Duration 43:17
16+
Play
Video

Citrix Synergy TV - SYN134 - Geek's guide to the workspace (part 5): hands off my BYOD

Matt Brooks
Senior Technical Product Marketing Manager at Citrix
  • Video
  • Table of contents
  • Video
Citrix Synergy Atlanta 2019
May 23, 2019, Atlanta, GA, United States
Citrix Synergy Atlanta 2019
Video
Citrix Synergy TV - SYN134 - Geek's guide to the workspace (part 5): hands off my BYOD
Available
In cart
Free
Free
Free
Free
Free
Free
Add to favorites
294
I like 0
I dislike 0
Available
In cart
Free
Free
Free
Free
Free
Free
  • Description
  • Transcript
  • Discussion

About speaker

Matt Brooks
Senior Technical Product Marketing Manager at Citrix

About the talk

Personal privacy and convenience are important to the user while security is important to the company. Oftentimes, these things are in direct conflict. In order to successfully implement a bring-your-own-device policy in an organization, you need to focus on securing the apps from the device, placing mobile apps into a secure container and creating a barrier between the personal and the business worlds. In this session, you will learn how to expand your Citrix Workspace experience to incorporate best practices for securing mobile apps on BYO devices with the use of restriction policies and micro-VPN.Note: This session will be live-streamed during the event and available for on-demand viewing post-event on Citrix Synergy TV.

Share

Okay, let's get started. Good morning and welcome to hands off my BYOD. My name is Matt Brooks. I'm a architect with Citrix technical marketing company about eight years but a different roles customer-facing product and at least half of that time I focused on endpoint management. So hoping to impart some of my knowledge. So y'all today and I'm glad we joined by my colleagues around here. Yeah, thanks mats, and I'm happy to be in my name is going to be on the senior product marketing manager Citrix. I started at Citrix about 5 years ago as a Mobility as he so

Matt. Can you guide us through what the previous sessions over right? So if you were if you were here for the previous session. tried again So we're having a 10-part series on the in a different aspects of work space. This is this is our fifth session before this. We talked a lot about content right how you can store it in your networking storage zone. So you can start in different locations and get to it with connectors and the various ways to secure site and provide it to users. Now. We're going to focus on getting some apps

getting mobile app specifically and utilizing that content. So with the idea behind hands off your title is that we're going to focus management side unified endpoint management Enterprise main schools have the device management, which is more for corporate side. Were you going to actually be able to take control that device and then there's the app management side works really want to focus on this Management corporate truth about these uses the lights because it's their personal device. It's ever going to break it into four areas mobile app distribution will talk about how do you get

the app for the device? They will go into app security once you have the app on the device how to Protect it will get into Epcot activity. Once that app is protected on the vice. How does it actually get it to the back end and get get data things it can do lies and then we'll close it out with talking about conditional access every special kind of security work. You can allow the app to to be used to not use FaceTime conditions on the device contextual security if you will. Where we get started we are going to talk about some roadmaps teacher. So I want everyone to be clear that the things

were talking about this there's no guarantee. If or when they'll be delivered. And with that let's get into a mobile app distribution Soldier on we have a few different ways to get those apps out on the mobile in points. Yeah. Yeah. Thanks Maxx if we look at the current market and how absurd this to everybody knows apparently about the Publix store so I can Apple Store the Google Store the Microsoft store and get your own identity for Enterprise right till we have for Google Play for work the Microsoft store for business for example,

double allow you to curate your line of business application and even the public application and allow them to silent. So it's also has a Persian off of private store. So we look at the Citrix workspace app and the Citrix secure Hub. Both are populating applications on rap songs 8888 application software applications and line of business applications. And of course also web links and that kind of application So that's. Basically the journey off of you bring your own device. Jethro Nintendo the Enterprise at

Star is going to be the benefits of the Publix Touareg auto updates, but Enterprise you can have more control that can decide which apps are available and control fanfic licensing and priced all you have more control over then in the ship that's private or that is even the more gradual control of the year of the application. So the advantages of a public computer at the apps, you can make sure that the apps are a mandatory install and if you even use the public Source like Google Enterprise on Google Play for work has even being

scanned on malicious code in the applications on the device and on the store. So he's all good examples on how you can keep your applications, but don't tell your device and you use a secure. It's a lot of benefits of the public stores. We actually even use those to disabuse the Citrus productivity. Astray. I get can you tell us a little bit on how we went from Enterprise distribution to Publix store distribution, but maintaining got to keep the security guard search which provides

3D the private server going to disability and the X-Files where we provide that containerization of those apps. And so we handle most of the work with this certificate is thin provisioning profiles, then it's only up to the admit to Don Pablo's in The X-Files load them into the rent Point men's Vincent's and then they get your taxes from the store. They get pushed and they get basically married to the app when to start loading from the public store. So we have the listing for you. That's really that's

really cool. You have in in in the current market. So of course everybody knows he have come pick Community. I'm going to talk a little bit about that. And I know that it is a team that you've been seeing around shoulder Mobility sessions at Citrix container or a mobile device experience. What is piatt County Community? Show me a comfort Community is a community-driven solution which provides developers with an s t k to M bat basically keys and values

so that they can complete the application and one of the disadvantages of app, so it's not completely in the bring-your-own-device Pace bus this morning that corporate on crashing and Abel's paste benefits of the downside of using a little privacy. A little bit up to the benefits of surprised. You can live lavish D at 6 to email Investments. You can use the execs at 3 p.m. And identity and access Management Solutions and the destruction beerus got to use our

voting experience. So with the doors and the public storage in combination with the app conflict, you have a great selection of the business apps. So what's in it for the U of M o d e m Sanders so you left her to be always best practices so you can take care of the functionality that the OEM provide so the functionality Apple Proviso Microsoft provides and you have a larger ecosystem of this is that so it's basically very simple process. See you again provider to attach to that at comfort and we are a supporter of the Uptown

Funk, of course. You can see here. You can do that configuration. You can do to security policies in the access control at tunneling and instead of using a separate a VPN solution. So it's all single turn on and the best years ice cream cheese you can get so that's all some of the advantages you have any upcoming conflict community and I think some of you already said she's not include some ability. You will see that Citrix has invested a lot of time of getting acquainted with the Android Enterprise and supporting Android and

price are basically four ways of onboarding an Android Enterprise device. So in a bring your own scenario, all of these would be a fit if you are safe to use in that Device factory reset is as needed but the most commonly used in a bring-your-own-device is the amount token or just your You piano email address in our case. We have time to Oakland afw and then exam mobile still the old man because the solution was ready before I know damn phones for sale watch launch and it's hard to change the DPC. Then

the QR codes is basically the out-of-box experience off of the factory reset. The users have sex 6 times at the screen and it will go into the auto enrollment by scanning the QR code. That's a Citrix and pain management will provide to you and show you configure a massive the violence that has all the complications into it like the Wi-Fi the URL of those at mobile of the situation Court management instance, and I you touch devices and They automatically enroll and silver tux is basically almost a

nonzero. Infraction off of user with the enrollment. So he just has to accept the policies and that's basically all all the things he needs to do. Next to that there are some management profiles and what talking in this scenario, of course, I'll bring you on the phone. So we're not going to talk about old for the Dominican profile. So we will focus on that bring your own device and that's the work profile. So I think I have a demo for it later on so we will have that but I don't want the phone. But we shall later on it was one of my favorite features in Android Enterprise

is that the user experience is a choice of the using so after user is enrolled into work profile. He can go into the workspace. That's the operative down on the left. You can see it's a little little icon that's a Google provides when you enroll into to wear profile and if you tell me the settings to use choose if all the applications are running the container or if you was once the applications like a normal map batch with a briefcase and they're like no one I've seen you can move them. Round flat board. So that's a really cool feature. And I really like it

gif or uses his choice to use it. So it's flexible and makes it less intrusive on the user's personal environment. They know what you're after work, which is the personal I can switch it on and off whenever they want. So that's that's really cool. And that's why I like it Pacific Time Point management into the word profound. Of course to use a headset device with a pink coat he will log into this private PIN codes. You will open the play store mobile check quickly that is

a private email address in so it's not too cold for that address and it will download Citrix if you hump you will install a panel installation afterwards. He will open it. I was installing. Reusable open open it like any ordinary app Apple also some access to specific services and later on. This will be just anxious in the in the word profound using typed into his UPN. Yam rolls. What's Tina's password? And also this the work profile creation was. And so this is the agreement. He has to check price the profile and see some flips forth between the security open

the device. That's just great in the profile greatest hits of Spin and you're enrolled in to see if it's on point management with with Android and price of everybody knows I think you're secure mail and you'll see single sign-on is configured to use a doesn't have to type in anything. We will show you the latest features and on the bottom, right and on the top light to see a new little blue I can with a key that means that it's on the word profile. So, when do you have Scrolls through all the first time user experience? You won't have access to

secure my own self. That's peanuts. So they can you see the workspace app you open at you go to the settings. You see that all the applications are now in the work space maintainer just with the Fletch flip the switch as user and you will see that all the applications are now on the screen with an icon and you can move them around the designs wherever you want group then put them on your home screen. That's it. It's one of those workouts for protected and inside that we're profile container. Hi Johnson, I'll let

you shift gears and talk about Civics MDX. How how we do containers? I'm so Wizards MDX. We have the ability to do it really do mobile app management without enrolling you have we have the ability to put a container around apps and we do this with our third its productivity apps. There's a look at the user experience. If you're not familiar with her and point management here. We have a iPad already enrolled will go ahead and open secure mail will see that will select the email will selector ftdna opens up into a secure web and we'll see it's connecting to the back in

formica VPN to take that STD and we could have copied and as far as it's not going to work it's not and it's enabled it's outside of that container that encrypted memory that we have to go back into a male here. We open a word doc will see that we can go ahead and try to do it open and into Dropbox nothing to fill I probably index policies don't allow it then if we go ahead and try to copy it into the files were allowed to that's part of the MDX ecosystem here. So once the doctors open we can go ahead and we can do edits to it. And then I when we're done

everything we can go ahead and save that off and then it's uploaded securely into an acidic files storage in the cloud. It's what I think that's a quick look at the user experience for of MDX on the the endpoint. Just take a look at the architecture. See if we have an app for simple email on a device. But if all is going to have access to all of this system functions, you can it can take a picture. It can store files that can use the network. But at the same time the downside is that if their system vulnerabilities or virus is Ebola in both of those if the

device is jailbroken that you know, if things could access that privacy data the intellectual property and it's utilizing or if there is malware other apps have malware could unknowingly be susceptible as well. Buy containerizing and what we're going to do is we're going to put buffers between those system functions. So when that app price to call Platte from functions Network functions or use the memory, it's going to be intercepted. That's the concept of containerization. If we have an app that tries to use the camera, we could block that through administrative policy. We can block storing

files locally what we could allow it to be stored through that encrypt container container in the memories. All the index apps can use it if we tried to use the network we can redirect that to his cigarette smoker VPN again control which apps that can get to Essence of the idea with containerization is that we can actually rap some code around that the file or we can either developers can use their SDK to do you integrate that when it's developed and that's what we do that that's how we put that container around the app app itself. I'll Methodist. That's really cool. And it's a micro VPN and

copy and paste is not the only policies we have any on the Internet Security controls around lisette's. So take a look at the the admin experience. I hear we starting to the spot we going for endpoint Management console and will drop her first single seeing or MDX section. We have a nvx service of cloud. This is where you can upload your ipas apks are actually wrap your apps. We do this for you. If you check out Civic specs on will give you some stickers at the end. You'll find a detailed video on doing this for iOS actually

creating those provisioning profiles can go ahead and open the open the secure mail in RMV accept Section, which we downloaded from Cityside, download section will see some of the policies and reply here. We control the copy and paste. Here's the opening that prevented us from going to drop box. But a lot of to get to Citrix files in here at the bottom to the app specific details. So this is the same layout know we go ahead and apply that to our deliverer group in the end user has it when they once they can roll. Acceptable Aldi dndx policy you could you see there and what we

provide the citric right just to know there's that you saw only Androids in the MDX option there. But since this week that results will an option for Android Enterprise there so you can put rmbh application or yam the ex-file that configures the NBA draft location into the city of Sandpoint mannequin. So we make it more easier for you to to observe all the applications and all the platform Center in Tifton pain management to select your OS as you go that you need to configure for each particular up

on the device getting a container around let's talk about getting some conductivity for it to get to the back end. So we have we have a few different options here. We mentioned Michael VPN. This is our own device VPN service. We listen is included with the index Library. We have our own networking Library set all the apps to get setup without using any deplatformed functionality. But we also have so if you were here for a session 3 we talked about mobile. What's the song We utilize that right? That's that it's important for setting up fully full

VPN. And you know, it's a great user experience book about mobile app management in the previous piece. We have the encryption fond of her offer MDX technology. Now, we're going to talk about Collective tomorrow about so here's a real high-level architecture overseeing on the left. There's basically what we describe what we created that MDX container and this in this case when it goes to make a network all that call for Tammy from Akron Beacon Library, it's going to reach out to a

sitting Skateway and that's coming on for a more. Now. We offer in the cloud. If you probably heard a lot about students can't we in the club this week's and now that's that's a possibility to use a productivity apps with endpoint management. So take a quick look at the user experience in this is with Gateway service at frankly. There's nothing different from the use of perspective. They open secure web. They go to their homepage in the internet in there. They have no clue where they went through non-prime Gateway or Gateway service. So really really just showing this

to show that there is no difference in the in the functionality. How to walk to the architectures micro VPN just a little bit. So we mention you know, where that in the absence of microvilli sandwiches per app on demand. You may have to set up a full VPN, you know, you make yourself more susceptible to vulnerabilities you have other apps. Can you hijack that eventually we might a VPN? What we're doing is having the apps to do a specific tunnel, you know through the gateways and they going to have a specific app where you can configure. It's like I'm going to get this specific endpoints a

really narrowing down under the scope of of access. And I wouldn't why introducing a Gateway service what we're doing is we're eliminating that the Datacenter DMZ setup for you're in a serious ABC on Prime. Now, we're going you're going to have your mic if you can go to a sitter pop think that we dance we have a dozen we announced two more this week. So there's there's 14 pops around the world music are Intelligent Traffic Management Service when user ghost democracy plane goes to set up and then tries to reach this is fqdn. It's going to direct it to the nearest pops. You're getting you

know getting on the network faster. And obviously we have a lot more of philibert sites. A lot of times was on Prime you're limited to two maybe three of filler side solo benefits there in the way it works is we have the Gateway service in the cloud talks to a Gateway connector on premise. So we covered this morning other sessions, but just to recap this is essentially Citrix ATC code running in a virtual machine in your on your hypervisor. The Gateway service in the cloud is able to communicate with that in your research location. It sets of a reversed tunnel to the networking in. It's

essentially establishes this tunnel that you know, navigate through these Gateway service and we can figure that stuff for the demo. So we recorded by you see nothing but it's basically left like 15 minutes and we got it up and running very straightforward and from an administrator perspective. Obviously, I meant to some of the benefits but if if you've installed in pain management before, you know, one of the first things you get as a script, right they have to configure in your netscaler in your ass. Are you Civic TDC your gateway

has been a Workhorse for years. But with Gateway now you eliminate that aspect write your cervix said if it's going to be going straight to the cloud you haven't you can access endpoint management insipid cuantos going to access Gateway set up printer to fax. I'm so let's take a look at the administration to hear weed. I threw it into setting up a Gateway connector. We're putting a virtual machine. She looks like putting a sittercity CZ p x at the end and

that's a DHCP IP address and Port 8443 going to connect to the UI in this working machine. We're going to enter our default credentials to access it. Then what friend we ask is for some basic information. First thing we'll do is we'll change the password. I was you would want to use the the default provider with and we'll go ahead and have the ability to put in a static IP address always a good idea. H e p i need to do to activate. It is enter a code which were going to get back from the cloud. So back in our resource locations where we downloaded the image, we going to get this activation

code. It's a bit long are alphanumeric string wants to be saved that off of finished. We'll see if we get a green light and conductivity on the virtual machine itself then back in the cloud we can detect it and verify we have connectivity. So now they gave me Services talking to the Gateway connector on-prem then back in the endpoint Management console. We're going to drop into settings netscaler Gateway service and when they select a resource location will see that this string corresponds. It shows up on your your vehicle. If you look back at that snout,

that's it. That's it for the setup on the Gateway side Ops want to change the the network kind of TV slightly. 3 using a secure browsing history rate. We're not using full VPN here. So I'm going to go ahead and force that to use a Tunnel web SSO. To initially were we're not seeing text preview and we're going to support think secure mail and secure web initially. I was going to come Okay, so I think we're doing get a time and kept talking to you both here.

I'm getting a stain or getting access to the back in. I want to talk about conditional access to really making sure you're safe and free access to use the app to access your intellectual property about the applications. That's what we have everything in place to provide conditions to the endpoint that allows you to get access to corporate resources. I chose for Windows 10 and points for Windows 10. We have 800 850 million. I witnessed and endpoints are there around the world? The most of the audience right now pretty pretty popular platform to demo on exactly an end of

shift tomorrow to Management's makes it logical that everything goes into one single Management in the face and that you can set the policies and restrictions on your application with some easy confirmation clicks and flow at to all those different 10 points away from Land tools to manage a Windows 10 point in using the similar Mobility management tools to manage that so he can control anywhere in the world where it gets on the night worker uses apps in Windows 10. And basically it's one big framework a way that provides

the compression policies with every new release that bring they update them with the customs fees fees or a compressor service provider the Whizzinator mail file that's bill on the MGM channel that lets you allowed to configure the Windows 10 machine as it was an IOS and Android device. Som de set the stage of a little bit for the weather for this week we of course want to validate the endpoint and conditions that would be no sense a little bit different there is no real name only configuration there. So the user needs to unbolt it through as your ID or two sets of Sandpoint

management so you can get some stages of the device. So Windows held at the station Services a good one to start with its replies back some of the conditions turn off the device management and we want to update the complaint States. So if anything changed on the App Store on the Southside on on the right side, whitelist and Blacklist of that doesn't matter, it should report back into shape again Point management to do something with those actions you can sense you are able to allow and then I access so this is

quite a long damn about 5 minutes 5 minutes and 30 seconds, but it's Inova hidden gems. We have which one which was on point management? So as soon as you enroll in Windows 10 device into seclusion Point management what 6 it will sign the install Windows 10 on Windows 10 with a Windows 10 agent. You can do pawn shops pay pin a lot of other cool stuff, but the windows agent also replies back the information in Json format, then we'll see what later on to decision Point management and can change the state of the device. So basically you have your Model Management tools available to do all

the cool stuff with Powershell. So let's walk through the prerequisites in the industry compliance me control demo. So we are going to look at the Windows update service example, you can choose any service you want to just run a Powershell command to see what what services are running or you can go to the control pain or the past manager and selector the name of the service. So that's really I will show that later on. So we have a very simple Powershell script and only that the Powershell

script as got runs the get service come on on the machine Through the Windows agent and in this case has two Windows update service and it requires the status and the states is Canby stop a running show in the body of water of the Powershell with you see the Windows update status. That's a reference. We need to lay down to configure the reactions on the policy. So basically we are giving you the name so when the windows agent receives the reply back from this Converted to Jason and that's what we'll be feedback into citizen Point management. So that's step one.

You can choose any and any service or any other thing you want to check that is really easy step to you upload it and you will see that there is the description. This part will be used by the Windows 10 agent so you don't have to attach it to I need to leave for a group because durable deploy the windows agents through the device later on so doubt are the policies, and that's basically at this point. So you created when does agent policy and you see the Rind you have the app

options and you can add multiple Powershell scripts and just give it a name make sure that the thought stop is Powershell and you can select the script that you uploaded before or if you have a central Repository. Call your straight talk you can face any URL there. So it was like always but now you can schedule it in a frequency of 1 hour while also looking at make it more granule. So do it in in minutes and a days. We have more gradual control. So that's in a 3 1/4 and 1/5 is of course the action you want to attach to that song. We push the pharmacy. We got the reply Bank

off of what the status is on that service and now you we want to set the device in or out of compliance. So that are basically two policies. The one is for of course for out of compliance and the other one will be for enough complaining. So you go to the action section into Sixers. I'm poor management. You create a policy there. You see that the policy return pounding now, it's Windows 10 agent instead of specific device or use the properties. You see the convention named that's all the information that we have put in in the SQL script Powershell script and in the Windows 10

agents that reference you can look it up at a r. E. How specifically the name convention goes when the service is stop the devices Market out of compliance and you have a grinder of control on how you want to do that. Also in this case. I said it to me. When is on a sink in the in the other scenario? No, it's not but you can also set it to zero and then it will set it directly out of compliance. So we have the second one script but then it will Mark the device as important for the

50m that like we had smartaccess or analytics or third-party threat detection things. They could actually through the API and check is this device compliant or not? And then take action face then. This is a big deal setting that stay right exactly. Mmm good that you mentioned it and we'll see that in the video also also directly change the compliant stage in Hydra active directory if the device is enrolled without the Parlor. So if you using specific applications, or you can restrict access to that other user also

dishes to console. We go to analyze you will see that we have one non-compliant device and that's not the device were going to demo with but this just to show you that already one device is out of compliance AC the out of compliance. Is that the truth? So we going to switch to the demo machine just a demo machine. We were running a quick scripts that will show you the device name in this case is desktop 483 TSL now we're going to reference that later. So you can see that

sent the vine test to change. We have to mate with male application. We send the I change policy to it and will send a test email. That should be receiving the received sound access to his corporate resources. We go to The Exchange Management console and we'll see on the properties of the mailbox of the user that access granted to The Exchange ActiveSync ProCom. So we also have something that's called Imports management connector for a change that will ten kickoff Powershell script to a change and I will communicate which is an appointment and see that the test using now as to Green

marks and it's allowed to access exchange service just for foot is using Okay, so we'll check him as a Powershell script will see that the Windows update service running. We will go to Azure active directory compliance. They're all so true. So everything is donkey donkey as I get to a website will run a script that will disable that service. Are we going to assimilate that by just manually disabling the service that we're going to stop at then? We're going to disable it.

I'm here. You also see the service name that are using the power strip Powershell Spade on top. So if you don't want to run a Powershell script just go in there and check it out. We run the script again agency automatically adjust showing how the process works makes its makes a better to understand. 37. So now the communication on below will happen between the Windows 10 agent pushing the Jason to Sandpoint management changing the compliance you staying? The Exchange connector from Citrix will check in with Citrus and pain management will see you hate. This device is not compliant will send up

Powershell script to The Exchange on Plant Services and will allow access for it and Sam will also send the command to Azure active directory. That is the same as here. And if we check it you will see that it's the device that we were dominant to 4803 CSL. Send a complaint to Sheetz State out-of-state is true. I would check the change on Azure active directory do a quick refresh man. I will see that it changed everything you configured unconditional access to act like the

active directory for this machine will not be out of compliance. What's the connection between Sam and this too is don't you see that he accesses the night? Block, that's good. I wish I could switch to The Exchange quick refresh and the stages should be changing to access granted to access denied. So have all components in place now that the device is out of compliance. So the user should not have access to its Exchange ActiveSync. protocol, so we do a quick reply to get the activation protocol working again, and you should should see a warning

sign popping up there that says Panera and it will show the error code 0 x 68 something that will mean that's coming acacian with The Exchange ActiveSync protocol for this user is not allowed. So basically we're stick to user. from Exodus mailbox So when that's done, that's that's nice. You prevent some from Reese for your organization's the it will fix the risk and that the device is compliant. Again, Vine starting the Windows update service again, so we going to revert all the actions

we did now with just simply enabling the service again, it will change back to run. Cuz you're on the recap the Powershell script can look at any service running on the window Center Point look in the registry to make sure any service isn't able to disable that you choose to and based on that changed flying status. And then anything is Kiev that this case were looking at the ActiveSync ID of the device in the basement cuz I was out of the flying to be sent to block its email through the power to go to The Exchange. We will

include in The Reef you off his friend station another them also, and that's the same with them. I was dead. But this that will check on wrecks turkeys. So then the Windows 10 agents with a Powershell script will check if a specific rights Tiki value exchange and we'll set the device out of compliance on that. So if you're a hero with Powershell when you can do basically everything with it, and you see now him that the state is back to allows. We refresh the sink and the mail comes comes back in again. So that's basically

how we do at compliant States online on a Windows 10 machine to email we can control anything in the Microsoft Andromeda prevent access to OneDrive or PowerPoint. What-have-you basement blinds stay but if you use exchange online compliancy with a Sharda. Directly will help you so Denzel mobile mail manager or the endpoint management connector for Exchange ActiveSync right name will send a Powershell come on to exchange online pretty powerful controls. We can apply to exact Windows devices of modern management.

Okay, so I think this is another demo you did showing using a registry write this directions to ya ya think we can probably talk to this part of it is skip the video. So this is the cinema demo with the same. Powershell script and in this case, we will check if the firewall is enabled and we do it specifically on the domain profile. So Windows Firewall has at three different sentence in the 500s elected to the main profile. You see you again that I gave it a name in the

body. So if I will enable is true of firewall enable is Foles. It returns to Json file again through the windows agent to the 6 in 10.92 Smith's solution. You create the same and Android and the price again for uploading the Powershell script. And you do the same thing again for uploading the the windows agent and sending the concreation. I hear you see the three policies that we set up checking 4150 policy. You can create three scripts or extend the Powershell script to check out with all the oldest trees.

It is the example that I set the value in the actions to zero and you will see on the bottom in the summary that it will change to out of compliance immediately. So it's very dry and you're wrong how you can control the settings. And of course, I'm referring back to unlock the device has complaints if you do it once it's really easy to repeat and do all kinds of different settings on that great. So skip to the other video registry settings. Skip trace of containerization really important to be taking a nap and tickly on BYOD devices

where you may not want to have them enrolled students Gateway now available to interact with Michael vpns, you can use to cure male insecure without any set up on your on your premise of a Cebu City Cebu Pacific Gateway and then obviously conditional security. We just finished a really important thing to provide additional protections are on which apps can be used in make sure they're only used when the device is compliant. Turkey to take out check out text zone are we have said there's a video of Second Sight on the MDX iOS container rapping on my Chrome VPN

and there's always more to come and hang around. I got funny stickers. They ended up going to put them on your your mobile phones in your feces. So that that finished us up here and next episode next episode. Are we going to get into some of the different platforms Mac Raspberry Pi Works pay stub and wide the different security protections we can do using the device policies on those frozen points. Before you leave, please do the survey in your app. And if you hadn't caught it yesterday, we have these sessions available on demand

through the that you're right. It's on the website and June 3rd will have the presentation available. So you can download and check out those demos. We had and drones other one on the registry there and you can always to reach I'm still out here if you have questions and we are happy to help you out. Yes, and please do give us feedback out of the tell me know what to tweak for next next time and stuff add stuff to change and do the game on play the game on if you can. And finally, please tweet about it. If you tweet tweet Citrix energies. Is it something some money goes to

charity send 134 is that special name or this series is called geek's Guide to the workspace. This was the specials go halfway down there would have been to all five so far. All right. We have some you give me all the prize if you make all 10. Hopefully you do. Okay, so it looks like we have a few minutes for questions then buddy have any questions for Scooby-Doo of please step up the water the mics. We be happy to take your questions. Okay, okay. If not yet. Please hang around and let me give you all some texts on stickers, but thanks for attending today. Have a good day. Thank you.

Cackle comments for the website

Buy this talk

Access to the talk “Citrix Synergy TV - SYN134 - Geek's guide to the workspace (part 5): hands off my BYOD”
Available
In cart
Free
Free
Free
Free
Free
Free

Access to all the recordings of the event

Get access to all videos “Citrix Synergy Atlanta 2019”
Available
In cart
Free
Free
Free
Free
Free
Free
Ticket

Interested in topic “Software development”?

You might be interested in videos from this event

September 28, 2018
Moscow
16
157
app store, apps, development, google play, mobile, soft

Similar talks

Richard Achee
Global Technology Partner Lead - Chrome Enterprise at Google
+ 1 speaker
R N Tharu
Product Manager at Google
+ 1 speaker
Available
In cart
Free
Free
Free
Free
Free
Free
Michael Bowlin
XenMobile Cloud Architect - Rapid Deployment Team at Citrix
+ 1 speaker
Alex Rubio
Principal Product Manager, Enterprise Mobility at Citrix
+ 1 speaker
Available
In cart
Free
Free
Free
Free
Free
Free
Frank Srp
Senior Technical Marketing Engineer at Citrix
+ 1 speaker
Michael Dombroski
Domain Specialist | Technologist Team Lead at Citrix
+ 1 speaker
Available
In cart
Free
Free
Free
Free
Free
Free

Buy this video

Video

Access to the talk “Citrix Synergy TV - SYN134 - Geek's guide to the workspace (part 5): hands off my BYOD”
Available
In cart
Free
Free
Free
Free
Free
Free

Conference Cast

With ConferenceCast.tv, you get access to our library of the world's best conference talks.

Conference Cast
551 conferences
21656 speakers
8016 hours of content