Abstract: Disclosed are various examples identifying time-sensitive tasks being performed by a user of a client device that may be affected by a network connectivity issue associated with the client device and alerting the user interacting with the client device of the identified time-sensitive tasks. Network connectivity data associated one or more client devices can be used to identify patterns and context in network connectivity loss based at least in part on location, time, date, etc. Additionally, user context data associated with a user can be analyzed to predict whether the user will experience any connectivity issues and identify any tasks or action items being performed by the user interacting with the client device that may be considered time-sensitive. A user can be notified of a potential connectivity issue that may affect the ability for the user to complete a time-sensitive task.

Abstract: The system provides a permissions engine derives permissions for responses from artificial intelligence (AI) agents. The permissions are derived based on the access permissions of chunks used to generate the response, and the response is cached for reuse with users meeting the permissions requirements. The system can also derive an access permission level for a user attempting to access the cached result or other content. This can be based on a managed access profile that includes user behavior criteria and device criteria. Likewise, the system can validate and derive sensitivity levels of documents that are ingested for use in AI agents and discriminate between chunks to use in synthesizing results based on the derived permissions of the chunks and their relationship to the user.

Abstract: Systems and methods are described for accessing resources of a Unified Endpoint Management (“UEM”) system through an enrolled device. In an example, an unenrolled device can be paired with an enrolled device. The unenrolled device can connect to the enrolled device on a local network. The enrolled device can verify the unenrolled device using a key provided during pairing. The unenrolled device can send requests for UEM resources to the enrolled device, which the enrolled device can send to a UEM server. The UEM server can send the requested UEM resources to the enrolled device, and the enrolled device can send the UEM resources to the enrolled device over the local network.

Abstract: The present invention provides a system for processing user queries through an artificial intelligence (“AI”) pipeline, utilizing data chunking, question generation, and AI models to deliver contextually relevant responses. The system includes a server that ingests and chunks datasets, generates vector embeddings, and stores the data in one or more vector databases. A pipeline engine sends the chunked data to an AI model that generates potential questions tailored to different user personas. These questions, along with their corresponding data chunks, are stored in the database for future retrieval. When a user submits a query, the system semantically compares the query to the pre-generated question vectors and retrieves the most relevant question and associated data chunk. The query is then sent to an external AI model for final response generation. The system provides seamless interaction, delivering optimized, context-aware responses to user queries in real-time.

Abstract: The invention provides a rules engine that manages user requests within an interface integrating multiple AI platforms and AI Models. Upon receiving a query, the engine assigns scores based on factors like management rules, user preferences, and contextual information. Determinative scores, such as those enforcing strict enterprise policies, can override others, leading the engine to block or reroute the query. If no score is determinative, the engine forwards the query and associated prompts to a specialized routing AI Model for contextual analysis. Based on this analysis, the rules engine directs the query to the most appropriate AI Model or defaults to the user-designated AI Model. This system balances user intent with rule enforcement, optimizing query processing across various AI platforms while ensuring compliance with enterprise guidelines.

Abstract: Examples described herein include systems and methods for authenticating a voice-activated device. An example method can include receiving, at an application server, a request from a user device to authenticate the voice-activated device. The application server can provide a first temporary key and session ID to the user device. The method can further include communicating the first temporary key from the user device to the voice-activated device, such as by reading it aloud or having the user device communicate the key in some manner. The voice-activated device can then provide the key to the application server, which generates a second temporary key and sends it back to the voice-activated device. The second temporary key can then be transferred to the user device, which closes the loop by providing the key back to the application server. The application server can then authenticate and provide access to the voice-activated device.

Abstract: A computerized method of delivering applications includes transmitting, by a connection server, a registration request to an application manager server, the registration request including administration credentials for the application manager server and a public certificate of the connection server, the administration credentials causing the application manager server to trust the connection server regarding application requests; receiving, by the connection server, a user application launch request from a user device, the user application launch request identifying an application; generating a proxy application launch request for the received user application launch request, the proxy application launch request identifying the application and including a signed message created with a private key associated with the public certificate; and transmitting the proxy application launch request for delivery to the application manager server, causing the application manager server to make the application available t

Abstract: Systems and methods are described for accessing resources of a Unified Endpoint Management (“UEM”) system through an enrolled device. In an example, an unenrolled device can be paired with an enrolled device. The unenrolled device can connect to the enrolled device on a local network. The enrolled device can verify the unenrolled device using a key provided during pairing. The unenrolled device can send requests for UEM resources to the enrolled device, which the enrolled device can send to a UEM server. The UEM server can send the requested UEM resources to the enrolled device, and the enrolled device can send the UEM resources to the enrolled device over the local network.

Abstract: Systems and methods are described for increasing web browser security on a user device managed by a device management system. In an example, the user device can use an unmanaged web browser to access secure enterprise content using a browser extension provided by the enterprise. When a user attempts to access secure content from an unmanaged browser, the device management system can communicate with the extension and a management application on the user device to authenticate the user and verify that the user device complies with certain policies. In one example, the device management system can include an extension recommendation engine that analyzes user browsing data and recommends browser extensions for the user. Based on policies, the device management system can recommend the extension to the user or force installation of the extension on the user device.

Abstract: Disclosed are various embodiments for enabling an enrolled client device of a user to access an enterprise resource via a second enrolled client device of the user. One such method comprises launching, by the first client device, a peer-to-peer communication channel between the first client device and a second client device of the user that is online with the management server; transmitting, by the first client device, a peer-to-peer offline access mode request over the peer-to-peer communication channel for the first client device to be given access to an enterprise resource that is being managed by the management server, wherein the request includes instructions for the second client device to forward the request to the management server, wherein the request further includes enterprise resource identification and verification data showing that the first client device is in compliance with a compliancy policy of the management service.

Abstract: Various examples are disclosed for a zero-trust authentication model for virtual desktop infrastructure (VDI) sessions. Upon user authentication of a VDI session, security posture assessments can be performed that analyze an ongoing or continuous state of the user, client device, or network conditions. Remedial measures or mitigation procedures can be performed to address potential non-compliance of the VDI session.

Abstract: Disclosed are various embodiments for intelligent text recognition based upon a selected pattern detection mode. First, text can be identified in an image. A pattern detection mode can be selected by a user or autonomously. In some instances, the pattern detection mode can be selected based at least in part on a user account. Next, the text can be parsed for occurrences of a pattern associated with the selected pattern detection mode. A list of occurrences of the pattern can be generated from the text and presented to a user. In some instances, a user can train a model to learn a new pattern.

Abstract: Disclosed are various embodiments for delegating administrator tasks from a primary administrator to a secondary administrator. A secondary administrator can create a temporary user account and cause a temporary client device to be enrolled with a management service. The temporary user and/or temporary client device can be provided with access to certain enterprise resources to which the secondary administrator is empowered to grant access.

Abstract: Disclosed are various embodiments for redacting or modifying content in documents that are provided to users. A user's clearance level can be determined by analyzing the role of the user within the enterprise. A redaction level can be determined from the clearance level. A document or other content can be modified or redacted based upon the redaction level.

Abstract: Disclosed are various embodiments for generating a list of predicted contacts that can be provided to a client device. The predicted contacts can be generated based upon an analysis of user interaction data. The predicted contacts can be made available to a phone application or messaging application on a client device so that contact information can be displayed in response to an incoming call or a message.

Abstract: Disclosed are various embodiments for preventing unauthorized access to materials presented in a meeting room. In one example, a system comprises a computing device that is configured to identify a list of invited users for a meeting occurring in a meeting room and to detect a client device of an uninvited user that has entered the meeting room. An uninvited user notification is transmitted to a remote computing device. A suspension command is received for the meeting room from the remote computing device based on the uninvited user notification. The computing device is configured to enforce a suspension action on a meeting room device located in the meeting room based on the suspension command.

Abstract: Disclosed herein are examples of systems and methods for formatting electronic messages using machine learning. An electronic message can be obtained, and a processed message can be generated based at least in part on the electronic message. At least one attribute for the processed message can be determined. A formatting specification can be generated based at least in part on the at least one attribute. A reformatted message can be generated based at least in part on the formatting specification.

Abstract: Systems and methods for 3D printer management can allow or reject printing of an object based on a model that is trained with machine learning. In one example, the model classifies the object according to object type. The object type can be compared against a list to determine whether to block the object from printing. The object can also be compared to previously printed objects. The object can be blocked from printing if a combination of the object and a previously printed object amounts to a threshold amount of a blacklisted item. The lists can be specific to users, such as an organizational group to which the user belongs. A print server can apply the model prior to forwarding the object to a 3D printer for printing. Both the models and the lists can evolve based on machine learning, such as based on which print decisions receive override from administrators.

Abstract: Disclosed herein are examples of systems and methods for synchronizing notification actions across multiple enrolled devices. A management service can receive from a first client device metadata associated with a notification posted on the first client device. The management service can receive from the first client device an indication of an action performed with respect to the notification. The management service can determine whether to propagate a new notification state to a second client device based at least in part on a type of the action and a current notification state associated with the second client device. In response to determining to propagate the new notification state to the second client device, the management service can provide to the second client device a command to change the current notification state to the new notification state.

Abstract: Disclosed are various aspects of voice skill session lifetime management. In some examples, a session extension request is received. The session extension request extends a voice skill session of a voice-activated device. A personal client device is identified based on the session extension request. A command to emit an ultrasonic pulse is transmitted to the personal client device.