Geo-Tracking is a security feature in mobile device management (MDM) solutions, that enables IT admins to track the real-time physical location of roaming users' devices (iOS, Android, Windows, Macs). To track and obtain the geographical location of a managed mobile device through Geo-Tracking, you need to have the ME MDM app installed on it. How exactly does Geo-Tracking work? Mobile Device Manager Plus uses a combination of GPS, Wi-Fi, and GSM to obtain the most accurate location of the device through the ME MDM geotracker app. Mobile Device Manager Plus does not maintain any history of records about the physical location of the devices, unless Location History is enabled. You can use the Geo-Tracking feature only to locate the recent location of the managed mobile device.
In the later sections, we will explore how to track location history and locate lost devices as a part of geo tracking functionalities.
Click here to know how to permanently enable Location Services for location tracking and ensure users cannot disable it, on Android and iOS devices.
Location History and Lost Mode are available in Professional, Free, and Trial editions of MDM.
Configuring privacy settings is essential to ensure accurate and continuous location tracking, enhancing device security, efficient asset management, and recovery of lost or stolen devices.
To locate the device using MDM Geotracking, Location Services must be enabled in the device and the Location Services must be set to 'Always On' for ME MDM app. Follow the steps mentioned below, to enable Location Services:
This configuration is a part of device's privacy settings.
Follow the steps mentioned below to enable Geo-tracking on the end users' mobile devices:
Once ME MDM app is installed, open the app and provide the app with permission for Location Services to enable location tracking.
You have successfully enabled Location Services on iOS devices for the geo tracking system. In a few days after setting the Location Services to Always On, Apple might prompt the user to check if the location needs to be enabled at all times for ME MDM app. This notification will appear only once and can be ignored.
On iOS devices, users can allow in-use authorization for ME MDM app to access device's location. This option ensures that ME MDM app or the geo tracking system will access location only when the app is being actively used or is running in the background. In devices runing iOS 13 or above, Apple also provides Allow Once option to allow ME MDM app or a geotracker to temporarily access device's location.
If Allow Once is chosen, the user will be prompted every time the user opens the app. When the user clicks on Allow Once or Allow While in Use, the user will be indicated that MDM is actively using location whenever location services is being accessed by ME MDM in the status bar.
Note: It is recommended to choose Always On for location tracking to receive constant and precise location data of devices.
ME MDM or the Geotracker app fetch the location details only when there is a significant change (at least 500m) in the location of the mobile device. Due to this, the location shown on the MDM server might be the last location rather than the current location in case of iOS devices for certain scenarios. You can get the exact location of device by sending a notification. To enable notifications on devices, you can associate a app notification profile to the device.
Follow the steps mentioned below to enable to Geo-tracking on the users' mobile devices:
You have successfully enabled location services on Android devices.
For Android devices running OS 6.0 or above, the user has to enable location tracking, under runtime permissions for ME MDM app. To ensure location tracking is always on and is set on high accuracy mode without any user intervention, enroll the device as Device Owner and enable GPS to be Always On, using Restrictions policy.
The navigation is same for Windows phones, laptops/desktops and Surface Pro tablets. Follow the steps mentioned below to enable to Geo-tracking on Windows 10 or above devices:
You have successfully enabled location services on your Windows device and can now find the location of the device.
Supported for macOS devices running on versions 10.13.6 and above. When a Mac device is enrolled, a pop-up will appear requesting permission to use the location service. The user must allow the MDMMacAgent to access the location service. If the user selects "Don't Allow," the MDMMacAgent will be unable to use the location service.
NOTE:
1. The ME MDM app cannot be pushed to macOS devices. The Mac agent deployed on the device is used to track the location of the device.
2. The location service on macOS devices cannot be enabled or disabled remotely through Mobile Device Manager Plus (MDMP) or Endpoint Central. The user must manually enable or disable the location service through the device's System Preferences.
3. If location services are disabled in the System Preferences on the macOS device, the user will need to manually enable the service after Geotracking is activated from the MDM
Follow the steps given below to enable Location Services in Mac devices.
Location Services is successfully enabled on the Mac device. MDMInventory -> Geo-Tracking -> Save location history on moving. Choose between 100 m, 500 m or 1 km and Save.
Follow the steps mentioned below to Enable Geo-Tracking services for all enrolled devices:
If you enable Geo-Tracking for a device which is present in any excluded group(s), you can remove the device from the excluded group(s) to enable Geo-Tracking. Alternatively, you can also choose to create a new group to add the device and enable Geo-Tracking.
Follow the steps mentioned below to view the location of all managed mobile devices:
When you choose "All except selected group(s)", it ensures that the selected groups are not geo-tracked. Devices within these selected groups will only be locatable if they are reported lost. Additionally, the location history for these groups will not be recorded. By using this feature, you can ensure privacy for specific groups while still retaining the ability to locate devices if they go missing.
ME MDM app is automatically distributed to all the managed iOS devices if ME MDM app is not installed on the managed device. For MDM
Enabling Geo-tracking over shorter distances might drain the device's battery.
Follow the steps mentioned below to view the location of the managed mobile device:
Location of the device is updated only when the device switches tower and when the end user opens the App Catalog on their mobile device.
In Android 12 and later versions, the Mobile Device Management (MDM) Plus cannot automatically grant location permission by default for BYOD (Bring Your Own Device) devices. This limitation is specific to Android 12 or above, whereas in Android 11 and below, location permissions can be automatically enabled upon device enrollment.
When Geo-Tracking is enabled in the MDM console and a BYOD device is enrolled on Android 12 or later, the device will receive a "Device Non-Compliant" notification. This occurs because the MDM app does not have the necessary location permissions.
To resolve this and ensure the device complies with company policies, the device must manually grant location permission by following these steps:
Once location permissions are granted, the device will automatically become compliant.
Administrators can locate the enrolled devices instantly. Follow the steps mentioned below to track the geographic location of the devices on demand:
You can locate the geographical location of the enrolled devices instantly.
Location History as the name suggests, tabulates the list of locations traversed by the device. Location History stores data up to 30 days, which is ideal if the locations are to be viewed at a later time. The biggest advantage with Location History, is that the tracking can be customized to suit the needs of the organization. MDM has 3 different options for storing the list of location(s) based on distance traversed. For storing locations when device movement is miniscule, choosing the option of tracking the device on moving 100m is ideal. In such a case, the location update frequency is more, ensuring even the smallest of movements are covered. The other two options cater to relatively larger distances, with one option tracking devices on moving 500m and the other for tracking devices on moving 1km. The first option of tracking devices on moving 100m, consumes more battery and cellular data due to frequent location updates, while the other two options consume relatively lesser cellular data and battery. Another advantage is that the Location History data can be exported as a CSV file. This is ideal if the Location History data is to be shared.
Note: Location History can be fetched only in managed Android, iOS and MacOS devices.
How to configure Location History?
Location History can be configured as explained below:
Location History cannot be obtained in the following cases:
Maintaining the accurate location history of devices can be challenging for admins, especially with devices traversing multiple locations over a period of time. Hence, in addition to the other Reports that can be configured for Groups and Devices, MDM
Location details and History
The Location details and History report can be generated for iOS, macOS, iPadOS, Android, and Windows devices. To generate a report,
Location Report with Device Address
The Location Report with Device Address can be generated for iOS, macOS, iPadOS, Android, and Windows devices. To generate a report
The report sent to the email(s) will include the following details for each device and will be sent in .csv format
Field | Description |
---|---|
Device Name | The name assigned to the device |
User Name | The name of the user associated with the device. |
Platform Type | The type of platform the device is using (e.g., iOS, Android). |
Last Contact Time | The last time the device made contact with the server. |
Serial Number | The serial number of the device. |
Location Address | The most recent known address of the device. |
Last Located Time | The last time the device's location was updated. |
Maps URL | A link to view the device's location on a map. |
IMEI | The device's International Mobile Equipment Identity number. |
IP Address | The IP address assigned to the device. |
UDID | The Unique Device Identifier for the device. |
Latitude | The latitude coordinate of the device's location. |
Longitude | The longitude coordinate of the device's location. |
Note: The report may take some time to arrive, depending on the number of devices being processed.
Geo-tracking status
Admins can generate a report of the location status of devices based on the platform, the accurate Geo-tracking status (ex: Active, Failed, etc), and time.
Navigate to Reports> Predefined Reports> Platform(s) to display the report based on the OS that the device runs on.
You can view the accurate Geo-tracking status of devices by navigating to Reports> Predefined Reports> Geo-tracking status. The following are the different Geo-tracking status' that MDM
Status | Description |
---|---|
Active | MDM is actively tracking the live location of the device. |
Inactive | The device is not online or has no Internet connectivity. MDM will be able to fetch the Geo-tracking status of the device only when it is able to contact the MDM |
ME MDM app not activated | To fetch the location of the device, the ME MDM app setup must be complete. Upon activation, the Geo-tracking status will be displayed. |
ME MDM app not found | To fetch the location of the device, ME MDM app must be installed and setup on the device. Once the app is installed and activated, MDM |
Location services disabled | Location services need to be enabled on the device. Set location settings to On and re-try fetching the location of the device. |
Failed | Geo-tracking could not be enabled on the device. Verify the requirements and re-try the process. If the issue persists, contact support. |
Not applicable | Geo-tracking is not supported for this device. |
Note: Location tracking for Wi-Fi only devices will be less accurate because it depends on factors like Wi-Fi connectivity and Bluetooth.
You can choose to generate a report based on when the location(s) of devices have been last updated to the MDMReports> Predefined Reports> Geo-tracking status> Location last updated before, and select the required time (based on hours, minutes or days).
MDM
No, location permissions for specific apps cannot be provided through Mobile Device Manager Plus or Endpoint Central. Since location services impact user privacy, they remain under the user's control and cannot be forcibly enabled through Mobile Device Manager Plus.
Thank you for your feedback!
Sorry about that!