Abstract: On-demand activation of a security policy may be provided. Upon receiving a selection of a link, a profile identified by a security policy associated with the link may be activated and the link may be opened according to the security policy. In some embodiments, opening the link according to the security policy may comprise redirecting the opening of the link from a first application to a second application.

Abstract: Disclosed are various embodiments for controlling access to data on a network. Upon receiving a request comprising a device identifier and at least one user credential to access a remote resource, the request may be authenticated according to at least one compliance policy. If the request is authenticated, a resource credential associated with the remote resource may be provided.

Abstract: Disclosed are various embodiments relating to managed clones of applications. In one embodiment, an application is received. If it is determined that the application should be managed, a managed clone of the application is generated. The managed clone of the application is configured for coexistence along with the application upon a client device under management. The managed clone of the application may then be deployed to the client device under management.

Abstract: Methods and an apparatus are provided for securely authorizing access to remote resources. For example, a method is provided that includes receiving a request to determine whether a user device communicatively coupled to a resource server is authorized to access at least one resource hosted by the resource server and determining whether the user device communicatively coupled to the resource server is authorized to access the at least one resource hosted by the resource server based at least in part on whether the user device communicatively coupled to the resource server has been issued a management identifier. The method further includes providing a response indicating that the user device communicatively coupled to the resource server is authorized to access the at least one resource hosted by the resource server in response to a determination that the user device communicatively coupled to the resource server is authorized to access the at least one resource hosted by the resource server.

Abstract: Control of access to resources on a network may be provided. A request to access enterprise resource(s), the request comprising a set of user access credentials and a device identifier, may be generated. The request to access the at least one enterprise resource and an updated device profile may be provided to an authorization service. A set of enterprise access credentials may be received from the authorization service and used to generate a second request to access the enterprise resource(s).

Abstract: Disclosed are various examples for analyzing the consumption of media content on a client device. A computing environment can be employed to access measurement data obtained by a client application executable on the client device during a rendering of media content on the client device. The computing environment generates a metric describing a probability a user of the client device has watched or otherwise consumed at least a portion of the media content being rendered on the client device. A determination can be made whether a compliance rule associated with the media content has been satisfied using the generated metric. If the compliance rule associated with the media content is not satisfied, a suitable remedial action can be determined and performed in the client device.

Abstract: Disclosed are various examples of providing analog security for digital data. Content is split into a plurality of framelets. A first framelet is sent to a first client device. A second framelet is sent to a second client device. When the first and second client devices are oriented such that the first and second framelets are aligned in a particular manner, the content is made viewable to a user.

Abstract: Telecommunications data usage management may be provided. A network state associated with a communication network may be identified. Upon determining that the network state is not in compliance with a data usage policy, access to the communication network may be restricted for at least one application.

Abstract: Disclosed are various embodiments for passive compliance violation notifications. In one embodiment, it is detected that that a policy violation with respect to use of a client device has occurred. It is then determined that the policy violation may be passive. A user notification of the policy violation is generated by the client device in response to determining that the policy violation may be passive. The frequency and/or intensity of this notification may depend upon an extent of the policy violation. If the policy violation is later determined to be active, additional actions may be performed, such as disabling access to or removing managed resources on the client device.

Abstract: Disclosed are various examples for communicating notifications for received email messages. A monitoring service monitors inboxes to which clients are subscribed. When a message arrives in a subscribed inbox, the monitoring service sends a notification to a notification brokering service. The notification brokering service then forwards the notification to the appropriate notification service for communication to a subscribed client.

Abstract: Time-based configuration profile toggling of a client device can be provided. A computing device in data communication with a client device over a network can be configured to identify an enterprise configuration profile associated with a client device stored in a memory. Further, the computing device can determine whether a current time associated with the client device complies with a compliance rule that specifies at least one time period during which the client device is authorized to enable the enterprise configuration profile. In response to the current time associated with the client device complying with the compliance rule, the computing device can remotely enable the enterprise configuration profile on the client device.

Abstract: Disclosed are various embodiments for controlling distribution of resources on a network. In one embodiment, a distribution service receives a request from a client device to access resources hosted by a distribution service. In response, the distribution service determines whether the client device is authorized to access the distribution service. The distribution service identifies which of the resources hosted by the distribution service are accessible to the client device based on the resource grouping identifiers associated with the client device. The distribution service determines which distribution rules are associated with the identified resources, the distribution rules including location rules and time rules.

Abstract: The detection of whether a local application is managed by a management service is described. In one example, depending upon whether an installation token includes a unique token value, detection logic can determine whether an application is managed or unmanaged based on additional factors. The additional factors include whether a keychain installation token includes a unique token value, the value of the keychain installation token, and a value of a launched flag for the application. Various combinations of those factors and the identification of either a managed or unmanaged status for the application are described. Using the concepts described herein, an unmanaged application can proceed to execute with limited functionality, present a notification that it should be reinstalled by the management service, stop executing, or take other measures.

Abstract: In an example implementation of the disclosed technology, a method includes accessing, by a management agent associated with a client device, a profile associated with a requested resource, wherein the profile comprises at least one profile criterion. The method also includes evaluating the profile criterion based, at least in part, on status information associated with the client device to determine any processing restrictions associated with the requested resource. The method also includes, responsive to receiving an indication that the resource is subject to a server-device processing restriction, requesting access to the resource from a remote server and receiving an instance of a user interface for interacting with the resource.

Abstract: Embodiments for enterprise-specific functionality watermarking and management are provided. A request, originated in response to an attempt to perform an enterprise function on a client device, can be received by at least one computing device over a network, where the enterprise function is associated with a remotely-stored compliance rule. At least one watermark template can be identified from a plurality of available watermark templates based at least in part on the enterprise function, and a communication can be generated that, when received by the client device, authorizes the client device to: perform the enterprise function where at least one resource is generated or modified, and apply the at least one watermark template to the at least one resource such that performing the enterprise function complies with the compliance rule.

Abstract: Disclosed are various embodiments for delegating security authorization to at least one application executed on a client device. A computing device is employed to send to a remote server, from an agent application, a request for a first access credential. The first access credential is received from the remote server and a determination is made by the agent application in communication with a managed application, that the managed application requires a second access credential. In response to the determination being made that the managed application requires the second access credential, the second access credential is sent to the managed application, from the agent application. An indication that the agent is authorized to be in communication with managed applications regarding a need for access credentials is stored and the agent application determines where at least one of the managed applications requires an access credential.

Abstract: Disclosed are various embodiments for controlling distribution of data on a network. In one embodiment, a distribution service receives a request from a user on a client device to access the distribution service. In response, the distribution service determines whether the user and the client device are authorized to access the distribution service. The distribution service identifies which of the resources are accessible to the user and the client device pairing based on a plurality of resource grouping identifiers. The distribution service then determines whether the client device complies with a plurality of distribution rules associated with the identified resources. Upon determining that the client device is compliant, the distribution service transmits the resources related to the compliance.

Abstract: Disclosed are various embodiments for functionality watermarking and management. A computing device, such as a user device, can identify a request to perform a function of the computing device where at least one resource is generated. A data store can be queried to identify at least one watermark template from a plurality of available watermark templates and a compliance rule based at least in part on the function of the computing device requested to be performed. A device profile describing a state of the computing device can be generated and communicated to a compliance server over a network. The computing device can obtain an authorization received from the compliance server to permit the performance of the function based at least in part on the device profile.

Abstract: A method, system and non-transitory computer-readable medium product are provided for watermarking detection and management. In the context of a method, a method is provided that includes identifying at least one resource accessible to a user device and determining whether a watermark template is applied to the at least one resource accessible to the user device. The method further includes identifying at least one compliance rule and determining whether the at least one compliance rule is satisfied in response to a determination that the watermark template is applied to the at least one resource accessible to the user device. The method yet further includes performing at least one remedial action in response to a determination that the at least one compliance rule is not satisfied.