...
This is a general overview, for . For detailed information please advise see our full article.
Our MDM solution with Skype for Business is applied during the sign-in process where we . We validate the device id against the MDM provider using an additional app during the sign-in process which . This is then processed by our reverse proxy that stands in front of the Lync-discover request.
To distill it further our Our solution works in two partsways:
1. Client-side -The user has the Sphershield Sphereshield app on the device which is being prompt prompted during the sign-in process and sends a request with the device ID.
2. Server-side - The sign-in request is
...
intercepted by our reverse proxy, which blocks or allows the sign-in
...
by comparing the device id to the list of the devices and users by the MDM provider.
We are able to integrate with the provider directly by pulling the list of devices from the MDM API by a process designated for asynchronous operations we call the Maintenance Service(you . You can read more about the maintenance service Maintenance Service in the following article).
When When is S4B on the mobile logged out/blocked exactly?
...
Where is the Maintenance Service located and what is its role?
The Maintenance Service is an independent service we usually deploy along with the server that hosts the Access Admin Portal. its Its main job is to perform asynchronous operations that relate to the database.
...
When does a device become out of compliance?
The Maintenance Service pull pulls the device list multiply multiple times a day (based on user configuration) which afterward get compared
What What happens when a device becomes non-compliant?
The device user is unable to sign-in in from that device
Does the user need to have the SkypeShield App open on the mobile device?
...
We deploy a server that operates as a reverse proxy (named bastionBastion) and he is able to redirect it redirects the mobile client to the SphereShield app
#7162
What does the product offer and how?
Our product allows you to add an additional factor to
...
authentication, based on the Device UUID which
...
integrates with the following MDM solutions and verifies they are not out of compliance:
MobileIron
Maas360
Air Watch
Citrix XenApp
What components are
...
involved?
...
You can find a detailed description of the way we integrate with MDM
...
in the following link
...
.
Our MDM solution
...
works in two
...
ways:
Server-side - We pull the list of devices and their status from the MDM provider and use it when verifying device registration
Client-side - An app installed on the managed devices which is used along with the sign-in process and send the UUID along with the regular sign-in process.
The verification itself is being handled by the LAC filter on the Bastion server and the list of devices is being pulled regularly by the Maintenance Service which is typically installed on the Access Admin Portal.
The following table allows quick summation An overview of the different approaches you can use when deploying our integration with MDM providers and can be found in this article
...