Discovering Mobile Devices
GFI LanGuard enables you to discover and manage mobile devices (such as phones or tablets) that connect to your mobile device management source.
This section contains information about:
Configuring a mobile device information source
To manually configure mobile devices:
1. Click on Configuration tab > Mobile Devices.
2. From the right pane, select one of the options.
Mobile Devices
Adding mobile device management sources
To add a mobile device management source:
1. Click Add mobile device management source.
2. Select the type of Mobile Device Management Source.
Configuring a mobile device management source: Selecting type of source
Source: Microsoft Exchange Server
- Specify the credentials for Microsoft Exchange and click Next.
Configuring a mobile device management source: Source details
- Configure when to refresh mobile device information and select (Optional) Exclude mobile devices and click Next.
Configuring a mobile device management source: Scheduling an audit
- Select or unselect the accounts to manage and click Finish.
Configuring a mobile device management source: Managing devices
Source: Microsoft Office 365
- Specify the credentials for Microsoft Office 365 and click Next.
NOTE
Configuring a mobile device management source: Source details
- Configure when to refresh mobile device information and select (Optional) Exclude mobile devices and click Next.
Configuring a mobile device management source: Scheduling an audit
- Select or unselect the accounts to manage and click Finish.
Configuring a mobile device management source: Managing devices
Source: Google Apps for Business
NOTES
- If you use Google Apps for Business , GFI LanGuard can retrieve the list of mobile devices that connect to your Google Apps domain.
- By default, your Google Apps domain is not configured to allow querying by other software such as GFI LanGuard. Below are the required step-by-step changes required for your Google Apps domain configuration to enable mobile device scanning with GFI LanGuard
To configure your Google Apps domain to enable mobile device scanning with GFI LanGuard:
- Enable API access in your Google Apps Admin console. Log in to your admin account and select Security. If Security is not listed, select More controls > Security from the options shown in the gray box. Select API reference, and then select the checkbox to Enable API access. Click Save to save your changes.
- Set up a new project in the Google APIs Console and activate the Admin SDK API for this project.
- In the Credentials section of your project, enable OAuth authentication by selecting Create New Client ID. Choose the Service Account option and save the service account’s Client ID, email address and the generated private key file.
- Grant read-only access to user data to your Service Account:
- Open your Google Apps domain control panel, at https://www.google.com/a/cpanel/example.com
- Click Security icon. This can be found under More controls
- Select Advanced tools > Manage third party OAuth Client access
- In the Client name field enter the service account's Client ID
- In the One or More API Scopes field, copy and paste the following list of scopes
- https://www.googleapis.com/auth/admin.directory.device.mobile.readonly
- https://www.googleapis.com/auth/admin.directory.group.readonly
- https://www.googleapis.com/auth/admin.directory.user.readonly
- Click Authorize.
- Optionally enable Application auditing so that GFI LanGuard can report the applications installed on mobile devices:
- Log in to your admin account and select Device Management/Device management settings.
- In the Advanced settings section. mark the Enable application auditing option.
- Click Save to save your changes.
NOTE
For more information on how to set up Google Apps for API access see:
6. Specify the credentials for Google Apps for Business and click Next.
Configuring a mobile device management source: Source details
- Configure when to refresh mobile device information and select (Optional) Exclude mobile devices and click Next.
Configuring a mobile device management source: Scheduling an audit
- Select or unselect the accounts to manage and click Finish.
Configuring a mobile device management source: Managing devices
Source: Apple Profile Manager
NOTE
GFI LanGuard can query Apple Profile Manager for the list of managed mobile devices such as mobile phones or tablets running iOS. You need to provide root credentials to the OS X Server hosting Profile Manager.
- Specify the credentials for Apple Profile Manager and click Next.
Configuring a mobile device management source: Source details
- Configure when to refresh mobile device information and select (Optional) Exclude mobile devices and click Next.
Configuring a mobile device management source: Scheduling an audit
- Select or unselect the accounts to manage and click Finish.
Configuring a mobile device management source: Managing devices
Managing retention policies
NOTE
Use Managing retention policies to clean up mobile devices that have not recently connected.
To manage retention policies:
1. Click on Configuration tab > Mobile Devices.
2. From the right pane, select Manage retention policy.
3. Specify the time frame to keep non-active devices.
Managing retention policies
Unmanaged devices
GFI LanGuard does not perform full audits of mobile devices unless a mobile device management source has been configured and user accounts are approved.
To view unmanaged mobile devices:
- Click DashboardA graphical representation that indicates the status of various operations that might be currently active, or that are scheduled. tab and from the computer tree select > Unmanaged mobile devices.
(Optional)To change settings for unmanaged devices:
- From the right pane, select a server containing unmanaged mobile devices and click Configure.
- Select a user account to start managing the devices connected to the particular account.
Unmanaged mobile devices