®

Course Exercises
MaaS360 Planning and Architecture:
Configuring Android devices
Course code LML0150X

IBM Training
March 2019 edition
NOTICES
This information was developed for products and services offered in the USA.
IBM may not offer the products, services, or features discussed in this document in other countries. Consult your local IBM
representative for information on the products and services currently available in your area. Any reference to an IBM product, program,
or service is not intended to state or imply that only that IBM product, program, or service may be used. Any functionally equivalent
product, program, or service that does not infringe any IBM intellectual property right may be used instead. However, it is the user's
responsibility to evaluate and verify the operation of any non-IBM product, program, or service.
IBM may have patents or pending patent applications covering subject matter described in this document. The furnishing of this
document does not grant you any license to these patents. You can send license inquiries, in writing, to:
IBM Director of Licensing
IBM Corporation
North Castle Drive, MD-NC119
Armonk, NY 10504-1785
United States of America
The following paragraph does not apply to the United Kingdom or any other country where such provisions are inconsistent with local
law: INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF
ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of
express or implied warranties in certain transactions, therefore, this statement may not apply to you.
This information could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein;
these changes will be incorporated in new editions of the publication. IBM may make improvements and/or changes in the product(s)
and/or the program(s) described in this publication at any time without notice.
Any references in this information to non-IBM websites are provided for convenience only and do not in any manner serve as an
endorsement of those websites. The materials at those websites are not part of the materials for this IBM product and use of those
websites is at your own risk.
IBM may use or distribute any of the information you supply in any way it believes appropriate without incurring any obligation to you.
Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other
publicly available sources. IBM has not tested those products and cannot confirm the accuracy of performance, compatibility or any other
claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those
products.
This information contains examples of data and reports used in daily business operations. To illustrate them as completely as possible,
the examples include the names of individuals, companies, brands, and products. All of these names are fictitious and any similarity to
the names and addresses used by an actual business enterprise is entirely coincidental.

TRADEMARKS
IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of International Business Machines Corp., registered in many
jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM
trademarks is available on the web at “Copyright and trademark information” at www.ibm.com/legal/copytrade.shtml.
Adobe, the Adobe logo, PostScript, and the PostScript logo are either registered trademarks or trademarks of Adobe Systems
Incorporated in the United States, and/or other countries.
Cell Broadband Engine is a trademark of Sony Computer Entertainment, Inc. in the United States, other countries, or both and is used
under license therefrom.
Intel, Intel logo, Intel Inside, Intel Inside logo, Intel Centrino, Intel Centrino logo, Celeron, Intel Xeon, Intel SpeedStep, Itanium, and
Pentium are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries.
IT Infrastructure Library is a Registered Trade Mark of AXELOS Limited.
ITIL is a Registered Trade Mark of AXELOS Limited.
Java and all Java-based trademarks and logos are trademarks or registered trademarks of Oracle and/or its affiliates.
Linear Tape-Open, LTO, the LTO Logo, Ultrium, and the Ultrium logo are trademarks of HP, IBM Corp. and Quantum in the U.S. and
other countries.
Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both.
Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries,
or both.
UNIX is a registered trademark of The Open Group in the United States and other countries.

© Copyright International Business Machines Corporation 2019.

This document may not be reproduced in whole or in part without the prior written permission of IBM.
US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
Contents
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Starting the lab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5

Configuring Android devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Exercise 1 Enrolling an Android device in MaaS360 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Exercise 2 Using the MaaS360 portal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Exercise 3 Creating a device group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Exercise 4 Adding a custom alert . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Exercise 5 Uploading and distributing a document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Exercise 6 Uploading and distributing an app . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Exercise 7 Creating and assigning compliance rules sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Exercise 8 Creating an Android policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Exercise 9 Applying a policy to an Android device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Exercise 10 Installing distributed apps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Exercise 11 Downloading distributed documents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Exercise 12 Verifying access to the web shortcut . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Exercise 13 Unenrolling the Android device from MaaS360 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Exercise 14 Removing and deactivating portal artifacts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

Appendix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Signing up for a trial account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .34

© Copyright IBM Corp. 2019 iii

Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
Introduction
In this lab session, you learn the basics of IBM MaaS360. You complete basic administrator tasks
that use the MaaS360 portal to manage devices and you complete user tasks with a device. As an
administrator, you perform the following tasks:
• Create an enrollment request for a device
• Create a device group to group devices based on custom attributes
• Create an informational alert to track groups of devices
• Upload a document in to the Content Library and distribute to devices
• Upload an app to the App Catalog and distribute to devices
• Create a compliance rule set to identify rules and corresponding actions to keep devices in
compliance with corporate policy
• Create a security policy that restricts devices features and enforces passcodes
• Remove MaaS360 control of the device upon lab completion

As a device user, you perform the following tasks:

• Enroll your device in MaaS360 mobile device management
• Review out of compliance warnings and take action to resolve them
• Download distributed corporate documents
• Install distributed apps

© Copyright IBM Corp. 2019 4

Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Introduction

Uempty
Starting the lab
To complete the exercises, you need the following assets:
• An Android 4+ device or iOS 6+ device that you can alter for testing
• A separate machine with a browser for creating and using a trial MaaS360 account
• Lab files (MMS_Labfiles.zip)
1. Copy the MMS_Labfiles.zip file to the machine you are using to access your MaaS360 portal.

2. Extract the lab files.

3. Go to the instructions for setting up a free trial account in the Appendix on page 34.

Note: If you already have a trial account where you have service administrator authority, you can
use it for these exercises.

© Copyright IBM Corp. 2019 5

Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
Configuring Android devices
In these exercises, you learn how to use IBM MaaS360 to enroll and manage Android devices. The
MaaS360 portal is where administrators run workflows to manage devices. Then you use the
Android device to enroll and install the MaaS360 app on the device.

Exercise 1 Enrolling an Android device in

MaaS360
In this exercise, you enroll an Android mobile device in MaaS360. You use the browser on a
separate machine to log in to the MaaS360 portal. The MaaS360 portal provides you access to the
SaaS-based platform in which you enroll and manage devices. Typically, in a production
implementation for a large organization, an administrator would provide a generic URL to all mobile
users in an enterprise to enroll their devices by using corporate credentials. In this exercise, you are
acting as both an administrator and mobile device user. Therefore, you create an enrollment
request in the MaaS360 portal and then you proceed to enroll the mobile device.
1. Open the browser on your desktop.

2. In the browser, enter the following address:

https://login.maas360.com/
The MaaS360 login page opens.

3. In the MaaS360 login page, enter your credentials.

The MaaS360 home page opens.

4. On the MaaS360 home page, place your cursor over Devices and select Enrollments.

5. Click Add Device.

© Copyright IBM Corp. 2019 6

Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Configuring Android devices
Exercise 1 Enrolling an Android device in MaaS360

Uempty
6. In the Add a Device window, enter the following information on the Basic tab:
– Username: <Enter any username; you can use the username portion of your email
address>
– Domain: <Domain associated with your email address>
– Corporate Email Address: Username@domain
– Phone Number: <cleared>
– Notify User: Email

Note: The warning requirement for Android Enterprise can be ignored for the purposes of this
training.

7. Click the Advanced tab.

8. In the Device Ownership field, select Employee. Leave all other fields at the defaults.

9. Click Send Request.

10. Enter your administrator password and click Confirm.

© Copyright IBM Corp. 2019 7

Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Configuring Android devices
Exercise 1 Enrolling an Android device in MaaS360

Uempty
The User created successfully page opens.

Note: The User created successfully page shows the unique enrollment URL that you access
from the mobile device to complete the enrollment. Keep this window open or make note of the
enrollment address, corporate identifier, and passcode because you use them to complete the
enrollment of the device.

11. Turn on the Android mobile device.

12. Open the native browser on the Android mobile device and enter the enrollment URL that is
displayed in the User created successfully page.

Note: If a QR Reader is on the device, you can also use it to read the QR Code for Enrollment
URL instead of entering it.

The Instructions page opens with information about the MaaS360 install and configuration
process on the device.

© Copyright IBM Corp. 2019 8

Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Configuring Android devices
Exercise 1 Enrolling an Android device in MaaS360

Uempty
13. Tap Install.

Note: If a Google Play Terms of Service pop-up window opens, clear the Keep me up to date
with news and offers from Google Play check box, and tap Accept.

You are redirected to the Google Play store.

Note: If a Google account is not associated with the device, you must sign in to the Google Play
store using an existing account or create a new one.

© Copyright IBM Corp. 2019 9

Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Configuring Android devices
Exercise 1 Enrolling an Android device in MaaS360

Uempty
14. Tap Install.

15. Tap Open.

Hint: Select Not now if the Update apps automatically when on WiFi pop-up message
opens.

Note: Wait for the download of the MaaS360 app to complete before you continue.

© Copyright IBM Corp. 2019 10

Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Configuring Android devices
Exercise 1 Enrolling an Android device in MaaS360

Uempty
The Add Device page opens.

16. Tap Continue.

The Authenticate page opens.

© Copyright IBM Corp. 2019 11

Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Configuring Android devices
Exercise 1 Enrolling an Android device in MaaS360

Uempty
17. Enter the passcode from the enrollment request and tap Continue.


The Steps page opens.

18. Tap Continue.

© Copyright IBM Corp. 2019 12

Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Configuring Android devices
Exercise 1 Enrolling an Android device in MaaS360

Uempty
The Accept Terms page opens.

19. Select the I have read and accept the terms check box and tap Continue.
The Setup Administrator Access page opens.

© Copyright IBM Corp. 2019 13

Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Configuring Android devices
Exercise 2 Using the MaaS360 portal

Uempty
20. Tap Continue.
A message stating the items the MaaS360 app will control upon activation opens.

21. Tap ACTIVATE.

Hint: The Samsung Knox Privacy Notice opens if you are enrolling a Samsung device. Select the
check box I have read and agree to all the terms and conditions above. Tap Confirm.

The device is now enrolled.

22. Return to the MaaS360 portal, and click OK in the User created successfully window.

Exercise 2 Using the MaaS360 portal

In this exercise, you explore device inventory and perform simple management actions from the
MaaS360 portal.

© Copyright IBM Corp. 2019 14

Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Configuring Android devices
Exercise 2 Using the MaaS360 portal

Uempty
The home page in the portal provides a snapshot of the mobile environment. Administrators can
quickly review total devices, users, apps, and docs in the upper right. In addition, an activity feed on
the right serves as an audit trail of the all the portal actions.

The alert center is a summary of informational and security alerts for the enterprise. Items that are
displayed in red are out of compliance or need attention, and an administrator can quickly review
and act on these alerts. The top of the screen shows a menu of all the workflows that can be
performed by an administrator when managing the mobile enterprise.

My Advisor with Watson searches thousands of structured and unstructured data sources to help
you discover three types of insights that are unique to your organization: risk exposures,
opportunities, and information. These insights are displayed in the My Advisor with Watson section
of the portal home page.
1. In the MaaS360 portal, place your cursor over Devices and click Inventory.

The Device Inventory page opens with a list of enrolled devices.

2. Click the device link for the device that you enrolled in the Device Name column.
The inventory details for the selected device are shown.

© Copyright IBM Corp. 2019 15

Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Configuring Android devices
Exercise 2 Using the MaaS360 portal

Uempty
3. Click Summary and explore the device details that can be shown.

4. On the right, click More to review more actions.

The MDM Actions window opens. There are also action buttons to locate, message, or buzz the
device.

Note: You can use the action buttons or items in the More menu to perform various management
operations on the selected device.

5. In the More menu, review the various actions.

6. To send a message to the device, use the appropriate action from the menu.
The Messages app is displayed on the device.

© Copyright IBM Corp. 2019 16

Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Configuring Android devices
Exercise 3 Creating a device group

Uempty
Exercise 3 Creating a device group
You can place managed devices in device groups to simplify the management of devices with
similar attributes. You define group membership criteria by using standard or custom attributes. You
can create public or private device groups, with different actions associated with the group,
depending on the type. Groups can also be imported from your corporate directory services using
the MaaS360 Cloud Extender. In this exercise, you create a local group.

In this exercise, you define a custom attribute and create a public device group.
1. Return to Device > Inventory view for your device and click the Summary menu for the
selected device.

2. Select Custom Attributes.

3. Click Edit.
The Custom Attributes page opens.

Note: You can create custom attributes as filters for device group affiliation.

4. In the Department/Business Unit field, enter Training.

5. Click Save.

6. At the top of the screen, place your cursor over Devices and click Advanced Search from the
menu.

7. Review the default settings for searches.

8. For Search For, select All Devices.

9. For Last Reported, select All Records.

© Copyright IBM Corp. 2019 17

Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Configuring Android devices
Exercise 3 Creating a device group

Uempty
10. Define the search criteria for Condition 1 as follows:
– Custom Attributes
– Department/Business Unit
– Contains
– Training

11. Click Search and ensure that your device is listed in the search results.

Hint: If only one device is in the group, the device summary is displayed. You must click the back
arrow in the upper left to return to the Search Results pane.

12. To define the device group, click Create New Device Group and enter the following
information:
– Group Name: Training
– Description: Users in the group are currently in training
– Group Type: Public

13. Click Save.

A message that indicates that the group is successfully saved opens.

© Copyright IBM Corp. 2019 18

Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Configuring Android devices
Exercise 4 Adding a custom alert

Uempty
14. Click OK.

15. Place your cursor over Devices and select Groups.

The Groups page opens.

16. Verify that the Training group is listed.

Exercise 4 Adding a custom alert

You can create custom alerts for your organization. These alerts are displayed in the MaaS360
portal on the My Alert Center dashboard. You can define alerts as either security alerts or
information alerts. Information alerts are displayed in the My Alert Center dashboard in blue.
Security alerts are displayed as either red or green, depending on whether the alert requires
attention.

In this exercise, you create a custom information alert.

1. Return to the MaaS360 portal and click Home.
The My Alert Center page opens.

2. In the upper right of the dashboard, click the Add Alert icon.

The Add Alert window opens.

3. To define the new alert, enter the following information:

– Available for: All Administrators
– Name: Training Devices
– Description: Training Department Devices
– Type: Info
– Search for: All Devices
– With Device Types: Smartphones and Tablets

© Copyright IBM Corp. 2019 19

Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Configuring Android devices
Exercise 5 Uploading and distributing a document

Uempty
4. Define the search criteria for Condition 1 as follows:
– Custom Attributes
– Department/Business Unit
– Contains
– Training

5. Click Update.
The My Alert Center dashboard now shows at least one device in Training Devices.

Exercise 5 Uploading and distributing a

document
You can use MaaS360 to distribute documents and files to managed devices. Documents must be
uploaded to the MaaS360 content library before they can be distributed. You can access the
content library from the Docs menu in the portal. MaaS360 also provides integration with corporate
content such as Windows files shares and SharePoint and web-based content such as Box, IBM
Connections, and SharePoint repositories.

© Copyright IBM Corp. 2019 20

Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Configuring Android devices
Exercise 5 Uploading and distributing a document

Uempty
In this exercise, you upload a file to the content library and then distribute it to managed devices.
1. At the top of the screen, place your cursor over Docs and select Content Library from the
menu.
The Content Library page opens.

2. In the upper right of the Content Library page, click Add Documents.
The Add Documents window opens.

3. Click Browse. From the MMS_Labfiles folder in the file list, select Test Document.txt.

4. Click Open.

5. Verify that the Document Names field contains the string Test Document.

6. In the Tags field, enter Test, Training.

Hint: The Tags field contains a comma-separated list of document tags.

7. From the Distribute to list, select All Devices/Users.

8. Select a date one week from today as the expiration date.

Note: On the expiration date, the file is automatically removed from the devices it was distributed
to. Additionally, you can set a start date for the document to be available to device users.

9. Click Save.
The To Add Documents window opens, and you are prompted to enter your password to
complete the operation.

© Copyright IBM Corp. 2019 21

Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Configuring Android devices
Exercise 6 Uploading and distributing an app

Uempty
10. Enter your password and click Continue.
The document is uploaded, listed in the content library, and distributed to the specified devices.

Exercise 6 Uploading and distributing an app

You can use MaaS360 to distribute apps to managed devices. Apps must be uploaded to the
MaaS360 App Catalog before they can be distributed. You can access the app catalog from the
Apps menu in the portal.

In this exercise, you upload an app to the app catalog and distribute it to managed devices.
1. In the MaaS360 portal, place your cursor over Apps and select Catalog.
The App Catalog page opens.

2. Click Add and select Google Play App from the menu.

The Google Play App window opens.

3. Select Add via Public Google Play Store.

4. In the App field, type IBM Verse.

The apps list is filtered and shows a list that contains the search string. The Permission page
opens.

Note: You do not have to choose IBM Verse. You can choose any free app to demonstrate app
distribution.

5. Click I Agree.

© Copyright IBM Corp. 2019 22

Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Configuring Android devices
Exercise 7 Creating and assigning compliance rules sets

Uempty
6. Click the Policies and Distribution tab.

7. Select the MDM Control Removal and Selective Wipe check boexes.

Note: MDM Control Removal and Selective Wipe features are only available for Samsung SAFE
devices.

8. For the Distribute to options, select Group and Android Devices.

9. Click Add.
The To Add App window opens and you are prompted to enter your password to complete the
operation.

10. Enter your password and click Continue.

The app is added to the app catalog and distributed to the specified devices.

Exercise 7 Creating and assigning compliance

rules sets
With MaaS360, you can apply compliance rules on your managed mobile devices. Compliance
rules sets are conditions that are checked on devices on a real-time basis. If a device is not in
compliance with the defined rule sets or conditions, appropriate enforcement actions are taken on
the device.

In this exercise, you create and assign a compliance rule set.

1. In the MaaS360 portal, place your cursor over Security and select Compliance Rules.
The Compliance Rules page opens.

2. Click Add Rule Set.

The Add Rule Set page opens.

3. For Rule Set Name, enter Test. Click Continue.

The Rule Set configuration page opens.

4. On the left side of the page, click Enforcement Rules.

5. Select the Enrollment check box.

The enforce Enrollment options are displayed.

© Copyright IBM Corp. 2019 23

Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Configuring Android devices
Exercise 7 Creating and assigning compliance rules sets

Uempty
6. In the Trigger Action on Managed Status settings, clear the following check boxes:
– Not Enrolled
– Pending Control Removal
– Control Removed

7. Verify that the Enforcement Action is set to Alert and clear the Email check box in the Notify
User settings.

8. Click Save.
The Update Rule Set window opens, and you are prompted to enter your password to save the
changes.

9. Enter your password and click Continue.

10. To return to the Compliance Rules page, click the back arrow in the upper left.

11. Under the Test compliance rule set, click the Assign.
The Assign Rule Set window opens.

12. For the Group drop-down list, select Training.

13. Click Submit.

© Copyright IBM Corp. 2019 24

Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Configuring Android devices
Exercise 8 Creating an Android policy

Uempty
14. Click Continue.

15. Enter your password and click Continue.

Exercise 8 Creating an Android policy

Policies and compliance rules work together to ensure that mobile users in your enterprise are
adhering to corporate policy. Administrators enter policies in the MaaS360 portal that align with
industry best practices and company standards. These policies can then be assigned to mobile
devices.

In this exercise, you create an Android security policy.

1. In the MaaS360 portal, place your cursor over Security and click Policies.
The Policies page opens.

2. Click Add Policy.

The Add Policy page opens.

3. In the Name field, enter Test Android.

4. In the Description field, enter Android test policy used for training.

5. For the Type list, select Android MDM.

6. In the Start From list, select My Existing Policies.

7. In the My Existing Policies list, select (def) Default Android MDM Policy.

8. Click Continue.
The Test Android policy is created. You can now edit the policy to customize it.

9. In the upper right of the Test Android policy page, click Edit.

10. On the left under Device Settings, click Passcode if it is not already selected.

11. Select the Configure Passcode Policy check box.

The Passcode Settings options are displayed.

© Copyright IBM Corp. 2019 25

Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Configuring Android devices
Exercise 8 Creating an Android policy

Uempty
12. Define the Passcode Settings as follows:
– Passcode Quality: Numeric
– Minimum Passcode Length: 4
– Maximum Passcode Age (in Days): 90
– Allowed Idle Time (in minutes) Before Auto-Lock: 2 minutes
– Passcode history: 5
– Maximum Failed Password Attempts (for Lock or Wipe depending on policy): 10
– Lock device on Failed Passcode Attempts: <selected>

Important: The passcode settings here are only for training purposes. If this is your own personal
device, set them to your specifications.

13. On the left under Device Settings, click Security.

The Security Settings page opens.

14. Define the Security Settings as follows:

– Visible Passwords: Enabled
– Allow Installation of Non-Google Play Applications: Disabled
Do not change any other settings on the Security Settings page.

15. On the left under Device Settings, click Restrictions.

The Device Feature Restrictions window opens.

16. In the Device Feature Restrictions window, verify that the following options are set as follows:
– Camera: Disabled
– Bluetooth: Disabled

17. On the left, under Device Settings, click Native App Compliance.
The Native App Compliance window opens.

18. Clear the Allow Gallery check box.

19. On the left under Device Settings, click Web Shortcuts.

The Configure Web Shortcuts window opens.

20. Select the Configure Web Shortcuts check box.

21. Define the shortcut as follows:

– Display Name of the Shortcut: Test
– URL for the Shortcut: http://www.ibm.com/maas360

© Copyright IBM Corp. 2019 26

Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Configuring Android devices
Exercise 8 Creating an Android policy

Uempty
22. Next to the Icon for the Shortcut list, click Add New.
The Upload New Web Shortcut window opens.

23. In the Icon Display Name field, enter Test.

24. In the Icon field, click Browse.

The File Upload window is shown.

25. Navigate to the desktop, open the MMS_Labfiles folder, and select the Androidicon.png file.

26. Click Open.

The Upload New Web Shortcut window is shown.

27. Click Save.

The Upload Status window is shown.

28. Click OK.

You are returned to the Configure Web Shortcuts page.

29. From the Icon for the Shortcut list, select Test.

30. Select the Show web shortcut on the device Home page option.

31. On the left under Device Settings, click Device Management.

32. Set the options in the Disable Device Management Actions section as follows:
– Warning Message After Disabling Device Management: Your device will be locked
– Enforcement Action after Disabling Device Management: Lock Device
– Unlock Device Passcode: 123456

33. In the upper right of the policy page, click Save and Publish.
The Publish window opens.

34. In the Description field, enter the following information:

Planning and Architecture Policy <today’s date>

35. Click Continue, type your password, and click Confirm.

The Test Android policy is at version 1 and can now be applied to devices.

© Copyright IBM Corp. 2019 27

Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Configuring Android devices
Exercise 9 Applying a policy to an Android device

Uempty
Exercise 9 Applying a policy to an Android
device
In this exercise, you apply the Android security policy to the managed device. You created this
policy in Exercise 8, “Creating an Android policy,” on page 25.
1. Place your cursor over Devices and click Inventory.
The Device Inventory page opens and shows a list of managed devices.

2. Click the link for your managed device.

The Summary page opens.

3. Check the WorkPlace & Security section and Applied Policy field of the device record. The
policy is the default Android MDM policy.

4. From the More menu on the upper right, select Change Policy.
The Change Policy window opens.

5. For the Android Policy, select Test Android and click Submit.
The Password Confirmation window opens.

6. Enter your password and click Confirm.

7. Check the WorkPlace & Security section and Applied Policy field of the device record for the
policy change.
Check your to ensure that the policy is changed in the WorkPlace & Security

Note: You might have to refresh the page to see the Applied Policy field change to Test Android
policy. It might take several minutes for the change to be displayed.

You are prompted on your device to set a password if you do not have one. You have 1 hour
before the device locks and requires you to enter a passcode to unlock it.

8. On the mobile device, start the MaaS360 app.

A Device out of compliance message opens.

9. Tap Settings and tap Compliance Status.

10. Bring your device back into compliance by setting the required passcode (4-digit PIN) to 1234.

© Copyright IBM Corp. 2019 28

Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Configuring Android devices
Exercise 10 Installing distributed apps

Uempty

Important: If you are using your own personal device, you might not want to change your
passcode, or you might want to change the passcode to something more secure. You can skip this
step if you do not want to change your passcode. You might also already have a passcode on the
device that meets the compliance criteria. In this case, you will not receive an out of compliance
message.

11. Try to use the camera on the device.

The Security policy prevents use of camera message opens.

Exercise 10 Installing distributed apps

In this exercise, you install an app from the App Catalog.
1. Return to the MaaS360 app on the managed device and tap App Catalog.
A list of available apps in the app catalog opens.

2. Tap the IBM Verse app.

You are redirected to the IBM Verse app in the Google Play store.

3. Tap Install.
You might be prompted one or more times to complete the installation. For any prompts, tap the
affirmative to advance the installation (Continue, Accept, OK, etc.)
The IBM Verse app is downloaded and installed on the device.

Exercise 11 Downloading distributed

documents
In this exercise, you verify that you can access the document that was distributed in Exercise 5,
“Uploading and distributing a document,” on page 20.
1. Return to the main page of the MaaS360 app on the managed device. You might need to tap
the MaaS360 app to open the container and see the Docs app.

2. Tap Docs.
You are directed to download and install the MaaS360 Docs app.

3. Install the MaaS360 Docs app.

You might need to return to the MaaS360 container to again see the Docs app.

4. Tap Docs.

© Copyright IBM Corp. 2019 29

Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Configuring Android devices
Exercise 12 Verifying access to the web shortcut

Uempty
5. If presented with a list of document sources, tap Corporate.

6. Verify that Test Document.txt is displayed in the Documents list.

7. Tap the Test Document.

The test.txt file is downloaded to the device and you are provided a list of native apps to
open the document. You can open it with a native app or install the MaaS360 Secure Editor and
open it with the Secure Editor.

Note: If you create a WorkPlace Persona Policy and enable the Secure Docs Viewer, you can
open documents with MaaS360 Secure Docs Viewer, which ensures that the documents open in
the device’s secure container.

Exercise 12 Verifying access to the web

shortcut
In this exercise, you verify the web shortcut that was created in Exercise 8, “Creating an Android
policy,” on page 25.
1. Return to the Home screen of the Android device.

2. Verify that the Test icon is displayed on the Home screen of the device.

3. Tap the Test icon.

The default web browser on the device opens, and the MaaS360 home page is displayed.

Exercise 13 Unenrolling the Android device

from MaaS360
In this exercise, you unenroll the device from MaaS360 and remove the MaaS360 app.
1. Return to the MaaS360 portal.

2. Click the Home icon.

The My Alert Center dashboard opens.

3. Place your cursor over Devices and select Inventory.

The Device Inventory page opens.

4. Click the link for the managed device in the Device Name column.
The Summary page opens.

© Copyright IBM Corp. 2019 30

Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Configuring Android devices
Exercise 13 Unenrolling the Android device from MaaS360

Uempty
5. From the More menu, select Remove Control.
The Remove Control window opens.

6. Click Continue.
The Password Confirmation window opens.

7. Enter your password and click Continue.

Note: It might take a few minutes for the action to complete. The Managed Status changes to
Pending Control Removal and then Inactive to signify that the Remove MDM Control action
completed. Wait until control is removed from the device before continuing. You can check
whether MDM control is removed by opening the MaaS360 App on the device. If you are prompted
to enter your corporate identifier and start enrollment again, MDM control has been removed. If
you want to expedite the process on the device, you can tap Settings and Update Device Data in
the upper-right menu. This action downloads any pending actions.

You can now remove the MaaS360 app from the mobile device.

Note: Different Android versions have different settings names, which might differ from those
used in the following steps. Use the appropriate security settings for your device.

8. On the mobile device, tap the Settings icon.

9. Tap the Security icon and tap Device administrators.

10. If any check marks are listed beside the MaaS360 apps in the list, clear them.

11. In the Settings menu, tap Apps.

A list of installed apps opens.

12. In the app list, tap MaaS360.

13. Tap Uninstall.

The confirmation window opens.

14. Tap OK.

The MaaS360 app is uninstalled from the Android device.

15. Uninstall the IBM Verse and MaaS360 Docs apps.

© Copyright IBM Corp. 2019 31

Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Configuring Android devices
Exercise 14 Removing and deactivating portal artifacts

Uempty

Note: The IBM Verse and MaaS360 Docs apps are automatically removed on Samsung SAFE
devices. Other devices may also automatically remove these apps through selective wipe.

16. On the mobile device, tap the Settings icon.

17. Tap the Security icon and tap Screen Lock.

18. When prompted, enter the 1234 PIN and select None to disable the PIN.

Exercise 14 Removing and deactivating portal

artifacts
In this exercise, you clean up the portal artifacts that you created in the previous exercises. You do
these tasks because you might use this portal for additional training labs.
1. Return to the MaaS360 portal.

2. Click the Home icon.

The My Alert Center dashboard opens.

3. Hover over the Training Devices alert you created in Exercise 4, “Adding a custom alert,”
on page 19. Click the Delete icon.

4. Click Delete For All.

5. Place your cursor over Apps and click Catalog.

6. Delete the IBM Verse for Android app.

7. Enter your password and click Continue.

8. Place your cursor over Docs and click Content Library.

9. Delete the Test document.

10. Enter your password and click Continue.

11. Place your cursor over Security and click Policies.

12. Click Test Android.

13. Click More > Delete the to delete the Test Android policy.

14. Enter your password and click Confirm.

A message stating that the policy has been deactivated opens.

© Copyright IBM Corp. 2019 32

Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Configuring Android devices
Exercise 14 Removing and deactivating portal artifacts

Uempty
15. Click More > Policy Files.

16. To delete the Test Android file that is referenced in the (deactivated) Test Android policy, click
Delete.


17. Place your cursor over Devices and click Groups.

18. For the Training group, click More > Change rule set.

19. To delete the Test rule set, click the X next to Compliance Rule Set.

20. Click Submit.

21. Enter your password and click Confirm.

22. Click More > Delete to remove the Training group.

23. Click Yes.

24. Enter your password and click Confirm.

25. Place your cursor over Security and click Compliance Rules.

26. Next to the Test rule set, click More > Delete.

27. Enter your password and click Confirm.

© Copyright IBM Corp. 2019 33

Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
Appendix
You must sign up for a MaaS360 trial account to complete this lab. Or you can use an existing trial
account where you have service administrator access, if you have one.

Signing up for a trial account

In this exercise, you create an IBM ID and sign-up for a trial MaaS360 account. You will use the test
account to complete the exercises. It is recommended that you use a test email account when you
create the IBM ID rather than your corporate email account. Make note of the user name and
password that you create. This account information is used throughout the exercises.

Important: If you have already created a trial account for another IBM MaaS360 lab session, you
can continue to use the account by logging in using https://login.maas360.com/ and skipping to
the exercises for your device type.

Perform the following steps to complete this exercise:

1. Open a browser on your desktop.

2. In the navigation bar, enter the following address:

http://ibm.com/maas360
The MaaS360 product page opens.

© Copyright IBM Corp. 2019 34

Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Appendix
Signing up for a trial account

Uempty
3. Click Free Trial.
Befo

4. Fill out the registration page and click Continue.

Important: Use a test email account, rather than your corporate account, when you register. If
you decide to convert the trial account to your production account at some point in the future, you
can add your corporate email as an administrative user at that time.

© Copyright IBM Corp. 2019 35

Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Appendix
Signing up for a trial account

Uempty

© Copyright IBM Corp. 2019 36

Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Appendix
Signing up for a trial account

Uempty
5. Review the IBMid Account Policy page and click Proceed.

6. Enter the numeric code that was sent to your registered email address and click Verify.

© Copyright IBM Corp. 2019 37

Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Appendix
Signing up for a trial account

Uempty
7. Your trial MaaS360 instance is created and you are redirected to the login page for your trial
MaaS360 portal. Log in with the email address and password you used to register and create
your IBMid and click Continue.

8. On the Quick Start page, click Get Started.

9. If you are using an Android device, click Start without iOS.

The Add a Device page is shown.

© Copyright IBM Corp. 2019 38

Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Appendix
Signing up for a trial account

Uempty

Important: If you plan to use your own iOS device to complete the exercises, you must click
Setup Apple enrollment and follow the step-by-step instructions to get an Apple MDM certificate
and upload it to the portal before continuing. Apple requires an APNS certificate to communicate
and manage devices from an MDM provider. If you are creating a trial account for your
organization, make sure you use an organization Apple ID rather than a personal one. If you are
just creating a portal account for training purposes, you can use your personal Apple ID.

10. On the Setup Android Enterprise page, click Skip for now.

11. On the Select security policy page, on the Not sure? pane click Select.

12. On the Configure native email page, click Skip for now.

© Copyright IBM Corp. 2019 39

Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Appendix
Signing up for a trial account

Uempty
13. On the Enroll devices page, click Skip for now.


On the Quick Start completed! page, click Go to Home Page.


You are now ready to begin the exercises that follow.

© Copyright IBM Corp. 2019 40

Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
 ®

© Copyright IBM Corporation 2019. All Rights Reserved.