Abstract: A method of generating text in a first language for incorporation into a remote desktop image to be displayed at a client device, based on inputs made at the client device in a second language different from the first language includes the steps of: transmitting the inputs at the client device in the second language to a remote device that is generating the remote desktop image; generating candidate text in the first language at the client device based on the inputs made at the client device in the second language; upon selection of the candidate text at the client device, transmitting the candidate text to the remote device for incorporation of the candidate text into an updated remote desktop image; and upon receipt of the updated remote desktop image, displaying the updated remote desktop image at the client device.

Abstract: Systems and methods are described for accessing a first user device using a digital badge from a second user device. The digital badge can include information that can be used to identify and authenticate a user profile. In an example, the first and second user devices can be enrolled in a system for managing user devices. A user can select to login to the first user device using a digital badge. The first user device can enable a wireless communication protocol and broadcast a digital badge request that is recognizable by other enrolled devices. The second user device can detect the broadcast and send its digital badge to the first user device. The first user device can send an access request and the digital badge to a server. The server can verify the digital badge, authenticate the user, and notify the first user device. The first user device can then grant the user access without the user inputting any credentials.

Abstract: Example methods and systems to implement an economic printing mode are described. In one example, a computer system may provide a user interface specifying multiple selectable levels associated with economic printing mode. The source printing content may be transformed to generate target printing content that is printable using a lower ink consumption compared to the source printing content. For example, in response to a selection of a first level, print quality may be reduced. In response to a selection of a second level, image information in the source printing content may be modified. In response to a selection of a third level, font information associated with textual information in the source printing content may be modified. The computer system may provide the target printing content that includes modified font information to the printer for printing and/or generate a preview of the target printing content prior to printing using the printer.

Abstract: The disclosure provides techniques for storage device input/output (I/O) performance improvement in a remote computing environment. Embodiments include creating, on a remote device that is remote from a client device, a virtual storage device corresponding to a physical storage device that is located on the client device. Embodiments include receiving, by a driver on the remote device, a request from an application on the remote device to perform an input or output operation with respect to the virtual storage device. Embodiments include sending, by the remote device, a block-level input or output operation to the client device based on the request. Embodiments include receiving, by the remote device, a result of the block-level input or output operation from the client device. Embodiments include providing, by the driver on the remote device, to the application, a response to the request based on the result of the block-level input or output operation.

Abstract: Secure printing may be performed in a virtual desktop infrastructure (VDI) in a virtualized computing environment. When a file is selected for secure printing, print data for the file is stored, and a corresponding entry is created in a metadata map. A message is sent to a user device to inform a user that the file is available for secure printing. The message may include a uniform resource locator (URL) link having a hash code corresponding to the stored print data. If the user accesses the URL link to request the secure printing, the hash code is retrieved from the URL link and compared against the entry in the metadata map. If there is a match between the hash code and the entry in the metadata map, the file is sent to a target local printer for printing.

Abstract: An example method of uniform resource locator (URL) redirection between a client device and a remote system executing a remote desktop accessed by the client device is described. The method includes intercepting, by an extension of a first web browser, a URL selected to be opened on the first web browser, the first web browser and the extension executing on a first system in communication with a second system, the first system and the second system being the client device and the remote system respectively or vice versa; forwarding, by the extension, the URL to a native process executing on the first system; determining, by the native process, an internet protocol (IP) address of the URL; forwarding the URL and the IP address to the second system; and opening, by the second system, the URL on a second web browser executing in the second system.

Abstract: Disclosed are various approaches for dynamically integrating a client application with multiple third-party services. An integration service receives a request to perform an action relative to a particular third-party service from a client device. The request is received through a first application programming interface (API) generic to a plurality of third-party services. The integration service communicates with the particular third-party service to perform the action using a second API specific to the particular third-party service. The integration service sends a response to the client device through the first API. The response is based at least in part on a result of the action and includes an indication of one of a plurality of predefined user interfaces.

Abstract: Prior to a user login event associated with a first user identity, a prelaunch manager determines an occurrence of a primary window prelaunch trigger condition. A primary window station is prelaunched for a first user identity at a user endpoint. Based on an occurrence of a user login event associated with the first user identity, a user session associated with the first user identity is connected with the primary window station. In some examples, the user endpoint is located remotely across a computer network from the prelaunch manager and does not require local capacity for prelaunch. In some examples, further window stations are prelaunched, nested within the primary window station, with the nested window station being associated with user identity having different privileges than the first user identity.

Abstract: Disclosed are various embodiments for controlling access to data on a network. Upon receiving a request comprising a device identifier and at least one user credential to access a remote resource, the request may be authenticated according to at least one compliance policy. If the request is authenticated, a resource credential associated with the remote resource may be provided.

Abstract: Examples described herein include systems and methods for performing distributed encryption across multiple devices. An example method can include a first device discovering a second device that shares a network. The device can identify data to be sent to a server and calculate a checksum for that data. The device can then split the data into multiple portions and send a portion to the second device, along with a certificate associated with the server for encrypting the data. The first device can encrypt the portion of data it retained. The first device can receive an encrypted version of the second portion of the data sent to the second device. The first device can merge these two portions and send the merged encrypted data to the server, along with the checksum value. The server can decrypt the data and confirm that it reflects the original set of data.

Abstract: Disclosed are various approaches for automating the detection and identification of anomalous devices in a management service. Device check-ins are received by a management service and housed in a data store. The quantity of device check-ins over various time periods can be analyzed using various approaches to identify anomalous devices.

Abstract: Disclosed are various approaches for remote working experience optimization. In some examples, a management service receives task execution data and corresponding user data for multiple client devices. The management service inputs target user context data along with the task execution data and the corresponding user data into a prediction model to identify a task and a task schedule that indicates a time to download and cache task content. Instructions are transmitted for a management agent to download and cache the task content according to the task schedule.

Abstract: The disclosure provides a method of associating thread identifiers (IDs) to input/output (I/O) requests in a remote computing environment. The method generally includes receiving, by a mini-filter on a remote device that is remote from a client device, a request from an application on the remote device to access resources at the client device, determining, by the mini-filter, a thread identifier (ID) associated with the request, the thread ID corresponding to an application thread of the application that generated the request, determining, by the mini-filter, one or more parameters of the request, and transmitting, by the mini-filter, to a redirection server process on the remote device, a message comprising the thread ID and the one or more parameters of the request, wherein the thread ID and the one or more parameters of the request are added to a cache maintained by the redirection server process.

Abstract: Systems and methods presented herein can allow a teacher to manage student devices in a classroom setting by grouping student devices on a graphical user interface and using the interface to set locks with respect to the groups of student devices. Lock requests can be received and managed by a server, which can issue file locks, web locks, and application locks. These locks can restrict file access, website access, and application access, respectively, on the students' personal mobile devices. Additionally, the teacher device can allow the teacher to provide timing information in conjunction with the lock requests, which can control when to lock and/or unlock the student devices.

Abstract: Disclosed are various implementations for distributing and installing packages in response to user logon events. A logon event associated with a user account is detected for a client device. A query containing a respective user account identifier is sent to a provisioning service to retrieve a set of packages to install on the client device. The set of packages are received from the provisioning service and installed on the client device.

Abstract: Disclosed are various approaches for enforcing policies for unmanaged applications. A user supplied script can be evaluated to determine whether an application is installed on a computing device. In response to a determination that the application is installed on the computing device, a request can be sent to a management service for at least one policy applicable to the application. The policy can be evaluated to determine whether the application complies with the policy.

Abstract: Disclosed are various embodiments for conditional time-based one time password token issuance based on locally aggregated device risk. Embodiments of this application can evaluate the security of the client device using mobile threat defense signals or a device posture summary before generating a seed on the client device to ensure the security of all the connected systems as a whole. Additionally, embodiments of this application can evaluate the security of the client device to determine if changes have been made that require a remedial action to be taken. In some embodiments, the client device may be completely disconnected from the network and capable of generating time-based one time passwords, while remaining offline. However, offline attacks may still occur; in such a situation, the client device can determine the security of the device and perform the remedial actions independent of other devices, systems, computing environments, or networks.

Abstract: Disclosed are various embodiments for provisioning client devices. An enterprise credential can be obtained from a provisioning service. A client device can send an enrollment request to a management service specific to the enterprise associated with the client device. The management service can send an enrollment response to the client device. Then, the client device can receive a provisioning package from the management service. Next, the computing device can then be configured based upon the enrollment response.

Abstract: Systems and methods are provided for dynamically optimizing and configuring various aspects of virtual desktops in virtual desktop infrastructure. Data collectors can be installed on and operate on various components in the virtual desktop infrastructure, such as on the virtual desktops running on the server, on the virtual desktop clients running on user devices, and on the connection server. The data collectors can operate to collect various types of information from corresponding components, such as application usage data and status, device performance, networking environment and speed, application or system crash data, and so on. The collected data can be logged, tracked, and analyzed to perform various actions on the virtual desktop.

Abstract: Methods and systems are described for managing access to a virtual session. A user device can send a request for a virtual session to a virtual desktop interface (“VDI”) server. The VDI server can send details of a user's account to a management server. The management server can send a machine learning (“ML”) model trained to identify the user's face to the user device. The user device can apply the ML model to a video feed of the viewing area of the user device to verify the user's face. The VDI server can initialize the virtual session if the user's face is verified. The user device can monitor the video feed during the virtual session to detect unauthorized objects. If an unauthorized object is detected, the user device can terminate or minimize the session.