Abstract: Examples of scheduled and on-demand volume encryption suspension are described. A management service can identify multi-volume encryption rules for local volumes of a client device including the operating system volume as well as non-operating-system volumes. The encryption rules can be transmitted to the client device. Volume encryption samples for the client device can be received, and a console user interface can be generated to indicate compliance status information for the multi-volume encryption rules for local volumes of a client device.

Abstract: Disclosed are various examples for verification and management of firmware for client devices enrolled with a management service of an enterprise. The firmware verification includes a verification process using multiple checkpoints for determining whether status responses associated with firmware installed on and received from a managed client device can be trusted. The multiple checkpoints can include verifying certificate data, signature data, and an exit code included in status responses received from managed devices. In the event that one of the verification steps fails, the device can be considered compromised and subject to various compliance actions. The compliance actions can include limiting access to enterprise data, limiting access to one or more applications, wiping a device clean to reset the devices to the original factory settings, sending a notification to an enterprise administrator providing an indication of the detected compromise, and other types of compliance actions.

Abstract: Firmware passwords, such as BIOS passwords can be managed by a remotely executed management service. A password reset command can be generated and transmitted to a client device. A management agent can execute the command and provide confirmation to a management service that the password has been updated.

Abstract: Examples of scheduled and on-demand volume encryption suspension are described. In some examples, volume encryption is to be suspended for a client device. A suspension limit is identified for a volume encryption suspension for the client device. A suspend encryption command is generated to include instructions for the client device to apply the volume encryption suspension according to the suspension limit. The suspend encryption command is transmitted to the client device for execution.

Abstract: Systems and methods are described for managing a user device in multiple management modes. In an example, an agent executing on the user device can enroll the user device with a Unified Endpoint Management (“UEM”) system in a limited management mode. The agent can receive and install a first configuration profile from a server that configures the agent to operate on an unmanaged channel of the user device. In one example, the user device can have a third-party management client that manages the user device on a managed channel. The third-party management client can be removed. The agent can enroll the user device with the UEM in a full management mode. The agent can receive and install a second configuration profile that configures the agent to operate on the managed channel of the user device.

Abstract: Disclosed are various examples for managing firmware passwords, such as BIOS passwords. A password reset command can be generated and transmitted to a client device. A management agent can execute the command and provide confirmation to a management service that the password has been updated.

Abstract: Examples of scheduled and on-demand volume encryption suspension are described. A management service can identify multi-volume encryption rules for local volumes of a client device including the operating system volume as well as non-operating-system volumes. The encryption rules can be transmitted to the client device. Volume encryption samples for the client device can be received, and a console user interface can be generated to indicate compliance status information for the multi-volume encryption rules for local volumes of a client device.

Abstract: Systems and methods are described for managing a user device in multiple management modes. In an example, an agent executing on the user device can enroll the user device with a Unified Endpoint Management (“UEM”) system in a limited management mode. The agent can receive and install a first configuration profile from a server that configures the agent to operate on an unmanaged channel of the user device. In one example, the user device can have a third-party management client that manages the user device on a managed channel. The third-party management client can be removed. The agent can enroll the user device with the UEM in a full management mode. The agent can receive and install a second configuration profile that configures the agent to operate on the managed channel of the user device.

Abstract: Disclosed are various examples for managing firmware passwords, such as BIOS passwords. A password reset command can be generated and transmitted to a client device. A management agent can execute the command and provide confirmation to a management service that the password has been updated.

Abstract: Examples of scheduled and on-demand volume encryption suspension are described. In some examples, volume encryption is to be suspended for a client device. A suspension limit is identified for a volume encryption suspension for the client device. A suspend encryption command is generated to include instructions for the client device to apply the volume encryption suspension according to the suspension limit. The suspend encryption command is transmitted to the client device for execution.

Abstract: Examples of secure recovery key management are described. In some examples, a management service receives a removable drive recovery key, a recovery key identifier, and a removable drive identifier from a management agent executed on a client device. The management service stores the information, reads the removable drive recovery key from the removable drive recovery key escrow, and transmits this to the management agent as a verification of accurate storage of the removable drive recovery key within the removable drive recovery key escrow.

Abstract: Systems and methods are described for managing a user device in multiple management modes. In an example, an agent executing on the user device can enroll the user device with a Unified Endpoint Management (“UEM”) system in a limited management mode. The agent can receive and install a first configuration profile from a server that configures the agent to operate on an unmanaged channel of the user device. In one example, the user device can have a third-party management client that manages the user device on a managed channel. The third-party management client can be removed. The agent can enroll the user device with the UEM in a full management mode. The agent can receive and install a second configuration profile that configures the agent to operate on the managed channel of the user device.

Abstract: Disclosed are various examples for managing firmware passwords, such as BIOS passwords. A password reset command can be generated and transmitted to a client device. A management agent can execute the command and provide confirmation to a management service that the password has been updated.

Abstract: Disclosed are various examples for verification and management of firmware for client devices enrolled with a management service of an enterprise. The firmware verification includes a verification process using multiple checkpoints for determining whether status responses associated with firmware installed on and received from a managed client device can be trusted. The multiple checkpoints can include verifying certificate data, signature data, and an exit code included in status responses received from managed devices. In the event that one of the verification steps fails, the device can be considered compromised and subject to various compliance actions. The compliance actions can include limiting access to enterprise data, limiting access to one or more applications, wiping a device clean to reset the devices to the original factory settings, sending a notification to an enterprise administrator providing an indication of the detected compromise, and other types of compliance actions.

Abstract: Disclosed are various approaches for validating factory provisioning of computing devices with a virtual machine. A package file is unpacked, the package file containing: at least one application to be installed on the virtual machine, and a configuration file containing at least one setting for an operating system installed on the virtual machine or the at least one application and at least one respective value for the at least one setting. Then at least one application is installed on the virtual machine. Installation of the application is confirmed. Then the operating system is configured based on the configuration file, and the configuration of the operating system is confirmed. The results are then rendered in a user interface to indicate whether installation of the applications and configuration of the operating system was successful.

Abstract: Methods, apparatus, and processor-readable storage media for dynamically generating system-compatible transaction requests derived from external information are provided herein. An example computer-implemented method includes converting portions of a transaction request to items of text, wherein the transaction request is derived from a source external to a transaction request processing system; extracting items of information associated with the transaction request processing system from the items of text via one or more machine learning algorithms; dynamically generating a modified version of the transaction request based at least in part on the extracted items of information and one or more items of historical information related to the extracted items of information, wherein the modified version of the transaction request is compatible with the transaction request processing system; and outputting the modified version of the transaction request to the transaction request processing system.