Abstract: A client device identifies an action being performed using a first application in the client device. The client device identifies that the first application is not authorized to be used to perform the action. In response, the client device identifies a second application that is authorized to perform the action. The client device also facilitates the second application being used to perform the action.

Abstract: Continuous sensitive content authentication is described. In one example, a request to open content, such as a photograph, spreadsheet, or text-based document, among other types of content, is received. Based on a sensitivity level or access profile rule associated with the content, an individual can be prompted to perform an authentication procedure before the content is displayed. The content can be displayed in response to a verification using the authentication procedure or removed (or not displayed) in response to a rejection using the authentication procedure. Additionally, the authentication procedure can be continuously polled to confirm the verification while the content is displayed. While the content is being displayed, the content can be removed from display at any time if the authentication procedure no longer produces the verification result. In some cases, the content can also be deleted after a rejection is detected using the authentication procedure.

Abstract: Disclosed are various examples for providing secure access to email resources. Email resources associated with client devices may be identified, and resource rules associated with the email resources may be identified. A determination of whether the email resources satisfy the resource rules may be made.

Abstract: In a networked environment, a client side application executed on a client device may transmit a request to an authorization service for access to a resource. The authorization service may authenticate the user of client device and/or the client device based on user credentials and/or a device identifier. In response to authenticating the user and/or the client device, the authorization service may send to the client side application a request for confirmation that the client device complies with a distribution rule associated with the resource, where the distribution rule requires a specific application or specific type of application to be installed, enabled and/or executing on the client device as a prerequisite to accessing the resource. If the client device complies with the distribution rule, the client side application accesses the resource. Accessing the resource may include receiving an authorization credential required for access to the resource.

Abstract: Disclosed are systems and methods that facilitate encryption of email messages that are transported between mail servers. In some cases, email messages may be relayed through relay mail servers as well. An email message can be encrypted using a public key that corresponds to an organization associated with the recipient rather than a public key associated with the particular recipient. The email message can then be decrypted by the recipient mail server and deposited into a mailbox of the recipient.

Abstract: Embodiments of the disclosure relate to proxying one or more email resources in transit to the client devices from the email services, removing one or more email attachments from the email resources, and encoding the stripped email attachments based at least in part on one or more cryptographic keys.

Abstract: Disclosed are various embodiments for controlling access to resources in a network environment. Methods may include installing a profile on the device and installing a certificate included in or otherwise associated with the profile on the device. A request to execute an application, and/or access a resource using a particular application, is received and determination is made as to whether the certificate is installed on the device based on an identification of the certificate by the application. If the certificate is installed on the device, then execution of the application and/or access to the resource is allowed. If the certificate is not installed on the device, then the request for execution and/or access is refused.

Abstract: Embodiments of the disclosure relate to proxying one or more email resources in transit to the client devices from the email services, removing one or more email attachments from the email resources, and encoding the stripped email attachments based at least in part on one or more cryptographic keys.

Abstract: Various systems facilitate encrypted file storage. A client device may generate an encrypted version of a file. The client device may obtain at least one reference to at least one storage location for the encrypted version of the file. The client device may cause the encrypted version of the file to be store at the at least one storage location using the at least one reference to the at least one storage location.

Abstract: Disclosed are various examples for communicating notifications for received email messages. A monitoring service monitors inboxes to which clients are subscribed. When a message arrives in a subscribed inbox, the monitoring service sends a notification to a notification brokering service. The notification brokering service then forwards the notification to the appropriate notification service for communication to a subscribed client.

Abstract: Methods, systems, apparatuses, and/or computer-readable media for providing device management via application modification may be provided. In some embodiments, a request to perform an action may be received. Upon determining that the action is associated with a metered resource, a further determination may be made as to whether the request complies with at least one management policy. In response to determining that the request complies with the at least one management policy, the requested action may be authorized and/or caused to be performed.

Abstract: On-demand activation of a security policy may be provided. Upon receiving a selection of a link, a profile identified by a security policy associated with the link may be activated and the link may be opened according to the security policy. In some embodiments, opening the link according to the security policy may comprise redirecting the opening of the link from a first application to a second application.

Abstract: Disclosed are various embodiments for controlling access to data on a network. Upon receiving a request comprising a device identifier and at least one user credential to access a remote resource, the request may be authenticated according to at least one compliance policy. If the request is authenticated, a resource credential associated with the remote resource may be provided.

Abstract: Disclosed are various embodiments for accessing resources when a client device complies with distribution rules. A client device receives selected resources and distribution rules associated with the resources. The client device determines whether the client device complies with the distribution rules. When the resources are modified, the changes are sent to a distribution service associated with the resources.

Abstract: Disclosed are various approaches for implementing an application authentication wrapper. An authentication request, such as a Kerberos request, is created for authenticating the computing device. The authentication request is encrypted to generate an encrypted authentication request. The encrypted authentication request is then forwarded to a reverse proxy server. An encrypted authentication response is received from the reverse proxy server. The encrypted authentication response, such as a Kerberos response, is then decrypted to generate a corresponding authentication response, which is then forwarded to the computing device that generated the authentication request.

Abstract: Disclosed are various embodiments for controlling distribution of resources on a network. In one embodiment, among others, a processor receives a request from a client device to access resources hosted by a distribution service. In response, the processor determines whether the client device is authorized to access the distribution service. The processor identifies which of the resources hosted by the distribution service are accessible to the client device based on the resource grouping identifiers associated with the client device. The processor determines which distribution rules are associated with the identified resources, the distribution rules including location rules and time rules. The processor then transmits the identified resources and identified distribution rules to the client device, where the resources are configured to be exclusively accessible via a containerized client application on the client device while the client device satisfies the distribution rules associated with the resources.

Abstract: Control of access to resources on a network may be provided. A request to access enterprise resource(s), the request comprising a set of user access credentials and a device identifier, may be generated. The request to access the at least one enterprise resource and an updated device profile may be provided to an authorization service. A set of enterprise access credentials may be received from the authorization service and used to generate a second request to access the enterprise resource(s).

Abstract: Telecommunications data usage management may be provided. A network state associated with a communication network may be identified. Upon determining that the network state is not in compliance with a data usage policy, access to the communication network may be restricted for at least one application.

Abstract: Systems herein include thin clients that operate with managed profile-based virtual machines. This can allow users to utilize personal user devices in an enterprise environment without subjecting sensitive enterprise credentials to the user device. A management server can determine a profile associated with the user device. Based on the profile, a virtual machine can be instantiated at a thin server, remotely from the thin client. The profile-specific virtual machine can include a particular guest operating system, guest applications, security features, or functionality. The instance of the virtual machine can communicate graphics information from a guest application to the thin client, and the thin client can communicate user interface events to the instance for controlling the guest application.

Abstract: Disclosed are various examples for communicating notifications for received email messages. A monitoring service monitors inboxes to which clients are subscribed. When a message arrives in a subscribed inbox, the monitoring service sends a notification to a notification brokering service. The notification brokering service then forwards the notification to the appropriate notification service for communication to a subscribed client.