New Features in Version 4.

0
Revised: January 7, 2011

For Technical Support

Email: support@mobileiron.com
Phone: 1-877-819-3452

Overview
This release focuses on the following new features:
• Android Support
• In-house App Distribution for iOS
• Redesigned Apps Management UI
• App Control Feature
• BlackBerry 6.0 Support
• Windows Phone 7 Support
• Registration PIN and/or Password (Android/iOS)
• SMS Archive Package
• Expanded Events
• Outbound HTTP Proxy for Gateway Transactions and System Updates
• Specifying Eligible Platforms for Registration
• API Additions

See the MobileIron Release Notes for information on other changes, resolved issues,
and known issues.

Company Confidential
1
Android Support
Android 2.2 is now supported. The following table summarizes the feature support in
this first release of MobileIron for Android.

Provisioning Android

Per Device yes

Bulk yes
User Self-Service (By Invitation) yes
Asset Management Android

Device Inventory yes

Device Details yes
Ownership Status yes
Designate Lost Device yes
Designate Found Device yes
Retire Device yes
Send Message yes
Wakeup Client yes
Reprovision Client yes
Sync Policy yes
Group Actions (Labels) yes
Security Android

Lock yes
Wipe yes
Selective Wipe (Email) yes10, 13
Certificate Exchange
Distribution only10
Encryption Policy (Internal Stor- Exchange
age) only10
Password Policy yes
Privacy Policy yes
Block Registration by OS yes
Locate (via Cell Tower) yes
Locate (via GPS) yes
Sentry Access Control Android

Device Inventory yes

Device Details yes
Allow / Block yes
Wipe yes
Register yes
App Management Android

App Control Policy yes

On-Device
Inventory yes

Company Confidential
2
 Mobile Activity Intelligence Android
International
Roaming yes
Event Center
Alerting partial12
MyPhone@Work Android

Register yes
Lock yes
Wipe yes
Find It yes

10 Via integration with NitroDesk’s TouchDown for MobileIron software.

11 SMS archiving coverage is not complete for this platform. Also, there are certain devices for which the SMS data is not
currently available.

12 One or more significant parts of this feature are not supported. See the detailed documentation for this feature.

13 Selective wipe of email for this platform is accomplished via retiring or wiping the device; it is not accomplished using
the Selective Wipe command.

Support for Exchange ActiveSync Features

For Android devices, several features require a third-party add-in called NitroDesk’s
TouchDown for MobileIron. The download is available on Android Market.

Setting Up Secure Email for Android

Setting up secure email for Android requires tasks on both the device and the Mobile-
Iron VSP.

Tasks on the MobileIron VSP

Complete the following tasks on the MobileIron VSP:
1. Configure an Exchange app setting in the Smartphone Manager (Apps & Files | App
Settings | Exchange).
2. Apply the Exchange app setting to a label that points to the Android devices.
3. Initiate registration of the Android devices.

Tasks on the Android Devices

Complete the following tasks on the Android devices:
1. Download and install NitroDesk’s TouchDown for MobileIron.
The download is available from Android Market.
2. Download the MobileIron Client from the Android Market.
3. Start the MobileIron Client to complete the MobileIron registration.

Custom Landing Pages for Registered Android Devices

For Android devices, you have the option of specifying a custom landing page to be
displayed after the device is registered. Implement a landing page if you would like to
Company Confidential
3
provide the device user with more than the basic information currently provided in the
MobileIron Client UI for Android, which is shown in the following figure.

To configure a landing page:

1. Create the custom page you would like to display after a user registers an Android
device.
2. In Smartphone Manager, select Settings | Preferences.

Company Confidential
4
3. In the Registration Preferences section, enter the URL for the custom page in the
Landing Page URL After Device Registration field as follows:
http://<URL>Click Save.

Optional Syntax
If available, the following values are added to the end of the URL:

?email=<email_address>&name=<user_ID>

The email address and user ID are the values associated with the user’s MobileIron
account. Include these optional elements if you to design a page that is customized
based on this information. For example, you might want to use the <user_ID> to pro-
vide a personalized welcome on the page.

Note: If you intend to use these optional elements, be sure that the web server host-
ing the custom page will accept them.

Example: http://www.mycompany.com?name=jsmith

Custom Landing Pages and Self-signed Certificates

If using HTTPS for the custom landing page, then do not use untrusted TLS server
certificates.

Company Confidential
5
In-house App Distribution for iOS
In previous releases, MobileIron enabled only a recommended list of public apps,
requiring users to initiate and complete a download process via the Apple Store.
MobileIron now also supports the distribution of in-house apps.

What Are In-house Apps?

In-house apps are mobile apps that you develop and distribute internally. For compre-
hensive information on in-house app development, go to:

http://www.apple.com/iphone/business/apps/in-house/resources.html.

Prerequisites
Basic app distribution requires:
• iOS 4.1 or later

For the complete functionality, including updates to badging resulting from inventory
data, the following are also required:
• Participation in the Apple iDEP program
• iOS MDM features enabled (Settings | Preferences)

For details on implementing and enabling MDM support for MobileIron, see the mate-
rials posted on the MobileIron Support site.

Using the iOS App Wizard

To set up distribution of an in-house app to iOS devices:

Company Confidential
6
1. In Smartphone Manager, select Apps & Files | App Distribution.

2. Select iOS from the Select Platform list.

3. Click the Add App button.
The iOS Add App Wizard starts.

4. Click Next.

Company Confidential
7
 In-house App is selected by default.
5. Click Browse and navigate to the in-house app (.ipa) you want to upload.
6. If this app is designed only for iPads, set the iPad Only option to Yes.
7. Click Next.
The Add App Wizard examines the selected bundle to ensure that it meets require-
ments for in-house apps distributed for iOS devices. If the bundle is acceptable, the
following screen displays.

Company Confidential
8
8. Use the following guidelines to complete the items in this screen:

Item Description
App Name Displays the App Name defined for the bundle. You can
edit this text to display a different name to users. Note
that app names longer than 25 characters will be trun-
cated when displayed on the device.
Display Version Enter the version number to be displayed to users. You
may enter numerals and periods (.) in this field.
Bundle Version Displays the version defined for the bundle. This item is
not editable.
Description Enter any additional text that helps describe what the
app is for. This text appears on the in the MobileIron app
on target devices (under the app name in the In-House
Apps list).
Featured Select No if you do not want to highlight this app in the
Featured apps list. On the device, the user can tap a but-
ton to display all recommended and in-house apps or a
subset of featured apps. Note that the Message feature
for iOS apps applies only to featured apps and those
installed apps for which an update is available. See
“Informing Users of New Apps and Upgrades for Featured
Apps” on page 15 for information.

Company Confidential
9
 Item Description
Data Protection Select Yes to require that data protection be enabled in
Required order to install this app.
Note: Devices without data protection enabled will not
see the app at all in the In-house Apps list on the device-
and will not know that data protection compliance is
required. Therefore, you may want to communicate the
requirement to users.
Provisioning Profile Displays the identifier for the provisioning profile incorpo-
rated in the bundle.
Category Select a category if you would like this app to be dis-
played in a specific group of apps on the device. Click the
here to define new categories.

9. Click Next.

Company Confidential
10
10. Use the following guidelines to complete this page:

Item Description
App Icon Required. Select the icon to be used to
represent this app. The file must be in
JPG, PNG, or GIF format. PNG is recom-
mended for best resizing results. Accept-
able dimensions are 57x57 pixels, 72x72
pixels, or 114x114 pixels.
iPhone and iPod Select up to 4 optional screenshots to dis-
touch screenshots play for the app. Screenshots must be in
JPG, PNG, or GIF format and one of the
following dimensions specifications:
320x480 pixels
640x960 pixels
480x320 pixels
960x640 pixels
iPad screenshots Select up to 4 optional screenshots to dis-
play for the app. Screenshots must be in
JPG, PNG, or GIF format and one of the
following dimensions specifications:
1024x768 pixels
768x1024 pixels

11. Click Finish.

The app is displayed in the App Distribution screen with an icon that identifies the
app as an in-house app.

The provisioning profile for the app is also stored on the VSP and is displayed in the
App Settings page.

Company Confidential
11
Adding an App to an Apps List
Once you have added an iOS app (recommended or in-house) to the app distribution
library, you need to select one or more labels to specify which iOS devices should have
the app displayed in an apps list.
1. In Smartphone Manager, select Apps & Files | App Distribution.

2. Select iOS from the Select Platform list.

3. Select the app you want to work with.

4. Select Actions | Apply to Label.

Company Confidential
12
5. Select the label that represents the iOS devices on which you want the selected app
to be listed.
6. Click Publish.
7. If you have not done so already, consider linking any recommended app to the cor-
responding entry in the app inventory. This step will help with app tracking because
the name you assign to the app is not likely to be the same as the name reported
by the app once it is installed. You should also consider testing the first installation
of each recommended app so that you can record the corresponding reported app
name. See “Linking Recommended Apps to Inventory Apps” on page 14.

User Notification of Newly-Published Apps

When a featured app is published to users, those users receive a notification in the
form of a badge that appears on the MobileIron icon.

If the user starts the app on the device, the badge appears next to the appropriate
app list. The number on the badge indicates the number of apps available.

If the user deletes a published app, that app will not become available for reinstalling
again until the next sync interval causes the MobileIron VSP to be updated. You can
address user concerns by using the Wakeup Client command to force the MobileIron
Client to update the VSP.

Company Confidential
13
Linking Recommended Apps to Inventory Apps
Recommended apps display in the “App Store apps” list using the app name you spec-
ified when you added it to the app distribution library. However, the App Inventory
page displays the name reported by the app. This name can often be quite different.
Also, the # of Devices Installed list in the App Dist page does reflect installations.
Therefore, to facilitate tracking of installed apps, you may want to create a link
between the two names.

To link the recommended app name to the reported app name:

1. In Smartphone Manager, select Apps & Files | App Distribution.

2. Select iOS from the Select Platform list.

3. Click the edit icon next to the app you want to work with.

Company Confidential
14
4. Select the corresponding inventory app name from the Inventory Apps list.
5. Click Save.
Once the link is established, the # of Devices Installed column in the App Distribu-
tion screen displays the correct number. You should consider changing the app
name as specified in any app control rules to ensure it matches the official name.

Informing Users of New Apps and Upgrades for Featured

Apps
You can send out a mass APNS message informing iOS users about the availability of
a new featured app or an upgrade for a featured app:
1. In Smartphone Manager, select Apps & Files | App Distribution.

Company Confidential
15
2. Select iOS from the Select Platform list.
3. Select the app you want to work with.
4. Click Message.

5. Click Send.
An APNS message is sent to the devices for whom the app was published. The mes-
sage includes buttons that enable the user to install or upgrade the app.

Company Confidential
16
Again, the message is sent only for apps configured as featured apps in the app
distribution library.

Company Confidential
17
Redesigned Apps Management UI
The apps management UI has been redesigned to accommodate new features and
streamline common procedures. The following figure shows the new Apps & Files tab.

App Settings
The Application Settings menu is now called App Settings. Also note that SCEP is now
available from the main menu and no longer appears under the iOS submenu. This
change reflects SCEP support for additional platforms.

App Distribution
The Application Catalog has been replaced with an App Distribution page, as shown in
the following figure.

This feature is supported for the following platforms:

• iOS
• BlackBerry
• Windows Mobile
• Symbian

Company Confidential
18
Pick a Platform First
The new procedure for preparing apps for distribution starts with selecting a platform
from the Select Platform list. The procedure, required information, and available
actions differ by platform. Picking a platform is also necessary for displaying the exist-
ing apps and managing them.

Add an App
Once you select a platform, you can click the Add App button to start entering the
required information.

For iOS, clicking Add App starts the Add App Wizard, which leads you through the rest
of the procedure, including the selection of recommended or in-house apps. Recom-
mended apps are the same as recommended apps available in previous versions of
MobileIron. In-house apps are apps developed by your organization for internal distri-
bution. The following figure shows an example of a screen from the Add App Wizard.

For all other supported platforms, clicking Add App displays a dialog specific to the
selected platform. These dialogs resemble those from previous versions of MobileIron,
except that they have been tailored for the selected platform. The following figure
shows an example.

Company Confidential
19
Manage Apps
For iOS devices, once you have added an app, you can perform the following tasks:
• Send a message about new or updated apps
• Delete an app
• Apply the app to a label to facilitate distribution
• Remove the app from a label

Note that deleting an iOS app also removes the provisioning profile from the devices
on which the app was installed. This prevents those devices from running the app.

For other supported platforms, once you have added an app, you can perform the fol-
lowing tasks:
• Delete an app
• Install an app
• Uninstall an app
• Publish an app
• Unpublish an app

Company Confidential
20
App Inventory
The App Inventory page displays detected apps that were installed after the produc-
tion image was applied to the device. These include apps that are not managed by
MobileIron. You can filter these apps by platform, label, and app name.

App Control
The App Control page enables you to define app control rules for use in security poli-
cies.

Each app control rule specifies that the apps meeting the specified criteria be desig-
nated as either Required, Allowed, or Disallowed. See “App Control Feature” on
page 22 for more information about using app control rules.

Company Confidential
21
App Control Feature
iOS4.x
App Management Android BlackBerry iOS + MDM7 Symbian webOS WinMo 5 WinMo 6.x Win 7
App Control
Policy yes yes yes yes yes - yes yes -

The app control feature enables you to exert control over which apps are installed on
managed devices. Using app control rules, you can define which apps are required,
allowed, or disallowed. You can then associate these rules with a security policy that
specifies the consequences of being out of policy. Consequences include blocking
ActiveSync access, sending an alert (configured in Event Center) to the specified
administrator and user, and displaying a warning icon in the All Smartphones page.

App control applies to all MobileIron-supported platforms except webOS and Win 7.

Setting Up App Control

You can set up app control to enhance visibility into the apps being installed on man-
aged devices and help enforce corporate app policy. Setting up app control involves
the following tasks:
Company Confidential
22
• define app control rules
• select app control rules to the Access Control settings in the security policies
assigned to target devices
• configure alerts when a device violates the app control rules in its security policy

The app control rule defines which apps you want to control. Security policies specify
which devices the rules are applied to and the actions to associate with a rule viola-
tion. The alert determines the information that is sent as the result of rule violation,
as well as the recipients of the information.

App Control Rule Types

Each app control rule specifies that the apps meeting the given criteria be designated
as either Required, Allowed, or Disallowed:
• Use Required rules to ensure that certain apps are installed on designated devices.
The absence of one of these apps is considered a policy violoation. For example,
since MDM-enabled iOS devices report inventory even if the MobileIron Client has
been uninstalled, you can create a Required rule to ensure that the removal of the
MobileIron Client results in the appropriate response.
• Use Allowed rules to specify a small set of apps that are allowed on designated
devices. The presence of an app not on this list is considered a policy violation. For
example, you might create a set of Allowed rules for use by temporary employees
to ensure that they are not installing personal apps on a corporate device.
• Use Disallowed rules to specify a small set of apps that are forbidden on designated
devices. The presence of a disallowed app is considered a policy violation. For
example, you might use a set of Disallowed rules to help lower exposure to apps
with known security issues.

App Control Rule Criteria

App criteria match a specified string against the app name. (In this case, “app name”
refers to the uneditable app name defined by the author of the app. It does not refer
to an app name you may have specified when adding the app to the app distribution
library.) You can also restrict criteria to a specific platform. The following figure shows
an example of an app control rule with criteria for disallowed apps.

Company Confidential
23
App Control Rules Applied in Security Policies
The following figure shows app control rules applied in a security policy. In this case,
ActiveSync access will be blocked and an alert will be generated if the specified apps
are detected on a device to which the security policy is applied.

App Control Alerts

The app control rule specifies whether violating devices should just trigger an alert or
also be blocked from ActiveSync access. However, the associated event must also be
configured in Event Center, or no alert will be generated. The following figure shows
app control events in the Policy Violation Event screen.

Company Confidential
24
Adding an App Control Rule
To add an app control rule:
1. In Smartphone Manager, select Apps & Files | App Control.

2. Click Add.

Company Confidential
25
3. In the Name field, specify an identifier for this rule.
4. For the Type option, select the type of rule you want to define:
• Required: This rule specifies criteria for apps that MUST be installed.
• Allowed: This rule specifies criteria for apps that MAY be installed, exclusive of
all other apps.
• Disallowed: This rule specifies criteria for apps that MUST NOT be installed.
5. Under Rule Entries, specify one or more criteria to match the name of the app you
want to control:
• Select IS or CONTAINS to indicate whether to use an exact match. Note that if
you selected Required, then you must select IS.
• In the App Search String, enter the app name text you want to match. Do not
enter wildcards.
• In the Device Platform list, select the platform to which you want to apply this
entry.
• In the optional Comment field, you can enter a note about the purpose of the
entry.
6. To add an additional entry, click the + icon.
7. Click Save when you are finished.
The following figure shows an example of an app control rule with criteria for disal-
lowed apps.

Company Confidential
26
8. Specify the rule in the appropriate security policies to apply the rule to managed
devices.

Applying an App Control Rule to a Security Policy

To apply an app control rule to a security policy:
1. In Smartphone Manager, select Security & Policies | All Policies.
2. Select the security policy you want to work with.
3. Click the Edit button.
4. Scroll down to the Access Control section of the Edit Security Policy screen.

Company Confidential
27
5. Select the checkbox for the App Control rules option.
6. In the dropdown list, select the action you want to perform if the rule is violated.
You can select from:
• Block ActiveSync and Send Alert: Prevents the device from accessing email via
ActiveSync and generates a policy violation alert, if configured in Event Center.
• Send Alert: Generates a policy violation alert if configured in Event Center.
7. Under Rule Type: Required, select the rules you want to apply, if any, and click the
arrow button to move them to the Enabled list.
8. To apply allowed-type or disallowed-type rules, select either Rule Types: Allowed or
Rule Types: Disallowed. You may not select both in the same security policy.
9. Select the allowed-type or disallowed-type rules you want to apply and click the
arrow button to move them to the Enabled list.
10. Click Save.
11. Go to Event Center to configure App Control alerts.

Company Confidential
28
Configuring App Control Alerts
To enable app control alerts:
1. In Smartphone Manager, select Event Center | All Events.
2. Select Add New | Policy Violation Event.

3. Enter a name for the event.

4. Confirm that the app control alerts you want to generate have been selected. The
following table summarizes these alerts:

Item
Disallowed app found
App found that is not in
Allowed Apps list
Required app not found
Description
Generate an alert if a disallowed app is
found on a designated device.
Generate an alert if an app is found that
is not on the Allowed Apps list for the
designated device.
Generate an alert if a required app is not
found on a designated device.

5. Disable any other alerts that you do not want to enable.

Company Confidential
29
6. Click Save.

Viewing App Control Status

In addition to the alerts you can configure, MobileIron displays app control status for
devices in the All Smartphones page.

The following table summarizes the icons related to app control.

Icon Description
App control violation

Required app violation

Allowed app violation

Disallowed app violation

The following figure shows an icon indicating an app control violation.

Select the entry for a device in violation to see details in the device details pane, as
shown in the following figure.

Company Confidential
30
App Control, App Inventory, and Privacy Policies
App control and app inventory features are influenced by the new Apps setting in pri-
vacy policies. By default, it is set to Sync Inventory, which ensures that information
about installed apps is sent to the VSP. If you set Apps to None, then app control
rules, in-house app notifications, and any other features dependent on inventory data
will not function.

Company Confidential
31
BlackBerry 6.0 Support
This release includes support for BlackBerry 6 devices. MobileIron functionality is
much the same as with previous BlackBerry versions. The following differences should
be noted:
• The Lock feature does not lock the device if the user has not already set a passcode
for the device.

Company Confidential
32
Windows Phone 7 Support
This release includes base device management support for Windows Phone 7 via
ActiveSync:
• Password Policy
• Device Inventory
• Device Details
• Allow / Block
• Wipe
• ActiveSync Policy

Note: There is no MobileIron client for Windows Phone 7; therefore users do not reg-
ister their devices with MobileIron. Use the ActiveSync Smartphones page to view
Windows Phone 7 devices that are accessing enterprise email via ActiveSync. Use the
ActiveSync Policies page to manage these devices.

Company Confidential
33
Registration PIN and/or Password (Android/
iOS)
Previously, registration of iOS devices required only a user name, password, and
server name from the device user. This remains the default behavior. However, you
now have the option to require a MobileIron-generated Registration PIN in place of or
in addition to the password. This feature also applies to newly-supported Android
devices.

To set up the requirement of a Registration PIN:

1. In Smartphone Manager, select Settings | Preferences.

2. Under iOS/Android In-App Registrations Preferences, select Registration PIN to

require just a MobileIron-generated Registration PIN consisting of six characters, or
select Password and Registration PIN to require both.
3. Click Save.

Note that the iOS registration procedure for the device user has changed slightly to
accommodate this change. Specifically, the Server Name field now displays first
instead of together with the other fields requiring input for registration.

Company Confidential
34
SMS Archive Package
iOS4.x +
Android BlackBerry iOS MDM Symbian webOS WinMo 5 WinMo 6.x WIn 7
SMS
Archive - yes - - -11 - -11 -11 -

11 SMS archiving coverage is not complete for this platform. Also, there are certain devices for which the SMS data is not
currently available.

Complete the following steps to set up the SMS Archive package.

1. In Smartphone Manager, click Settings | Preferences.
2. Scroll down to the SMS Archive Preferences section.

3. Use the following guidelines to complete the settings:

Setting Description
Forward SMS as Select On to enable the SMS Archive package.
Email
Default From Enter the email address to display in the From
Address field of the emails generated for archiving the
SMSes.
Destination Email Enter the email addresses for the archival sys-
Addresses tems to which the generated emails are being
sent. Separate the email addresses with com-
mas (,).

Company Confidential
35
 Setting Description
Host/IP Addresses Enter the host name or IP address of each SMTP
server to use for relaying the email to the SMS
archival destinations. You may specify the same
SMTP server that you specified when you config-
ured the VSP. If you specify multiple addresses,
then MobileIron attempts to connect to each in
the order specified until a successful connection
is established.
TLS Enabled Select Yes if you want to enable TLS for interac-
tions with the SMTP relay server.
STARTTLS Required If you selected Yes for the TLS Enabled option,
indicate whether the STARTTLS protocol is
required for the specified SMTP servers.
SMS Delivery Inter- Enter the number of hours that the VSP should
val wait before forwarding collected SMSes to their
archival destinations. The default value is 4.

4. Click the Check SMTP Connection button to confirm SMTP access.

5. Click Save at the bottom of the Preferences screen.

SMS Archive and Privacy Policies

MobileIron privacy policies specify whether SMS content is synchronized. These poli-
cies impact whether SMS content will be archived, as well. To configure a privacy pol-
icy to support SMS archiving:
1. Select Security & Policies in Smartphone Manager.
2. Select the privacy policy entry.
3. Click the Edit button.

Company Confidential
36
4. Set the SMS option to Sync Content.

Monitoring SMS Archival

The following monitoring options are available to track:
• the number of SMSes queued for delivery
• the total number of SMSes delivered

Checking the SMS Archive Queue

You can display the number of SMSes currently waiting to be forwarded from the VSP
to the configured archive destinations:
1. In Smartphone Manager, click Settings | Preferences.
2. Scroll down to the SMS Archive Preferences section.

Company Confidential
37
3. Note the Number of SMS in Queue statistic at the bottom of the section.
A large number of queued SMSes can mean high activity or a problem with SMTP
connectivity. Click the Check SMTP Connection to confirm connectivity. See “Over-
riding the SMS Delivery Interval” on page 38 for information on attempting to
deliver SMSes by overriding the delivery interval.

Overriding the SMS Delivery Interval

When you set up the SMS Archival package, you specify the SMS Delivery Interval,
which determines how often the VSP forwards the collected SMSes to the archival
destinations. To override this interval and send the SMSes immediately:
1. In Smartphone Manager, click Settings | Preferences.
2. Scroll down to the SMS Archive Preferences section.
3. Click the Send Now button.
Note that the Send Now button is enabled only if there are queued SMSes.

Checking the Number of Delivered SMSes

MobileIron keeps a perpetual count of the SMSes delivered to archive destinations. To
view this number:
1. In Smartphone Manager, click Settings | Preferences.
2. Scroll down to the SMS Archive Preferences section.
3. Note the Number of SMS in Queue statistic at the bottom of the section.

Company Confidential
38
Expanded Events
System events and policy violations events have been enhanced to include several
additional scenarios.

System Events
The following table lists the system events that have been added.

Event
Sentry (standalone and integrated) can-
not reach EAS server
Sentry (standalone and integrated) is
unreachable
Provisioning Profile Expired
SMTP Relay server is unreachable
SMTP Relay server error
Description
Generates an alert if the MobileIron
Sentry is unable to contact the Active-
Sync server.
Generates an alert if the MobileIron
VSP is unable to contact the MobileIron
Sentry.
Generates an alert if an iOS provision-
ing profile distributed via MobileIron
has expired. In general, this profile will
be associated with an in-house app.
Generates an alert if the configured
SMTP relay does not respond to a ping
or SMTP ping.
See Settings | Preferences in Smart-
phone Manager for the configured
SMTP relay.
Generates an alert if the configured
SMTP relay returns an error. The alert
includes available details to enable
troubleshooting.
See Settings | Preferences in Smart-
phone Manager for the configured
SMTP relay.

Company Confidential
39
 Event
SMS Message archive queue is full
MAI data processing has not succeeded
for more than 24 hours
Description
Generates an alert if the queue of mes-
sages to be archived exceeds 100. This
indicates a possible problem with the
service, causing a backlog in the
queue.
In response to this alert, you should
check the health of the SMTP relay
server and confirm that it is correctly
configured under Settings | Prefer-
ences in Smartphone Manager.
Generates an alert when 24 hours has
elapsed since the last time the MAI
data processing task ran successfully.
If the task was initiated (automatically
or manually) during that 24 hour
period, but failed, then the alert will
still be generated. Contact MobileIron
Support for information on trouble-
shooting this issue.
You can schedule this service, check its
status, or launch it manually from
Mobile Activity Intelligence | Settings in
Smartphone Manager.

Policy Violations Events

The following table lists the policy violations events that have been added.

Event Description
App Control
Disallowed app found Generates an alert if an app that is
specified as Disallowed is not installed
on a device. Apps are specified as
Required, Allowed, or Disallowed under
Apps & Files | App Control.
App found that is not in Allowed Apps Generates an alert if an app that does
list not appear on the list of allowed apps
has been detected on a device. Apps
are specified as Required, Allowed, or
Disallowed under Apps & Files | App
Control.

Company Confidential
40
Event
Required app not found
Device Settings
Passcode is not compliant
iOS
iOS Configuration not compliant
Data Protection is disabled
Restored Device connected to server
Android
Disallowed Android OS version found
Compromised Android device detected
Company Confidential
41
Description
Generates an alert if an app that is
specified as Required is not installed on
a device. Apps are specified as
Required, Allowed, or Disallowed under
Apps & Files | App Control.
Generates an alert if a device is
detected having a passcode that does
not meet the requirements specified in
the associated security policy.
Generates an alert if an iOS device
does not have the expected security
policy or application settings. This state
may indicate that a setting was
changed or was not applied success-
fully.
Generates an alert if an iOS device has
its Data Protection feature turned off.
Generates an alert if a previously wiped
device has been restored and attempts
to connect through MobileIron.
Generates an alert if an Android device
having a disallowed OS version is
detected. You can specify disallowed
versions in the security policy.
Generates an alert if a compromised
Android device is detected. That is, an
Android user has obtained or provided
an app with root access to the device.
Outbound HTTP Proxy for Gateway Transactions
and System Updates
You can now configure an outbound HTTP proxy for the MobileIron VSP. This proxy is
intended primarily for organizations that require an HTTP proxy for communications
with the MobileIron Gateway and for system updates. MapQuest requests are also
routed through this proxy.

Note: See MobileIron Support for assistance in implementing this feature.

To configure the proxy:

1. In Smartphone Manager, select Settings | Preferences.
2. Scroll down to the HTTP Client Preferences section.

Company Confidential
42
3. Use the following guidelines to complete the fields in this section:

Field Description
HTTP Proxy URL Enter the URL for the outbound HTTP
proxy.
HTTP Proxy Auth Enter the authentication name for the
Name HTTP proxy.
HTTP Proxy Auth Enter the authentication password for the
Password HTTP proxy.
HTTP Client Connect Specify the amount of time to wait for the
Timeout connection setup to complete.
HTTP Client Socket Specify the amount of time to wait for a
Timeout response from the proxy server.

4. Click Save.
At this point, the settings are saved, but not applied. See MobileIron Support for
help with applying these settings.

What the HTTP Outbound Proxy Does Not Apply To

The HTTP outbound proxy does not apply to the following areas:
• APNS for MDM or the MobileIron Client
• MobileIron Sentry
• BES integration
• SCEP-to-CA connections

Company Confidential
43
Specifying Eligible Platforms for Registration
In some cases, you may want to exclude from registration all devices of a particular
platform. For example, if corporate policy dictates that a particular device platform
will not be supported, you may want to prevent users from selecting the platform dur-
ing self registration. Likewise, you may want to prevent helpdesk personnel from mis-
takenly registering the unsupported platform in the Admin Portal.

To exclude a device platform from registration:

1. In Smartphone Manager, select Settings | Preferences.
2. Navigate to the Registration Preferences section.

3. In the Enabled Platforms list, select the platform you want to exclude.
Shift-click platforms to select more than one.
4. Click the left arrow button to move the selected platforms to the Disabled Platforms
list.
5. Click Save.
All methods of registration now exclude the selected platforms.

Company Confidential
44
API Additions
The following APIs have been added for this release:
• Get Devices by App Name
• Get Policies
• Get Policies by Device UUID
• Get All App Settings
• Get App Settings by Type
• Get App Settings by Device UUID
• Apply Policy to Label/Remove Policy fromLabel

Company Confidential
45