Abstract: Systems and methods are provided for optimizing and securing an enterprise voice service accessed by an external voice assistant device. An enterprise voice assistant installed on a client device acts as an enterprise voice service for an external voice assistant device. The enterprise voice assistant receives a voice query from the external voice assistant device. The voice query is processed using a machine learning model to extract an intent and at least one slot. The extracted intent and at least one slot are used to determine whether a response to the voice query can be generated using local enterprise data that was previously received and stored by the client device from a management server. The response is generated based on the determination by using the local enterprise data or by sending the extracted intent and at least one slot to and receiving the response from the management server.

Abstract: Systems and methods are included for improved interorganizational collaboration. An agent on a server can crawl through data files to identify keywords relating to a product. The agent can create tags and assign the keywords to the tags. The agent can crawl through user-related data files to identify potential support users. The support users can be mapped to tags in a database. A user interacting with a chat application can request help with the product. The agent can extract keywords from the request and use them to identify a tag. The agent can map the tag to support users and using an algorithm can select a support user to send the help request to. If the support user denies the request or does not respond, the agent can send the request to another support user. Once a support user accepts the request, the agent can connect the users.

Abstract: A first server can generate user profiles and receive requests from user devices for enrollment in a first server-managed system that includes user groups. The first server can provide a unique key to a user device during an enrolment process based on a user group the user device is assigned to. The first server can include an enrollment notification for the user device in a first notification transmitted to a messaging service. The messaging service can transmit a second notification to the user device, and the user device can request a user profile from a second server based on second server access information included in the second notification. The second server can use the unique key to access user profile information which it transmits to the user device based on the request. The user device can access the user profile from the profile information using the unique key.

Abstract: Disclosed are various approaches for dynamically creating content to present to a user based on an identified intent, or other context, associated with a message (e.g., email). A message that is received from a message server can be analyzed to identify the message content within the message prior to distributing to the recipient client device. Trained intent identification models can be applied to the identified message content to determine an intent, or other type of context, associated with the message. Upon identifying the intent, the message header can be modified to include the intent prior to forwarding the message to the recipient client device. The client device can then display a user interface including the message and a user interface element corresponding to a third-party service. The user interface element can be dynamically generated to include an action component that upon selection, triggers an action associated with the intent.

Abstract: Disclosed are various aspects of postponing or migrating tasks from a first assistant device to another assistant device. In some examples, an assistant device can facilitate task completion. Tasks can be recommended for postponement based upon the complexity of the task, a historical user profile, or the location of the assistant device.

Abstract: Described herein are methods and systems for dynamically optimizing a Flying Ad-Hoc Network (“FANET”). A server that manages the FANET can receive information relating to the network activity of user devices connected to the FANET. Examples of the type of information included can include the user devices' locations, network connection quality, and network traffic volume dedicated to a Unified Endpoint Management (“UEM”) system of an enterprise. The server can analyze the network activity information based on a set of rules to prioritize the user devices connected to the FANET. The server can instruct unmanned aerial vehicles (“UAVs”) in the FANET to reposition themselves to provide the best connection for higher priority user devices.

Abstract: Disclosed are various approaches for dynamically creating content to present to a user based on an identified intent, or other context, associated with a message (e.g., email). A message that is received from a message server can be analyzed to identify the message content within the message prior to distributing to the recipient client device. Trained intent identification models can be applied to the identified message content to determine an intent, or other type of context, associated with the message. Upon identifying the intent, the message header can be modified to include the intent prior to forwarding the message to the recipient client device. The client device can then display a user interface including the message and a user interface element corresponding to a third-party service. The user interface element can be dynamically generated to include an action component that upon selection, triggers an action associated with the intent.

Abstract: Disclosed are various approaches for providing on-demand virtual private network (VPN) connectivity on a per-application basis. An application is determined to have begun execution on a computing device. The application is identified. A determination that the application is authorized to access a VPN connection is made, and the VPN connection is created.

Abstract: The technology disclosed herein enables packet handling based on user information included in packet headers. In a particular embodiment, a method provides, in a gateway to a network environment, establishing a first connection with a first connection endpoint outside of the network environment. The method further provides identifying first user information associated with the first connection and adding the first user information to a packet header of one or more first packets associated with the first connection. Also, the method provides transferring the one or more first packets into the network environment.

Abstract: Disclosed are various examples for dynamically generating and implementing scenario profiles for a network of devices, including IoT devices. A managed device can receive a dynamically generated scenario profile that defines tasks to be performed by the device for a given scenario. The device can also receive a scenario message that is broadcasted to all managed devices in a network and identifies an occurrence of a given scenario. If the device determines that the device is an intended recipient of the scenario message, the device can identify the scenario profile associated with the given scenario and perform the tasks defined by the scenario profile. The scenario profile can be modified and/or updated based on event data associated with the device.

Abstract: Examples described herein include systems and methods for creating a per-app virtual private network (“VPN”) using hooking, even though an isolated process is used for networking functions. The isolated process can include networking functions of the WebView class for ANDROID. The application can start an HTTP proxy server to receive local HTTP requests. Then, the application can trigger a broadcast to the isolated process, causing the isolated process to route its HTTP requests to the HTTP proxy of the application. The application can then hook HTTP requests and send them to a virtual private network (“VPN”) tunnel server. This can allow an application to securely connect to enterprise files or data even though the networking functions occur in the isolated process.

Abstract: A first server can generate user profiles and receive requests from user devices for enrollment in a first server-managed system that includes user groups. The first server can provide a unique key to a user device during an enrolment process based on a user group the user device is assigned to. The first server can include an enrollment notification for the user device in a first notification transmitted to a messaging service. The messaging service can transmit a second notification to the user device, and the user device can request a user profile from a second server based on second server access information included in the second notification. The second server can use the unique key to access user profile information which it transmits to the user device based on the request. The user device can access the user profile from the profile information using the unique key.

Abstract: Disclosed are various aspects of voice skill session lifetime management. In some examples, a session extension request is received. The session extension request extends a voice skill session of a voice-activated device. A personal client device is identified based on the session extension request. A command to emit an ultrasonic pulse is transmitted to the personal client device.

Abstract: Disclosed are various examples for audio data leak prevention using user and device contexts. In some examples, a voice assistant device can be connected to a remote service that provides enterprise data to be audibly emitted by the voice assistant device. In response to a request for the enterprise data being received from the voice assistant device, an audio signal can be generated that audibly broadcasts the enterprise data. The audio signal can be generated to audibly redact at least a portion of the enterprise data based at least in part on a mode of operation of the voice assistant device. The voice assistant device can be directed to emit the enterprise data through a playback of the audio signal.

Abstract: Disclosed are various approaches for facilitating single sign-on (SSO) for third-party services that are accessible through messages (e.g., email) received by a user. A user can receive a message that includes an embedded URL or link that opens in a third-party service that requires authentication. Instead of requiring the user to enter authentication credentials for accessing the third-party service, a tunnel service can be used to intercept requests for authentication and redirect the requests to an identity manager that can issue a SSO token following an authentication of the user and device. Upon supplying the third-party service with the SSO token, the user can access the content associated with the third-party service without entering authentication credentials.

Abstract: Disclosed are various examples for securing enterprise resources using a virtual private network. A client device can send a first unique device identifier for the client device to a remote management service upon enrollment. When a virtual private network application is first executed, the client device can send a second unique device identifier to the remote management service, where the remote management service is configured to store the second unique device identifier in association with the first unique universal identifier. During subsequent executions of the virtual private network application, the virtual private network service can authenticate the client device by comparing the first unique device identifier and the second unique device identifier to a device identifier received from the remote management service. A machine learning routine can be employed to identify anomalies as the virtual private network application is executed.

Abstract: This disclosure describes various ways in which a client agent can be incorporated into multiple virtual machines of a server cluster to keep track of the location of each instance of services running on the server cluster and facilitate rapid connection of different services on the server cluster as needed. When a first service requests connection to a second service, a client agent co-located with the first service is able to forward the request to a virtual network interface card (VNIC) associated with the second service. The VNIC is configured to forward the request to an available instance of the second service. The location of the services are determined and stored on one or more service registries right after the service instances are instantiated, removing the need for a search when new requests are received.

Abstract: Examples described herein include systems and methods for performing distributed encryption across multiple devices. An example method can include a first device discovering a second device that shares a network. The device can identify data to be sent to a server and calculate a checksum for that data. The device can then split the data into multiple portions and send a portion to the second device, along with a certificate associated with the server for encrypting the data. The first device can encrypt the portion of data it retained. The first device can receive an encrypted version of the second portion of the data sent to the second device. The first device can merge these two portions and send the merged encrypted data to the server, along with the checksum value. The server can decrypt the data and confirm that it reflects the original set of data.

Abstract: Disclosed are examples of managing devices through secondary communication channels. In some examples, a management component detects an impediment with a data communication channel for a device. The data communication channel can be a primary communication channel through which the device communicates with a management service. The management component detects an event associated with the device to report to the management service. The management component generates a message specifying the event, and the management component transmits the message to the management service through the secondary communication channel.

Abstract: Examples described herein include systems and methods for creating a per-app virtual private network (“VPN”) using hooking, even though an isolated process is used for networking functions. The isolated process can include networking functions of the WebView class for ANDROID. The application can start an HTTP proxy server to receive local HTTP requests. Then, the application can trigger a broadcast to the isolated process, causing the isolated process to route its HTTP requests to the HTTP proxy of the application. The application can then hook HTTP requests and send them to a virtual private network (“VPN”) tunnel server. This can allow an application to securely connect to enterprise files or data even though the networking functions occur in the isolated process.