Abstract: Disclosed are various approaches for encrypting a voice based response to a request through a voice assistant device. The request is associated with a network or federated service. A tunnel speaker containing a private key can decrypt the encrypted response using a private key provided to the tunnel speaker by a client application on a client device.

Abstract: Systems herein include a managed content application that can place markers for conversations within secure documents. A separate social application can serve as the platform for the conversations, allowing for efficient conversations that can occur in real time. The markers can be stored with the documents and identify the conversation, allowing users to retrieve historical conversations that occurred on the social application from within the document. This can allow users to quickly come up to speed without having to rehash the conversations with the original participants. Document security can also be maintained without sacrificing conversation efficiency of the social application.

Abstract: Dynamic content redaction though the generation of redaction schemas associated with document, image, media, or other data files is described. A redaction schema can include at least one range of content in a data file to be concealed for a user, a group of users, or operating parameters of various devices, for example. When the data file is opened for display on a device, the redaction schema can be parsed to identify whether masking objects should be added to a masking layer for overlay upon or above the content displayed. The masking layer can be generated based on the redaction schema, a user of the device, or operating parameters of the device, for example. Masking objects in the masking layer can conceal one or more ranges of the content in a data file from view or based on users or operating parameters of various devices.

Abstract: A system and method of communicating between computing devices including pairing a first computing device with a second computing device. The first computing device and the computing second device are configured to communicate with an application workspace system. The first computing device provides token and application information to a second computing device. The second computing device is authenticated with the application workspace system using the token and launches an application corresponding to the application information.

Abstract: Systems herein allow a user to record a presentation with a slides file. The system can record action events generated by a viewer application that displays slides of the slides file. The system can also record an audio segment for each displayed slide. An action information file can be created that links action events and audio segments to slides, and provides timing information for the action events. This can allow for playback of a narrated presentation where actions are recreated in synchronization with the narration while reducing the reliance on large video files.

Abstract: Disclosed are various approaches performing actions on data items in a third-party service with a network-accessible application programming interface from an email client. The email client can perform an action as specified by an email service profile, which specifies how to identify the email message, the data item and how to interact with the network-accessible application programming interface.

Abstract: Described herein are methods and systems for dynamically optimizing a Flying Ad-Hoc Network (“FANET”). A server that manages the FANET can receive information relating to the network activity of user devices connected to the FANET. Examples of the type of information included can include the user devices' locations, network connection quality, and network traffic volume dedicated to a Unified Endpoint Management (“UEM”) system of an enterprise. The server can analyze the network activity information based on a set of rules to prioritize the user devices connected to the FANET. The server can instruct unmanned aerial vehicles (“UAVs”) in the FANET to reposition themselves to provide the best connection for higher priority user devices.

Abstract: Disclosed are various examples for dynamically generating and implementing scenario profiles for a network of devices, including IoT devices. A managed device can receive a dynamically generated scenario profile that defines tasks to be performed by the device for a given scenario. The device can also receive a scenario message that is broadcasted to all managed devices in a network and identifies an occurrence of a given scenario. If the device determines that the device is an intended recipient of the scenario message, the device can identify the scenario profile associated with the given scenario and perform the tasks defined by the scenario profile. The scenario profile can be modified and/or updated based on event data associated with the device.

Abstract: Disclosed are various examples for facilitating access to files in a virtual content repository. In one example, a request to access a file is transmitted to a management service. The request includes a first authentication credential for a first user account associated with the management service. Storage plan data is received that identifies a content repository and a second authentication credential for a second user account associated with the content repository. The client device authenticates with the content repository using the storage plan data, and access to the file is provided.

Abstract: A first server can generate user profiles and receive requests from user devices for enrollment in a first server-managed system that includes user groups. The first server can provide a unique key to a user device during an enrolment process based on a user group the user device is assigned to. The first server can include an enrollment notification for the user device in a first notification transmitted to a messaging service. The messaging service can transmit a second notification to the user device, and the user device can request a user profile from a second server based on second server access information included in the second notification. The second server can use the unique key to access user profile information which it transmits to the user device based on the request. The user device can access the user profile from the profile information using the unique key.

Abstract: Disclosed are various examples for audio data leak prevention using user and device contexts. In some examples, a voice assistant device can be connected to a remote service that provides enterprise data to be audibly emitted by the voice assistant device. In response to a request for the enterprise data being received from the voice assistant device, an audio signal can be generated that audibly broadcasts the enterprise data. The audio signal can be generated to audibly redact at least a portion of the enterprise data based at least in part on a mode of operation of the voice assistant device. The voice assistant device can be directed to emit the enterprise data through a playback of the audio signal.

Abstract: Disclosed are various approaches for assisting a user with skill or application discovery in a voice assistant device. By assisting the user in this way, avoiding the launching of malicious skills or applications can also be avoided. Additionally, restricting launching of applications to particular users or particular voice assistant devices can also be accomplished.

Abstract: A system and method of communicating between computing devices including pairing a first computing device with a second computing device. The first computing device and the computing second device are configured to communicate with an application workspace system. The first computing device provides token and application information to a second computing device. The second computing device is authenticated with the application workspace system using the token and launches an application corresponding to the application information.

Abstract: Disclosed are various examples for securing the transmission of files to and from a client device. In some examples, an initialization token is identified for a file that includes a number of portions. An algorithm is iteratively applied to the initialization token to determine that no repeated output occurs over a number of iterations corresponding to the number of file portions. Initialization data is transmitted from a client device to a management service that manages access to the file. The initialization token is included in the initialization data if no repeated output occurs when the algorithm is iteratively applied over the number of iterations.

Abstract: Disclosed are various approaches performing actions on data items in a third-party service with a network-accessible application programming interface from an email client. The email client can perform an action as specified fey an email service profile, which specifies how to identify the email message, the data item and how to interact with the network-accessible application programming interface.

Abstract: Aspects of bundle administration and management are described. The use of bundles, as described herein, may be relied upon to assist users with the installation of applications associated with artifacts. In one embodiment, a bundle includes both a manifest and an artifact. A computing device may open the bundle and parse the manifest to identify an application for the artifact. The computing device may evaluate a status of a qualification to the application and, if the status meets the qualification, then install the application. Thus, with the combination of the manifest and the artifact in the bundle, it is not necessary that a user search for and identify an application associated with the artifact (e.g., a data or content file), because the computing device may reference the manifest to ascertain the application and, based upon one or more qualifications, for example, install the application automatically for the user.

Abstract: Examples described herein include systems and methods for performing distributed encryption across multiple devices. An example method can include a first device discovering a second device that shares a network. The device can identify data to be sent to a server and calculate a checksum for that data. The device can then split the data into multiple portions and send a portion to the second device, along with a certificate associated with the server for encrypting the data. The first device can encrypt the portion of data it retained. The first device can receive an encrypted version of the second portion of the data sent to the second device. The first device can merge these two portions and send the merged encrypted data to the server, along with the checksum value. The server can decrypt the data and confirm that it reflects the original set of data.

Abstract: Disclosed are various embodiments relating to a security framework for media playback. In one embodiment, a client device has a decryption module, a streaming module, and a playback module. The playback module may be configured to request media data from the streaming module and render the media data on an output device. The streaming module may be configured to obtain the media data from the decryption module by a request that specifies a size of the media data. The size may be dynamically determined based at least in part on an amount of available temporary data storage. The decryption module may be configured to decrypt a portion of an encrypted media file based at least in part on the specified size to produce the media data.

Abstract: Disclosed are examples of managing devices through secondary communication channels. In some examples, a management component detects an impediment with a data communication channel for a device. The data communication channel can be a primary communication channel through which the device communicates with a management service. The management component detects an event associated with the device to report to the management service. The management component generates a message specifying the event, and the management component transmits the message to the management service through the secondary communication channel.

Abstract: Disclosed are various approaches for sharing uniform resource locators (URLs) and enforcing browser restrictions along with a shared URL. Browser restrictions can be identified by appending commands to the shared URL that instruct the receiving browser to activate certain browser restrictions. Browser restrictions can also be enforced using a URL restriction validator, which is a server process that can facilitate enforcement of browser restrictions along with a shared URL.