microsoft, technology

windows managed kiosk

kiosk is a configuration for single purpose devices(cosu) e.g. info stand or remote work device – provide conditional access in public and semi public areas – ios could set in supervised mode and enable device owner for android to convert consumer devices to fit business needs

autostart is a convenient but unsecure way accomplish a kiosk like behavior and with app locker it is possible to blacklist apps, but both are not an enterprise solution

assignedaccess1assigned access to assign an app to a user – just universal windows platform(uwp) or modern apps are supported – located in settings > familiy and other users > set up assigned access – this could remote configured via syncml or powershell

assignedaccess3.png

once you have set everything up, simply relogin to the selected account, the app automatically launch

z-order for views when the app is running in lock modekiosk apps already existing next to mdm, uses the technoligy – microsoft advices how to build your kiosk app – there a separate layer to develop it and even quit assigned access via software

lockHost->RequestUnlock();

hosted web apps are the easiest way to pin a webpage to a windows client in a kiosk setup – like web clips for ios devices, since ios 11.3 it could arranged with the home screen layout– create a web view with windows template studio

fall update 1709 with it’s windows release it is possible to select allowed apps, provide a startlayout and disable taskbar, even device win32 applications – remote configured via mobile device management

assignedaccess2.png.jpg

spring update 1803 published days ago, assinged access csp advanced to configure shell launcher – “you cannot configure both assigned access and shell launcher on the same system” – additionally the accounts csp added to create a new local windows account

Accounts CSP diagram

since microsoft doesn’t provied any smartphone – it is prepared persist in enterprise – outlook to new build 17661, a modern snipping experience

windowsredstone5.gif

 

 

google, innovation

enterprise features of android p

only a few days ahead of google i/o – google’s annual developer conference – may 8-10 – were they will present android p, gmail, android wear 3.0, vr with daydream, google home and maybe more

here are the main feature to be provided to the enterprise – rock solid progression of android enterprise – modifications from other os’s found as well – some cool admin gadgets

work profile user interface

  • Switch apps across profiles

  • Programmatically turn work profiles on or off

lock down any app to a device

  • whitelist and control certain system ui features

support multiple users on dedicated devices

  • multiple users can share a single device, dedicated for a specific purpose, managed via emm

clear package data and remove accounts

new user restrictions and increased control over settings

  • Configure APNs

  • Configure time and timezone

  • Enforce user restrictions on important settings

  • Metered data

migrate dpc

  • handover a device between different emm verdor

postpone over-the-air (ota) updates

  • also possible at ios device since ios 11.3

restrict sharing into a work profile

hardware-secured keys and machine certificates

  • enerated keys never leave the secure hardware and can be used from the android keychain

password blacklist

streamlined qr-code enrollment

androidenterprise2

  • wifi profile supported like with ncf enrollment

@google

technology

everything just cloud

from bad weather to increase productivity – pamphlet for the cloud

  • flexibility – easy to setup, scalable according to your requirements, highavailable
  • technology – hosted private or public, a mix of both as hybrid or as community cloud
  • security – encryption, access control, access rights, identity management

a service could be as secure or reliable as possible – it is all about trust

pictured from faz

cloud access security broker (casb) is state ot the art technology to utilize security where trust is missing, e.g. mobileiron access ensure secure access of trusted devices from mobile to cloud services

mobileIron access

google, technology

android tips & tricks everyone should know

  • android developer – customize your device like a pro, go to settings > about phone and tap the build number 7 times – successful enabled, e.g. select developer options from the main Settings and scroll down to enable force activities to be resizable or speed up your device by slowing down or turning off animation scale

developer_options

  • split-screen – android support to open 2 apps at the same time, press and hold the recent apps button, with developer feature enabeld above almost every app work in split-screen mode, move slider up/down to fit your needs
  • chrome bar bottom – easy the use with url and search bar at bottom, right at your fingertips tips – open the url chrome://flags in chrome and enable chrome home
  • quick last app switch – quick double tab the recent apps button
  • picture in picture – overlay an app above another since android oreo, more flexible than split-screen, in full screen mode simply tab the home button, search in settings picture-in-picture to list supported apps – youtube offers pip just with it’s red abo
  • lockscreen message – when device is lost and locked, an honestly finder is able to inform about your contact data, you’ll find the info at the lockscreen
  • screen pinning – quick and easy setup a kiosk mode, just enable screen pinning in settings, tab pin at recent apps button, disable by touch and hold back key

    This slideshow requires JavaScript.

  • fake gps – to hide or fake the position of your device, select a mock location app in developer settings and try like this

apple, technology

dual-sim

travelling between two countries or managing dual persona at the same device

  • first dual-sim phone was the benefon twin in 2000, sim card needs to be selected at phone launch
  • 2003 dual-adapter became popular, but it was still not possible to use both at the same time
  • several chinese device spotted beginning 2006, samsung’s first dual-sim device d880 was released in 2007
  • 2012 Nokia released a cheap nokia 101
  • beginning 2014 microsoft provied dual-sim devices 530 and 630

=> don’t miss huawei’s flagship devices

  • every vendor got it’s dual-sim device, except apple, this could change in 2018 for the first time <9to5mac>
innovation

artificial intelligence

ai.png
ai in smartphones – huawei mate 10 pro uses ai to …., the upcomming lg v30s thinq provide with qlens an image regonition to display where to by, price tag or releavant infomation about a poi
ai for flight bookinghooper is a just mobile service that predict when to book, when to fly and even where to fly powered by artificial intelligence
ai in cars – for autonomous driving
ai in refrigerators – as family smart hub, to fill up the shopping lists
ai in voice assistance – alexa, siri , cortana
ai for surveillance – facial recognition technology, to track behavior and even identing a crime before it happens <digitaltrends>

we are infront of the peak of inflated expectations until we know what it could exactly used for to gain wide productivity

but:

artificial intelligence is no match for natural stupidity

technology

approved travel gadgets

…within several years on the road and rail, some gadget needs to be highlighted:

smartphone – mobile swiss knife – huawei mate 10 pro or huawei p20 pro, multi sim, 4000 mAh akku, octa  core cpu

Huawei 774268 Mate 10 Pro Smartphone 128GB Brand Tim
review here

powerbank – requisite, power on the go, at least 20.000 mAh, several ports, usb-c recommended

review here

multi usb cable – get rid of to many cable, be prepared for every device

review here

organiser bag – stay productive inside your bag – sort cable, adapter and etc.

review here

privacy screen – mandatory in public, protect your screen from unwanted looks

Privacyguard / Blickschutz Folie Filter Privacy 60 Grad / Für Laptop Notebook Monitor / 12,5 Zoll / 16:9 Widescreen (12,5 Zoll - 31,6cm)
review here

 

… some kind of windows notebook running mac vm [related post] rounds the entire setup, surface aren’t recommended – see why

IMG_20180409_074502.jpg

apple, innovation, technology

managed ios contacts

restriced access to enterprise contacts … a long journey to find its holy grail in ios 11.3

grant or deny access to your contacts

was introduced in ios 6, since 2012 it is possible to decide which apps is allowed to access your contacts – there were no api to configure the setting in an enterprise environment, block access from apps like facebook, whatsapp, line, viber, path, e.g. to enterprise contacts – with containerization you can restrict enterprise content from unauthorized access, along with usabilitity limitations

grant contact access ios 6

allow open documents from unmanaged apps to managed apps

was presented in ios 7 release, since then enterprise management was able to restrict data exchange from untrusted, unsecure, private (unmanaged) to enterprise apps (managed) – apple´s native mail is per default a private app

managed domains

to separate the private from enterprise accounts inside the mailapp, apple enabled this setting in ios 8 – managed domain remain blue, unmanaged marked as red – mail and web domains respect the “allow open documents from…” restriction to interact with managed apps, except the contacts

manged_domains

ios call kit

announced in ios 10, call kit improves the usability when called and even contacts secured inside a container, the name is resolved and displayed

prevent contacts in managed accounts from being used in unmanaged apps or accounts

finally, apple introduced this feature within ios 11.3 – only managed apps able to access managed contacts, this closes the gap to securely use apple mail in an enterprise environment

 

pexels-photo-39803.jpeg
holy grail

 

=> video for “managed ios contacts” and “ios managed domains” attached

google, innovation

gmail predict reply to mails

gmail prepares to add nudges that suggests mails to reply to, adding more functionallity also like amp [related post] to add more intelligence

amp1

nudges in general…

proposes positive reinforcement and indirect suggestions to try to achieve non-forced compliance to influence the motives, incentives and decision making

@wikipedia

it is all about to stay productive, either to show mail just from your contacts, sort newsletter or intelligent reply – currently available email apps are unibox, microsoft’s outlook and google’s inbox

update: google presented new features about confidential mode with 2 factor authentication, smart reply and new g suite security features @digitaltrends

google, innovation, technology

amp – accelerated mobile pages

accelerated mobile pages is an open-source standard for any publisher to load pages quickly on mobile devices, supported browser currently are

amp2

amp3google added the ability to the amp header that makes it possible to open or copy the non-amp link, also load a webpage as non-amp with this noamp app

some web developers have expressed concern that google is getting too much say in how the web operates.

@firstpost

the intelligence spreading further with gmail integration, other mail provider can adopt amp as well – a price tag is always up to date, no matter when you open the mail or enter feedback without opening the browser

update: development of a new accelerated Mobile pages (amp) component enabling publishers to acquire user consent is underway and accepting comments.

technology

domino v10

ten years after last important release 8.5, there will be a version 10 in 2018, maybe at october 10th *g*

imb signed strategic partnership with hcl technologies or was just an offload, ibm still continue to sell, improved should the rate of new features

domino2

#domino2025 jams took place to get feedback, the results were presented at feb 28th – basically it ist about better integration (adfs, saml), better features set that missing since years and enhancement development with nodejs …

domino4

notes revenue grew all four quarters of 2017, the first time since 2011

sadly ed brill left IBM, he even started at lotus, ibm acquired lotus software in 1995, ed announced last year “there is no end of life planned for notes and domino”

google, innovation

android go

android go – fit for low-end devices –  comprised of three parts: the operating system, google apps and play store apps reduce memory consumption, less storage required for android os, smaller go-version of basic apps, save mobile data

go2.pnga few year ago google already launched android one to capture “the next billion”, also caused by exploding growth of smartphones sales in india

announced back in december, devices now arrive at mwc as nokia 1, android oreo go installed and about 85$, spec here

sailfish os is already a light operating system, release in version 3, designed to run on devices with less than 1 gb of ram, they now got a huge competitor with google’s android go

google signaled:

let’s go beyond for the next billion

general, innovation

better veil mit privacy

veil is a system to make private browsing more private – wang, an mit graduate student, said:

…the fundamental problem is that [the browser] collects this information, and then the browser does its best effort to fix it. But at the end of the day, no matter what the browser’s best effort is, it still collects it…

it doesn’t require any modification on the browser, because it doesn’t rely on browsers – a compiler can create a veil version of a site

mitveil was presented at the network and distributed systems security symposium or read at mit news  

general

offline is the new online

in times like always connected, it could happen – no connection – no fear, here are apps with offline functionality to bridge with

google_mapsgoogle maps – download areas and maps offline, others maps.me, here

 

spotifyspotify – offline music in flight mode, required premium subscription

 

amazon_kindleamazon kindle – ebooks pay it, download it, read it offline

 

podcastspocket casts – hundreds of thousands of podcasts offline

 

feedmefeedme – rss reader app, get all your news offline

 

onenote

one note – notes offline and synced online

 

lastpass

lastpass – password store and manager with offline functionality

 

tripadvisor tripadvisor – travelling offline, hotels, flights or city guides

 

pocket

pocket – import articles to read it later – offline

 

Continue reading “offline is the new online”

general, technology

got leaked?

are you really sure that your account is/was not compromised – hasso plattner institute analysed over 5 billion leaked user accounts – your able to check if it’s listed in at least one stolen or unlawful published identity leak

they further analyse password qualityastonishing how easy password are still in 2018

password quality

need an extra layer of security ? use multi factory authentication, two factor authentication, 2fa, two step verification or fta – additionally to username and password are further method is requested to successfully authenticate like

  • software token
  • hardware token
  • sms token
  • google authenticatorandroid | ios
  • microsoft authenticatorandroid | ios

a lot of services currently offer this security, you just need to enable it

gotleaked3e.g. fedex exposed thousands customer records on a password-less server, companys should care about your data as well, especially for european citizen because of gdpr

general

then and now

smartphones changed the way we live, work and communicate, but not everything changed …

then
then

this survey gives a detailed inside about the usage of smartphone, feelings around mobile devices and the impact in surprising ways, read it here

thenandnow

many of us spend more than three hours a day on our phones

controversal – there is a unwritten etiquette guide of rules when not to use smartphone

never the less – working with mobile devices increase productivity while an emm system maintain the required security, some examples of thousands are:

lidl  claas   va

apple, general, innovation

touch @macos

apple introduced the “all news” touch bar in 2017 for macbook pro, but what most mac users missing is a touchscreen – the addon airbar, extra hardware attached to the screen, looks unbeautiful

macos_with_touchscreen3.png

every smartpsmartsmaand a lot other notebook own a touchdisplayt, so what to do if you don’t want to run or carry separate device – vitualize it – get the comfort of 2 devices in one and have to ability to use your touchscreen on macos

psp-mini-hero-configurator-icon_2xadditionally some features and software are just available to macos, like apple configurator, xcode or imovie – guides how to use apple configurator are recorded and online at madereal youtube channel

not allowed to run macos on other then apple hardware, but inside are also intel chips, thats why it is possible to run it on windows – see also “hackintosh”

a fews steps are necessary to host macos in vmware running on windows…

  1. download – vmware player, macos iso or vmware and unlocker
  2. intel vt-x & amd virtualization – enable in bios and vmware settings
  3. vmware player – install software, but do not launch
  4. vmware unlocker  – execute win-install.cmd and “run as administrator.”
  5. macos iso – mount in vmware player and launch

…now your ready to use the macos features right at your finger tips

macos_with_touchscreen4.pngOther more detailed guides at @techsviewer and @tactig – virtualbox is also possible

the author is not be liable for any errors or omissions in this information nor for the availability of this information. the author is not be liable for any losses, injuries, or damages from the display or use of this information.
apple, general, google, innovation

preconfigure outlook

with it’s current release of microsoft outlook app for ios and android it is possible to preconfigure via enterprise mobility suite @microsoft

following values are suppoted for android, a step further for android enterprise to get rid of the “almost”

configure_outlook2

for ios refer to apple’s managed app configuration and it’s key value pairs

within windows10 there are some possiblities to preconfigure an email profile in outlook, even via emm

other mircosoft office apps don’t support these functionality – graph api is the approach, any vendor can integrate with intune to use it as middleware to manage office apps – a powerful api with the intelligence in microsoft’s hands

microsoft_graph.png

 

 

general, google, technology

android (almost) enterprise

…launched in 2015, renamed in 2017 from android for work and now it’s time for enterprises to adopt android’s modern device management

androidenterprise2.pngapproach of google to manage devices, regardless of any vendor, to better integrate android in enterprise

device admin api’s started deprecating some features, emm system unable to reset device passcode for android 7.0 devices, google will deprecate further in android “p” release in 2018 and stop working with major release of android in 2019

not yet – tested a lot of android’s feature to get a markable footprint in enterprise, realized use cases to bring value for customers but unfortunately android enterprise can’t replace device admin, that’s why…

enrollment – apple’s devices can centralized ordered, prepared and assigned to an emm system via dep (device enrollment program) – google’s pendant zero touch enrollment is currently just available for android 8.1 and pixel devices – samsung got it’s own knox mobile enrollment (kme) which depends on the installed knox version and is for sure just available for samsung devices – a fully managed samsung device via android device owner needs at least knox version 2.8, otherwise you need to prepare all devices locally via qrcode or nfc

certificate authentication is a basic requirement for a secure enterprise deployment, with am emm you’re able to enroll client certificates and distribute via android enterprise to mobile devices – but with current emm tools it’s further possible to achieve a seamless authentication with kerberos constrained delegation, the continuous synchronisation is provided even a user change his password

vpn started a full device tunnel for windows notebooks, beginning with ios is was possible to configure dynamic vpn based on domain rules, even vpn connection can secure a single app, with android enterprise it is possible to setup the vpn just for work content – was missing? a simple “on demand” could stop draining battery life from “always on” vpn or prohibit mistakes if forgot to “manually” enable it

reliability – inconsistent experience noticed – depending of build version, huawei ignore that device passcode is already set – lenovo yoga missing android enterprise enrollment capability – when sending a (private) picture via (secure) mail, login to work container, attachment lost in mail – honor device completly ignore passcode policy for work container – convert phone number to link in gmail is just working sometimes @theverge 

use cases could realized with android enterprise, e.g. silent app and unattended certificate installation is possible for non-samsung devices could , comparing to device admin, but there’s space for improvement…

androidenterprise.png

general

ai to secure appstore

google created a news technique to prevent “bad” apps to be published via play store @engadget

the company took down over 700,000 apps that violated play stores policies last year (a 70 percent increase over 2016)

 

google_play_protect

google play protect is already a service to protect android, it is built into every device with google play

apple user are save as well, if they use the apple appstore, there are also just scanned apps approved

google‘s last years app store growth or enterprise protection services @appstore recap

general, innovation

wine

wine enables linux, mac, freebsd, solaris and android users to run windows applications – “wine is not an emulator” – instead of simulating windows it translates windows api calls on-the-fly – wine is free software under constant development – codeweaver sells a supported version as crossover – commented from wine:

this brings us to the chicken and egg issue of linux on the desktop. until linux can provide equivalents for the above applications, its market share on the desktop will stagnate. But until the market share of linux on the desktop rises, no vendor will develop applications for linux. how does one break this vicious circle?

… wine is an answer, they released wine3.0 with is higlights @winehq

  • direct3d 10 and 11 support.
  • direct3d command stream.
  • android graphics driver
  • improved directwrite and direct2D support

cheers

wine.png

general

google knows

“google knows everything” – bots basically crawl the internet to fill a database, it’s about content, statistics, locations and people’s gender, age, a lot more …

websites use google analytics to optimize their page – ip, browser, os, etc. is reported to google, no personal information transfered, but with this characteristics a template could created – example: when login a forum, specialized to financial advices, you could get extra credit offers or you searched for tenancy law, new flat offerings aren’t displayed – technical feature like ip masking are as save as google take care about their responsibility

… they have the almost ability to predict the future, like:

larry page google founder, alphabet ceo, mentioned “we are no longer living in a mobile-first world, we are in a mobile-only world.” – mobile changed already from second to first screen in web usage

sundar pichaigoogle ceo, said ai is “one of the most important things that humanity is working on. It’s more profound than, I don’t know, electricity or fire,” – ai (artifical intelligence) already found a way in today’s smartphones, it is the biggest tech trend of 2018

about your privacy in google hands – you can have a look what google knows about you at history.google.com/history or display saved passwords facebook also knows o.O

googleknows.png

general

ehealth

after almost any other industry already adopted enterprise mobilty to close the gap of information to improve productivity and optimize efficiency

health sector has a huge change to gain advantage of enterprise mobility, secure communication and exchange of information – imagine that a hospital can access patient data even when he’s still in ambulance – could you believe that forms are still to filled in on paper

to force this improvement and to ensure privacy the general conditions are written down in law, additionally each personal data needs to be compliant to gdpr (dsgvo) from may 2018

novaalert10use case – with novalink it is possible to preplace pager devices with intelligent smartphones, doctor’s get the information where and what kind of emergency direct at the display, even it could located with bluetooth beacons, with samsung xcover devices you get a complete solution with thread alarm if attacked by someone

ehealth.png

ehealth @germany @switzerland

general

under-glass fingerprint

update: samsung’s s9 still not provided in-screen fingerprint reader, vivo updated with dual fingerprint scanner 

since samsung had to replace the 2. camera to place with the fingerprint sensor, because couldn’t provide under-glass fingerprint in S8 – vivo is the first company to reveal this feature, while S9 will launch in about one month

more @ androidauthority

update: see this detailed hands-on of 9to5google @ youtube

general

apple’s lisa

computer historic museum announced that the source code for the operating system “lisa”, was release in 1983 and flopped on the market, it is a milestone in apple’s and jobs history, afterwards he left apple and founded next computer, that was later acquired by apple to bring Steve back ,apple currently reviews the code, stay tuned…

more @ gizmodo

lisaconcept.jpg

…we may see it again like this concept of antonio de rosa