Abstract: Disclosed are various examples for remotely restricting client devices. A client device can be placed into a restricted mode in which application switching capabilities of the client device are disabled. Additionally, the client device can transmit screen capture data to a management service, which can provide the ability for an administrator user to monitor data shown on a display associated with the client device. The client device can also be removed from the restricted mode in response to a command sent from the management service to the client device.

Abstract: Disclosed are various examples for dynamic application deployment in trusted code environments. In some embodiments, an application is identified for installation on a client device. The client device includes a security process that limits the client device to execute trusted code based on a trusted code policy. Characteristics of a file are identified from an installation package for a client application. A management agent is instructed to update the trusted code policy to whitelist the file by providing the characteristics of the executable file to the security process. A command to install the application is transmitted to the management agent, where the management agent is a trusted installer for the client device.

Abstract: A cryptographic proxy service may be provided. Upon determining that data associated with a network destination comprises at least some sensitive data, a cryptographic service may provide a security certificate associated with the network destination. The plurality of data may be encrypted according to the security certificate associated with the network destination and provided to the cryptographic service for re-encryption and transmission to the network destination.

Abstract: Systems and methods for 3D printer management can allow or reject printing of an object based on a model that is trained with machine learning. In one example, the model classifies the object according to object type. The object type can be compared against a list to determine whether to block the object from printing. The object can also be compared to previously printed objects. The object can be blocked from printing if a combination of the object and a previously printed object amounts to a threshold amount of a blacklisted item. The lists can be specific to users, such as an organizational group to which the user belongs. A print server can apply the model prior to forwarding the object to a 3D printer for printing. Both the models and the lists can evolve based on machine learning, such as based on which print decisions receive override from administrators.

Abstract: Examples for determining access to restricted features of an application are disclosed. A current working status of a user account and an access policy can be analyzed to determine whether access to the restricted feature should be granted or denied. The functionality can be provided by a library bundled within an application.

Abstract: Disclosed are various embodiments for separating creation of and executing of updated campaigns in multitenancy environments. For example, an organization can have a hierarchical structure such that a root organization includes multiple sub-organizations. A root organization administrator may create an update campaign for enforcing software policies on devices that are included in the sub-organizations. A sub-organization administrator can approve and define the execution schedule for when the devices included in the sub-organization can execute the update campaign.

Abstract: Disclosed are various embodiments for managing voice-driven application. In one embodiment, among others, a system includes a computing device and program instructions. The program instructions can cause the computing device to initiate a management session between a voice application service and a management service based on receiving a first request from the voice application service. The program instructions can cause the computing device to initiate an application session between a voice-driven application and the management service based at least in part on a second request received from the voice application service. The program instructions can cause the computing device to enforce a compliance policy on a data request for the voice-driven application. The data response can be transmitted to the voice application. The voice application service can provide the data response to the client device for playback.

Abstract: Disclosed are various examples for verification and management of firmware for client devices enrolled with a management service of an enterprise. The firmware verification includes a verification process using multiple checkpoints for determining whether status responses associated with firmware installed on and received from a managed client device can be trusted. The multiple checkpoints can include verifying certificate data, signature data, and an exit code included in status responses received from managed devices. In the event that one of the verification steps fails, the device can be considered compromised and subject to various compliance actions. The compliance actions can include limiting access to enterprise data, limiting access to one or more applications, wiping a device clean to reset the devices to the original factory settings, sending a notification to an enterprise administrator providing an indication of the detected compromise, and other types of compliance actions.

Abstract: Disclosed are various embodiments of identifying a reusable email template for use in an email client based on a file attachment, an email recipient, and/or other factors, such as date and time. Various embodiments can identify an unsent email, the unsent email comprising at least a body and an attachment file, analyze the attachment file to determine one or more attachment categories, select an email template from a plurality of email templates based at least on the one or more attachment categories, and populate the body of the unsent email with the selected email template.