ZENworks now supports the Android enterprise program that enables administrators to manage and distribute apps, and secure corporate data on Android devices using a work profile. ZENworks supports only the Managed Work Profile mode, typically the BYOD device scenarios.
Some of the main features of this program include:
Profile Management: You can now separate the users’ personal and work content on their devices. The work apps are tagged with a badged icon to help users distinguish between their personal and work apps.
Corporate Data Wipe: Using the existing Unenroll quick task feature, you can remotely wipe only the corporate data from the devices and not the entire device. Users do not have to be worried about losing personal content on their devices.
Additional Security Features: The features of the existing Mobile Security Policy and the Mobile Device Control Policy have been extended to support devices enrolled in the work profile mode.
Mobile Security Policy: From the Android 7 release onwards, separate passwords can be applied to the device and the work apps. The Mobile Security Policy now includes password restriction and inactivity settings that are meant exclusively for the work apps.
Mobile Device Control Policy: This policy enables you to apply restrictions on work apps. Using this policy, you can prevent data leakage by disabling the copying of content from the work profile to the personal space on your device and the capturing of screenshots. You can also disable the installation of apps from unknown sources.
App Distribution through managed Google Play: All apps that you approve in managed Google Play are identified and populated in the Apps Catalog page in ZENworks Control Center. ZENworks automatically creates bundles for these apps, which can be assigned to users. While distributing these work apps, you can silently push the apps to the devices, or make them available for users to download from the managed Google Play Store.You can manage the runtime permissions and configurations of apps.
Device Compliance: Devices that are enrolled in the work profile mode can be monitored for compliance using the Mobile Compliance Policy. You can enforce, restrict access to corporate data and wipe the work profile if the device security compliance is not met.
For more information, see Integrating ZENworks with Android Enterprise in the ZENworks 2017 Mobile Management Reference.
The Activation Lock feature is supported on iOS 7.1 and higher devices. This feature allows end users to lock their devices to their Apple IDs, disabling the resetting of devices without knowing the Apple ID credentials. Using Activation Lock bypass, for supervised iOS devices, an administrator without knowing a user's Apple ID credentials can bypass the activation lock, reset the device, and reassign it to another user.
For more information, see Activation Lock Bypass in the ZENworks 2017 Mobile Management Reference.
ZENworks Inventory has been extended to include managed mobile devices. You can now perform an inventory of the hardware and also gather information about all the apps installed on the mobile devices. App information is also visible as a part of the device information. A new set of objects are available in ZENworks Control Center that enable you to create and view custom reports that are specific to mobile devices.
For more information, see Mobile Inventory Scan in the ZENworks 2017 Mobile Management Reference.
ZENworks now supports Windows Preinstalltion Environment (WinPE) based imaging operations. Except for the graphical user interface (GUI), all other imaging features are supported. These include taking and restoring local, proxy, partition-wise and mulitcast images. Image Explorer, Add-on imaging and zisedit/zisview are also supported.
For more information, see ZENworks WinPE Imaging in the ZENworks Preboot Services and Imaging Reference.
Due to the security vulnerabilities associated with the smbv1 protocol, ZENworks now supports the download of content from the CIFS repository using the smbv2 protocol.
New zman commands are introduced in this release to reduce the effort in debugging content-related issues.
For more information, see Contents Commands in the ZENworks Command Line Utilities Reference.
The System Update Reboot behavior has been enhanced in this release. You can now configure the reboot behavior, post a system update, for scenarios in which no user is logged into the system and when the device is locked.
For more information, see Reboot Behavior in the ZENworks System Updates Reference.
With this new feature, ZENworks attempts to deploy system updates even more seamlessly by checking the availability of the Windows Installer Service whenever an MSI file has to be installed as a part of the system update. If the Windows Installer Service is installing any other application at the same time, the system update will delay the installation of the MSI by a maximum of 30 minutes or till the Windows Installer Service becomes available, whichever occurs first.