Mobile device management profile distribution
First Claim
1. A method performed by data processing apparatus, the method comprising:
- receiving a first request for access to a first network resource from a client device, the first network resource corresponding to one of a plurality of restricted resources accessible only by devices enrolled with a mobile device management system;
determining whether the first request to access the first resource includes an address of a predetermined proxy server;
determining that the first request to access the first resource does not include the address of the predetermined proxy server;
determining that the client device is not enrolled with the mobile device management system based on determining that the first request to access the first resource does not include the address of the predetermined proxy server;
preventing, based on determining that the client device is not enrolled with the mobile device management system, the client device access to the first network resource;
providing to the client device, based on determining that the client device is not enrolled with the mobile device management system, a redirect to a mobile device management resource that is different from the first network resource;
providing instructions for presentation of a user interface to the client device, the provided instructions relating to the mobile device management resource and comprising a user notification regarding a mobile device management profile;
enrolling the client device with the mobile device management system, the enrolling comprising providing a copy of the mobile device management profile to the client device;
receiving a second request for access to a second network resource from the client device, the second network resource corresponding to one of the plurality of restricted resource;
allowing the client device access to the second network resource based on determining that the client device is enrolled with the mobile device management system;
determining whether the mobile device management profile has been deactivated on the client device; and
un-enrolling the client device from the mobile device management system based on determining that the mobile device management profile has been deactivated on the client device, the un-enrolling preventing the client device from accessing the plurality of restricted resources.
7 Assignments
0 Petitions
Accused Products
Abstract
Methods, systems, and apparatus, including computer programs encoded on computer storage media, for automated mobile device management profile distribution. One of the methods includes receiving a first request for access to a first network resource from a client device, the first network resource corresponding to one of a plurality of restricted resources accessible only by devices enrolled with a mobile device management system, determining that the client device is not enrolled with the mobile device management system, preventing the client device access to the first network resource, providing to the client device a redirect to a mobile device management resource that is different from the first network resource, providing instructions for presentation of a user interface to the client device, and enrolling the client device with the mobile device management system, the enrolling comprising providing a copy of the mobile device management profile to the client device.
54 Citations
27 Claims
-
1. A method performed by data processing apparatus, the method comprising:
-
receiving a first request for access to a first network resource from a client device, the first network resource corresponding to one of a plurality of restricted resources accessible only by devices enrolled with a mobile device management system; determining whether the first request to access the first resource includes an address of a predetermined proxy server; determining that the first request to access the first resource does not include the address of the predetermined proxy server; determining that the client device is not enrolled with the mobile device management system based on determining that the first request to access the first resource does not include the address of the predetermined proxy server; preventing, based on determining that the client device is not enrolled with the mobile device management system, the client device access to the first network resource; providing to the client device, based on determining that the client device is not enrolled with the mobile device management system, a redirect to a mobile device management resource that is different from the first network resource; providing instructions for presentation of a user interface to the client device, the provided instructions relating to the mobile device management resource and comprising a user notification regarding a mobile device management profile; enrolling the client device with the mobile device management system, the enrolling comprising providing a copy of the mobile device management profile to the client device; receiving a second request for access to a second network resource from the client device, the second network resource corresponding to one of the plurality of restricted resource; allowing the client device access to the second network resource based on determining that the client device is enrolled with the mobile device management system; determining whether the mobile device management profile has been deactivated on the client device; and un-enrolling the client device from the mobile device management system based on determining that the mobile device management profile has been deactivated on the client device, the un-enrolling preventing the client device from accessing the plurality of restricted resources. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A non-transitory computer storage medium encoded with instructions that, when executed by one or more computers, cause the one or more computers to perform operations comprising:
-
receiving a first request for access to a first network resource from a client device, the first network resource corresponding to one of a plurality of restricted resources accessible only by devices enrolled with a mobile device management system; determining whether the first request to access the first resource includes an address of a predetermined proxy server; determining that the first request to access the first resource does not include the address of the predetermined proxy server; determining that the client device is not enrolled with the mobile device management system based on determining that the first request to access the first resource does not include the address of the predetermined proxy server; preventing, based on determining that the client device is not enrolled with the mobile device management system, the client device access to the first network resource; providing to the client device, based on determining that the client device is not enrolled with the mobile device management system, a redirect to a mobile device management resource that is different from the first network resource; providing instructions for presentation of a user interface to the client device, the provided instructions relating to the mobile device management resource and comprising a user notification regarding a mobile device management profile; enrolling the client device with the mobile device management system, the enrolling comprising providing a copy of the mobile device management profile to the client device; receiving a second request for access to a second network resource from the client device, the second network resource corresponding to one of the plurality of restricted resources; allowing the client device access to the second network resource based on determining that the client device is enrolled with the mobile device management system; determining whether the mobile device management profile has been deactivated on the client device; and un-enrolling the client device from the mobile device management system based on determining that the mobile device management profile has been deactivated on the client device, the un-enrolling preventing the client device from accessing the plurality of restricted resources. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A system comprising:
-
one or more computers and one or more storage devices storing instructions that are operable, when executed by the one or more computers, to cause the one or more computers to perform operations comprising; receiving a first request for access to a first network resource from a client device, the first network resource corresponding to one of a plurality of restricted resources accessible only by devices enrolled with a mobile device management system; determining whether the first request to access the first resource includes an address of a predetermined proxy server; determining that the first request to access the first resource does not include the address of the predetermined proxy server; determining that the client device is not enrolled with the mobile device management system based on determining that the first request to access the first resource does not include the address of the predetermined proxy server; preventing, based on determining that the client device is not enrolled with the mobile device management system, the client device access to the first network resource; providing to the client device, based on determining that the client device is not enrolled with the mobile device management system, a redirect to a mobile device management resource that is different from the first network resource; providing instructions for presentation of a user interface to the client device, the provided instructions relating to the mobile device management resource and comprising a user notification regarding a mobile device management profile; enrolling the client device with the mobile device management system, the enrolling comprising providing a copy of the mobile device management profile to the client device; receiving a second request for access to a second network resource from the client device, the second network resource corresponding to one of the plurality of restricted resources; allowing the client device access to the second network resource based on determining that the client device is enrolled with the mobile device management system; determining whether the mobile device management profile has been deactivated on the client device; and un-enrolling the client device from the mobile device management system based on determining that the mobile device management profile has been deactivated on the client device, the un-enrolling preventing the client device from accessing the plurality of restricted resources. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27)
-
Specification