Abstract: Disclosed are various examples identifying time-sensitive tasks being performed by a user of a client device that may be affected by a network connectivity issue associated with the client device and alerting the user interacting with the client device of the identified time-sensitive tasks. Network connectivity data associated one or more client devices can be used to identify patterns and context in network connectivity loss based at least in part on location, time, date, etc. Additionally, user context data associated with a user can be analyzed to predict whether the user will experience any connectivity issues and identify any tasks or action items being performed by the user interacting with the client device that may be considered time-sensitive. A user can be notified of a potential connectivity issue that may affect the ability for the user to complete a time-sensitive task.

Abstract: The system provides a permissions engine derives permissions for responses from artificial intelligence (AI) agents. The permissions are derived based on the access permissions of chunks used to generate the response, and the response is cached for reuse with users meeting the permissions requirements. The system can also derive an access permission level for a user attempting to access the cached result or other content. This can be based on a managed access profile that includes user behavior criteria and device criteria. Likewise, the system can validate and derive sensitivity levels of documents that are ingested for use in AI agents and discriminate between chunks to use in synthesizing results based on the derived permissions of the chunks and their relationship to the user.

Abstract: Systems and methods are described for accessing resources of a Unified Endpoint Management (“UEM”) system through an enrolled device. In an example, an unenrolled device can be paired with an enrolled device. The unenrolled device can connect to the enrolled device on a local network. The enrolled device can verify the unenrolled device using a key provided during pairing. The unenrolled device can send requests for UEM resources to the enrolled device, which the enrolled device can send to a UEM server. The UEM server can send the requested UEM resources to the enrolled device, and the enrolled device can send the UEM resources to the enrolled device over the local network.

Abstract: Disclosed are various approaches for detecting whether an event in a conferencing service is advanced or delayed relative to an agenda providing by the conferencing service or an event organizer. A speech-to-text conversion of the audio component can be performed and compared against the agenda. Segments of interest can be identified and users notified if the event is advanced or delayed.

Abstract: Disclosed are various approaches for sharing secure files between users belonging to the same enterprise. To begin, a computing device can identify a recipient device for a secure file transfer. Then, the computing device can verify an enrollment status of the recipient device with an enterprise. Next, the computing device can verify a compliance level of the recipient device. Based at least in part on a successful verification of the enrollment status and the compliance level, the computing device can transfer one or more secure files to the recipient device.

Abstract: The present invention provides a system for processing user queries through an artificial intelligence (“AI”) pipeline, utilizing data chunking, question generation, and AI models to deliver contextually relevant responses. The system includes a server that ingests and chunks datasets, generates vector embeddings, and stores the data in one or more vector databases. A pipeline engine sends the chunked data to an AI model that generates potential questions tailored to different user personas. These questions, along with their corresponding data chunks, are stored in the database for future retrieval. When a user submits a query, the system semantically compares the query to the pre-generated question vectors and retrieves the most relevant question and associated data chunk. The query is then sent to an external AI model for final response generation. The system provides seamless interaction, delivering optimized, context-aware responses to user queries in real-time.

Abstract: The invention provides a rules engine that manages user requests within an interface integrating multiple AI platforms and AI Models. Upon receiving a query, the engine assigns scores based on factors like management rules, user preferences, and contextual information. Determinative scores, such as those enforcing strict enterprise policies, can override others, leading the engine to block or reroute the query. If no score is determinative, the engine forwards the query and associated prompts to a specialized routing AI Model for contextual analysis. Based on this analysis, the rules engine directs the query to the most appropriate AI Model or defaults to the user-designated AI Model. This system balances user intent with rule enforcement, optimizing query processing across various AI platforms while ensuring compliance with enterprise guidelines.

Abstract: Examples described herein include systems and methods for authenticating a voice-activated device. An example method can include receiving, at an application server, a request from a user device to authenticate the voice-activated device. The application server can provide a first temporary key and session ID to the user device. The method can further include communicating the first temporary key from the user device to the voice-activated device, such as by reading it aloud or having the user device communicate the key in some manner. The voice-activated device can then provide the key to the application server, which generates a second temporary key and sends it back to the voice-activated device. The second temporary key can then be transferred to the user device, which closes the loop by providing the key back to the application server. The application server can then authenticate and provide access to the voice-activated device.

Abstract: The present disclosure fallback management of managed devices utilizing edge management servers that periodically poll a primary management server. If the primary management server is unreachable, the edge management servers can assume management of a population of managed devices.

Abstract: Various examples are disclosed for a zero-trust authentication model for user sessions. Upon user authentication of a session, security posture assessments can be performed that analyze an ongoing or continuous state of the user, client device, or network conditions. Remedial measures or mitigation procedures can be performed to address potential non-compliance of the session.

Abstract: A computerized method of delivering applications includes transmitting, by a connection server, a registration request to an application manager server, the registration request including administration credentials for the application manager server and a public certificate of the connection server, the administration credentials causing the application manager server to trust the connection server regarding application requests; receiving, by the connection server, a user application launch request from a user device, the user application launch request identifying an application; generating a proxy application launch request for the received user application launch request, the proxy application launch request identifying the application and including a signed message created with a private key associated with the public certificate; and transmitting the proxy application launch request for delivery to the application manager server, causing the application manager server to make the application available t

Abstract: Systems and methods are described for accessing resources of a Unified Endpoint Management (“UEM”) system through an enrolled device. In an example, an unenrolled device can be paired with an enrolled device. The unenrolled device can connect to the enrolled device on a local network. The enrolled device can verify the unenrolled device using a key provided during pairing. The unenrolled device can send requests for UEM resources to the enrolled device, which the enrolled device can send to a UEM server. The UEM server can send the requested UEM resources to the enrolled device, and the enrolled device can send the UEM resources to the enrolled device over the local network.

Abstract: Systems and methods are described for increasing web browser security on a user device managed by a device management system. In an example, the user device can use an unmanaged web browser to access secure enterprise content using a browser extension provided by the enterprise. When a user attempts to access secure content from an unmanaged browser, the device management system can communicate with the extension and a management application on the user device to authenticate the user and verify that the user device complies with certain policies. In one example, the device management system can include an extension recommendation engine that analyzes user browsing data and recommends browser extensions for the user. Based on policies, the device management system can recommend the extension to the user or force installation of the extension on the user device.

Abstract: Disclosed are various embodiments for enabling an enrolled client device of a user to access an enterprise resource via a second enrolled client device of the user. One such method comprises launching, by the first client device, a peer-to-peer communication channel between the first client device and a second client device of the user that is online with the management server; transmitting, by the first client device, a peer-to-peer offline access mode request over the peer-to-peer communication channel for the first client device to be given access to an enterprise resource that is being managed by the management server, wherein the request includes instructions for the second client device to forward the request to the management server, wherein the request further includes enterprise resource identification and verification data showing that the first client device is in compliance with a compliancy policy of the management service.

Abstract: Disclosed are various embodiments for preventing unauthorized access to materials and topics for meeting invitations and meeting recording. A meeting recording and other meeting data is received in association with a meeting identifier. The meeting recording and the meeting data is provided as input to a machine learning engine to generate labelled recording data. A user-specific recording package is generated to include data limited to the at least one meeting section corresponding to a set of security labels approved for a user account.

Abstract: Disclosed are various embodiments for redacting or modifying content in documents that are provided to users. A user profile can be generated by analyzing user data within or external to the enterprise. A document can also be analyzed to identify or classify the document's components. A document or other content can be modified or redacted based upon the user profile and the analysis of the document.

Abstract: Disclosed are various embodiments for preventing unauthorized access to materials and topics for meeting invitations and meeting recording. Meeting data is identified for a meeting invitation or a meeting recording. The meeting data includes a set of participants, a time slot, and meeting location. A meeting security recommendation is generated to include a security label based on output data from a meeting security service machine learning engine that takes the meeting data as input. The meeting security recommendation is transmitted to a client device. A meeting security action is implemented using security recommendation feedback received from the client device.

Abstract: Disclosed are various examples identifying time-sensitive tasks being performed by a user of a client device that may be affected by a network connectivity issue associated with the client device and alerting the user interacting with the client device of the identified time-sensitive tasks. Network connectivity data associated one or more client devices can be used to identify patterns and context in network connectivity loss based at least in part on location, time, date, etc. Additionally, user context data associated with a user can be analyzed to predict whether the user will experience any connectivity issues and identify any tasks or action items being performed by the user interacting with the client device that may be considered time-sensitive. A user can be notified of a potential connectivity issue that may affect the ability for the user to complete a time-sensitive task.

Abstract: Disclosed are various approaches for managing physical resources in a physical workspace. Environmental data can be obtained from sensors in the physical workspace. A status map of the physical workspace can be generated. A space utilization plan can also be created that assigns users and events to areas of the physical workspace.

Abstract: Various examples are disclosed for a zero-trust authentication model for virtual desktop infrastructure (VDI) sessions. Upon user authentication of a VDI session, security posture assessments can be performed that analyze an ongoing or continuous state of the user, client device, or network conditions. Remedial measures or mitigation procedures can be performed to address potential non-compliance of the VDI session.