Abstract: Self-removal of enterprise application data (e.g., managed application data) is disclosed. It may be determined that a data removal condition has been satisfied. Based at least in part on the determination, data removal information may be generated for a plurality of applications including a managed set of mobile applications. The data removal information may be provided to at least a first application included in the plurality of applications. The first application may provide the data removal information to a data storage location accessible to at least a second application upon a data removal-related event.

Abstract: A notification message gateway is disclosed. Notification data and application identification data is received. The application identification data is used to select an application credential associated with at least one application instance. The notification data and application credential are provided to a distribution node such that the notification data is provided to the application instance.

Abstract: In various embodiments, a control client is configured to determine whether or not the most current configuration profile has been installed within a corresponding mobile device. In particular embodiments, the client is configured to store its own copy of a configuration profile and to compare its copy with the most current configuration profile generated by a device management system as well as to the configuration profile currently installed and applied by a configuration manager within the mobile device. Each configuration profile includes an embedded verification token that facilitates this process. Furthermore, the client may be configured to inform the device management system as to whether or not the current configuration profile has been installed. The device management system may govern enterprise access by the mobile device based on whether or not the current configuration profile has been installed.

Abstract: A mobile device management system that monitors the security state of one or more mobile devices and sets indicators related to such security state. Enterprise network applications, such as an email application, can access the security state information when making access control decisions with respect to a given mobile device.

Abstract: A virtual file management system provides user access to managed content on mobile devices. The system comprises storage domains storing the managed content distributively using file systems, and a data infrastructure that organizes the managed content into a virtual file system that maintains information of storage domain specific file system primitives for accessing corresponding portions of the managed content. The data infrastructure, which maintains metadata of the storage domains and the mobile devices, comprises a policy definition and decision component that maintains policies defining controls for permissible operations on the managed content, the permissible operations including the file system primitives.

Abstract: A virtual file management system provides user access to managed content on mobile devices. The system comprises storage domains storing the managed content distributively using file systems, and a data infrastructure that organizes the managed content into a virtual file system that maintains information of storage domain specific file system primitives for accessing corresponding portions of the managed content. The data infrastructure, which maintains metadata of the storage domains and the mobile devices, comprises a policy definition and decision component that maintains policies defining controls for permissible operations on the managed content, the permissible operations including the file system primitives.

Abstract: In particular implementations, a mobile device management system allows network administrators to control the distribution and publication of applications to mobile device users in an enterprise network. A user profile is accessed to determine a user attribute. A catalog of applications is filtered based at least in part on the user attribute and an enterprise application availability policy to determine a set of applications to be returned and provided via an enterprise mobile device application management interface.

Abstract: A virtual file management system provides user access to managed content on mobile devices. The system comprises storage domains storing the managed content distributively using file systems, and a data infrastructure that organizes the managed content into a virtual file system that maintains information of storage domain specific file system primitives for accessing corresponding portions of the managed content. The data infrastructure, which maintains metadata of the storage domains and the mobile devices, comprises a policy definition and decision component that maintains policies defining controls for permissible operations on the managed content, the permissible operations including the file system primitives.

Abstract: Automatic classification of mobile device-originated content is disclosed. A content object sent from a mobile application to a destination may be received at an intermediate node. The content object may be processed to identify one or more control characters included in the content object. The content object may be modified to replace the identified control characters with classification information.

Abstract: System and method for remotely managing mobile devices. A virtual instance mobile device is maintained for each physical mobile device to be managed. Each virtual instance mobile device is executable in a computer runtime environment and includes a hardware emulation component configured to emulate the hardware components of the corresponding physical mobile device and a software emulation component corresponding to the software components of the physical mobile device, which is executable within the context of the hardware emulation component. Synchronization between the virtual instance mobile devices and their corresponding physical mobile devices is maintained, and data obtained from the physical mobile devices is stored. The physical mobile devices are remotely managed by utilizing their corresponding virtual instance mobile devices respectively.

Abstract: In particular implementations, a mobile device management system allows network administrators to control the distribution and publication of applications to mobile device users in an enterprise network.

Abstract: In various embodiments, a method is described that includes registering a mobile device with an enterprise by storing registration data for the mobile device in a device management database; designating one or more group designations for the mobile device; storing the one or more group designations in the device management database; determining one or more policies for the mobile device based at least in part on the one or more group designations; and selectively taking action on selected data from the mobile device in the device management database based on the one or more policies.

Abstract: System and method for remotely managing mobile devices. A virtual instance mobile device is maintained for each physical mobile device to be managed. Each virtual instance mobile device is executable in a computer runtime environment and includes a hardware emulation component configured to emulate the hardware components of the corresponding physical mobile device and a software emulation component corresponding to the software components of the physical mobile device, which is executable within the context of the hardware emulation component. Synchronization between the virtual instance mobile devices and their corresponding physical mobile devices is maintained, and data obtained from the physical mobile devices is stored. The physical mobile devices are remotely managed by utilizing their corresponding virtual instance mobile devices respectively.

Abstract: One embodiment of the present disclosure provides a method that includes accessing, by a mobile device management system, a profile for a mobile device. The method also includes negotiating, by the mobile device management system, with a certificate authority to obtain a certificate for the mobile device. The negotiating with the certificate authority includes imitating the mobile device based on the profile. The negotiating with the certificate authority also includes, based at least on the imitation, transmitting one or more certificate enrollment messages to the certificate authority. The negotiating with the certificate authority further includes, based on the one or more messages, receiving, at the mobile device management system, the certificate for the mobile device. The method further includes transmitting the certificate to a control agent hosted on the mobile device for installation.

Abstract: System and method for remotely managing mobile devices. A virtual instance mobile device is maintained for each physical mobile device to be managed. Each virtual instance mobile device is executable in a computer runtime environment and includes a hardware emulation component configured to emulate the hardware components of the corresponding physical mobile device and a software emulation component corresponding to the software components of the physical mobile device, which is executable within the context of the hardware emulation component. Synchronization between the virtual instance mobile devices and their corresponding physical mobile devices is maintained, and data obtained from the physical mobile devices is stored. The physical mobile devices are remotely managed by utilizing their corresponding virtual instance mobile devices respectively.

Abstract: In particular implementations, a mobile device management system allows network administrators to control the distribution and publication of applications to mobile device users in an enterprise network.

Abstract: In various embodiments, a method is described that includes receiving mobile device usage data directly from each of a plurality of mobile devices associated with a particular enterprise, aggregating the usage data from each of the plurality of mobile devices at a central database, and generating one or more mobile device usage reports based on the aggregated usage data.

Abstract: System and method for remotely managing mobile devices. A virtual instance mobile device is maintained for each physical mobile device to be managed. Each virtual instance mobile device is executable in a computer runtime environment and includes a hardware emulation component configured to emulate the hardware components of the corresponding physical mobile device and a software emulation component corresponding to the software components of the physical mobile device, which is executable within the context of the hardware emulation component. Synchronization between the virtual instance mobile devices and their corresponding physical mobile devices is maintained, and data obtained from the physical mobile devices is stored. The physical mobile devices are remotely managed by utilizing their corresponding virtual instance mobile devices respectively.

Abstract: System and method for remotely managing mobile devices. A virtual instance mobile device is maintained for each physical mobile device to be managed. Each virtual instance mobile device is executable in a computer runtime environment and includes a hardware emulation component configured to emulate the hardware components of the corresponding physical mobile device and a software emulation component corresponding to the software components of the physical mobile device, which is executable within the context of the hardware emulation component. Synchronization between the virtual instance mobile devices and their corresponding physical mobile devices is maintained, and data obtained from the physical mobile devices is stored. The physical mobile devices are remotely managed by utilizing their corresponding virtual instance mobile devices respectively.

Abstract: In various embodiments, a method is described that includes registering a mobile device with an enterprise by storing registration data for the mobile device in a device management database; designating one or more group designations for the mobile device; storing the one or more group designations in the device management database; determining one or more policies for the mobile device based at least in part on the one or more group designations; and selectively taking action on selected data from the mobile device in the device management database based on the one or more policies.