Abstract: Disclosed are various embodiments for enforcing device compliance parameters by inhibiting access to devices, networks or resources. In one embodiment, among others, a computing device identifies a request to access a first resource and determines that a second resource is associated with accessing the first resource based on a resource group identifier. The computing device determines that a compliance rule is associated with the first resource and the second resource based on the resource group identifier. The client device can determine that the compliance rule has been violated. Then, the computing device determines that the compliance rule is associated with an alternative setting and changes the current setting to the alternative setting.

Abstract: Embodiments of the disclosure relate to proxying at least one email resource from at least one email service to at least one client device, determining whether the email resources are accessible to the client devices via at least one unauthorized application on the client devices, and modifying the email resources to be inaccessible via the unauthorized applications on the client devices in response to a determination that the email resources are accessible via the unauthorized applications on the client devices.

Abstract: Embodiments of the disclosure relate to proxying one or more email resources in transit to the client devices from the email services, removing one or more email attachments from the email resources, and encoding the stripped email attachments based at least in part on one or more cryptographic keys.

Abstract: Disclosed are various approaches for initiating workflows with respect to physical resource devices on behalf of a user. A physical identifier can be affixed to a physical resource device. An identifier can be embedded within the physical identifier. A workflow application can initiate workflows upon detecting that a user has scanned or captured the identifier.

Abstract: Various systems facilitate encrypted file storage. A client device may generate an encrypted version of a file. The client device may obtain at least one reference to at least one storage location for the encrypted version of the file. The client device may cause the encrypted version of the file to be store at the at least one storage location using the at least one reference to the at least one storage location.

Abstract: Disclosed are various embodiments for controlling access to data on a network. Upon receiving a request comprising a device identifier and at least one user credential to access a remote resource, the request may be authenticated according to at least one compliance policy. If the request is authenticated, a resource credential associated with the remote resource may be provided.

Abstract: Embodiments of the disclosure relate to proxying one or more email resources in transit to the client devices from the email services, removing one or more email attachments from the email resources, and encoding the stripped email attachments based at least in part on one or more cryptographic keys.

Abstract: Item delivery optimization may be provided. Items may be identified as available for delivery at a first location to at least one second location. A route from the first location to the second location may be calculated and at least a portion of the route from the first location to the second location may be provided to a delivery mechanism, such as an automated delivery device and/or a user.

Abstract: Embodiments of the disclosure relate to proxying at least one email resource from at least one email service to at least one client device, determining whether the email resources are accessible to the client devices via at least one unauthorized application on the client devices, and modifying the email resources to be inaccessible via the unauthorized applications on the client devices in response to a determination that the email resources are accessible via the unauthorized applications on the client devices.

Abstract: Disclosed are various embodiments for enforcing device compliance parameters by inhibiting access to devices, networks or resources. Methods may include associating a compliance rule with a client device. If the compliance rule is violated, a setting associated with the client device may be altered. The altered setting may inhibit access to the client device, a network, a client device resource and/or a network resource. For example, necessary password complexities may be increased, password lifetimes may be decreased and/or resources may be restricted based on a geofence, a time of day and/or a day of the week.

Abstract: Embodiments of the disclosure relate to controlling access to email content. According to various embodiments as described herein, an email message may be accessed by a computing device to identify a uniform resource locator (URL) within the email message, wherein the URL corresponds to a resource residing in a protected location that is not accessible by a native browser application of the client device. The computing device may determine whether the client device is permitted to access the URL and request access to the resource via the secure browser application of the client device upon a determination that the client device is permitted to access the resource in accordance with the at least one resource rule.

Abstract: Continuous sensitive content authentication is described. In one example, a request to open content, such as a photograph, spreadsheet, or text-based document, among other types of content, is received. Based on a sensitivity level or access profile rule associated with the content, an individual can be prompted to perform an authentication procedure before the content is displayed. The content can be displayed in response to a verification using the authentication procedure or removed (or not displayed) in response to a rejection using the authentication procedure. Additionally, the authentication procedure can be continuously polled to confirm the verification while the content is displayed. While the content is being displayed, the content can be removed from display at any time if the authentication procedure no longer produces the verification result. In some cases, the content can also be deleted after a rejection is detected using the authentication procedure.

Abstract: Various systems facilitate encrypted file storage. A client device may generate an encrypted version of a file. The client device may obtain at least one reference to at least one storage location for the encrypted version of the file. The client device may cause the encrypted version of the file to be store at the at least one storage location using the at least one reference to the at least one storage location.

Abstract: A cryptographic proxy service may be provided. Upon determining that data associated with a network destination comprises at least some sensitive data, a cryptographic service may provide a security certificate associated with the network destination. The plurality of data may be encrypted according to the security certificate associated with the network destination and provided to the cryptographic service for re-encryption and transmission to the network destination.

Abstract: Disclosed are various embodiments for controlling a distribution of resources on a network. In one embodiment, among others, a processor is configured to transmit a request to access resources at a distribution service and receives location rules associated with the resources. The location rules specify an authorized location and an authorized perimeter area. The authorized location and the authorized perimeter area specify different access rights to the resources. The processor can determine a location of a computing device and determine that the computing device is compliant with at least one of the location rules based on the location of the computing device. The processor is configured to transmit a compliance indication to the distribution service for the location rules and receive access to at least some of the resources from the distribution service.

Abstract: Disclosed are various examples for communicating notifications for received email messages. A monitoring service monitors inboxes to which clients are subscribed. When a message arrives in a subscribed inbox, the monitoring service sends a notification to a notification brokering service. The notification brokering service then forwards the notification to the appropriate notification service for communication to a subscribed client.

Abstract: Disclosed are various embodiments for controlling access to resources by a client device. Methods may include receiving a user request to access a resource on the device and determining whether the resource requires a facial capture. If the resource requires a facial capture, a camera of the device may be automatically activated to capture an image and the resource may be rendered on the device. In some cases, access to the resource may be limited based on whether the image includes a face or not. A record associating the image and the requested resource may be stored, for example, on the device or on a remote server.

Abstract: Item delivery optimization may be provided. Items may be identified as available for delivery at a first location to at least one second location. A route from the first location to the second location may be calculated and at least a portion of the route from the first location to the second location may be provided to a delivery mechanism, such as an automated delivery device and/or a user.

Abstract: A cryptographic proxy service may be provided. Upon determining that data associated with a network destination comprises at least some sensitive data, a cryptographic service may provide a security certificate associated with the network destination. The plurality of data may be encrypted according to the security certificate associated with the network destination and provided to the cryptographic service for re-encryption and transmission to the network destination.

Abstract: Disclosed are various embodiments relating to managed clones of applications. In one embodiment, an application is received. If it is determined that the application should be managed, a managed clone of the application is generated. The managed clone of the application is configured for coexistence along with the application upon a client device under management. The managed clone of the application may then be deployed to the client device under management.