Search

US-12619703-B2 - Authorized remote mobile device management of a targeted managed device

US12619703B2US 12619703 B2US12619703 B2US 12619703B2US-12619703-B2

Abstract

In certain aspects of the present disclosure, a computer-implemented includes generating a unique code for display on a managed device, and authorizing a manager device to selectively initiate at least one workflow on the managed device. The method includes, responsive to the manager device scanning the unique code, verifying the manager device is authorized. The method includes displaying on the manager device, based on verification that the manager device is authorized, an option corresponding to the at least one workflow. The method includes receiving, from the manager device, a selected workflow. The method includes, responsive to receiving the selected workflow, transmitting a message to a push notification server initiating the managed device to communicate with an MDM server. The method includes transmitting a command to the managed device causing performance of the selected workflow on the managed device. Systems and machine-readable media are also provided.

Inventors

  • Aaron Maxim
  • Adam Mahmud
  • Christopher Ball
  • Jonathan William Yuresko
  • Tim Knox

Assignees

  • JAMF SOFTWARE, LLC

Dates

Publication Date
20260505
Application Date
20220830

Claims (18)

  1. 1 . A computer-implemented method comprising: generating a unique code for display on a managed device, wherein the managed device is one of a tablet computer and a mobile phone, wherein the managed device is authorized for use to an employee, and wherein the unique code is displayed on a lock screen wallpaper of the managed device; assigning a manager device to a manager, wherein the manager device comprises a pre-installed manager app unique to the manager device; authorizing, via the manager app, the manager device to selectively initiate at least one workflow on the managed device assigned to the employee; responsive to the manager device scanning, via the manager app, the unique code displayed on the managed device, verifying the manager device is authorized to selectively initiate at least one workflow on the managed device; displaying on the manager device via the manager app, based on verification that the manager device is authorized, a customizable option corresponding to the at least one workflow, wherein the customizable option is customized to display at least an erase device task of the at least one workflow; receiving, from the manager device via the manager app, a selected workflow corresponding to the customizable option selected from the at least one workflow; responsive to receiving the selected workflow, transmitting a message to a push notification server, wherein the message initiates the managed device to communicate with a mobile device management server; and transmitting, in response to the managed device communicating with the mobile device management server, a command to the managed device causing performance of the selected workflow on the managed device.
  2. 2 . The computer-implemented method of claim 1 , wherein authorizing the manager device to selectively initiate at least one workflow is limited to authorizing the manager device to selectively initiate only one workflow.
  3. 3 . The computer-implemented method of claim 1 , further comprising: restricting, subsequent to performance of the selected workflow on the managed device, the manager device from initiating further workflows on the managed device.
  4. 4 . The computer-implemented method claim 1 , wherein the unique code is one of a QR code and a text code.
  5. 5 . The computer-implemented method of claim 1 , wherein the at least one workflow further comprises one of a sign out device task, an update inventory task, and an update extension attribute task.
  6. 6 . The computer-implemented method of claim 1 , wherein the selected workflow is a sign out device task, wherein the command to the managed device causes clearing of a passcode on the managed device and launching a reset app on the managed device.
  7. 7 . The computer-implemented method of claim 1 , wherein the selected workflow is an erase device task, wherein the command to the managed device causes one of erasing the managed device and configuring a lost mode state on the managed device.
  8. 8 . The computer-implemented method of claim 1 , wherein the selected workflow is an update inventory task, wherein the command to the managed device causes updating an inventory of the managed device.
  9. 9 . The computer-implemented method of claim 1 , wherein the selected workflow is an update extension attribute task, wherein the command to the managed device causes updating an extension attribute of the managed device.
  10. 10 . A system comprising: a memory comprising instructions; and a processor configured to execute the instructions which, when executed, cause the processor to: generate a unique code for display on a managed device, wherein the managed device is one of a tablet computer and a mobile phone, wherein the managed device is authorized for use to an employee, and wherein the unique code is displayed on a lock screen wallpaper of the managed device; assign a manager device to a manager, wherein the manager device comprises a pre-installed manager app unique to the manager device; authorize, via the manager app, the manager device to selectively initiate at least one workflow on the managed device assigned to the employee; responsive to the manager device scanning, via the manager app, the unique code displayed on the managed device, verify the manager device is authorized to selectively initiate at least one workflow on the managed device; display on the manager device via the manager app, based on verification that the manager device is authorized, a customizable option corresponding to the at least one workflow, wherein the customizable option is customized to display at least an erase device task of the at least one workflow; receive, from the manager device via the manager app, a selected workflow corresponding to the customizable option selected from the at least one workflow; responsive to receiving the selected workflow, transmit a message to a push notification server, wherein the message initiates the managed device to communicate with a mobile device management server; and transmit, in response to the managed device communicating with the mobile device management server, a command to the managed device causing performance of the selected workflow on the managed device.
  11. 11 . The system of claim 10 , wherein the manager device is authorized to selectively initiate only one workflow.
  12. 12 . The system of claim 10 , further comprising instructions to cause the processor to: restrict, subsequent to performance of the selected workflow on the managed device, the manager device from initiating further workflows on the managed device.
  13. 13 . The system of claim 10 , wherein the unique code is one of a QR code and a text code.
  14. 14 . The system of claim 10 , wherein the at least one workflow comprises one of a sign out device task, an update inventory task, and an update extension attribute task.
  15. 15 . A non-transitory machine-readable storage medium comprising machine-readable instructions for causing a processor to execute a method, the method comprising: generating a unique code for display on a managed device, wherein the managed device is authorized for use to an employee, and wherein the unique code is displayed on a lock screen wallpaper of the managed device; assigning a manager device to a manager, wherein the manager device comprises a pre-installed manager app unique to the manager device; authorizing, via the manager app, the manager device to selectively initiate at least one workflow on the managed device assigned to the employee, wherein the managed device is one of a tablet computer and a mobile phone; responsive to the manager device scanning, via the manager app, the unique code displayed on the managed device, verifying the manager device is authorized to selectively initiate at least one workflow on the managed device; displaying on the manager device via the manager app, based on verification that the manager device is authorized, a customizable option corresponding to the at least one workflow, wherein the customizable option is customized to display at least an erase device task of the at least one workflow; receiving, from the manager device via the manager app, a selected workflow corresponding to the customizable option selected from the at least one workflow; responsive to receiving the selected workflow, transmitting a message to a push notification server, wherein the message initiates the managed device to communicate with a mobile device management server; and transmitting, in response to the managed device communicating with the mobile device management server, a command to the managed device causing performance of the selected workflow on the managed device.
  16. 16 . The non-transitory machine-readable storage medium of claim 15 , wherein authorizing the manager device to selectively initiate at least one workflow is limited to authorizing the manager device to selectively initiate only one workflow.
  17. 17 . The non-transitory machine-readable storage medium of claim 15 , further including instructions for causing the processor to execute the method comprising: restricting, subsequent to performance of the selected workflow on the managed device, the manager device from initiating further workflows on the managed device.
  18. 18 . The non-transitory machine-readable storage medium of claim 15 , wherein the at least one workflow comprises one of a sign out device task, an update inventory task, and an update extension attribute task.

Description

TECHNICAL FIELD The present disclosure generally relates to mobile devices and management systems, and more specifically relates to authorized remote mobile device management of a targeted managed device. BACKGROUND Within various organizations, there exists a group of mobile device users or managers who need access to basic mobile device management capabilities over a separate group of managed devices while in the field or on the go. In certain instances while in the field, these managers may need to resolve an issue on a managed device, such as, but not limited to, unlocking the managed device. Under conventional conditions, however, these managers need to submit an IT ticket to an IT administrator to resolve the issue on the managed device (e.g., unlocking the managed device), which may delay remediation, and in turn, may negatively impact the frontline staff. In some elevated instances, the IT administrator's only course of remediation is to remotely erase a managed device, which would require additional subsequent steps to re-configure the erased managed device for further use. The description provided in the background section should not be assumed to be prior art merely because it is mentioned in or associated with the background section. The background section may include information that describes one or more aspects of the subject technology. SUMMARY In particular aspects, the present disclosure provides systems and methods that enable a “manager” or “primary” mobile device to perform selected MDM functions with respect to one or more “managed,” “targeted,” or “secondary” mobile devices. For example, in an healthcare context, the manager device may be a tablet computer or smart phone operated by a nurse unit manager and the managed devices may be tablet computers or smart phones operated by nurses. By authorizing a nurse unit manager to perform certain MDM functions, an overall mobile device experience in the healthcare environment may be improved. For example, nurse unit managers may no longer have to communicate with IT administrators for relatively minor issues arising on the managed devices. For example, a nurse unit manager may use his or her manager device to unlock the managed device(s). According to certain aspects of the present disclosure, a computer-implemented method is provided. The method includes generating a unique code for display on a managed device. The method includes authorizing a manager device to selectively initiate at least one workflow on the managed device. The method also includes, responsive to the manager device scanning the unique code displayed on the managed device, verifying the manager device is authorized to selectively initiate at least one workflow on the managed device. The method includes displaying on the manager device, based on verification that the manager device is authorized, an option corresponding to the at least one workflow. The method includes receiving, from the manager device, a selected workflow corresponding to the option selected from the at least one workflow. The method includes, responsive to receiving the selected workflow, transmitting a message to a push notification server, wherein the message initiates the managed device to communicate with a mobile device management server. The method includes transmitting, in response to the managed device communicating with the mobile device management server, a command to the managed device causing performance of the selected workflow on the managed device. According to other aspects of the present disclosure, a system is provided. The system includes a memory comprising instructions and a processor configured to execute the instructions which, when executed, cause the processor to generate a unique code for display on a managed device. The processor is configured to execute the instructions which, when executed, cause the processor to authorize a manager device to selectively initiate at least one workflow on the managed device. The processor is configured to execute the instructions which, when executed, cause the processor to, responsive to the manager device scanning the unique code displayed on the managed device, verify the manager device is authorized to selectively initiate at least one workflow on the managed device. The processor is configured to execute the instruction which, when executed, cause the processor to display on the manager device, based on verification that the manager device is authorized, an option corresponding to the at least one workflow. The processor is configured to execute the instruction which, when executed, cause the processor to receive, from the manager device, a selected workflow corresponding to the option selected from the at least one workflow. The processor is configured to execute the instruction which, when executed, cause the processor to, responsive to receiving the selected workflow, transmit a message to a push notification server, wherein the messa