Abstract: Disclosed are various embodiments for facilitating the encryption of files as well as facilitating requiring a user to employ an authenticator device in order to access a file that is encrypted or otherwise secured. The authenticator device can provide an authenticator code in which a security key used to access a secured file can be embedded. An additional layer of encryption can also be applied in the authenticator code.

Abstract: Disclosed are various embodiments relating to managed clones of applications. In one embodiment, an application is received. If it is determined that the application should be managed, a managed clone of the application is generated. The managed clone of the application is configured for coexistence along with the application upon a client device under management. The managed clone of the application may then be deployed to the client device under management.

Abstract: In an example implementation of the disclosed technology, a method includes accessing, by a management agent associated with a client device, a profile associated with a requested resource, wherein the profile comprises at least one profile criterion. The method also includes evaluating the profile criterion based, at least in part, on status information associated with the client device to determine any processing restrictions associated with the requested resource. The method also includes, responsive to receiving an indication that the resource is subject to a server-device processing restriction, requesting access to the resource from a remote server and receiving an instance of a user interface for interacting with the resource.

Abstract: Disclosed are various examples for analyzing the consumption of media content on a client device. A computing environment can be employed to access measurement data obtained by a client application executable on the client device during a rendering of media content on the client device. The computing environment generates a metric describing a probability a user of the client device has watched or otherwise consumed at least a portion of the media content being rendered on the client device. A determination can be made whether a compliance rule associated with the media content has been satisfied using the generated metric. If the compliance rule associated with the media content is not satisfied, a suitable remedial action can be determined and performed in the client device.

Abstract: Disclosed are various embodiments for passive compliance violation notifications. In one embodiment, it is detected that that a policy violation with respect to use of a client device has occurred. It is then determined that the policy violation may be passive. A user notification of the policy violation is generated by the client device in response to determining that the policy violation may be passive. The frequency and/or intensity of this notification may depend upon an extent of the policy violation. If the policy violation is later determined to be active, additional actions may be performed, such as disabling access to or removing managed resources on the client device.

Abstract: Disclosed are various examples of transmitting management commands to a device using a short message service (SMS) message or voice call. A device may lack network connectivity with a management service. Network capabilities of the device may be disabled or impaired. The management service can generate a SMS message or voice call that includes the management command. The SMS message or voice call can be transmitted to the client device over a cellular network. The SMS message or voice call can include an authentication string with which the authenticity of the SMS message or voice call can be verified. The device can then execute the management command.

Abstract: In an example implementation of the disclosed technology, a method includes accessing, by a management agent associated with a client device, a profile associated with a requested resource, wherein the profile comprises at least one profile criterion. The method also includes evaluating the profile criterion based, at least in part, on status information associated with the client device to determine any processing restrictions associated with the requested resource. The method also includes, responsive to receiving an indication that the resource is subject to a server-device processing restriction, requesting access to the resource from a remote server and receiving an instance of a user interface for interacting with the resource.

Abstract: Disclosed are various examples of transmitting management commands to a device using a short message service (SMS) message or voice call. A device may lack network connectivity with a management service. Network capabilities of the device may be disabled or impaired. The management service can generate a SMS message or voice call that includes the management command. The SMS message or voice call can be transmitted to the client device over a cellular network. The SMS message or voice call can include an authentication string with which the authenticity of the SMS message or voice call can be verified. The device can then execute the management command.

Abstract: Disclosed are various embodiments for facilitating the sharing of files or documents on behalf of a sending user to a recipient user. A secured file is transmitted to a recipient user via a primary communication identifier. A security key that can be utilized to decrypt or unlock the file is transmitted to a secondary communication identifier, which can be automatically identified. In this way, security of the file can be maintained in the event that one of the communications channels corresponding to the primary communication identifier or secondary communication identifier is compromised.

Abstract: Disclosed are various examples for analyzing the consumption of media content on a client device. A computing environment can be employed to access measurement data obtained by a client application executable on the client device during a rendering of media content on the client device. The computing environment generates a metric describing a probability a user of the client device has watched or otherwise consumed at least a portion of the media content being rendered on the client device. A determination can be made whether a compliance rule associated with the media content has been satisfied using the generated metric. If the compliance rule associated with the media content is not satisfied, a suitable remedial action can be determined and performed in the client device.

Abstract: Disclosed are various examples of transmitting management commands to a device using a short message service (SMS) message or voice call. A device may lack network connectivity with a management service. Network capabilities of the device may be disabled or impaired. The management service can generate a SMS message or voice call that includes the management command. The SMS message or voice call can be transmitted to the client device over a cellular network. The SMS message or voice call can include an authentication string with which the authenticity of the SMS message or voice call can be verified. The device can then execute the management command.

Abstract: Disclosed are various embodiments for facilitating the encryption of files as well as facilitating requiring a user to employ an authenticator device in order to access a file that is encrypted or otherwise secured. The authenticator device can provide an authenticator code in which a security key used to access a secured file can be embedded. An additional layer of encryption can also be applied in the authenticator code.

Abstract: In an example implementation of the disclosed technology, a method includes accessing, by a management agent associated with a client device, a profile associated with a requested resource, wherein the profile comprises at least one profile criterion. The method also includes evaluating the profile criterion based, at least in part, on status information associated with the client device to determine any processing restrictions associated with the requested resource. The method also includes, responsive to receiving an indication that the resource is subject to a server-device processing restriction, requesting access to the resource from a remote server and receiving an instance of a user interface for interacting with the resource.

Abstract: Disclosed are various embodiments for facilitating the encryption of files as well as facilitating requiring a user to employ an authenticator device in order to access a file that is encrypted or otherwise secured. The authenticator device can provide an authenticator code in which a security key used to access a secured file can be embedded. An additional layer of encryption can also be applied in the authenticator code.

Abstract: In an example implementation of the disclosed technology, a method includes accessing, by a management agent associated with a client device, a profile associated with a requested resource, wherein the profile comprises at least one profile criterion. The method also includes evaluating the profile criterion based, at least in part, on status information associated with the client device to determine any processing restrictions associated with the requested resource. The method also includes, responsive to receiving an indication that the resource is subject to a server-device processing restriction, requesting access to the resource from a remote server and receiving an instance of a user interface for interacting with the resource.

Abstract: Disclosed are various embodiments for facilitating the sharing of files or documents on behalf of a sending user to a recipient user. A secured file is transmitted to a recipient user via a primary communication identifier. A security key that can be utilized to decrypt or unlock the file is transmitted to a secondary communication identifier, which can be automatically identified. In this way, security of the file can be maintained in the event that one of the communications channels corresponding to the primary communication identifier or secondary communication identifier is compromised.

Abstract: Disclosed are various embodiments for facilitating the encryption of files as well as facilitating requiring a user to employ an authenticator device in order to access a file that is encrypted or otherwise secured. The authenticator device can provide an authenticator code in which a security key used to access a secured file can be embedded. An additional layer of encryption can also be applied in the authenticator code.

Abstract: Disclosed are various embodiments for performing a backup a device and/or performing a wipe or removal of data from a device enrolled with a device management service. In various embodiments, a client device may receive a communication generated from a remote computing device that causes performance of a backup of data associated with predefined criteria and performance of a wipe of the data associated with the predefined criteria. The device may perform the backup of the data by communicating the data to the remote computing device over a network. Further, the device may perform the wipe of the data by removing the data associated with the predefined criteria in the request in response to a confirmation that the data has been received by the remote computing device. Data not associated with the predefined criteria may be retained on the client device.

Abstract: Disclosed are various embodiments relating to managed clones of applications. In one embodiment, an application is received. If it is determined that the application should be managed, a managed clone of the application is generated. The managed clone of the application is configured for coexistence along with the application upon a client device under management. The managed clone of the application may then be deployed to the client device under management.

Abstract: Disclosed are various embodiments for restricting usage of a mobile device when a user is driving a vehicle. In one embodiment, it is determined that a mobile device is in use by a driver of an active vehicle. A functionality of the mobile device is then restricted based at least in part on determining that the mobile device is in use by the driver of the active vehicle. For example, a touch screen of the mobile device may be disabled, and the use of a hands-free interface may be made mandatory.