MaaS360 merge process for mobile device records

Information about configuring the Cloud Extender® policies for auto-approvals (enrolled or based on policy).

Device sources

A device has two sources: one source from the enrolled record and one source from the Cloud Extender discovery process.
  • When a device enrolls in MaaS360®, a device record is formed on the device. The device identifier for this record is the serial number or device ID from each platform.
  • When the user configures email on the same device, the email client registers to Exchange again with a device identifier. The Cloud Extender discovers this device connection within the mail infrastructure and imports the device information in MaaS360.
MaaS360 merges these two records into one record:
  • If the serial number or device ID of the ActiveSync managed device exactly matches the enrolled device, then the two records merge as one record for the device.
  • If the device IDs do not match, for example if you are using Android devices where the native or third-party email clients use their own device IDs to register with Exchange, there might be issues with the merge process. MaaS360 uses platform and manufacturer attributes from the two records to determine whether it can match the records. If MaaS360 can successfully match the two records, it merges the two records into one record.
  • If MaaS360 cannot merge records, it displays potential match candidates on the user interface for administrators to log in and manually merge records. Access this workflow from Devices > Exceptions.

Workflow

The auto-approval feature follows this workflow:
  • A device enrolls in MaaS360.
  • The user either configures email manually on the device or pushes the email configuration from the MDM. The user completes the email setup.
  • If Auto-Quarantine (AQ) is enabled, the email record is quarantined. The user is blocked from receiving email.

    The only exception is if the user set up email through the Secure Mail client. MaaS360 approves the email record because it recognizes and pre-approves the device ID that the Secure Mail client uses.

  • The Cloud Extender scripts run and discover the new quarantined device. Depending on the number of Cloud Extenders that are configured and how long the discovery process takes, this process might take 15 minutes to a couple of hours.
  • When the ActiveSync managed device is discovered, the MaaS360 platform runs the merge logic, and merges devices from the two sources. The merge logic runs every 15 minutes.
  • The MaaS360 platform issues a device approval action to the Cloud Extender that approves the quarantined device on Exchange.
  • The user starts to receive email.

Caveats

Consider the following issues with the auto-approval feature:
  • If the user is not using Secure Mail client, the email connection is quarantined on the first connection.
  • It might take 30 minutes to a couple of hours for email messages to flow.
  • On certain devices when a merge is not completed, the email record remains blocked until the admin manually merges potential candidates.