Abstract: Disclosed are various examples identifying time-sensitive tasks being performed by a user of a client device that may be affected by a network connectivity issue associated with the client device and alerting the user interacting with the client device of the identified time-sensitive tasks. Network connectivity data associated one or more client devices can be used to identify patterns and context in network connectivity loss based at least in part on location, time, date, etc. Additionally, user context data associated with a user can be analyzed to predict whether the user will experience any connectivity issues and identify any tasks or action items being performed by the user interacting with the client device that may be considered time-sensitive. A user can be notified of a potential connectivity issue that may affect the ability for the user to complete a time-sensitive task.

Abstract: Systems and methods are described for adjusting streaming of screen data from a server to a client based on visibility of the window in which the screen data is presented on the client. Visibility of a window in the graphical user interface (GUI) can be monitored, for example by detecting when the window is minimized or obscured by other objects in the GUI, and the streaming of screen data to the window can be dynamically adjusted based on the window visibility. When the window is minimized or fully obscured, the streaming of screen data can be stopped. When the window is partially obscured, the streaming can be modified such as by decreasing the frame rate.

Abstract: A remote application installed on a first remote desktop can be shared with a second remote desktop. The first remote desktop can be associated with a first user, and the second remote desktop can be associated with the first user and/or some other user(s) different from the first user. The sharing of the remote application can be terminated from the first remote desktop and/or from the second remote desktop.

Abstract: The disclosure provides an approach for device redirection in a remote computing environment. Embodiments include receiving, at a remote device from a client device over a network, input data of a peripheral device associated with the client device. Embodiments include receiving, at an emulated device running on the remote device, a request for device data from an application running on the remote device. Embodiments include responding, by the emulated device to the application, to the request with a response message having a format associated with the request, the response message being based on the input data. Embodiments include transmitting, from the remote device to the client device over the network, image data representing the application running on the remote device as controlled based on the input data.

Abstract: A system and method for saving and restoring snapshots of a client device connected to a virtual desktop are disclosed. When a client device makes a request to capture the state of the virtual desktop, the request is sent to a server if the client device and virtual desktop are authorized according to a policy. The request may also specify that the virtual desktop's memory contents be captured. The server forms the snapshot and saves the snapshot in storage. When a client device makes a request to restore the virtual desktop, the client selects one of the saved snapshots and restores the virtual desktop, including its memory, when the client device and desktop are authorized, and the snapshot has not exceeded its allowed time in storage according to the policy.

Abstract: System and methods are provided for improved directory enumeration on shared client directories in virtual desktops. A merged I/O request containing multiple expected I/O requests for enumerating a directory can be produced on the virtual desktop. The merged I/O request can be conveyed to the client device and a merged I/O response containing multiple I/O responses to the expected I/O requests can be received from the client device. The received I/O responses can be stored in cache memory on the virtual desktop and used to respond to subsequent queries for enumerating the directory on the virtual desktop.

Abstract: System and method are described for copying and pasting files and folders between a client and a virtual desktop via clipboard redirection. A virtual desktop session can be established by the client on the virtual desktop. The user can copy a file or folder to the virtual desktop clipboard and a path corresponding to the file or folder can be stored in the virtual desktop clipboard in a path list. When the user ungrabs the agent or switches focus out of the virtual desktop to the client, the path list can be transferred to the client device and set into the client clipboard. Subsequently, a request can be received in the client device to paste the copied file or folder to a target location in the client device. In response to the request, the client device can retrieve the contents of the copied file or folder from the agent and the contents can be placed in the target location to complete the paste operation.

Abstract: Disclosed are various approaches for providing touchless visitor management. A visitor can complete a visitor registration process using a client device of the visitor and obtain a virtual badge credential to a visitor's device. A physical access control system credential as well as a visitor badge can also be obtained to the visitor's device.

Abstract: Systems and methods are described for accessing resources of a Unified Endpoint Management (“UEM”) system through an enrolled device. In an example, an unenrolled device can be paired with an enrolled device. The unenrolled device can connect to the enrolled device on a local network. The enrolled device can verify the unenrolled device using a key provided during pairing. The unenrolled device can send requests for UEM resources to the enrolled device, which the enrolled device can send to a UEM server. The UEM server can send the requested UEM resources to the enrolled device, and the enrolled device can send the UEM resources to the enrolled device over the local network.

Abstract: Restricted content of a data file is identified. The restricted content is removed from the data file, and a redacted version of the data file is generated. The restricted content is stored separate from the redacted version of the data file.

Abstract: A method of provisioning virtual machines (VMs) includes: providing a VM pool that includes a graphics processing unit (GPU)-optimized VM and a non-GPU-optimized VM operating in different clouds. A control plane can receive an indication that a user has submitted a workload request, determine whether a GPU-optimized VM is available and instruct the non-GPU-optimized VM to send the workload to the GPU-optimized VM in a peer-to-peer manner. The GPU-optimized VM computes the workload and returns a result to the requesting VM. The control plane can instantiate a new GPU-optimized VM (or terminate it when the workload is complete) to dynamically maintain a desired number of available GPU-optimized VMs.

Abstract: Examples described herein include systems and methods for authenticating a voice-activated device. An example method can include receiving, at an application server, a request from a user device to authenticate the voice-activated device. The application server can provide a first temporary key and session ID to the user device. The method can further include communicating the first temporary key from the user device to the voice-activated device, such as by reading it aloud or having the user device communicate the key in some manner. The voice-activated device can then provide the key to the application server, which generates a second temporary key and sends it back to the voice-activated device. The second temporary key can then be transferred to the user device, which closes the loop by providing the key back to the application server. The application server can then authenticate and provide access to the voice-activated device.

Abstract: Systems and methods are described for Uniform Resource Locator (“URL”) pattern-based high-risk browsing and anomaly detection. In an example, a user device can compare URLs in a browser's history to URL patterns in a provided list to identify matches. The user device can calculate a browsing risk score based on the percentage of entries in the browsing history that match each URL pattern and a risk score associated with the URL pattern. Security policies can be enforced at the user device if the browsing risk score exceeds a threshold. The user device can also detect potentially dangerous anomalous browsing behavior. The user device can calculate a deviance score based on variations between recent browsing history and historical browsing behavior at the user device. Security policies can be enforced at the user device if the deviance score exceeds a threshold.

Abstract: Disclosed are various embodiments for controlling access to resources in a network environment. Methods may include installing a profile on the device and installing a certificate included in or otherwise associated with the profile on the device. A request to execute an application, and/or access a resource using a particular application, is received and determination is made as to whether the certificate is installed on the device based on an identification of the certificate by the application. If the certificate is installed on the device, then execution of the application and/or access to the resource is allowed. If the certificate is not installed on the device, then the request for execution and/or access is refused.

Abstract: Disclosed are various approaches for signing documents using mobile devices. A request is sent to a certificate authority for a signing certificate. The signing certificate is then received from the certificate authority. The signing certificate is then stored in the memory. Next, a file is received from a client application executed by the processor of the computing device. Then, the file is signed with the signing certificate to create a signed file. The signed file is then returned to the client application.

Abstract: Disclosed are various embodiments for the controlling the amount of active updates that can occur during a given time on devices that are associated with tenants (e.g., organizations) and subtenants (e.g., sub-organizations) in a multi-tenant environment. In particular, each tenant and subtenant is assigned throttle corresponding to different update parameters (e.g., an amount of devices executing an active update, an amount of data to be downloaded during a campaign, a time for completing the update campaign, etc.). When an update campaign is established, the update campaign can define the different devices that are to be updated. In some situations, the number of active updates required may exceed the allotted resources for a given subtenant. When a subtenant requires additional resources than what is assigned to complete the update, the subtenant can borrow resources defined by the update parameters from a subtenant peer that has a surplus.

Abstract: Systems and methods are described for a launcher on a user device that allow users to choose between multiple launcher modes. In an example, a user can log in to a management application on a user device that manages the user device. The management application can send the credentials to a server. The server can verify the credentials and send a launcher profile associated with the user to the management application. The management application can check the launcher profile to determine whether the user is allowed to choose a launcher mode. If so, the management application can display the available launcher modes on the user device. The user can select a launcher mode, and the management application can configure the launcher with settings corresponding to the selected mode.

Abstract: Techniques are described for performing browser-driven application capture of application installations. When the browser on the client machine detects a request to begin an application capture session, it downloads an orchestrator binary from an origin server. The orchestrator is a self-extracting executable that decompresses components responsible for preparing the client machine for the application capture session. Preparing the client machine includes starting a local web server, executing a registry script to create the necessary registry state, mounting a virtual disk, and deploying an agent that will record state changes on the client machine. Once the client machine has been prepared, the application installation can begin. During the installation process, the agent intercepts state changes occurring on the client machine and redirects them to the virtual disk.

Abstract: In one set of embodiments, a computer system can determine that a window for an application running on the computer system has become locked by the application while the window is minimized. In response, the computer system can change a preview image associated with the application to an icon or to a different image. Further, after changing the preview image, the computer system can determine that the window has been restored or maximized. In response, the computer system can cause the preview image to once again reflect a current visual state of the window.

Abstract: Disclosed are various embodiments of a multiuser unified endpoint management (UEM) system. A device check-in can be received from a client device. The device check-in can include a device identifier that uniquely identifies the client device with respect to other client devices and a user identifier that uniquely identifies the user of the client device with respect to other users of the client device. In response, a device channel identifier associated with the device identifier and a user channel identifier associated with both the user identifier and the device identifier can be obtained. Then a first set of entitlements associated with the device channel identifier and a second set of entitlements associated with the user channel identifier can be selected. Both sets of entitlements can be provided to the client device in response to the device check-in.