Geo-Fencing

The Geo-Fencing feature enables IT administrators to restrict the usage of corporate devices to certain regions such as office premises etc. This is done by creating virtual fences called geo-fence, based on real-world geographical region. Geo-fencing can be ideally used in enterprises with stringent compliance standards which require corporate devices containing sensitive data to remain within the organization's premises at all times. MDM lets you define security policies based on the virtual perimeter created as a geofence, ensuring there is no unauthorized corporate data access.

Configuring a geo-fence policy

There are two steps involved in configuring geo-fencing in MDM:

• STEP #1: Creating a geo-fence
• STEP #2: Setting up a geo-fence policy

Creating a geo-fence

Creating a geo-fence involves selecting a primary location and then making a virtual perimeter around this location. The primary location becomes the center and on selecting the radius, the fence is drawn up. To create a geo-fence, follow the steps given below:

• On the MDM Server, click on Device Mgmt and select Fence Repository (under Geofencing) from the left menu. The Fence Repository contains a list of all the fences which have been created previously.
• To create a new fence, click on Create Fence and provide a fence name.
• Now search and select a location which is to act as the center point for the geofence. Once you've selected the location on the map, the address, as well as the co-ordinates, are automatically fetched.
• After selecting the location, specify a radius for the geofence. You can create geofences as large as 500 kms.
• Click on Create, to add the created fence to the Fence Repository.

You can modify/delete the created fence by clicking on the ellipsis icon present against the fence name.

Setting up a geo-fence policy

The next step is to define the actions to be performed when the device leaves the associated fence. You can notify the IT admin when the device is marked as 'Non-Compliant', as it has left the geo-fence. You can also execute a set of security commands on non-compliant devices. These commands can be executed on the devices either immediately or after a day. For the commands specified in the geofence policy to be executed, the device must be in contact with the server. To create a geo-fence policy, follow the steps given below:

• On the MDM Server, click on Device Mgmt and select Fence Policy from the left menu. Fence Policy contains the list of all the geo-fence related policies created previously.
• To create a new policy, click on Create Policy and provide a policy name.
• You need to first define a rule for the policy, wherein you select the geo-fence to be used in the policy. Devices which leave this geo-fence are marked as non-compliant. You can either choose from the list of created geo-fences or create one by clicking on Create a new fence option.
• You need to specify the actions to be performed once the device is marked as non-compliant. You can execute security commands and/or notifications pertaining to the non-compliant device. In case of security commands, you can choose to mark the device as lost through Lost Mode, ring an alarm on the device, wipe device data as well as the data on the memory card. In case of notifications, you can have E-mail alerts sent to the IT administrator. These can be executed either immediately or after a day.
• Once you've defined the actions, click on Create Policy. To distribute it to groups and/or devices, click on the ellipsis icon and select the Distribute to devices option.
• Select the devices or groups, to which the policy is to be distributed. Click on Select to distribute the policy.

You can modify/delete the created policy as well as remove the devices to which the policy was previously associated with, by clicking on the ellipsis icon present against the policy name.

Note:
Once a device is marked non-compliant to the geofence policy applied, the admin will get notified via email. (This email can be customized as per the message your organization wants to convey)
In case you're unable to apply the geofencing policy to iOS devices, open the ME MDM app on the device, and re-try applying the policy.
Location tracking for Wi-Fi only devices will be less accurate because it depends on factors like Wi-Fi connectivity and Bluetooth.

FAQs

Q1. Does Geofencing actions work when the device is offline?

In Android, Geofencing actions will execute even if the device is offline. However, on iOS devices, the device must be online and connected to the server for Geofencing actions to occur.

Q2. If I enable geofencing with Lost Mode triggered when the phone leaves the area and data wipe after one day, will the data still be wiped if the phone re-enters the geo-fenced area within 24 hours?

When a geofencing policy is configured to wipe a device's data after a certain time (such as 24 hours) of being outside the designated geo-fenced area, this action is conditional upon the device remaining outside the area for the full duration specified. However, if the device re-enters the geo-fenced area before the specified time limit is reached, the wipe action is automatically canceled. This feature is built to protect the device's data from being unnecessarily wiped if the device returns to a secure area in time.

For example, if a device is set to wipe its data after being outside the geo-fenced area for 24 hours, but the device comes back into the defined secure area within that 24-hour window, the wipe action will be prevented, ensuring that the data remains intact. This mechanism prevents the loss of important information and adds a layer of protection, acknowledging that the device is no longer in a potentially risky or unmonitored location. This behavior aligns with the idea that the security of the device and its data is restored once it returns to a trusted environment.