Topic
  • No replies
ValH
ValH
24 Posts

Pinned topic Tips & Tricks: Keeping your MaaS360 Portal Clean

‏2015-08-19T18:08:30Z | cleanup cloudextender license tips

Purpose of this Document

There are various reasons to perform routine clean ups in the MaaS360 MobileFirst Protect Administrative Portal. From a billing perspective, any and all active devices that can be seen from your device inventory are billable licenses. From a management perspective, cleaning out devices will allow you to keep an accurate count for reporting purposes, as well as free up potential licenses to reuse with other mobile devices.

From a management perspective, there are various sources where we will pull in device information and create an active record. If you are configured with Exchange/Traveler/Google Apps, we will import any and all active records that are visible to us. This includes importing devices that you might not want to manage in the console, as well as stale old records that might no longer really be active. Another method is to create active records for enrolled devices. This would include AD/LDAP enrolled devices or administrative single enrollment requests. In this documentation, we will cover all scenarios for performing routine clean ups to ensure all records are up to date.

When you first enroll a device, this will create an active record in the administrative portal. This active record will remain active until an administrator decides to remove control from the portal, or simply hide the device record. For auditing purposes, we never delete records from the portal; we simply mark them as inactive.

If you have any questions on the below steps, please contact our support 24/7 via email at ops@fiberlink.com or via phone at 800-546-5752

Individual Device:

When looking at an individual device, we can determine its activity based on last check-in time. If you pull up an individual device, you will see the following:

***NOTE: A device can still be shown as Enrolled, but not reporting in.

If you look closely at the Last Reported time stamp, we can see that this record has not reported in a few days:

This usually means that this record has either been replaced or is no longer in use. Another example can be seen below:

As we can see from the Last Reported time stamp, this record is stale can be removed:

From the above scenarios, we can notice that these devices have a managed status of Enrolled and User Removed Control. A device could still be enrolled but not reporting in. These cases are common when a device is traded in, no longer in commission, or wiped manually. When a user removes control from the device directly, an administrator will have to confirm removal or simply hide device record.

An administrator can remove these individual records by navigating to the More drop down box and selecting the Hide action.

This will mark the device inactive and successfully remove it from the license count.

Advance Search:

Creating an advance search will allow an administrator to look into all active devices and create groups based on Last Reported time stamps. When you navigate to Advance Search, you will see the following generic search:

By default, an Advanced Search will search for all Active Devices that Last Reported to the MaaS360 console in the last 7 day. On step 3 of the Advanced Search, you will see a drop down box for Last Reported.

When you select the Last Reported drop down box, you will see a selection of pre-configured last reported time stamps as well as the ability to create your own custom check in periods:

***NOTE: IBM recommends selecting More Than 30 Days Ago.

For customers that have integrated with their Enterprise Mail Servers with Cloud Extender, we recommend making the following search:

 

***NOTE: Devices managed by an Enterprise Mail Server that are hidden will come back as active devices to the portal. These devices have to be removed completely and not hidden.

This search will return results of only devices that are enrolled and not managed by Exchange/Traveler/Google Apps. Devices that are managed by an Enterprise Mail Server will have to follow the steps to remove records from Exchange/Traveler/Google Apps.

Clicking search afterwards will look into all devices that have not reported in more than 30 days.

Hitting Create New Device Group will allow you to create a personalized group that will continuously look into your inventory and place devices into this group accordingly, removing the need to run the same search in the future. A common name for this search is "Devices older than 30 days."

Once we have determined the state of these records, we can simply go into the More option of the created group and select the Hide Devices action. We can configure this to be done dynamically, so that you no longer have to worry about managing this group, or simply run it based on administrators discretion.

For customers that have integrated with their Enterprise Mail Servers with Cloud Extender, we recommend making the following search:

Exchange/Traveler/Google Apps

With MaaS360, customers have the ability to integrate a tool called the Cloud Extender to have visibility into services such as Exchange and Traveler. MaaS360 also allows customers to integrate Google Apps to the portal with API configurations. When this integration is executed, the administrator grants MaaS360 access to view and import all managed devices from the above mentioned services. This will include pulling in all devices, whether they are reporting in or not. This can cause an influx in managed devices in the portal. MaaS360 has put in place different options for customers to remove and delete old stale and unwanted records, both from the administrator portal and from the service itself.

Exchange

When a device is pulled in from Exchange, we will show the managed status as Not Enrolled / ActiveSync Managed as can be seen by the below screen cap:

If there is an enrolled device with similar attributes (i.e. email address, username, device serial number, etc.), the portal will automatically merge these records and display the managed status as Enrolled / ActiveSync Managed. This can be seen as follows:

These records can be manually wiped out as needed by going into an individual device Exchange Actions and select the option Remove.

This will remove the record from MaaS360 and from Exchange.

We also have the ability to automate this removal via Cloud Extender Policy. This will allow the customer to create intervals of when the Cloud Extender will run removal actions from both the MaaS360 portal and Exchange, and determine last reported time slots desired to be removed. The customer can configure this policy at any point in time. To view the policy, the customer will have to navigate to setup cloud extender settings. The below will be seen once there:


The last option, Enable Automated Removal of Old ActiveSync Records, will have to be configured in order to automate the process. This can be done by selecting the Edit button on the top right of the screen, and checking the box for this feature. Once checked, the below settings will become available:

These settings can be configured to the administrators liking.

***NOTE: There is a week delay between when the policy is configured to when the first removal commands are executed.

Traveler

When a device is pulled in from Traveler, we will show the managed status as Not Enrolled / Traveler Managed as can be seen by the below screen cap:

If there is an enrolled device with similar attributes (i.e. email address, username, device serial number, etc.), the portal will automatically merge these records and display the managed status as Enrolled / Traveler Managed.

These records can be manually wiped out as needed by going into an individual device Traveler Actions and select the option Remove.

These records can also be removed in bulk via Cloud Extender actions. This can be done by navigating to Setup Cloud Extender. You will see the following screen once there:

Select the Actions drop down and you will see the following:

Select Remove Devices (Lotus Traveler) and you will be given the following options:

This will queue up a Traveler action to remove devices that have not reported in XX days. This action is a one-time action and will have to be executed as needed by an administrator.

Updated on 2015-12-23T01:35:29Z at 2015-12-23T01:35:29Z by NatePomeroy