Abstract: Embodiments of the present disclosure relate to management of resources. Embodiments include receiving, from a user of a client device, first input indicating a location on a remote device and a file type. Embodiments include identifying a file corresponding to the file type at the location. Embodiments include generating a graphical representation of the file and providing the graphical representation of the file to the user. Embodiments include receiving, from the user, second input corresponding to the graphical representation of the file. Embodiments include identifying stored credentials based on the second input and initiating a virtual desktop session using the stored credentials. Embodiments include providing a remote interface to the virtual desktop session on the client device. Embodiments include launching an application within the virtual desktop session and opening the file within the application.

Abstract: Disclosed are various approaches for authenticating a user through a voice assistant device and creating an association between the device and a user account. The request is associated with a network or federated service. A user account can be implicitly authenticated based on proximity of a client device to the voice assistant device. An association between the user account and the voice assistant device can then be created.

Abstract: Disclosed are various embodiments that relate to a system or a method for managing individual actions. In one example, among others, a system includes a client device and program instructions executable in the client device. The program instructions, when executed, cause the client device to identify an action that stores an image in a memory associated with the client device, where the action is executed by way of the client computing device. The program instructions also cause the client device to generate an image tag that describe the image. The client device can determine that the image has enterprise content based on the image tag and determine that a policy applies to the enterprise content. An enterprise action can be performed based on the enterprise policy.

Abstract: Disclosed are various approaches for automating the detection and identification of security issues. A plurality of signals received from a plurality of security devices are analyzed to identify a predicted security incident, each of the plurality of signals indicating a potential security issue. A confidence score is then calculated for the predicted security incident. At least one compliance policy is then evaluated to determine whether to perform a remedial action specified in the compliance policy, wherein a determination to perform the remedial action is based at least in part on the confidence score. Finally, the remedial action is performed in response to an evaluation of the at least one compliance policy.

Abstract: Disclosed are various embodiments for implementing a key escrow system without disclosure of a client's encryption key to third parties. An encryption key is split into a plurality of key segments pursuant to a shared secret protocol. A plurality of peer client devices are then identified. Each peer client device in the plurality of peer client devices is then verified and the respective one of the plurality of key segments are sent to a respective one of the plurality of peer client devices. A response is then received from each respective one of the plurality of peer client devices, the response confirming receipt of the respective one of the plurality of key segments. A list identifying the plurality of peer client devices is finally provided to a key escrow service, the list comprising key-value pairs that identify each respective one of the plurality of peer client devices and the respective one of the plurality of key segments.

Abstract: Disclosed are various embodiments for managing voice-driven application. In one embodiment, among others, a system includes a computing device and program instructions. The program instructions can cause the computing device to initiate a management session between a voice application service and a management service based on receiving a first request from the voice application service. The program instructions can cause the computing device to initiate an application session between a voice-driven application and the management service based at least in part on a second request received from the voice application service. The program instructions can cause the computing device to enforce a compliance policy on a data request for the voice-driven application. The data response can be transmitted to the voice application. The voice application service can provide the data response to the client device for playback.

Abstract: Disclosed are various embodiments for fast and accurate identification of message-based application programming interface (API) calls in applications. A set of compliance rules is obtained from a compliance rule store. A request to analyze an application is received. An application analysis is performed by scanning the application to identify one or more public APIs invoked by the application. The set of compliance rules are enforced on the application based at least in part on the application analysis.

Abstract: Disclosed are various embodiments for managing voice-driven application. In one embodiment, among others, a system includes a computing device and program instructions. The program instructions can cause the computing device to receive a request to initiate an application proxy service. The program instructions can cause the computing device to authenticate the request based on an access token. The program instructions can cause the computing device to initiate an application proxy service session with a second computing device, where the second computing device provides input data to the application proxy service. The computing device can also initiate an application session associated with an application service, where the application proxy service provides the input data to the application service. The computing device also can apply a compliance policy as data is communicated between the second computing device and the application service.

Abstract: Systems and methods are included for detecting driving based on user-specific models for driving detection, and restricting access to an application of the user device while a user is driving. A management agent installed on the user device can collect data from sensors in a user device and provide the data to a management server, which can build a user-specific model for driving detection for that user. The management agent can then use that user-specific model for detecting when the user is driving. When the agent determines that the user is driving, it can enforce a driving policy that limits access to applications and delay or modify notifications generated by applications.

Abstract: Systems and methods are provided for accurately setting notification priority levels for applications on a user device. An example system includes a user device and a management server. When an application generates a notification, it provides a priority level for the notification. A management agent executing on the user device can detect the notification and its assigned priority level, determine a predicted priority level using a prediction engine or prediction server, and cause the application the replace or update the assigned priority level based on the predicted priority level. The management agent can then receive user actions related to that notification from the application, and use that information to determine an observed priority level. The prediction engine or prediction server can be updated based on the observed priority level, thereby dynamically increasing the accuracy of predictions.

Abstract: Systems and methods are included for detecting driving based on user-specific models for driving detection, and restricting access to an application of the user device while a user is driving. A management agent installed on the user device can collect data from sensors in a user device and provide the data to a management server, which can build a user-specific model for driving detection for that user. The management agent can then use that user-specific model for detecting when the user is driving. When the agent determines that the user is driving, it can enforce a driving policy that limits access to applications and delay or modify notifications generated by applications.

Abstract: Disclosed are various approaches for injecting resources into wrapped applications. A computing device first obtains a compiled version of a target application package. The computing device then decompiles the compiled version of the target application package to generate a source code version of the target application package. Then, the computing device combines the source code version of the target application package with management component source code. Next, the computing device generates an application resource index. Subsequently, the computing device, modifies the management component source code based at least in part on the application resource index. Finally, the computing device compiles the combined source code version of the target application package and the management component source code to generate a managed application package.

Abstract: Various examples for identifying clusters of instances of managed devices within a management service are described. Clusters are identified based upon a policy strength score of the respective instances. The policy strength scores can be generated based upon the security settings of the instance within the management service.

Abstract: A system includes a computing device and a storage device storing computer instructions that are executable by the computing device. The computer instructions cause the computing device to detect a request to render content in a first display of a primary user device. The computer instructions further cause the computing device to determine whether the primary user device satisfies a compliance rule indicating whether the first display of the primary user device is authorized to render the content. In response to determining that the primary user device fails to satisfy the compliance rule, the computer instructions cause the computing device to prevent the content from being rendered in the first display of the primary user device and cause the content to be rendered in a second display of a secondary user device.

Abstract: Embodiments relate to a system that includes a managed application and a workspace manager that are executable by a computing device. The workspace manager obtains a component invocation message from the managed application and determines whether the component invocation message is intended to invoke a public component in a workspace managed by the workspace manger. The workspace manager provides an instruction to the managed application in response to determining whether the component invocation message is intended to invoke the public component in the workspace managed by the workspace manager.

Abstract: Systems and methods are included for detecting driving based on user-specific models for driving detection, and restricting access to an application of the user device while a user is driving. A management agent installed on the user device can collect data from sensors in a user device and provide the data to a management server, which can build a user-specific model for driving detection for that user. The management agent can then use that user-specific model for detecting when the user is driving. When the agent determines that the user is driving, it can enforce a driving policy that limits access to applications and delay or modify notifications generated by applications.

Abstract: Embodiments relate to a managed application package generator that creates an executables file, a resource file, and a manifest file for a managed application. The executables file comprises an executable for a loader that loads a target application into memory. The resource file comprises a public resource for the target application. The manifest file comprises manifest data for the target application.

Abstract: Disclosed are various embodiments for managing voice-driven application. In one embodiment, among others, a system includes a computing device and program instructions. The program instructions can cause the computing device to receive a request to initiate an application proxy service. The program instructions can cause the computing device to authenticate the request based on an access token. The program instructions can cause the computing device to initiate an application proxy service session with a second computing device, where the second computing device provides input data to the application proxy service. The computing device can also initiate an application session associated with an application service, where the application proxy service provides the input data to the application service. The computing device also can apply a compliance policy as data is communicated between the second computing device and the application service.

Abstract: Disclosed are various embodiments that relate to a system or a method for managing individual actions. In one embodiment, among others, a system includes a client device and program instructions executable in the client device. The program instructions, when executed, cause the client device to identify an action that stores an image in a memory associated with the client device, where the action is executed by way of the client computing device. The program instructions also cause the client device to generate image tags that describe the image. The client device can determine that the image has enterprise content based at least in part on the image tags and perform an enterprise action on the image. The enterprise action can be based on an enterprise category associated with the image tags and an enterprise policy.

Abstract: Embodiments relate to a system that includes a computing device and a managed application executable by the computing device. The managed application initiates an execution of a target application. The managed application obtains a request from the target application to perform an action. The managed application determines whether the action is permitted by a compliance rule.