Abstract: In certain aspects, methods include, responsive to receiving verification that credentials associated with an organization device (OD) is authenticated, requesting the OD to create a token comprising a private and public key. The method includes receiving, subsequent to the OD initiating creation of the token, the public key from the OD. The method includes associating the public key with an UPN of the OD, and includes requesting the organization credentials from a secondary device (SD), responsive to detecting a request therefrom. The method includes requesting, responsive to authentication of the organization credentials, a challenge response from the SD. The method includes receiving the challenge response from the SD, which signed the challenge response with the private key that was transferred via the OD. The method includes determining, with the public key, whether the challenge response is valid, and includes validating enrollment of the SD when the challenge response is validated.

Abstract: In certain aspects of the present disclosure, a computer-implemented method includes receiving a configuration profile from a risk assessment service, wherein the risk assessment service generated the configuration profile to comprise service policies associated with DNS traffic and an HTTPS URL. The method includes modifying the HTTPS URL of the configuration profile to include an UDID associated with a target device. The method includes transmitting, to the target device, the configuration profile comprising the HTTPS URL with the UDID associated with the target device, wherein the risk assessment service, responsive to the target device receiving the configuration profile, generates a device object based on the configuration profile comprising the HTTPS URL with the UDID. The method includes identifying, based on the UDID, meta data associated with the target device for returning a DNS response to a DNS request from the target device. Systems and machine-readable media are also provided.

Abstract: In certain aspects, methods include, responsive to receiving verification that credentials associated with an organization device (OD) is authenticated, requesting the OD to create a token comprising a private and public key. The method includes receiving, subsequent to the OD initiating creation of the token, the public key from the OD. The method includes associating the public key with an UPN of the OD, and includes requesting the organization credentials from a secondary device (SD), responsive to detecting a request therefrom. The method includes requesting, responsive to authentication of the organization credentials, a challenge response from the SD. The method includes receiving the challenge response from the SD, which signed the challenge response with the private key that was transferred via the OD. The method includes determining, with the public key, whether the challenge response is valid, and includes validating enrollment of the SD when the challenge response is validated.

Abstract: In certain aspects of the disclosure, a computer-implemented method includes enrolling, at a mobile device management service, at least one managed device. The method includes receiving a client certificate on the at least one managed device. The method includes integrating, via a trusted ecosystem vendor app on the at least one managed device, a universal device identifier SDK. The method includes retrieving, by the universal device identifier SDK based on a request from the trusted ecosystem vendor app, a pre-salted device identifier address associated with the at least one managed device. The method includes transmitting, by the at least one managed device via the trusted ecosystem vendor, the pre-salted device identifier address to a security vendor service for generating a universal device identifier address. The method includes receiving, from the security vendor service by the at least one managed device via the trusted ecosystem vendor, the universal device identifier address.

Abstract: In certain aspects, a computer-implemented method includes receiving, responsive to a managed device communicating with a reader, user data and access information of the managed device. The method includes identifying device information of the managed device associated with the user data and the access information. The method also includes determining at least one mobile device action to perform on the managed device based on the device information, the user data, and the access information. The method includes, responsive to determining the at least one mobile device action, transmitting a message to a push notification service, wherein the message initiates the managed device to communicate with a mobile device management server. The method includes, responsive to the managed device communicating with the mobile device management server, transmitting a management command to the managed device to perform the at least one mobile device action. Systems and media are also provided.

Abstract: A method for detecting a man-in-the-middle attack against communications between a client device and a specific remote end point over a network, the method using probe software installed on the client device, the method comprising the probe software sending a connection initiation request from the client device over the network, directed to the remote end point, to at least partially initiate a secure network connection between the remote end point and the client device, receiving at the client device encryption credentials sent to the client device in response to the connection initiation request, the probe software comparing the received encryption credentials with expected encryption credentials for the remote end point, and the probe software determining that a man-in-the-middle attack is present if the received encryption credentials do no match the expected encryption credentials.

Abstract: A method for detecting a man-in-the-middle attack against communications between a client device and a specific remote end point over a network, the method using probe software installed on the client device, the method comprising the probe software sending a connection initiation request from the client device over the network, directed to the remote end point, to at least partially initiate a secure network connection between the remote end point and the client device, receiving at the client device encryption credentials sent to the client device in response to the connection initiation request, the probe software comparing the received encryption credentials with expected encryption credentials for the remote end point, and the probe software determining that a man-in-the-middle attack is present if the received encryption credentials do no match the expected encryption credentials.