Because ISE depends on these features for policy enforcement, corporate devices and personal devices with partial or full access should include a profile that specifies the Fiberlink MaaS360 Agent as a mandatory application.
User is automatically taken to the App Store or Google Play to install the Fiberlink MaaS360 Agent during the enrollment process. The Fiberlink MaaS360 Agent can also be installed by the user directly from the App Store or Google Play store. In addition to supervising the device, the client application offers the end users some useful information concerning the status of their devices. Users can determine when a device last communicated with the Fiberlink MaaS360 server, receive messages or alerts from the administrator, track data usage, or buzz the device to locate lost a device. Another useful feature of the client application is the ability to manually refresh the device’s posture to the server. This need arises when the device has been placed in MDM quarantine due to a compliance violation. For example, the device may not have a PIN lock when one is required. When the user configures the device with a PIN lock, the OS will not trigger an update to the MDM client. The client will detect the change during the next security scan interval. Only then will the server discover this the next time the device is polled. This could result in ISE continuing to place the device in quarantine even after the user has corrected the issue. Rather than waiting for the MDM to poll the device for an update, the user could use the mobile application to send the current data to the server.
Fiberlink MaaS360 also offers secure content distribution functionality that allow administrators to distribute documents, audio files, video files, pictures, etc. securely to mobile devices. The content is available in the Fiberlink MaaS360 agent, which provides a secure container for viewing documents. Administrators can set policies to restrict copying, pasting, or emailing outside of the container, as well as forcing the
Device Ownership
One of the key components of BYOD is the mix of personal devices and corporate devices on the network and the ability to establish policy based on this attribute. Both the ISE and the MDM have the concept of asset classes, which can be used to classify
In this first release, there is not a tight integration between assets classes defined on ISE and those defined on the MDM. The API does not support such a device attribute. Complicating matters somewhat is the key index used to identify a device. Within ISE, this is the device’s MAC address, which is unique across the network; however Fiberlink MaaS360 uses the device’s UDID, which is globally unique.
ISE determines corporate devices through an identity group referred to as the Whitelist, which contains the MAC addresses of corporate assets. Discovering the MAC address of Android and Apple devices is typically a manual process. Apple lists the MAC on the Settings > General > About page. Fiberlink MaaS360 allows devices to be grouped as
An enterprise may need to create a list of corporate MAC addresses and the associated UDIDs to provision them as corporate devices on both systems. Apart from bulk imports, another option for daily operations is device staging. This allows an administrator the ability to
26Integrating Fiberlink MaaS360 with Cisco Identity Services Engine
