Device Security and Control

MobiControl offers several device security options ranging from password authentication, user interface lockdown (also known as "kiosk"), and the ability to configure the device to automatically react to security threats such as repeated failed login attempts, even if the device is out-of-contact or in an offline state. 

MobiControl Security Center dialog box

MobiControl's security provides powerful features for securing devices and mobile data, while maximizing usability and making security implementation easy, efficient and cost-effective. Salient features of MobiControl's security include:

  • Over-the-Air (OTA) security policy distribution
  • Policies can be assigned at the individual device, group or global level
  • Security managed for both online (connected) and offline (disconnected) devices

To access MobiControl's Security Center, select the device or group of devices for which you want to configure security and then click Device, click Configure Devices, and click Security.

Authentication Policy

You can configure administrator passwords, and optionally, user passwords, to control access to the mobile device. The passwords are centrally managed via the Authentication tab. The option to use Windows Active Directory credentials is available. Please see the Authentication Security page for more information on configuring device-side user authentication.

Lockdown Policy

MobiControl allows administrators to operate mobile devices in a lockdown or kiosk mode by providing them with a specialized interface that strictly provides the device user with access to approved applications and websites only. Integrated locked-down or industrial web browser allows restricting browsing to specific Internet or Intranet sites only. Please see the Device Lockdown page for more information on configuring lockdown.

Application Run Control Policy

Control application infrastructure so you can easily manage, secure, and improve application service across the extended network of your mobile devices. Anti-virus like functionality allows better memory management and tighter monitoring of unauthorized applications on the device. MobiControl's application control engine delivers scalability, availability, breakthrough application security, and a way to simplify the application infrastructure overall within the network of your mobile devices.Please see the Application Run Control page for more information on configuring application run control.

Out-of-Contact Devices Policy

Time-based protection is now available for mobile devices to add an extra layer of security for mobile devices. The MobiControl Agent can be configured so that if the device has been lost or stolen and is out of contact (i.e. not connected to the network or the Deployment Server) for a defined time period, it will automatically take action to secure itself. For example, if the agent detects that the device has not connected for 24 hours, then it will wipe all data stored on the device. Please see the Out-of-Contact Devices page for more information on configuring out-of-contact device security.

File Encryption Policy

On-the-fly FIPS validated file encryption helps secure mobile data stored on the mobile device and media (flash storage or SD memory cards). File encryption allows only authenticated users to access the encrypted files, thus safeguarding sensitive business data and information on the mobile device, and helping mobile enterprise administrators meet their goals for complying with regulations. Please see the File Encryption page for more information on configuring file encryption.

Device Feature Control Policy

MobiControl provides various on-device feature controls including the capability to block various device communications and communication ports, similar to firewall functionality. Administrators can now disable Bluetooth, IR Beam, SD-card auto-execute, ActiveSync connection and other features including the phone and camera functionality available on the PDAs. Please see the Device Feature Control page for more information on configuring feature control on the devices.

Phone Call Policy

MobiControl will allow or deny a predefined set of phone numbers that the device will be able to receive a call from, or make a call to. Please see the Phone Call Policy page for more information on configuring the phone call policy.

Connection Security Policy

To protect the integrity of the corporate firewall and to secure communication and data flowing from the mobile devices to the server across public unsecured networks, MobiControl allows the use of SSL Mode for encrypting communication using SSL certificate-based communication security. Please see the Connection Security page for more information on configuring connection security.

Note:

    Due to a limitation in the way Windows CE 6.0 handles the pkfsh.log file - The following Device Security and Control Policies will not function properly:
    • Application Run Control Policy
    • Taskbar Lockdown
    • Device Feature Control Policy
    • File Encryption
    • Phone Call Policy

Note:

Device security and control policies will apply to only mobile devices, and do not apply to Windows 2000/XP/Vista/7, with the exception of the connection security policy.