Abstract: Embodiments described herein are directed to implementing compliance settings by a computing device for bringing the computing device into compliance with a configuration scenario. For instance, a computing device may receive, from a server, configuration information describing compliance settings for implementing by the computing device to bring the computing device into compliance with a configuration scenario. Moreover, the computing device may identify a state machine indicated by the configuration information that describes a configuration process for implementing the compliance settings and execute the state machine to configure the computing device with the compliance settings.

Abstract: Embodiments described herein are directed to implementing compliance settings by a computing device for bringing the computing device into compliance with a configuration scenario. For instance, a computing device may receive, from a server, configuration information describing compliance settings for implementing by the computing device to bring the computing device into compliance with a configuration scenario. Moreover, the computing device may identify a state machine indicated by the configuration information that describes a configuration process for implementing the compliance settings and execute the state machine to configure the computing device with the compliance settings.

Abstract: Embodiments described herein are directed to managing device compliance for devices that are connected to an enterprise network. For example, a mobile device manager may provide configuration settings to a computing device, which implements the settings in order to be compliant with an enterprise's data and/or security policy. The mobile device manager also maintains a local reference of each device's configuration settings implemented thereby. When the mobile device manager subsequently performs a determination as to whether the computing device is still in compliance, the mobile device manager simply needs to refer to the local reference to determine the computing device's settings instead of explicitly querying the computing device for its settings.

Abstract: This document relates to a process for supporting the management of a variety of types of deployed devices. Administrators utilizing enterprise services can provide generic configuration data using configuration templates, which can be provided to a management server. The management server can then precompute device-specific configuration settings and resolve any conflicts that may arise based on the configuration templates. The configuration templates can also include placeholders for secret values, and once a managed device checks in to the management server, the secret values can be retrieved from an applicable enterprise service and provided to the managed device at the time of applying the configuration template.

Abstract: A configuration control transfer (“CCT”) system controls the transferring of control of configuration information of a device from a current configuration source to a target configuration source. A CCT server of the CCT system may send a request for the configuration information of the device where the configuration information of the device currently under control of the at least one first configuration source. The CCT server may also receive the requested configuration information, determine whether the second configuration source is able to support the configuration information of the first configuration source, and based at least on a determination that the second configuration source is able to support the configuration information, request that the device transfer control of the configuration information from the first configuration source to the second configuration source to unenroll the device with the first configuration source and enroll the device with the second configuration source.

Abstract: Various technologies described herein pertain to controlling reconfiguration of a dependency graph for coordinating reconfiguration of a computing device. An operation can be performed at the computing device to detect whether an error exists in the dependency graph for a desired configuration state. The dependency graph for the desired configuration state specifies interdependencies between configurations of a set of features. An error can be detected to exist in the dependency graph when the desired configuration state differs from an actual configuration state of the computing device that results from use of the dependency graph to coordinate configuring the set of features. Feedback concerning success or failure of the dependency graph on the computing device can be sent from the computing device to a configuration source. The dependency graph can be modified (by the computing device and/or the configuration source) based on whether an error is detected in the dependency graph.

Abstract: A configuration control transfer (“CCT”) system controls the transferring of control of configuration information of a device from a current configuration source to a target configuration source. A CCT server of the CCT system may send to the device a message requesting the configuration information of the device. In response, a CCT client of the CCT system collects the configuration information of the device and sends the collected configuration information to the CCT server. If the second configuration source can support the configuration information of the current configuration source, the CCT server requests that the device transfer control of the configuration information from the current configuration source to the target configuration source. The CCT client then transfers control of the configuration information to the target configuration source as the new current configuration source and un-enrolls the device from the former current configuration source.

Abstract: Embodiments described herein are directed to implementing compliance settings by a computing device for bringing the computing device into compliance with a configuration scenario. For instance, a computing device may receive, from a server, configuration information describing compliance settings for implementing by the computing device to bring the computing device into compliance with a configuration scenario. Moreover, the computing device may identify a state machine indicated by the configuration information that describes a configuration process for implementing the compliance settings and execute the state machine to configure the computing device with the compliance settings.

Abstract: Embodiments described herein are directed to managing device compliance for devices that are connected to an enterprise network. For example, a mobile device manager may provide configuration settings to a computing device, which implements the settings in order to be compliant with an enterprise's data and/or security policy. The mobile device manager also maintains a local reference of each device's configuration settings implemented thereby. When the mobile device manager subsequently performs a determination as to whether the computing device is still in compliance, the mobile device manager simply needs to refer to the local reference to determine the computing device's settings instead of explicitly querying the computing device for its settings.

Abstract: The devices, systems, and methods described herein enable automatically configuring an electronic device using artificial intelligence (AI). The devices, systems, and methods enable accessing telemetry data representing device usage data, inputting the accessed telemetry data into machine learning models that are matched to device metadata, and determining notifications to publish to components of the electronic device. The notifications represent events predicted to occur on the electronic device. The notifications are published to the components of the electronic device such that the electronic device is configured according to the published notifications. The determined notifications enable the identification of optimal settings for the electronic device based on the usage pattern of the device and enable components of the electronic device to preemptively take action on events which are predicted to occur in the future.

Abstract: Various technologies described herein pertain to evaluating configuration compliance of a computing device. The computing device operates in a configuration compliance evaluation mode to test a set of configuration requests for a configuration source. Configuration changes to the computing device can be applied in a virtual machine run on the computing device when operating in the configuration compliance evaluation mode. Responsive to each configuration request being received and when the computing device is operating in the configuration compliance evaluation mode, the computing device can store the configuration request in a data store, apply the configuration request in the virtual machine to cause a configuration change in the virtual machine, and store data for verifying enforcement of the configuration change in the data store.

Abstract: A system may delegate authority to manage aspects of a security policy developed by administrative personnel to standard users (e.g. non-administrative personnel) corresponding to managed accounts within an administrative hierarchy. An exemplary security policy may include application management settings that allow or deny individual applications with access to various enterprise resources. The system may expose one or more user interfaces to standard users of an enterprise network to enable these standard users to modify the security policy being deployed for their managed account and/or to at least temporarily exempt a particular application from the enterprise's security policy. For example, upon a standard user attempting to access enterprise data with a particular application that is not permitted such access, the system may enable this standard user to change the security policy as applied to her device or to simply exempt the particular application from the security policy.

Abstract: Various technologies described herein pertain to controlling reconfiguration of a dependency graph for coordinating reconfiguration of a computing device. An operation can be performed at the computing device to detect whether an error exists in the dependency graph for a desired configuration state. The dependency graph for the desired configuration state specifies interdependencies between configurations of a set of features. An error can be detected to exist in the dependency graph when the desired configuration state differs from an actual configuration state of the computing device that results from use of the dependency graph to coordinate configuring the set of features. Feedback concerning success or failure of the dependency graph on the computing device can be sent from the computing device to a configuration source. The dependency graph can be modified (by the computing device and/or the configuration source) based on whether an error is detected in the dependency graph.

Abstract: Various technologies described herein pertain to evaluating configuration compliance of a computing device. The computing device operates in a configuration compliance evaluation mode to test a set of configuration requests for a configuration source. Configuration changes to the computing device can be applied in a virtual machine run on the computing device when operating in the configuration compliance evaluation mode. Responsive to each configuration request being received and when the computing device is operating in the configuration compliance evaluation mode, the computing device can store the configuration request in a data store, apply the configuration request in the virtual machine to cause a configuration change in the virtual machine, and store data for verifying enforcement of the configuration change in the data store.

Abstract: A system may delegate authority to manage aspects of a security policy developed by administrative personnel to standard users (e.g. non-administrative personnel) corresponding to managed accounts within an administrative hierarchy. An exemplary security policy may include application management settings that allow or deny individual applications with access to various enterprise resources. The system may expose one or more user interfaces to standard users of an enterprise network to enable these standard users to modify the security policy being deployed for their managed account and/or to at least temporarily exempt a particular application from the enterprise's security policy. For example, upon a standard user attempting to access enterprise data with a particular application that is not permitted such access, the system may enable this standard user to change the security policy as applied to her device or to simply exempt the particular application from the security policy.

Abstract: A configuration control transfer (“CCT”) system controls the transferring of control of configuration information of a device from a current configuration source to a target configuration source. A CCT server of the CCT system may send to the device a message requesting the configuration information of the device. In response, a CCT client of the CCT system collects the configuration information of the device and sends the collected configuration information to the CCT server. If the second configuration source can support the configuration information of the current configuration source, the CCT server requests that the device transfer control of the configuration information from the current configuration source to the target configuration source. The CCT client then transfers control of the configuration information to the target configuration source as the new current configuration source and un-enrolls the device from the former current configuration source.