Abstract: Encrypting keystroke data in a multi-session-enabled computing device includes receiving a first control message requesting enabling of keystroke encryption for a protected application executing in a first desktop session. The first control message includes application identification information of the protected application. Keystroke encryption is enabled for keystrokes targeting the first desktop session based on receipt of the first control message. Keystroke data sent to the protected application is encrypted while the protected application maintains keyboard focus in the first desktop session. Unencrypted keystroke data is transmitted to another application of a second desktop session while keystroke encryption is enabled for the protected application in the first desktop session.

Abstract: Disclosed are various embodiments for preventing unauthorized access to materials and topics for meeting invitations and meeting recording. A meeting recording and other meeting data is received in association with a meeting identifier. The meeting recording and the meeting data is provided as input to a machine learning engine to generate labelled recording data. A user-specific recording package is generated to include data limited to the at least one meeting section corresponding to a set of security labels approved for a user account.

Abstract: Systems and methods are described for injecting chaos into an application based on a determination that network traffic will be at the application when the chaos is injected. In an example, a gateway can receive requests for applications in a system. The gateway can be configured to periodically insert a header into an application request that causes a proxy agent associated with the requested application to request chaos instructions from a server. When chaos instructions are requested, the server can determine whether and what kind of chaos to inject into the application. The server can send instructions to the proxy agent, which can inject chaos according to the instructions. A monitoring agent can then monitor traffic around the application to determine whether other applications and system components behave appropriately in response to the injected chaos.

Abstract: Systems and methods are described for providing ways to optimize client performance during screen data streaming. Periods of time a client takes to render frames can be tracked and the frame rendering times can be analyzed to determine when the client performance is insufficient. If the client rendering performance is determined to be insufficient, the encoding method can be dynamically modified in ways preferable for improving the client rendering performance. Different approaches can be utilized for calculating metrics and determining when to modify the encoding method, such as linear interpolation or by taking averages of frame rendering times in a moving sample window.

Abstract: Systems and methods are described for configuring a web page using chain of trust. In an example, a web browser can receive a certificate hierarchy from a web server in response to a request for a web page. The web browser can apply a hash algorithm to one or more digital security certificates in the certificate hierarchy. The web browser can send the hash values to a deployment database that stores mappings of known hash values to website configuration settings. The deployment database can respond with the corresponding configuration settings. The web browser can merge the configuration settings and apply them to the web page prior to rendering the web page on a display.

Abstract: Systems and methods are provided for grouping remote desktop sessions on servers in remote desktop environments according to predicted user logoff times so that sessions with similar predicted logoff times can be placed together on the servers, allowing for more efficient utilization of servers. A user can request a virtual desktop session. Once the request is received, a predicted logoff time for the session can be determined and the session can be placed on one of available host servers based on the predicted logoff time. Different logoff time ranges can be assigned to different servers and sessions can be grouped on the servers according to predicted logoff time.

Abstract: Examples of troubleshooting enterprise information technology problems are described. In some examples, a root cause analysis service configures parameters for a root cause analysis. The parameters include device context features of client devices, which are specified to be analyzed. The root cause analysis service identifies a target issue affecting the client devices and performs the root cause analysis according to the parameters to generate root cause candidate patterns to provide through an interface.

Abstract: The present disclosure relates to dynamic meeting space configuration based on content. A client device can detect an entry of a user into a meeting space and notify a management service of the entry of the user into the meeting space. The client device can receive an access token from the management service and provide an access request for an enterprise resource to an enterprise resource service, where the access request comprises the access token. The client device can receive the enterprise resource from the enterprise resource service. The client device can provide data regarding the security classification of the enterprise resource to an edge device located within the meeting space. The client device can receive, from the edge device, a confirmation that a plurality of internet of things (IoT) devices located within the meeting space have been configured according to the security classification of the enterprise resource.

Abstract: The present disclosure fallback management of managed devices utilizing edge management servers that periodically poll a primary management server. If the primary management server is unreachable, the edge management servers can assume management of a population of managed devices.

Abstract: A scanner redirection method for a remote desktop computer system that includes a client computer, a first virtual machine (VM), and a second VM, includes the steps of: receiving by the first VM from the second VM, a first request for an image, wherein the first request for the image is directed to virtual image capturing software in the first VM; in response to the first request for the image being directed to the virtual image capturing software, transmitting by the first VM to the client computer, a second request for the image, wherein the second request for the image is directed to an image capturing device connected to the client computer; and upon receiving the image from the client computer, transmitting by the first VM to the second VM, the image received from the client computer.

Abstract: The present disclosure relates to peer-to-peer (P2P) updating of offline client devices by an online client devices. Client devices can be enrolled with a management service as managed devices. If a device lacks the ability to contact the management service, an online client device that is in communication with the offline client device can deliver updates to software, policies, or other data.

Abstract: The present disclosure relates to peer-to-peer (P2P) secure mode authentication. A secondary client device can request access to an enterprise resource. The secondary client device can establish a P2P communication channel with a primary client device during a P2P secure mode. The secondary client device can determine a proximity of the computing device to the client device and generate proximity data based at least in part on the proximity of the computing device to the client device. The secondary client device can receive an authorization to access the enterprise resource based at least in part on the proximity data and access the enterprise resource by loading the enterprise resource within a sandboxed environment.

Abstract: Systems and methods are described herein for creating enterprise workflows for an enterprise user. In an example, a user can access a workflows tool in a management application. The user can select a trigger event from a list of available trigger events. In response to the selection, the workflows tool can display a list of available actions. The user can select an action. The user can also select other enrolled user devices for executing the workflow. The management application can send the selections to a server. The server can send workflow connectors for the selected trigger event and action to the selected user devices. The workflow connections can include instructions for detecting the trigger event and instructions for performing the action. The management application can install the workflow connectors and begin executing the workflow.

Abstract: Disclosed are various embodiments for loaning an electronic device. In some embodiments, the recipient of the electronic device can check out or check in the electronic device. In other embodiments, the electronic device can be enrolled in a device management system and receive a package file from a directory service. In some other examples, the electronic device can be reimaged using a refresh payload.

Abstract: A single graphical user interface (“GUI”) for creating a certificate-enforced network for devices in a logical group is provided. The GUI can include a certificate upload tool for uploading a security certificate file for a new network, a logical group selection tool for selecting a logical group of computing devices to add to the network, and a network configuration tool for configuring settings for the network. An application of the GUI can send the security certificate file to a third-party network configuration manager that responds with a certificate identifier (“ID”). Without additional user action required, the application can input the certificate ID into a request to create the network that includes the network settings and the logical group selection. The third-party network configuration manager can then create the network using the information provided by the application.

Abstract: Various examples are disclosed for an authentication model for user sessions utilizing a digital key incorporating metadata identifying device location and network conditions. Upon user authentication of a session, a digital key can be generated that incorporates information about the location and network conditions of a device, which can be utilized to grant conditional access to resources.

Abstract: Disclosed are mechanisms that enable secure file sharing between applications using an operating system framework. In some examples, an extension map is received by a client device. The extension map relates a file extension to an alias file extension. A management software development kit (SDK) is used by an application. The management SDK identifies that the application originates a file having the file extension, stores the file as an extension-aliased file by changing its file extension to the alias file extension according to the extension map. The extension-aliased file is transferred to a recipient application using a file sharing utility of an operating system of the client device.

Abstract: Disclosed are various approaches for detecting whether an event in a conferencing service is advanced or delayed relative to an agenda providing by the conferencing service or an event organizer. A speech-to-text conversion of the audio component can be performed and compared against the agenda. Segments of interest can be identified and users notified if the event is advanced or delayed.

Abstract: Disclosed are various approaches for ensuring application integrity for enterprise resource access. In some examples, a client device extracts installed application data from a local instance of an application that is installed on the client device. The installed application data includes actual certificate-based signature information for the local instance of the application. An application verification status is generated using the actual certificate-based signature information and the expected certificate-based signature information; and network access to a protected set of enterprise resources is permitted or denied using the application verification status.

Abstract: The present disclosure provides an approach for training a machine learning model. Embodiments include receiving text comprising a natural language request. Embodiments include providing one or more inputs to a source machine learning model based on the text, wherein the source machine learning model has been trained using source training data corresponding to a plurality of databases. Embodiments include receiving, from the source machine learning model in response to the one or more inputs, a database query in a syntax corresponding to a target database. Embodiments include generating training data for a target machine learning model based on the text and the database query received from the source machine learning model, wherein the target machine learning model has been trained using a smaller amount of training data than the source training data that was used to train the source machine learning model.