The absolute guide to Unified Endpoint Management (UEM) in enterprise

Remote installation/uninstallation

The admin can remotely install the apps from the Hexnode UEM web console. On configuring the apps as mandatory apps, the apps would be automatically installed on the managed device. The admin can manage store apps, enterprise apps, and web apps with Hexnode. The Hexnode admin can also push the app updates to the managed devices remotely.

Blacklist/Whitelist apps

Not all apps are required for work devices. Some are even directly detrimental to employee productivity. For example, the employee may start watching YouTube for a small break, and the break could extend into hours. The admin can just blacklist such applications so that the users are not able to access them. The admin can also whitelist the required applications so that the users are able to access and use only the whitelisted applications on the work device.

App Catalogs

App Catalogs are quite a fun feature. It allows the IT managers to avoid the hassle of deploying different sets of applications to different users. The admin can simply set up a customized app store (App Catalog) that contains all the apps required by the organization and the end-users can easily download the apps needed by them. This feature is supported in Android, iOS and macOS devices.

App configurations and permissions

Even before pushing an application to the devices, the admin can configure the app configurations for the managed apps in Android, iOS, and macOS devices. For iOS and macOS devices, the configurations are uploaded as XML files. For Android devices, the admin can configure the work app directly from the policy.

Web Clips for iOS

IOS devices support an additional app management capability. Web Clips are website URLs that can be seen just as another iOS app on the device. On tapping the Web Clip, it would take the user to the corresponding website URL. These Web Clips can be added and customized by the Hexnode admin.

Protection against data and identity thefts

The best method to prevent identity thefts and malicious attacks is to have a strong password. While this may sound like an old method, it works. Use the UEM solution to enforce strong password policies in the managed devices.

Active Directory/Azure AD integration for protected access

By integrating Hexnode UEM with Microsoft Active Directory (AD) or Azure AD, the admin can ensure protected access for user data.

Using certificates

Secure the managed devices by deploying certificates directly uploaded to the Hexnode UEM web console.

Containerization for corporate data

In personal devices, clear isolation of corporate apps and data from the personal apps and data is essential. It is important to choose a UEM solution that has BYOD support.

VPN for securing networks

The admin can remotely setup a VPN for securing the networks and the flow of data.

Email and Exchange ActiveSync configurations

Wildcards (%name%, %email%, %password%, etc.) can be used to configure the email and ActiveSync accounts remotely for the managed devices for an admin using Hexnode UEM.

Password security

As mentioned previously, a strong password is a foolproof method of securing the device. Using the UEM, it is recommended that the admin devise and enforce strong password policies for the work devices.

OS and software updates

The majority of the updates contain bug fixes and security updates. As an end-user myself, I have the tendency to indefinitely postpone the updates while working. This dependence on the end-user for installing the updates can be overcome with the help of a UEM. The admin can schedule and enforce the software updates on the managed devices, all done remotely from a single pane.

Compliance rules

Compliance could mean different things for different companies, or even different departments. With the UEM solution, the admin should be able to create custom compliance rules. The rules can be created to include checking whether the devices are active, if they are password compliant and application compliant, if they are jailbroken or not, and more. Just creating the set of rules is not enough. The UEM should also enforce it. For instance, with Hexnode, the admin can set up regular compliance checks and get instantly notified if the devices go out of compliance. The admin can then choose to take action to get the errant devices compliant.

Encryption management

Security has almost become synonymous with encryption these days. Even the good old HTTP is now HTTPS, to secure our web browsing. It would be really amiss of us if we fail to encrypt our work devices that contain sensitive corporate data. The IT managers can enforce device encryption on Windows 10 and macOS devices with Hexnode UEM. For new iOS and Android device models, the encryption is turned on by default.

BitLocker: It is the full disk encryption tool for Windows devices. Hexnode UEM can enforce BitLocker encryption for protecting the entire volume against unauthorized access.

FileVault: It is the full disk encryption program for macOS devices running Mac OSX 3.0 and higher. On encrypting the Mac using FileVault, the data in the device cannot be read without the device password or the recovery key. The admin can enforce FileVault encryption in the macOS devices by pushing a configured policy.

Custom scripts execution

A script is a set of commands that are used to automate and execute time-consuming tasks in the endpoints without any manual intervention. Hexnode UEM supports executing custom scripts in both macOS and Windows 10 devices.

Executing custom scripts for Mac

The custom scripts can be executed in all the managed macOS endpoints remotely from the Hexnode UEM web console. Executing the script is as simple as selecting all the endpoints and giving the “Execute Custom Script” action.

Executing custom scripts for Windows

The admin can create the custom Powershell scripts or batch files. These created scripts can then be uploaded to Hexnode Files in the web console. The admin can then select the target Windows endpoints and execute the script in bulk.

Firewall setup

A Firewall acts as a security barrier between the internal and external networks of the organization. The IT Manager can configure the Firewall settings for macOS endpoints using Hexnode UEM. The admin can choose to block or allow all incoming connections or the incoming connections to specific applications.

Geofencing

Geofencing is a location-based UEM restriction. Using this feature, the admin can create virtual perimeters around a geographical region. These geofences help the admin to restrict the availability of corporate resources and define security policies for the devices entering and exiting these virtual geographical regions.

Remote lock/wipe

Security management would be incomplete if there are no plans in place to take care of the lost/stolen devices. Hexnode UEM enables the admin to remotely lock or wipe the missing device. The remote lock feature comes with a custom message that the admin can use to communicate with the person who finds the missing device.

Tips for Network Security Management using UEM

• Configure the Enterprise Wi-Fi in a policy and push it to the endpoints. The devices would be automatically connected to the Wi-Fi without being dependent on the users to input the Wi-Fi password.
• Hexnode UEM allows the admin to configure VPN for iOS, Android and macOS endpoints. A VPN does a great job in securing the network and monitoring the flow of data through it.
• Set up Web Content Filtering for iOS, Android and macOS endpoints with Hexnode UEM. This would prevent the users from accessing potentially dangerous or malicious websites.

Tips for Network Usage Management using UEM

• For an enrolled Android endpoint, the admin can monitor how the Wi-Fi and mobile data is being used. With Hexnode, you can track daily and monthly data usage and setup usage limits. The network connectivity would be restricted for the end-user once the limits are reached.
• Manage and control the cellular data usage for managed apps while the iOS mobile endpoints are roaming. The device may accrue higher charges while roaming, and it is recommended to turn the cellular data off while roaming if the extra charges are a concern.

Single App Mode

Single App Mode restricts the user access to a single application, enabling a locked-down experience in the device. Hexnode UEM can be used to configure Single App Mode in Android, iOS, Windows and tvOS endpoints. We have all interacted with single-app Kiosk devices at one time or the other, the most common example being self-service ticketing Kiosks.

Multi App Mode

What if the admin wants the user to have access to a set of work apps? Multi App mode allows you to do exactly that. The device is locked down into a set of applications and device settings specified by the IT manager, blocking the user access to all other apps and settings of the endpoint. Hexnode UEM supports Multi App Mode in Android, iOS and Windows devices.

Web App Mode

The Web App Kiosk Mode allows the end-users to access only the whitelisted URLs that appear as app icons on the Android or iOS endpoint. Using Hexnode Kiosk Browser helps the admin to ensure additional security while the user navigates the Web Apps.

Digital Signage Display

We have all seen digital signage displays in shops, buildings, malls and airports playing advertisement videos or just displaying images. Hexnode UEM supports Digital Signage Display for all endpoints running Android 4.4 and above.