Abstract: Described herein are example methods and systems for enrolling a user device with an unified endpoint management system (“UEMS”) directly from another user device. The examples describe a first user device that is already enrolled with the UEMS and a second user device that is seeking to be enrolled. The two user devices can establish a direct connection with each other. The second user device can be authenticated by a user inputting the same migration password or pin at both user device. The first user device can generate and send a migration data file to the second user device. The migration data file can include settings, policies, software packages, and files managed by the UEMS. The second user device can copy settings, policies, and files, and install the applications from the migration data file. The second user device can notify an UEMS server of the device migration.

Abstract: Described herein are example methods and systems for enrolling a user device with an unified endpoint management system (“UEMS”) directly from another user device. The examples describe a first user device that is already enrolled with the UEMS and a second user device that is seeking to be enrolled. The two user devices can establish a direct connection with each other. The second user device can be authenticated by a user inputting the same migration password or pin at both user device. The first user device can generate and send a migration data file to the second user device. The migration data file can include settings, policies, software packages, and files managed by the UEMS. The second user device can copy settings, policies, and files, and install the applications from the migration data file. The second user device can notify an UEMS server of the device migration.

Abstract: Examples herein describe systems and methods for application-specific compliance enforcement. An example method can include receiving, at a user device, profiles containing application-specific restrictions. When a first application is opened, a management agent compares the corresponding application-specific restrictions with current device settings. This can be done with a checksum comparison where the checksums are created based on a hash with an application- or profile-specific identifier. If they differ, the management agent stores the current device settings and prompts for, or automatically changes, the device settings to new compliant values before allowing the first application to operate in the foreground of the user device screen. If the first application is closed or minimized, the stored device settings can be restored. The management agent can compare those against application-specific restrictions of the second application before allowing the second application to run in the foreground.

Abstract: Described herein are example methods and systems for enrolling a user device with an unified endpoint management system (“UEMS”) directly from another user device. The examples describe a first user device that is already enrolled with the UEMS and a second user device that is seeking to be enrolled. The two user devices can establish a direct connection with each other. The second user device can be authenticated by a user inputting the same migration password or pin at both user device. The first user device can generate and send a migration data file to the second user device. The migration data file can include settings, policies, software packages, and files managed by the UEMS. The second user device can copy settings, policies, and files, and install the applications from the migration data file. The second user device can notify an UEMS server of the device migration.

Abstract: Examples herein describe systems and methods for application-specific compliance enforcement. An example method can include receiving, at a user device, profiles containing application-specific restrictions. When a first application is opened, a management agent compares the corresponding application-specific restrictions with current device settings. This can be done with a checksum comparison where the checksums are created based on a hash with an application- or profile-specific identifier. If they differ, the management agent stores the current device settings and prompts for, or automatically changes, the device settings to new compliant values before allowing the first application to operate in the foreground of the user device screen. If the first application is closed or minimized, the stored device settings can be restored. The management agent can compare those against application-specific restrictions of the second application before allowing the second application to run in the foreground.

Abstract: Examples described herein include systems and methods for providing on-demand access to a restricted resource of a user device. An example method can include generating a profile that specifies a restricted resource and one or more conditions for that resource to be de-restricted. The profile can be sent to, and utilized by, an agent application executing on the user device. The agent application can determine that a user is requesting de-restriction of a resource and determine whether all applicable conditions are met. If the conditions are met, the agent application can de-restrict the resource. After the resource is used, the agent application can report details of the use to an administrator or management server.

Abstract: Examples herein describe systems and methods for application-specific compliance enforcement. An example method can include receiving, at a user device, profiles containing application-specific restrictions. When a first application is opened, a management agent compares the corresponding application-specific restrictions with current device settings. This can be done with a checksum comparison where the checksums are created based on a hash with an application- or profile-specific identifier. If they differ, the management agent stores the current device settings and prompts for, or automatically changes, the device settings to new compliant values before allowing the first application to operate in the foreground of the user device screen. If the first application is closed or minimized, the stored device settings can be restored. The management agent can compare those against application-specific restrictions of the second application before allowing the second application to run in the foreground.

Abstract: Examples described herein include systems and methods for providing on-demand access to a restricted resource of a user device. An example method can include generating a profile that specifies a restricted resource and one or more conditions for that resource to be de-restricted. The profile can be sent to, and utilized by, an agent application executing on the user device. The agent application can determine that a user is requesting de-restriction of a resource and determine whether all applicable conditions are met. If the conditions are met, the agent application can de-restrict the resource. After the resource is used, the agent application can report details of the use to an administrator or management server.