Skip to content

Feature List

Entgra EMM server comes with a variety of features optimally catering for every enterprise mobility need that you are likely to encounter in your enterprise.

Accredited as a Google Enterprise EMM Partner, for Android devices the available features of our EMM server include forced confinement to specific WiFi networks, remote keyboard/mouse inputs on screen-share mode, pre-approved connected peripherals and allow listed applications.

The reporting functionality of the server extends to reports for tracking devices that do not have a mandatory application installed, changed SIM details and reports on enrolled as well as unenrolled devices.

Our support for Android, iOS & macOS and Windows operating systems enables wider reach over a range of platforms.

For the available features in each of the operating systems, click on the relevant OS below:

Android

Entgra IoTS 4.1.0 is a Google Enterprise Partner for Android. Therefore Entgra EMM supports the work profiles, dedicated devices and fully managed types of Google recommended enrollments.

Android - Supported Operations

Entgra IoT Server facilitates one time operations that can be performed remotely via the Device Management Console. These operations are useful for runtime maintenance of devices.

The type of operations available for Android devices and are applicable for each enrollment type is summed up as per the table below.

For details on each, click here.

Feature Description Legacy Work Profile Dedicated (Kiosk) Fully Managed (COPE) System App
Remote screen keyboard and mouse inputs in screen-sharing mode.
Allow-list/Block-list connected peripherals plugged-in.
Force devices to be locked on to a given WiFi network.
Entgra secure browser application with remote settings.
Device location history view to track the fleet’s history.
Display a custom message when the device is locked and for locked settings.
Offline un-enrollement via a special per device admin pin code.
Get Device Information - Fetch the device's runtime information.
Get Device Location Information - Fetch the device's current location.
Get Installed Applications - Fetch the device's installed application list.
Ring Device - Ring the device for the purpose of locating the device in case of misplacement.
Transfer files from a remote server(FTP) to device folder.
Transfer files from a device folder to an FTP location.
Mute Device - Put the device in silent mode.
Change Lock Code - Changes the device's currently set lock code. From Android N upwards, clear passcode will not work. X X
Clear Password - Remove any password that the device owner has put. From Android N upwards, clear passcode will not work. X X
Send Notifications/Messages - Send a notification (message) to the device.
Enterprise Wipe - Wipe the entreprise portion of the device.
Device Lock (soft lock) - Lock the device remotely. Similar to pressing the power button on the device and locking it.
Reboot Device - Restart the phone for example for troubleshooting purposes. X X
Upgrade Firmware - Upgrade Android operating firmware ensuring that firmware and the device has to be compatible and only applicable in OEM scenarios. X X X X
Execute Shell Command - Remotely execute the shell commands on the device's command prompt. X X X X
Hard Lock - Lock a device remotely by an admin and only the admin can unlock the device. X X
Manage Web Clip - Install a shortcut link to a web page/web app on the phone's home screen.
Trigger Google Play App - Install an app from the google play store.
Install/Uninstall/update applications - Capability to perform various application management tasks such as install, uninstall and update apps. - Install an app from the google play store.
View Device Screen - Screen sharing with the Admin. - Install an app from the google play store.
Remote Control Device - Allow Admin to remotely control the device.
Get Logcat - View the log of the operating system.
Silent App Install - Install apps on the device without prompting the user to click install.
Remote Kiosk Enable - Enable or disable kiosk mode remotely for maintenance reasons, troubleshooting etc. X X X X

Android - Supported Policies

The policies that can be applied on an Android device depends on the way the device is enrolled with the server.

Accordingly, the table below indicates the policies applicable for each type of enrollment.

Feature Description Legacy Work Profile Dedicated / Fully Managed Fully Managed (COPE) System App
Passcode Policy - Add a passcode strength policy to the device or to work profile
Encryption Settings - Execute the encypt device storage.
Wi-Fi Settings - Push a configuration contaning the wifi profile of the company.
Virtual Private network (VPN Settings) - Push a configuration contaning the VPN profile of the company.
Device Profile Policy - Decides which system apps must be enabled or disabled in a device X
COSU Profile Configuration - Configure the behaviour of the Kiosk X X
Application Restriction Settings - Decides which apps are allowed do be in a device. X
App screen usage time policy to track/restrict screen usage per app.
Runtime permissions - Permissions that are required for the app to work can be granted automatically and defined. X
System Update Policy (COSU) - Specify the strategy or the time windows to perform OS updates. X X
Monitor/Revoke Policies - Continuously monitor the policies of the device to detect any policy violations.
Certificate Install Settings - Install certificate to devices remotely.
Global Proxy settings - Reroute all the http communication of a device via a global http proxy. X X
Enrollment app install - Decides which apps needs to be installed upon enrollment.
Remote App configurations - Send the app configurations for user's installed apps.
Disable removal of profile - Disable the user's ability to unenroll from EMM. X

Android - Restriction Policies

Restriction Policies are those that can be applied on a device restricting or controlling the use of certain specific device features. There are a large number of restrictions that can be applied on an Android device.

The following table lists the available Restriction Policies for Android devices.

Feature Description Legacy Work Profile Dedicated / Fully Managed Fully Managed (COPE) System App
Disable access to camera
Disable modifying certificates in the device X
Disable configuring VPN settings X
Disable configuring App control by hiding the status bar of App Control X
Disable cross-profile copy-paste - Copying text between profiles is blocked. X
Disable debugging - Disable usb debuging X
Disable installing apps to the device X
Disable installing apps from unknown sources X
Disable modifying accounts such as Google, Facebook from being modified/ added/ removed X
Disable outgoing beams - Disable using NFC to transfer data. X
Disable sharing device location. X
Disable uninstalling apps X
Disable parent profile app linking - Disable apps in the personal profile to handle web links from the work profile. X
Ensure verifying apps - Enforce only verified apps can be installed on the device. X
Disable screen capture - Disable capturing the screen of the device. X
Enable auto timing - Enable or diable using time from mobile network as system time. X X
Disable SMS - Disable access to SMS. X X
Disable volume adjust - Disable adjusting the volume of the device. X X
Disable cell broadcast - Disables cell broadcasting messages of the network. X X
Disable configuring bluetooth settings. X X
Disable configuring moble network settings. X X
Disable configuring tethering settings. X X
Disable configuring WiFi settings. X X
Disable safe boot - Disable booting into safe mode. X X
Disable outgoing calls X X
Disable mount physical media - Disable plugging into different media devices. X X
Disable create window - Disable showing certain notifications, toasts and alert by apps. X X
Disable factory resetting of devices. X X
Disable removing users from device. X X
Disable adding new users to device. X X
Disable network reset - Disable user from performing network setting reset. X X
Disable USB file transfer - Disable transfering data over USB. X X
Disable unmute microphone - Configure access to microphone. X X
Disable status bar - Block user from opening the notification bar and access to status bar. X X
Disable set wallpaper - Disable changing wallpapers. X X
Disable auto fill - Disable auto filling forms. X X
Disable bluetooth - Disable bluetooth. X X
Disable bluetooth sharing - Disable sharing via bluetooth. X X
Disable data roaming - Disable data roaming. X X

iOS & macOS

iOS & macOS - Supported Operations

Entgra IoT Server facilitates one time operations that can be performed remotely via the Device Management Console. These operations are useful for runtime maintenance of devices.

Available operations for iOS and macOS vary according to how Apple defines the protocol and also depending on whether the device is a BYOD or a DEP (COPE) device.

The table below depicts a summary of this information.

iOS iOS macOS
Feature Description BYOD DEP BYOD
Get Device Information - Fetch the device's runtime information.
Get Installed Applications - Fetch the device's installed application list.
Get Device Location Information - Fetch the device's current location. X
Ring Device - Ring the device for the purpose of locating the device in case of misplace. X
Install/Uninstall/update applications - Manage apps installed on the device. X
Enterprise data wipe - Wipe the entreprise portion of the device.
Lock Device - Lock the device remotely. Similar to pressing the power button on the device and locking it.
Send Notification - Send a notification(message) to the device. X
Clear Passcode - Clear the passcode of a mobile device. X
Wipe Device(factory reset) - Factory reset a device.
Restart - Restart command is issued to restart the device.
Shutdown - Shutdown command is issued to shutdown the device.
External profile add and remove APIs X
Fetch security information of devices. X

iOS & macOS - Applicable Policies

The policies that can be applied on an iOS device depends on the way the device is enrolled with the server.

Accordingly, the table below indicates the policies applicable for each type of enrollment.

iOS iOS macOS
Feature BYOD DEP BYOD
Virtual Private Network (VPN Settings) - Push a configuration contaning the VPN profile of the company.
Wi-Fi Settings - Push a configuration contaning the wifi profile of the company.
Calendar - This payload configures a CalDAV account.
Calendar Subscription - Adds a subscribed calendar to the userʼs calendars list. X
Cellular Network Settings - Push cellular configurations such as APN settings to a mobile device. X
Email settings - These configurations can be used to define settings for connecting to your POP or IMAP email accounts.
LDAP Settings - These configurations can be used to define settings for connecting to your LDAP server.
Manage Domains - Any document downloaded from the given URLs are marked as managed documents and will be used in managed open in restrictions. X
Unmarked Email Domains - Specify a list of email domains that are enterprise recognised so that the others are marked as unregnised by highlighting in the mail client.
Passcode policy - Add a passcode strength policy to the device or to work profile.
Monitor/Revoke Policies - Continiously monitor the policies of the device to detect any policy violations.
Certificate install - Install certificate to devices remotely.
Global Proxy Settings - Reroute all the http communication of a device via a global http proxy.
Disallow removal of profile - Disable the user's ability to unenroll from EMM. X X
AirPlay Settings - The AirPrint payload adds AirPrint printers to the user's AirPrint printer list. X
Network Usage Rules - Network Usage Rules allow enterprises to specify how managed apps use networks, such as cellular data networks. X X
App Lock (Kiosk mode) - Configure the behaviour of the Kiosk. X X
Font install - Install fonts to an iOS device remotely. X X
Exchange - Exchange active sync contacts and mails to devices. X
Managed Settings command - Send the app configurations for user's installed apps. X X
AppStore Payload - Enforce restrictions on the App store in macOS. X X
Loginwindow Payload - Behaviour of the login screen and users are controlled with this policy. X X
Firewall Policy - A Firewall payload manages the Application Firewall settings that are accessible in the Security Preferences pane. X X

iOS & macOS - Restrictions Policies

Restrictions Policies are those that can be applied on a device restricting or controlling the use of certain specific device features.

There are a large number of restrictions that can be applied on an iOS device. The following table lists the available Restriction Policies for iOS devices.

{insert table here}

Windows

Windows - Supported Operations

Entgra IoT Server facilitates one time operations that can be performed remotely via the Device Management Console.

The following operations can be executed on a Windows device.

Feature Description
Get Device Information Fetch the device's runtime information.
Get Installed Applications Fetch the device's current location
Wipe Device(factory reset) Wipe the entreprise portion of the device
Lock Device Lock the device remotely. Similar to pressing the power button on the device and locking it.
Ring Device Ring the device for the purpose of locating the device in case of misplace.
Clear Passcode Changes the device's currently set lock code. From Android N upwards, clear passcode will not work

Windows - Supported Policies

The following policies can be executed on a Windows device.

Feature Description
Passcode policy Define a password policy for the devices.
Encrypt storage Encrypt data on the device, when the device is locked and make it readable when the passcode is entered.
WiFi Policy Configure settings for accessing wireless networks.
Kiosk Policy Set up Windows OS to allow only one application to run.

Windows - Restriction Policies

Restrictions policies are those that can be applied on a device restricting or controlling the use of certain specific device features.

The following restriction policies are applicable on a Windows device.

Feature Description
System/AllowLocation Disable or enable location services
System/AllowUserToResetPhone Control acces to factory reset
DisableOneDriveFileSync Disable or enable syncing files with One drive storage
System/DisableSystemRestore Disable or enable system restore capabilities
System/AllowStorageCard Restrict access to external storages such as SD cards or USB
Security/AllowManualRootCertificateInstallation Allow installing root certificates and intermidiate certificates
Connectivity/AllowBluetooth Disable or enable Bluetooth
Connectivity/AllowCellularData Disable or enable mobile data
Connectivity/AllowCellularDataRoaming Disable or enable data roaming
Connectivity/AllowConnectedDevices Disable or enable Connected Devices Platform (CDP) which allows to discover connected device
Connectivity/AllowNFC ADisable or enable NFC beams
Connectivity/AllowPhonePCLinking Disable or enable the ability to connect to perform a continious task with a link between phone and PC
Connectivity/AllowUSBConnection Disable or enable USB connection
Connectivity/AllowVPNOverCellular Decides if a VPN can be created over mobile data
Disable adding non-microsoft accounts Disable adding non Microsoft based account to the device
disable private browsing Decides if private browsing is allowed on the device
disable removable drive indexing Decides if the search results contain files from removable devices
disable language Disables language settings
disable cortana Decides if cortana is allowed on the device
disable region Disables region settings
disable date and time Disable changing date and time settings
assigned access Lock a user to a single application