Abstract: In certain aspects of the present disclosure, a computer-implemented includes generating a unique code for display on a managed device, and authorizing a manager device to selectively initiate at least one workflow on the managed device. The method includes, responsive to the manager device scanning the unique code, verifying the manager device is authorized. The method includes displaying on the manager device, based on verification that the manager device is authorized, an option corresponding to the at least one workflow. The method includes receiving, from the manager device, a selected workflow. The method includes, responsive to receiving the selected workflow, transmitting a message to a push notification server initiating the managed device to communicate with an MDM server. The method includes transmitting a command to the managed device causing performance of the selected workflow on the managed device. Systems and machine-readable media are also provided.

Abstract: In certain aspects of the disclosure, a computer-implemented method includes enrolling, at a mobile device management service, at least one managed device. The method includes receiving a client certificate on the at least one managed device. The method includes integrating, via a trusted ecosystem vendor app on the at least one managed device, a universal device identifier SDK. The method includes retrieving, by the universal device identifier SDK based on a request from the trusted ecosystem vendor app, a pre-salted device identifier address associated with the at least one managed device. The method includes transmitting, by the at least one managed device via the trusted ecosystem vendor, the pre-salted device identifier address to a security vendor service for generating a universal device identifier address. The method includes receiving, from the security vendor service by the at least one managed device via the trusted ecosystem vendor, the universal device identifier address.

Abstract: In certain aspects of the present disclosure, a computer-implemented method includes receiving, at a mobile device management server in response to authentication being granted to an organization app on a mobile device, an API enable message from an organization service associated with the organization app. The API enable message includes instructions for the mobile device management server to retrieve device and user data from the mobile device. The method includes retrieving, responsive to receiving the API enable message, the device and user data from the mobile device. The method includes transmitting the device and user data to the automation service for requesting activation of an organization owned line of service ESIM on the mobile device. The method includes deploying a management app and security posture to the mobile device based on the organization owned line of service ESIM being activated on the mobile device.

Abstract: In certain aspects, methods include, responsive to receiving verification that credentials associated with an organization device (OD) is authenticated, requesting the OD to create a token comprising a private and public key. The method includes receiving, subsequent to the OD initiating creation of the token, the public key from the OD. The method includes associating the public key with an UPN of the OD, and includes requesting the organization credentials from a secondary device (SD), responsive to detecting a request therefrom. The method includes requesting, responsive to authentication of the organization credentials, a challenge response from the SD. The method includes receiving the challenge response from the SD, which signed the challenge response with the private key that was transferred via the OD. The method includes determining, with the public key, whether the challenge response is valid, and includes validating enrollment of the SD when the challenge response is validated.

Abstract: According to certain aspects of the present disclosure, a computer-implemented method is provided. The method includes receiving, at a manager device, data comprising at least one managed device. The method includes identifying, at the manager device, a website associated with the at least one managed device. The method also includes receiving, at a mobile device management server from the manager device, a first message to cause the mobile device management server to initiate transmission of a second message comprising a command that causes the at least one managed device to navigate to the website via a browser, restrict access to other websites other than the website, and enable a camera. Systems and machine-readable media are also provided.

Abstract: According to certain aspects of the present disclosure, a computer-implemented method is provided. The method includes receiving, at a mobile device management server from a threat feed server, at least one security statement. The method includes parsing the at least one security statement into parsed information. The method includes creating a custom threat feed of common vulnerabilities and exposures with at least the parsed information. The method includes selectively creating an alert associated with one common vulnerability and exposure of the common vulnerabilities and exposures, wherein the alert comprises a remediation action associated with the one common vulnerability and exposure. The method includes determining at least one managed device, managed by the mobile device management server, and associated with the remediation action of the alert. Systems and machine-readable media are also provided.

Abstract: Methods for enabling passwordless authentication to ancillary devices and services of a user by utilizing a mobile device of that same user. Systems and machine-readable media are also provided.

Abstract: A game engine sensor of a computing device executing an operating system receives first data from the operating system that represents occurrence of a monitored event. The game engine sensor sends second data corresponding to the monitored event to a game engine logic controller. A first logic block of the game engine logic controller determines, based on the second data and third data representing a system state of the computing device, that a first predicate condition is satisfied. A second logic block of the game engine logic controller determines, based on the second data and the third data, that a second predicate condition is satisfied. A computer security threat is detected based on the first and second predicate conditions being satisfied, and at least one game engine actuator is instructed to perform at least one action responsive to the computer security threat.

Abstract: A method includes receiving, at a mobile device management (MDM) server, a message indicating a location at a healthcare facility. The method also includes identifying, at the MDM server, a mobile device assigned to the location. The method further includes sending a remote reset command from the MDM server to the mobile device.

Abstract: According to certain aspects of the present disclosure, a computer-implemented method is provided that includes detecting a malicious activity or a security event on a managed device. The method includes adding the managed device to a group. The method includes removing a user configuration profile from, and transmitting a security configuration profile to, the managed device. The method includes placing the managed device in a protect state to notify and forcibly log out the end user. The method includes notifying the end user that access is prohibited. The method includes clearing the managed device from being in the protect state after remediation of the malicious activity or the security event. The method includes removing, responsive to clearing the managed device from being in the protective state, the security configuration profile from, and transmitting the user configuration profile to, the managed device. Systems and machine-readable media are also provided.

Abstract: A method includes receiving an indication that a patient is assigned to a patient device. The patient device stores healthcare information associated with the patient. The method includes sending configuration data to the patient device to configure the patient device to be compatible with a video conference service in response to receiving the indication that the patient is assigned to the patient device. The method includes generating video conference credentials for the patient in response to configuring the patient device. The video conference credentials enable an auto join link that is usable by a third party device to establish a video conference with the patient through the video conference service. The method includes sending the video conference credentials to the third party device.

Abstract: A method includes sending, from a mobile device management (MDM) server, a group list to a mobile device, the group list indicating a plurality of MDM groups that are available to the mobile device for enrollment. The method also includes receiving, at the MDM server, a join group request from the mobile device. The join group request indicates a group of the plurality of MDM groups. The method also includes, in response to receiving the join group request, updating, at the MDM server, group membership data to indicate that the mobile device is added to the group. The method further includes identifying, based on the group membership data at the MDM server, an action associated with the group. The method also includes sending a command from the MDM server to the mobile device to perform the action.

Abstract: A particular method includes detecting, at a managed computing device, a signal from a wireless beacon device via a first wireless connection. The signal is detected while particular functionality is inaccessibly at the managed computing device. The method further includes, in response to detecting the signal, transmitting a first message from the managed computing device to a device management server via a second wireless connection, where the first message identifies the wireless beacon device. The method further includes receiving, at the managed computing device in response to the identification of the wireless beacon device in the first message, a second message that grants the managed computing device access to the particular functionality while the managed computing device is within a transmission range of the wireless beacon device.

Abstract: A particular method includes detecting, at a managed computing device, a signal from a wireless beacon device via a first wireless connection. The signal is detected while particular functionality is inaccessibly at the managed computing device. The method further includes, in response to detecting the signal, transmitting a first message from the managed computing device to a device management server via a second wireless connection, where the first message identifies the wireless beacon device. The method further includes receiving, at the managed computing device in response to the identification of the wireless beacon device in the first message, a second message that grants the managed computing device access to the particular functionality while the managed computing device is within a transmission range of the wireless beacon device.

Abstract: A particular method includes receiving, at a manager mobile device, a selection of a managed mobile device of a plurality of managed mobile devices. The method also includes displaying, at the manager mobile device, a list of applications executable by the managed mobile device, a list of websites accessible by the managed mobile device, or both. The method further includes receiving, at the manager mobile device, a selection of an application from the list of applications or a selection of a website from the list of websites. The method includes initiating, at the manager mobile device, transmission of data to the managed mobile device instructing the managed mobile device to restrict focus to the selected application or the selected website.

Abstract: A particular method includes generating, at a server configured to access inventory data associated with one or more managed devices, a graphical user interface (GUI) that is operable to define grouping criteria for one or more dynamic groups of managed devices. The method also includes receiving, at the server via the GUI, first grouping criteria and data identifying an action to be performed with respect to managed devices that satisfy the first grouping criteria. The first grouping criteria is based on at least second grouping criteria and a logical operator. The method further includes determining, at the server based on the inventory data, a group of managed devices that satisfy the first grouping criteria. The method includes initiating, by the server, transmission of a push notification regarding the action to each managed device in the group of managed devices.

Abstract: A particular method includes generating, at a server configured to access inventory data associated with one or more managed devices, a graphical user interface (GUI) that is operable to define grouping criteria for one or more dynamic groups of managed devices. The method also includes receiving, at the server via the GUI, first grouping criteria and data identifying an action to be performed with respect to managed devices that satisfy the first grouping criteria. The first grouping criteria is based on at least second grouping criteria and a logical operator. The method further includes determining, at the server based on the inventory data, a group of managed devices that satisfy the first grouping criteria. The method includes initiating, by the server, transmission of a push notification regarding the action to each managed device in the group of managed devices.