Queryless device configuration determination-based techniques for mobile device management
Abstract
Embodiments described herein are directed to managing device compliance for devices that are connected to an enterprise network. For example, a mobile device manager may provide configuration settings to a computing device, which implements the settings in order to be compliant with an enterprise's data and/or security policy. The mobile device manager also maintains a local reference of each device's configuration settings implemented thereby. When the mobile device manager subsequently performs a determination as to whether the computing device is still in compliance, the mobile device manager simply needs to refer to the local reference to determine the computing device's settings instead of explicitly querying the computing device for its settings. The foregoing techniques may be extended for security baseline compliance determinations, IoT device compliance determinations and compliance determinations for other types of devices, such as devices utilized by business partners of the enterprise that utilize the enterprise's network.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1 . A method implemented by a server, comprising:
determining a configuration setting for a computing device accessible via a network that communicatively couples the server and the computing device; transmitting, via the network, the configuration setting to the computing device; maintaining a reference to the configuration setting on the server; receiving, via the network, an acknowledgment from the computing device that the configuration setting has been implemented thereby; and designating the computing device as being in compliance with a compliance rule responsive to receiving the acknowledgment.
2 . The method of claim 1 , further comprising:
determining whether the computing device remains in compliance with the compliance rule by comparing the reference to the configuration setting to the compliance rule responsive to detecting a triggering event; preventing the computing device from accessing a resource accessible via the network and designating that the computing device as not in compliance with the compliance rule in response to determining that the computing device is no longer in compliance; and maintaining the designation that the computing device is in compliance in response to determining that the computing device remains in compliance.
3 . The method of claim 2 , wherein the resource comprises at least one of:
an email server accessible via the network; a data repository accessible via the network; or an application server accessible via the network.
4 . The method of claim 2 , further comprising:
transmitting, via the network, a new configuration setting that is in compliance with the compliance rule to the computing device in response to determining that the computing device is no longer in compliance.
5 . The method of claim 2 , wherein the triggering event comprises at least one of:
an expiration of a predetermined time period; an indication received from the computing device that a second configuration setting of the computing device has changed; or an indication that a user has logged into the computing device.
6 . The method of claim 1 , wherein the configuration setting specifies at least one of:
an encryption setting to be implemented by the computing device; a security setting to be implemented by the computing device; or a minimum version of at least one of an application or an operating system required to be installed on the computing device.
7 . The method of claim 1 , wherein said determining the configuration setting for the computing device comprises:
identifying a user that has logged into the computing device; and determining a configuration setting associated with the user and the computing device.
8 . A server, comprising:
at least one processor circuit; and at least one memory that stores program code configured to be executed by the at least one processor circuit, the program code comprising:
a compliance engine configured to:
determine a configuration setting for a computing device accessible via a network that communicatively couples the server and the computing device;
transmit, via the network, the configuration setting to the computing device;
maintain a reference to the configuration setting on the server;
receive, via the network, an acknowledgment from the computing device that the configuration setting has been implemented thereby; and
designate the computing device as being in compliance with a compliance rule responsive to receiving the acknowledgment.
9 . The server of claim 8 , wherein the compliance engine is further configured to:
determine whether the computing device remains in compliance with the compliance rule by comparing the reference to the configuration setting to the compliance rule responsive to detecting a triggering event; prevent the computing device from accessing a resource accessible via the network and designate that the computing device as not in compliance with the compliance rule in response to determining that the computing device is no longer in compliance; and maintain the designation that the computing device is in compliance in response to determining that the computing device remains in compliance.
10 . The server of claim 9 , wherein the resource comprises at least one of:
an email server accessible via the network; a data repository accessible via the network; or an application server accessible via the network.
11 . The server of claim 9 , wherein the compliance engine is further configured to:
transmit, via the network, a new configuration setting that is in compliance with the compliance rule to the computing device in response to determining that the computing device is no longer in compliance.
12 . The server of claim 9 , wherein the triggering event comprises at least one of:
an expiration of a predetermined time period; an indication received from the computing device that a second configuration setting of the computing device has changed; or an indication that a user has logged into the computing device.
13 . The server of claim 8 , wherein the configuration setting specifies at least one of:
an encryption setting to be implemented by the computing device; a security setting to be implemented by the computing device; or a minimum version of at least one of an application or an operating system required to be installed on the computing device.
14 . The server of claim 8 , wherein the compliance engine is configured to determine the configuration setting for the computing device by:
identifying a user that has logged into the computing device; and determining a configuration setting associated with the user and the computing device.
15 . A computer-readable storage medium having program instructions recorded thereon that, when executed by at least one processor, perform a method, the method comprising:
determining a configuration setting for a computing device accessible via a network that communicatively couples the server and the computing device; transmitting, via the network, the configuration setting to the computing device; maintaining a reference to the configuration setting on the server; receiving, via the network, an acknowledgment from the computing device that the configuration setting has been implemented thereby; and designating the computing device as being in compliance with a compliance rule responsive to receiving the acknowledgment.
16 . The computer-readable storage medium of claim 15 , the method further comprising:
determining whether the computing device remains in compliance with the compliance rule by comparing the reference to the configuration setting to the compliance rule responsive to detecting a triggering event; preventing the computing device from accessing a resource accessible via the network and designating that the computing device as not in compliance with the compliance rule in response to determining that the computing device is no longer in compliance; and maintaining the designation that the computing device is in compliance in response to determining that the computing device remains in compliance.
17 . The computer-readable storage medium of claim 16 , wherein the resource comprises at least one of:
an email server accessible via the network; a data repository accessible via the network; or an application server accessible via the network.
18 . The computer-readable storage medium of claim 16 , the method further comprising:
transmitting, via the network, a new configuration setting that is in compliance with the compliance rule to the computing device in response to determining that the computing device is no longer in compliance.
19 . The computer-readable storage medium of claim 16 , wherein the triggering event comprises at least one of:
an expiration of a predetermined time period; an indication received from the computing device that a second configuration setting of the computing device has changed; or an indication that a user has logged into the computing device.
20 . The computer-readable storage medium of claim 15 wherein the configuration setting specifies at least one of:
an encryption setting to be implemented by the computing device;
a security setting to be implemented by the computing device; or
a minimum version of at least one of an application or an operating system required to be installed on the computing device.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.