in the database. The database reveals the client machine(s) that best performs the role for the corresponding SaaS. Software services are thus integrated and managed from the single machine, thus allowing software services to be efficiently and quickly selected as network resources emerge.

Abstract: Embodiments provide access to enterprise data via a secured virtual environment hosted on an Information Handling System (IHS), with the integrity of the IHS validated prior to launching the virtual environment. The integrity of the IHS may also be continuously validated during operation of the launched virtual environment. Policies for accessing the enterprise data are stored in a secured memory that is isolated from the operating system of the IHS. A virtual environment is configured, according to the policies, with resources for a particular user to access the enterprise data. If the integrity of the IHS is validated by a trusted resource on the IHS, the virtual environment is launched. During operation of the virtual environment, the trusted resource periodically confirms the integrity of the IHS. If the integrity of the IHS is not verified or policy changes are identified, access to the secured workspace may be revoked.

Abstract: A system is disclosed herein including a plurality of information handling systems (IHSs) coupled to and managed by a remote management system (RMS). According to one embodiment, each IHS may be configured to monitor data pertaining to the IHS, determine if the data triggers one or more events, and transmit a notification to the RMS if one or more events are triggered. The RMS may be configured to receive a notification transmitted from at least one IHS, select a policy to be applied to one or more of the IHSs based on the received notification, and transmit the selected policy to the one or more IHS s. The one or more IHSs may be further configured to receive the selected policy from the RMS, store the selected policy, and perform actions specified by the selected policy when policy rules specified by the selected policy are violated.

Abstract: A secured virtual environment provides access to enterprise data and may be configured remotely while isolated from the operating system of an Information Handling System (IHS). In secured booting of the IHS, references signatures are received via an out-of-band connection to the IHS. The reference signatures specify reference states for components of the IHS. Prior to launching a secured virtual environment, a trusted resource of the IHS, such as embedded controller isolated from the operating system, is queried for updated signatures specifying operating states of the component. The integrity of the IHS is validated based on comparisons of the respective reference signatures and updated signatures. If the integrity of the IHS is validated, a secured virtual environment is configured such that particular user may access the enterprise data according to applicable policies that may be periodically revalidated. The secured virtual environment may then be launched on the IHS.

Abstract: Systems and methods are provided for recording and validating modifications to a secured container. Modifications to the secured container by trusted parties are logged. The log may be maintained in a secured memory of an IHS (Information Handling System) and may be periodically validated. Each logged modification specifies a timestamp of the modification and the digital watermark assigned to the trusted party making the modification. Upon completing modifications, the secured container is sealed by imprinting the first digital watermark and the first timestamp at locations in the secured container specified by a watermarking algorithm assigned to the trusted party making the modification. Additional modifications may be serially watermarked on the secured container according the watermarking algorithm of the trusted party making each modification. The secured container is unsealed by re-applying each of the watermarking algorithms in reverse order.

Abstract: An information handling system (IHS) includes a memory having a BIOS, at least one sensor that generates security related data for the IHS, a controller, and one or more I/O drivers. The memory, at least one sensor and controller operate within a secure environment of the IHS; the I/O driver(s) operate outside of the secure environment. The controller includes a security policy management engine, which is executable during runtime of the IHS to continuously monitor security related data generated by the at least one sensor, determine whether the security related data violates at least one security policy rule specified for the IHS, and provide a notification of security policy violation to the BIOS, if the security related data violates at least one security policy rule. The I/O driver(s) include a security enforcement engine, which is executable to receive the notification of security policy violation from the BIOS, and perform at least one security measure in response thereto.

Abstract: A device manager establishes a mobile device and a gateway as managed devices. The device manager generates management metadata and a split cryptographic key. The management metadata may include information identifying the mobile device. The metadata may include a gateway key part and a mobile key part which, in combination, are sufficient to decrypt information encrypted with the management split key. The device manager may encrypt the management metadata using the management split key. The device manager may send the gateway key part and the encrypted management metadata to the gateway and the mobile key part to the mobile device. Subsequent delivery of the mobile key part to the gateway, by the mobile device, enables the gateway to decrypt the encrypted management metadata and recognize the mobile device as a management device delegate sanctioned by the device manager to perform delegated management of the gateway.

Abstract: Systems and methods for continued runtime authentication of Information Handling System (IHS) applications. In an illustrative, non-limiting embodiment, an IHS may include one or more processors and a memory coupled to the one or more processors, the memory including program instructions stored thereon that, upon execution by the one or more processors, cause the IHS to: receive a command to execute an application; initially verify a plurality of tokens, where a first token is provided by the application, a second token is provided by an application manager, and a third token is provided by a hardware component within the IHS; and execute the application in response the initial verification being successful.

Abstract: A secure boot violation system includes a BIOS with an authenticated variables storage storing at least one authorization key and at least one signatures database. The BIOS receives a first policy action entry for association with a first signature in the at least one signatures database, determines that the first policy action entry is signed with the at least one authorization key and, in response, associates the first policy action entry with the first signature in the at least one signatures database. The BIOS then determines, during a boot process and subsequent to the associating the first policy action entry with the first signature, that a first secure boot violation has occurred based on the first signature in the at least one signatures database. In response to determining that the first secure boot violation has occurred, the BIOS performs a first policy action defined by the first policy action entry.

Abstract: Systems and methods for backup data security classification. In an illustrative, non-limiting embodiment, an Information Handling System (IHS) may include one or more processors and a memory coupled to the one or more processors, the memory including program instructions stored thereon that, upon execution by the one or more processors, cause the IHS to: receive a backup policy that includes a plurality of backup profiles, where each of the plurality of backup profiles corresponds to a different user within an organization, and store a copy of electronic data associated with a given one of the different users according to a backup profile.

Abstract: A first device management system is assigned to have primary responsibility for management of an information handling system. A record of operating characteristics of the information handling system is maintained by a process executing at the information handling system. Primary responsibility for management of the information handling system is transitioned from the first device management system to a second device management system based on rule based analysis of the operating characteristics.

Abstract: Systems and methods for a network environment for client-side remote access of a server device from a client device may utilize a biometric sensor device of the client device and a pluggable authentication and authorization framework. The biometric sensor device may capture a gesture of a target user. The server device may authenticate the target user based on previously registered encrypted biometric information of the target user utilizing the pluggable authentication and authorization framework and a remote desktop protocol. When the target user has been authenticated, the client device may be authorized to access a service of the server device.