Managing secure locations for a device

The Locations feature allows an administrator to determine whether a device is at a designated secure location and receiving the necessary policies while onsite.

About this task

The geo-fencing rule, included with the compliance rule set, places a device out of compliance if a device is removed from a designated secure location. The administrator can send actions against the device and also apply policies to the device when the device checks back in a designated secure location.

If a device is removed from a designated secure location, the device can receive a policy in other ways based on the following sequence: rules, groups, devices, users, or default. A location-based policy receives the highest preference.

A location is either a physical location such as a physical address, or a network connection such as a wifi SSID. MaaS360® can detect a geographically-based or wifi-based location and apply a policy to a device within 30 minutes depending on the network connection and the status of the MaaS360 app on the device.

For Android devices, MaaS360 immediately detects a wifi-based location for a device. For an address-based location, MaaS360 uses a policy to detect a device, which might take up to 5 minutes (the default setting is 15 minutes) depending on the network connection and the status of the MaaS360 app on the device. MaaS360 detects the location of a device based on the frequency setting configured in the Android MDM policy. If this setting is configured to check the device often, you might drain the battery on the device. The MaaS360 agent can only notify the IBM® MaaS360 Portal up to 100 times a day for any changes to a device's location. When that limit is reached, the agent cannot communicate changes to the IBM MaaS360 Portal or change a policy until the next day. MaaS360 provides offline geo-fencing functions for Android MDM policies. Offline policy features require applicable Android devices to come online to receive policy and map data. Once this information is gathered, the device updates policies by using geo-fencing guidelines while the device is offline. To enable offline geo-fencing, contact your IBM MaaS360 Account Manager or Partner.

Note:
  • To use location-based functions, the administrator must enroll devices and install the MaaS360 app on the device.
  • Location tracking is not supported on Android devices that are enrolled in Profile Owner (PO) and Work Profile on Corporate Owned (WPCO) modes.

Follow these steps to set up the location of devices based on a geographical area or a wifi network:

Procedure

  1. From the IBM MaaS360 Portal Home page, select Security > Locations.
    The Locations page is displayed.
  2. Choose one of the following options:
    • If you want to add an address-based location, follow these steps:
      1. Click Add Address based Location. The Bing map displays the location of a device based on the IP address that is used to sign in to the MaaS360 customer account.
      2. Type the location address and range (in miles), and then click Search.
      3. Type the name of the location, and then click Add this specific location with Range. The location is displayed on the Locations page.
      Viewing an example of adding an address based location
    • If you want to add a wifi-based location, follow these steps:
      Viewing an example of adding an Wi-Fi based location
      1. Click Add Wi-Fi based Location.
      2. Type the name of the location, the wifi SSID, and the MAC address, and then click Add. The location is displayed on the Locations page.
        Note:
        • Location is determined by the device that is connected to the wifi SSID that you typed in the Wi-Fi SSID field.
        • The Wi-Fi based location setting requires MES 1.85+ and MaaS360 Core App for Windows 4.0+. The address-based location setting requires MES 2.16+ and MaaS360 Core App for Windows 4.0+.
        • You must contact IBM Support to enable this feature.
    Viewing an example of location name in Locations page
  3. Select a location on the Locations page, and then click one of the following actions under the device location:
    Action Description
    Edit Edits the address-based location of a device.
    Assign Policies Applies a policy to a device at the address-based location.
    • To apply a policy to all devices, click All Devices.
    • To apply a policy to a group of devices, select a device group, and then click Confirm.
    Delete Removes an address-based location from a policy.