Geo-Tracking for lost devices
In countries where usage of device location data is prohibited. However, there rises a predicament when you want to locate missing devices. To overcome this, MDMLost Mode, whereby you can track missing devices. Lost Mode is similar to FindMyiPhone and Find My Device/Find My Phone as it lets you track managed devices only when they're lost. Lost Mode lets you mark the lost devices, get their location, lock the devices and even wipe the data. Location data can be used to retrieve the device if it has been misplaced, while the other commands such as device lock and data wipe can be used if the device is stolen.
You can locate devices and enable Lost Mode, only by marking devices as lost. For marking the device as lost, *you need to select the device in the Inventory tab, go to Geo-Tracking tab in device details and click on Enable Lost Mode, and follow the instructions to enable Lost Mode. Lost Mode is supported for iOS and Android.
To configure Geo-Tracking settings to locate devices only when lost, *click on Inventory tab, select Geo-Tracking and for the Track devices option, select When Lost. However, Lost Mode can work in both cases - track device location at all times or track device location only when lost.
Note: When Lost mode is enabled status bar and Keyguard Notifications are disabled by default
Lost Mode for iOS
When Lost Mode is enabled in Supervised devices running iOS 9.3 or later, ME MDM app need not be installed. Even if Location Services is fully disabled in the device, MDM can still locate the device. Another important feature in Lost Mode for iOS devices is that a message and contact number can be displayed in the lock screen. This can be beneficial in returning the misplaced device to its rightful owner. If the device has been misplaced, you can use Remote Alarm command by which the device raises a sound alarm.
The above screenshot shows a sample message and contact number displayed in the lock screen. Clicking on call button allows a call to be made to the contact number specified. Further, the device is locked on enabling Lost Mode and can be unlocked only through MDM, ensuring unauthorized access is completely restricted.
For other iOS devices including unsupervised iOS devices, not all capabilities of Lost Mode are supported.ME MDM app must be installed in the device and Location Services must be enabled for ME MDM app, to obtain the location details. However, the other location-indepent functionalities of Lost Mode can be still used - you can lock the device, display message and contact details in the lock screen and wipe the device if need be.
Security commands - Remote Lock, Restart and Shutdown cannot be executed when the device is in Lost Mode.
Lost Mode for Android
As in iOS devices, Lost Mode in Android lets you
- Obtain location and track the device location real-time
- Lock the device
- Provide an optional message and contact number on the lock screen
- Option to call the specified contact number by clicking the call button present in the lock screen.
You can also wipe the device to ensure there is no unauthorized access of corporate data present in the device. Also, an additional option available for Lost Mode in Android, is resetting the passcode. You can reset the passcode in the device and have the new passcode mailed to the user. This ensures unauthorized access is restricted, even if the existing device passcode is known.
The biggest problem when it comes to locating lost devices is that the functionalities required to locate the device, such as Wi-Fi, Location Services etc., can be disabled in the device, rendering Lost Mode impractical. However, MDMMDM
The following table specifies the list of all features which are enabled by Lost Mode silently, irrespective of whether it has been enabled/disabled in the device.
Functionality/Device Type | Knox-enabled Samsung | Non-Samsung | |
---|---|---|---|
Device Owner | Profile Owner | ||
Enabling Wi-Fi | |||
Enabling Location Services | |||
Restricting switching off the device | |||
Restricting safe booting | |||
Restriting Factory Reset | |||
Restricting USB debugging | |||
Restricting USB data transfer | |||
Restrict killing background processes |
Device Owner and Profile Owner are only supported for devices running Android 5.0 or later versions.
In Non-Samsung devices provisioned neither as Profile Owner and Device Owner, only Wi-Fi gets enabled automatically through Lost Mode, irrespective of whether it is enabled or not
Lost Mode on Chrome OS devices
Mobile Device Manager Plus enables IT admins to remotely enable Lost Mode on Chromebooks when they're lost or stolen.
Pre-requisites
To enable Lost Mode on Chrome OS devices, ensure the following pre-requisites are met:
- The devices must be provisioned in the G Suite Admin Console and managed by Mobile Device Manager Plus .
- The devices must be running on Chrome OS 40 or above.
Enabling Lost Mode on Chrome OS devices
Follow the steps given below to enable Lost Mode:
- On the MDMInventory and select the device on which Lost Mode needs to be enabled.
- Under Actions, select Enable Lost Mode.
- While enabling Lost Mode, you can optionally provide a message and contact information to be displayed in case the device is found. Click on Next
- For auditing purposes, you will have to provide a ticket ID and a optional message outlining the reason for enabling Lost Mode.
- Click on Enable Lost Mode, to lock down the device in Lost Mode.
Once Lost Mode is enabled, the following actions are performed on the device.
- The current users will be logged out of the device and it'll be locked down with the configured message. New users will not be able to log in to the device, untill Lost Mode is disabled by the admin from the MDM console.
- The device status on G Suite Admin Console will be modified as Disabled.
NOTE: Locating Chromebooks is currently not supported.