BizMobile Go! Key Features

4. Provide a variety of secure environments for mobile devices

alt Making mobile devices applicable to more scenarios

The various functions provided by BizMobile Go! are useful in a multitude of locations and scenarios, such as shops, factories, nursing homes, healthcare facilities, and schools. Many enterprises introduces BizMobile Go! as it combines both security and convenience, but minimizes the workload to operate. A comprehensive suite of functions is available to manage large numbers of devices, and to configure different settings for each and every device in one batch (mass customization). The “Template Function” and “Virtual Device Synchronization Function” will simplify the work required. There are cases where regular use of MDM via management console does not suit desired operations. For example, in cases where detailed and specific functional restrictions need to be set based on time, location, and usage status. BizMobile Go! promotes the use of mobile devices in an extensive range of fields that demand a secure environment.

For the various usage models, please click here.

In nursing homes
In factories
In schools
In hospitals
Security camera management

Usage Model: BizMobile Go! for secured camera (application developed with API)

The inspection process in an automobile factory used to have thick paper checklists. If there were defects, a digital camera was used to take a photo, and information to be entered into a PC in a corner of the room. They wanted to take inspection results in real time, by allowing on-site input via an iPad. However, due to security reasons, they needed to stop using digital cameras but use iPad cameras instead — which needs to be only enabled in the inspection room. For regular MDM services, someone would have to manually lift the restriction through the MDM management console for camera. However, with BizMobile Go!, it allows the camera to be used only when necessary, without any manual work.

Hence, we designed and developed the system by integrating the MDM service with an in-house application utilizing geofence function. 1) The inspection application can only be started in the inspection room. The WiFi base station BSID is used to determine whether the device is inside or outside of the inspection room. iBeacons will be used in the future. 2) Inside the inspection room, only the inspection application can be used and the device is forced into Single App Mode (Kiosk Mode). 3) When in kiosk mode, camera usage becomes authorized. 4) Pictures will not be saved locally in the device, but be saved directly on the file server. 5) When the “End” button is pushed on the inspection application at the end of the inspection, use of the camera becomes unauthorized. After the camera is disabled, the inspection application will close and the device is returned to its original state.

BizMobile Go! makes it possible to develop various secure environments by integrating use of applications with the MDM service.

※Please consult us about BizMobile Go! for secure cameras

What is possible with API-based MDM functions?

Interactive communication.

With regular MDM services, once the camera is blocked, it remains blocked. Once the installation of applications is blocked, installations will remain blocked. In these cases, instructions are sent from the MDM service to the device. BizMobile Go! can manage functions at specific times and at specific locations automatically. It allows device applications to instruct MDM service to restrict functions, applications, and media content. In addition, this process controls how and what works at when by whom.

Using conventional MDM services, applications have been unable to communicate with MDM. However, by realizing interactive communication with MDM APIs, MDM operation can be performed based on the status of applications on the devices themselves.

New BizMobile Go! architecture

Gateway service ensures security and response

Allowing direct access to an API capable of interactive communication can lead to severe security problems. It may take time to process API interface that has been optimized for display to human users. These problems can be solved by accessing the MDM engine through an MDM gateway service, which restricts processes that use API. As we have a number of advanced usage models already, we will optimize them as a small number of models and publish them in the future. Currently, we are working together with IT managers from various companies and application developers on a number of projects and started offering consulting and project management services using various features and applications of the newest device OSs.

By API Gateway services, cloud telephony services (Twilio) and MDM services are integrated to dynamically use MDM at specific locations and for designated applications. For example, you can configure settings such that when a specific application is launched, other applications cannot be launched or used, or that when camera is activated, it cannot be abused.

Converting a regular device into a specific purpose device (gateway service usage model)

Converting a regular device into a specific purpose device (optional)

Business applications that can only be executed in designated areas (optional)

List of APIs supported by BizMobile Go! functions

BizMobile Go! consists of API to support all functions. By using these APIs via the API gateway, it is possible to integrate with other cloud services and to use interactive communication between the MDM and applications on devices. In the future, API will be packed together to allow more efficient usage.

Service Functionality provided Functions API iOS
Standard User management Organization/group management functions Organization
Device management Usage status dashboard Dashboard Status, Device Activity Information
Log management Log
Alarm notifications Alarm
Device restrictions Force implementation of passcode policy (for local lock & wipe) Apple Profile, Google Profile, Microsoft Profile
Remote lock Command Resource Device Lick -
Remote wipe Command Resource EraseDevice
Remove passcode Command Resource ClearPasscode -
Selective wipe (wipe only business-related data) Command Resource SoftWipe
Access control (allow display and operation based on restrictions) No plan to provide
Lock device to prevent usage (administrator lock) Google Profile *1 *1
Settings management Batch distribution (settings) Apple Profile, Google Profile *1
Batch distribution (certificates authenticated with password) Apple Profile *1
Batch distribution (individual device configuration) (Note: Use of CSV) Device batch processor *1
Setting restrictions Separation of enterprise and private data, blocking of data transfer Apple Profile, Google Profile *1
Encryption of enterprise data Apple Profile, Google Profile *1
Compulsory encrypted backup Apple Profile - -
Remove enterprise data from list of backup items Apple Profile - -
Restrict personal usage partially Apple Profile, Google Profile *1
Restrict personal usage greatly Apple Profile, Google Profile *1
Web filtering (whitelists, blacklists, plugins) Apple Profile *1
Global proxy (specific communication channels) Apple Profile, Google Profile -
Always-on VPN connection Apple Profile *1 *1
Block factory reset Apple Profile, Google Profile *1
Use of DEP (Device Enrollment Program) Apple DEP Device-Profile assignment - -
Block deletion and bypassing of MDM (Note: Only when DEP is used) Apple DEP Device-Profile assignment, Google Profile
Application management Batch purchase (Store application licenses) VPP, Command Resource InviteToProgram *1 *1
Batch distribution (in-house applications, App Store applications) (Note: By user) In-House Application, Apple Application, Google Application *1
Batch distribution (in-house applications, App Store applications) (Note: By device) 開発予定 - -
Batch distribution (individual application configuration) (Note: Application is required to be compatible with this feature) Apple Managed Application Configuration - -
Detection of blocked applications (whitelists, blacklists) Application Restriction List *1
Application restrictions Per-App VPN (force VPN connection only for specific applications) Apple Profile, Apple Application *1 *1
Authorize installation of App Store applications Apple Profile *1
Block automatic downloads of App Store applications Apple Profile *1
Silent installation/deletion of applications (App Store applications) Apple Application *1 *1
Block deletion of applications Apple Profile *1
Dedicated device modes (Single App Mode, Kiosk Mode) Apple Application *1
Content management Batch distribution of files to iBook (enterprise data, e-books) Apple Media - -
Deletion of files in iBook (enterprise data, e-books) Apple Media - -
Optional Messages Collect/display location information Device Location *1
Simultaneous message notification (read status can be monitored) Messaging *1
Jailbreak notification (for jailbreaking, rooting) Device Location -
Personal Personal UI (for Self Service) Unit Optional Services
Personal IVR (for service over telephones) Unit Optional Services settings
Device exchange Device exchange service (automatic transfer of configuration to new device and subsequent reset of the old device) Device Migration *1
Devices in Supervised Mode
Function not provided by OS
*1Development planned
Copyright© IoT-EX Inc. All Rights Reserved. IoT-EX Inc.