When a user account is disabled in Active Directory, the corresponding device(s) should also be retired. Currently, there is no method that allows this from the MobileIron platform directly. This can be accomplished using MobileIron Assemble.
Management of an organization’s resources should be as easy as possible to avoid confusion, overlooking a step, or simply for knowledge transfer in general. MDM platforms are a great way to manage mobile devices in a corporate environment, but they can add additional steps making management of user accounts and access to resources more complex. The MobileIron MDM platform attempts to reduce as much of this complexity as possible while still providing a stable and secure solution. MobileIron doesn’t currently have the ability to retire devices based on Active Directory Account status directly, but they have provided a tool that can provide that functionality called Assemble. Assemble is an add-on product for MobileIron providing a lot of additional functionality using the MobileIron API.
The reason for leveraging MobileIron Assemble is due to the limitations of the current MobileIron GUI allowing this functionality. It is assumed that the GUI interface will incorporate this functionality at some point. An update to this article will be published in the event this changes.
The following rule set will check the status of the associated Active Directory account for the devices currently managed by MobileIron and retire any devices that are associated with Active Directory accounts that are disabled.
Element1_description=AD account disabled
For further information on Assemble or to understand what the rules are doing, or general use of the tool, please visit the MobileIron Assemble support website, or review the quick reference guide located here.
Problem: Assemble is not functioning as expected or at all
Resolution: Many things could be causing Assemble to fail, from permission settings, to misconfigurations. Please reference the MobileIron Assemble support page for further assistance in resolving issues with Assemble.
The MobileIron Assemble support website.