The help for this version of the solution is no longer updated, so it may contain outdated information. For up-to-date information about the solution refer to the Kaspersky Secure Mobility Management 4.1 Help.

Managing mobile devices in Kaspersky Security Center Web Console and Cloud Console

You can manage mobile devices in Kaspersky Security Center Web Console and Cloud Console by using group policies and by sending commands to mobile devices (for Android only).

To manage mobile devices in Kaspersky Security Center Web Console, you must install administration plug-ins.

The help for this version of the solution is no longer updated, so it may contain outdated information. For up-to-date information about the solution refer to the Kaspersky Secure Mobility Management 4.1 Help.

Connecting mobile devices to Kaspersky Security Center

To manage a mobile device by using Kaspersky Security Center Web Console or Cloud Console, the device must be connected to Kaspersky Security Center. You can view the list of mobile devices connected to Kaspersky Security Center on the Devices > Mobile > Devices tab of Web Console or Cloud Console.

Before connecting an iOS device, send the address of Kaspersky Security Center to the device user to improve connection security. The user will see this address during app installation and can cancel the connection if the displayed address doesn't match the address you sent.

To connect a mobile device to Kaspersky Security Center:

1. Start the Mobile Device Connection Wizard:
   • In the main window of Kaspersky Security Center Web Console or Cloud Console, select Devices > Mobile > Devices, and then click Add.
   • In the main window of Kaspersky Security Center Web Console or Cloud Console, select Users & roles > Users. Click the name of the user or the user group to whom you want to send the link for connecting a mobile device, and then select Devices. Click Add mobile device. In this case, skip step 3.

   Proceed through the Wizard by using the Next button.

2. Select the operating system of the devices that you want to add:
   • Android
   • iOS and iPadOS
3. Select users and user groups to whom you want to send the link for connecting a mobile device.
4. Select email addresses where to send the link:
   • All email addresses
   • Main email address
   • Alternative email address
   • Another email address

     If you select this option, specify the email address below.

5. The link summary is displayed.

   Make sure that all parameters of the link are correct, and then click Send.

6. A window opens with a confirmation that the link for adding a mobile device has been sent.

   Click OK to finish the Wizard.

When the user installs the Kaspersky Endpoint Security for Android app or the Kaspersky Security for iOS app, the user's device will be displayed on the Devices > Mobile > Devices tab of Web Console or Cloud Console.

The help for this version of the solution is no longer updated, so it may contain outdated information. For up-to-date information about the solution refer to the Kaspersky Secure Mobility Management 4.1 Help.

Moving unassigned mobile devices to administration groups

When the Kaspersky Endpoint Security for Android app or the Kaspersky Security for iOS app is installed on mobile devices, they are displayed on the Discovery & deployment > Unassigned devices page of Kaspersky Security Center Web Console or Cloud Console. In order to manage newly connected devices, you can create a rule for their automatic allocating to administration groups or move them to an administration group manually.

To move an unassigned mobile device to an administration group:

1. In the main window of Kaspersky Security Center Web Console or Cloud Console, select Discovery & deployment > Unassigned devices.
2. Select the device that you want to move to an administration group, and then click Move to group.
3. In the tree of administration groups that opens, select the target group to which you want to move the device.

   You can create a new administration group by selecting an existing group, and then clicking Add child group.

4. Click Move.

The device is moved to the specified administration group and the group policy is applied to it.

The help for this version of the solution is no longer updated, so it may contain outdated information. For up-to-date information about the solution refer to the Kaspersky Secure Mobility Management 4.1 Help.

Sending commands to mobile devices

You can send commands to Android mobile devices to protect data on a mobile device that is lost or stolen, or to perform forced synchronization of a mobile device with Kaspersky Security Center.

You can't send commands to iOS devices.

The following commands are supported:

• Lock device

  The mobile device is locked.

• Unlock device

  The mobile device is unlocked.

  After unlocking a device running Android 5.0 – 6.Х, the screen unlock password is reset to "1234". After unlocking a device running Android 7.0 or later, the screen unlock password is not changed.

• Reset to factory settings

  All data is deleted from the mobile device and the settings are rolled back to their default values.

• Wipe corporate data

  The corporate data is wiped from the device. The list of wiped data depends on the mode in which the device operates:

  • On a personal device, KNOX container and mail certificate are wiped.
  • If the device operates in device owner mode, KNOX container and the certificates installed by Kaspersky Endpoint Security for Android (mail, VPN, and SCEP profile certificates, except the mobile certificates) are wiped.
  • Additionally, if Android work profile is created, the work profile (its content, configurations, and restrictions) and the certificates installed in the work profile (mail, VPN, and SCEP profile certificates, except the mobile certificates) are wiped.
• Locate device

  Device is located and shown on Google Maps. The mobile service provider may charge a fee for internet access.

  On devices running Android 12 or later, if the user granted the "Use approximate location" permission, the Kaspersky Endpoint Security for Android app first tries to get the precise device location. If this is not successful, the approximate device location is returned only if it was received not more than 30 minutes earlier. Otherwise, the Locate device command fails.

• Sound alarm

  The mobile device sounds an alarm. The alarm sounds for 5 minutes (or for 1 minute if the device battery is low).

• Synchronize device

  The mobile device is synchronized with Kaspersky Security Center.

Kaspersky Endpoint Security for Android app requires specific permissions for the execution of commands. When the Initial Configuration Wizard is running, Kaspersky Endpoint Security for Android prompts the user to grant the application all required permissions. The user can skip these steps or disable these permissions in the device settings at a later time. If this is the case, it will be impossible to execute commands.

On devices running Android 10.0 or later, the user must grant the "All the time" permission to access the location. On devices running Android 11.0 or later, the user must also grant the "While using the app" permission to access the camera. Otherwise, anti-theft commands will not function. The user will be notified of this limitation and will again be prompted to grant the required level of permissions. If the user selects the "Only this time" option for the camera permission, access is considered granted by the app. It is recommended to contact the user directly if the camera permission is requested again.

To send a command to a mobile device:

1. In the main window of Kaspersky Security Center Web Console or Cloud Console, select Devices > Mobile > Devices.
2. Select the device to which you want to send the command, and then click either Control or Manage.
3. Select the required command in the Available commands list, and then click OK.
4. Click OK if you are prompted to confirm the operation.

The specified command is sent to the mobile device and the confirmation window is displayed.

The help for this version of the solution is no longer updated, so it may contain outdated information. For up-to-date information about the solution refer to the Kaspersky Secure Mobility Management 4.1 Help.

Removing mobile devices from Kaspersky Security Center

If you do not need to manage a mobile device any longer, you can remove it from Kaspersky Security Center by using Web Console or Cloud Console.

To remove a mobile device from Kaspersky Security Center:

1. Remove the mobile app from the device or make sure that the user has removed the app from the required device.
2. In the main window of Kaspersky Security Center Web Console or Cloud Console, select Devices > Mobile > Devices.
3. Select the mobile device that you want to remove, and then click Delete.
4. Click OK to confirm the operation.

The device is removed from Kaspersky Security Center.