How To Use MobileIron Assemble

Goal / Scope This is a quick reference guide intended to provide the basics for using the add-on utility for MobileIron call Assemble. Background MobileIron has been a leader in MDM (mobile device management) and has built the MobileIron suite of products from the ground up to make a stable, secure, and functional platform capable of managing many ... Continue Reading

Retire MobileIron Managed Devices when Active Directory Accounts are Disabled

Problem When a user account is disabled in Active Directory, the corresponding device(s) should also be retired.  Currently, there is no method that allows this from the MobileIron platform directly.  This can be accomplished using MobileIron Assemble. Background Management of an organization’s resources should be as easy as possible to avoid confusion, overlooking a step, or simply for ... Continue Reading

MobileIron Wireless Configuration for Certificate Authentication Troubleshooting Topics

Problem Setting up certificate based authentication can be extremely difficult and frustrating.  It is great when it works, but getting to that point can be a slow and painful process if inexperienced with implementation and general knowledge of certificates.  This document is meant to serve as a guide for troubleshooting the “simple” things that seem to ... Continue Reading

MobileIron Quarantine Fails for iOS devices

Problem When a device managed falls out of compliance, the compliance action setup to quarantine the device fails to remove the profiles correctly, but leaves all the profiles in place.  This can be a significant problem with the security of the corporate data and / or access to corporate resources. Background Discovered on several installation of MobileIron and seemed ... Continue Reading

MapQuest Maps Not Showing in MobileIron Locate Feature

Problem When attempting to locate a device using the MobileIron locate feature, the pop-up window appears, but nothing happens past that point and the browser needs to be refreshed in order to “reset” the web page to continue navigating the MobileIron console. Background This issue doesn’t present itself with an error message, and the browser looks like it ... Continue Reading

Could not allocate requested partitions

If you are attempting to install MobileIron appliance and the installation fails with the following error: “Could not allocate requested partitions:” The problem is more than likely the use of Paravirtualized controllers.  In the settings for the Virtual Machine, the SCSI controller will be set to use paravirtualiztion not one of the standard parallel or SAS controllers.  ... Continue Reading

Troubleshooting and Testing MobileIron

Here is a list of problems and the solutions I have experienced while working with MobileIron. Question / Problem: Can a Sentry be added to multiple VSPs? Answer / Solution: Under no circumstances should a Sentry be added to multiple VSPs.  This will cause all types of problems including but not limited to; failure to retire devices, failure to ... Continue Reading

MobileIron SCEP Configuration Settings Defined

Option Description Name Enter text that identifies this group of SCEP settings Description Enter additional text that clarifies the purpose of this group of SCEP settings Enable Proxy Select Enable Proxy. The following proxy options are available: Cache locally generated keys—leaves the certificate in the VSP certificate store for reuse. User Certificate—User-based certificates are used for all devices. If you select this option, revoking the ... Continue Reading

MobileIron Exchange Profile Setting Explained

Setting Description Name Enter the text that will be displayed for the Exchange Account on the devices Description Enter additional text that clarifies the purpose of this group of Exchange settings Server Address The address of the Sentry in most cases Use SSL Select this to use secure encrypted connections Domain The domain configured for the Exchange server ActiveSync User Name The default of $USERID$ is pre-populated in ... Continue Reading

Authentication Using Kerberos Constrained Delegation

I would like to start off by saying that a large part of this documentation was obtained from MobileIron documentation that can be obtained from the MobileIron support site.  I am simply adding to to it and updating things that I found to be more difficult. About Kerberos Constrained Delegation and MobileIron Starting at VSP version 4.5.3 ... Continue Reading

Configuration of IP Address / Domain Based Rules in Microsoft IIS

I put this process together for securing ActiveSync traffic to IIS when using a MobileIron Sentry.  When managing mobile devices it is important not to leave “back doors” in your configuration.  If ActiveSync traffic is allowed from anywhere, an end-user could easily configure the connection directly to the Exchange CAS on the mobile device bypassing ... Continue Reading

MobileIron User Registration Best Practices

User Registration Best Practices MobileIron offers several methods for user registration that Mobile IT teams can choose from when planning their deployments. This document outlines the methods most commonly used by MobileIron customers deploying to more than 100 users or devices. We start with the best practice recommendation, in-app registration, and describe other common approaches and ... Continue Reading

Sending Bulk Messages via MobileIron VSP

Goal / Scope The MobileIron GUI interface currently doesn’t have any way to selectively send messages to a group of managed devices.  For example, in an environment where there are IOS, Android, Blackberry, and Windows 8 devices, the goal would be to send a message to all the IOS devices. Background I was asked if it was possible ... Continue Reading