ProMDM and PKI
For any MDM implementation, the key component is PKI environment. ProMDM will use the existing PKI environment that supports SCEP (NDES) and WSTEP enrollment interfaces or we can help you with the design and implementation of the Mobile PKI environment based on Microsoft Active Directory Certificate Services that will meet all requirements for iOS, Android and Windows Phone regarding certificates.
ProMDM provides complete Mobile Certificate Services for device and user certificates needed for MDM and SSO authentication scenarios.
ProMDM services for Exchange, Sharepoint and Web Applications
ProMDM provides secure configuration and SSO authentication services for Exchange ActiveSync and Sharepoint, as well for any Enterprise Web Applications that support Kerberos.
Our solution is fully integrated with Microsoft Windows 2012 R2 Web Application Proxy and AD-FS (Active Directory Federation Services) and provides SSO (Single Sign-On) for Exchange ActiveSync, Sharepoint and Enterprise Web Applications. Due to AD-FS integration, ProMDM supports any third-party STS Service with WS-Federation support.
ProMDM manages configuration profiles for Exchange ActiveSync on Apple iOS devices and Samsung enterprise mobile devices with user certificates for authentication and strong PIN enforcement. When the device is not compliant, stolen or the user leaves the company, the configuration profiles, and e-mail accounts are automatically removed from the device (Enterprise Wipe) and certificates revoked.
We provide built-in support for Samsung Knox (www.samsungknox.com) – containerization technology for Samsung Android devices that directly manages KNOX containers but also support “Android for Work” and functionalities that is provides including full separation of business and private data on mobile devices.
ProMDM supports legacy Microsoft TMG 2010 and other Firewall solutions with Kerberos Constrained Delegation functions instead of Windows 2012 R2 Web Application Proxy.
Apple iOS SSO support (Kerberos)
ProMDM supports configuration for Apple iOS feature called Single Sign-On that uses Kerberos and User certificates for seamless SSO experience with any web sites that uses Windows Integrated Authentication/Kerberos, so users can work on their iPads the same way they used to with Windows Devices.
SSO can also easily integrate with Microsoft ADFS and provide Kerberos SSO experience for any Claims based applications integrated with ADFS.
Samsung Knox Support
We support Samsung KNOX containers in terms of managing KNOX containers and managing configuration profiles and settings inside the container.
Knox management is integrated into ProMDM admin UI and provides container enablement, various management and configuration functionalities as well as application management for KNOX. With ProMDM you can fully leverage and control the value that Samsung KNOX provides.
For example, you can deploy corporate Exchange profiles, User certificates or VPN configuration inside the KNOX.
MAM – Mobile Application Management
ProMDM manages Enterprise or applications from the iTunes or Google Play stores installed using ProMDM MAM features. You can install, remove or update applications per device or using automation jobs to manage applications based on device groups. ProMDM will take care that all mobile devices are running the compliant version of the application.
In ProMDM we are using Apple Managed Media concept to manage documents on iOS and Android devices. You can deploy or remove different kinds of documents to devices, but primary usage is for PDF files.
On iOS devices, documents will appear in the iBooks application and on Android devices, you can find the documents in ProMDM client or ProMDM document folder on the file system
Integration with 3rd party enterprise solutions
For the integration of ProMDM with 3rd party solutions (for example Management or Service Desk applications), ProMDM exposes major functionalities over Web Services (RESTful API).
Apple iOS devices
ProMDM is compliant with Apple Enterprise Deployment specifications and iPhone-OTA-Enrollment-Configuration specifications. We are fully supporting all MDM functions on iOS devices and adding support for new iOS versions and devices in the shortest possible time. ProMDM fully supports the latest iOS 9 MDM features.
ProMDM supports Apple DEP services for countries where the DEP program is available.
In order to manage Android devices, our ProMDM Fort Agent needs to be installed and activated on the device. ProMDM Fort Agent is publicly available on Google Play Store but can also be downloaded and installed from the internal on-premise server for internal usage.
ProMDM uses Active Directory Certificate Enrollment and Policy Web Services (CEP and CES) and MS-WSTEP protocol for enrollment and certificate management on Android devices.
ProMDM is using Microsoft Enterprise Device Management Protocol for Windows Phone 8.1 and Windows Mobile 10 specifications to deliver the best possible MDM solution for Windows Phone users. ProMDM uses Active Directory Certificate Enrollment and Policy Web Services (CES and CES) and MS-WSTEP protocol with Microsoft Active Directory Certificate Services for enrollment and certificate management on Windows Phone devices.