Conversa Solutions LLC

Ensemble: General Overview

TABLE OF CONTENTS

• Ensemble: General Overview
  • Users
  • Devices
  • Content
  • Projects
  • Kiosk Settings
  • Device Settings
  • Ensemble App Settings
  • Application Settings
  • Google Play Settings
  • Update Settings
  • Communication Settings
  • Security Settings
  • Connectivity Settings
  • Network Settings
  • Device Suspension Settings
  • Inter App Messaging
  • APNs
  • Certificates (Project)
  • Deployment
  • Devices and Users (Project)

Ensemble is an EMM. EMM stands for Enterprise Mobility Management, which means that Ensemble is a software solution that allows organizations to remotely manage their devices by deploying Projects (which are groups of devices, files, and policies) to them.

Ensemble has an organizational hierarchy. Creating a new organization allows the admins to control multiple sub-companies, and companies can have multiple projects. An example use case of this would be a school district that has multiple schools. The district would have an account that can access all of the school’s accounts, and each school would have an admin account that could only access their school’s company information, and from there each school could have a different project for each classroom to serve a specific need, or for specific applications and settings to serve that specific teacher’s specific needs.

(1:04)

This is the home page for your Ensemble company. The home screen tiles show a summary of the devices, projects, and licenses on your company. You can use this menu to navigate throughout the site.

(1:43)

Users

Here, there are two tables; one is for managing users who can log into the Ensemble management site, and the other is for users who can log into the Ensemble application itself. This is where you can view information about the users here that have already been registered. To add a new person to the table, click the + button on the right hand side of the screen. 

• Remember, if you create a web portal user account, the first and last name fields as well as a valid email address are required

Next is the users permissions screen. There are a selection of predefined permissions levels and the option to create a custom role.

• Company User: The lowest level prebuilt permission level. Company users can manage devices, but they aren't able to view other companies in their organization or add new users.

• Company Admin: Company Admins also cannot view multiple companies, but they can add and manage other users within the company they have been added. 

• Organization Admin: Includes all previous permissions, and allows users to search and view other companies, as well as create new companies if needed.

• Organization Master: Includes all previous permissions, and has full access to everything within their organization. This user is tied to the account used to create the organization.

• Custom User: A custom user can also be created. A popular use case for this is to only allow them access to view the devices page and send remote commands so app data and accounts can be cleared when shared devices change hands.

Once you have selected their permissions, you can either send them an email invite to create their own password and validate their account, or you can create a temporary password which will allow them to log into the system.

The second table contains the application user accounts. Ensemble supports two ways to connect projects to devices; either serial registration or application user accounts. These accounts are used to log in to the Ensemble application on the device. The same account can be used for one or many devices. This method is useful when the serials of the devices are not known ahead of time. Generally, devices using this method are enrolled using a QR code or are personal devices with a work profile.

For more information on users, please see our knowledgebase article here. 

(4:54)

Devices

The Devices Page is where all the devices on your company are listed out. At the top of the page, you can see the different methods of installing Ensemble onto your devices; Zero-Touch, DPC Code, Samsung KME, and using the Google Play Store. 

The Device Management Table is below these tabs. From here, you can see a lot of helpful information about the devices that have been entered into Ensemble, and will allow you to see further information if you need to dig down deeper into a device, or send remote commands to that device or multiple devices at the same time. For more detailed information on the Device Management Table, please see our Knowledgebase article here.

(6:05)

Content

These pages are used to create a library of applications and files that can be later associated with the devices via a project. For more specific information on adding content, please see our knowledgebase article here.

The Private content page is used to upload any files, videos, pictures, or private applications such as training documents, icons, or any internal applications

The Google Play content page is where you can search the Play Store for applications such as a music streaming application, Google Maps, etc. Certain applications like Google Chrome can be configured to control settings such as location tracking and setting a home page for the browser, using Managed Configurations.

The certificates page is where you would upload any certificates that you may have for wifi configurations or a VPN application. It works as a library for storing those specific certificates to later be associated with a project.

(7:05)

Projects

This page is where projects can be created, cloned, or deleted. Projects are the place where content and policies are tied to a group of devices.

Similar to the devices page, the table on this page shows every project that has been built onto this company. In order to view a project in detail, click the name of the project itself.

Once in the project, you will be taken to a page similar to the main company page, with navigation tabs on the left side of the screen. From, the main dashboard of the project, you can see some overview information about the project, such as how many users are assigned to it, the number of content pieces on it, etc. 

The content page is where you select the content that was added on the company page to add to the project. It is also where you can control when the Ensemble MDM application will update. If it's set to default, the Play Store will update Ensemble when it is not being used in the foreground, much like your applications on your personal device. High Priority will push the update for Ensemble out to the devices as soon as an updated version has been released, regardless of if it is running in the foreground. Postponed will stop the auto-updating of the app for up to 90 days. After 90 days, it will update to the latest available version of the app using the default update mode. 

The next section under that is a table to display what content will be downloaded to the devices on this project, which includes both the Private and Google Play Content. Use the menu in the upper right hand corner of the table to add content to this project.

(9:15)

Kiosk Settings

The kiosk settings tab is where you can select how Ensemble controls the devices on your project. 

The first tab is Kiosk Settings. First, you will select what type of Kiosk mode you wish to have:

• None: Ensemble will be installed on the device as well as any content and applications you have added to the device, but it will not be in a kiosk mode, rather it will work more like a normal personally owned device.

• Single: Single kiosk mode locks the device to one application of your choice. This is the stereotypical kiosk where a phone or tablet is repurposed for a single-use device. This use case has become more ubiquitous in fast food restaurants as a way to order food, but it applies to many other industries

• Multi: Multi-kiosk mode is essentially a custom home screen application for the device. On this new home screen, you can add shortcuts to webpages or applications, change the wallpaper, add up to 6 pages, and create the user experience that you need.

When in Multi-kiosk mode, to create a shortcut, simply click on any of the squares on the screen. You can create an application shortcut, a bookmark, add content, or create a folder. The color of the default icons for bookmarks and folders can be customized, or you can upload your own custom icon images to use (upload the image as Private Content, then add that content in the Content tab of the project). You can also create a date time widget so it looks just like a normal phone would. Shortcuts can also be placed inside of folders, and those folders can have up to 6 pages as well.

The row at the bottom of the screen is the favorites bar. Shortcuts that are placed here are accessible on any of the up to 6 pages. There's also the option to add a shortcut to the app drawer here. This gives access to all of the apps that are installed on the device. This will allow the admin to control the shortcut placement on the home pages, but also allow the end user to still have full access to the applications on the device.

If you have specific programs that run in the background, or one/some that need to be opened via another application, eg the camera application inside of a web conferencing app, the package must be whitelisted in the other packages allowed during kiosk. In order to do this, click the Manage Packages link under Other Packages Allowed During Kiosk, and add the package name into this field. 

The 3 dots menu at the top right corner of the kiosk preview screen is the Ensemble Menu button. If the action bar is hidden, a shortcut can be added to the home screen to provide access to this menu. This button is usually used to reload policies, view your settings, or exit the application. You can change the options available in this menu by going to the tab labeled Ensemble app settings and changing them from there.

(12:31)

Device Settings

The Device Settings page is used to control settings on the devices themselves. This can be used to change many aspects of the devices such as disabling volume or brightness control, screen time out time, or adding a message to the lock screen. If you set any of the settings to “Disallow”, the end user will not be able to make any changes to these settings through the settings application on the device. 

(12:57)

Ensemble App Settings

The Ensemble app settings page allows you to change and set various settings for the Ensemble app itself. The first section is for the exit PIN, if one is required for your project. An exit PIN will allow a user to input a PIN that you can enter here that will allow them to exit the kiosk application and enter the main home page of the device.

The section below is for the Ensemble options menu within the kiosk screen itself. The first setting option, Enable Ensemble Settings Menu, enables the settings menu as a whole, so if you do not wish for your users to have the ability to change any settings here within, you can deselect it and disable all of the below settings.

You can view more information on what each individual setting does by clicking the question mark icon beside the setting. 

Beneath this section are the support messages. These fields can be filled out with any message that you wish to include when the device has been suspended by an administrator, which can be done from the device management table. 

Under these fields are the final few settings for the Ensemble app. The first option here allows you to hide the Ensemble app from the app drawer of the device, if the app drawer has been enabled. 

Next is the no connection timeout selection. If the device has no Internet when the user reloads the policies or if it is rebooted, an error message will appear and will automatically return to the kiosk screen after the amount of time selected here.

Lastly is the finish check-in after apps install options. This setting controls if the Ensemble application will wait to complete the check-in until after all the applications have been installed. If you choose never, the device will complete the check-in while the applications download in the background. 1st setup will allow the device to wait to complete the check-in until the apps are installed during the first check-in, and Always will cause the device to always wait to complete the check-in until after all apps are installed.

(15:17)

Application Settings

In the application settings tab, there are policies specific to the applications on the device.

On the applications settings tab, there is a Block Applications section, listing out various common pre-installed applications on devices. From here, you can choose to block any or all of these applications. This doesn't uninstall the app itself due to where the files are stored in the internal storage of the device, but it does disable them. 

(15:41)

Google Play Settings

The Google Play Settings tab contains policies that are used to manage the Google Play Store app itself. A key policy here is the Application Availability. If this is set to “Only Project Content” while also setting the install mode of apps on the project to “do not auto-install”, and finally enabling the app drawer, it will provide a way for admins to create a custom library of applications for their end users to choose from. This combination allows users to access the play store while limiting what applications can be installed by the user.

Within this tab, there is also a setting for Ensure Verify Apps under the Play Protect Restrictions header. This can be de-selected if there are applications on your project that are having trouble installing. For more information on this, please see our knowledgebase article about Play Protect here.

(16:19)

Update Settings

The update settings here provide control over when the Android OS updates. 

• None: No Android OS updates will be applied to the devices on the project.

• Automatic: Automatically update the device when a new firmware version is available.

• Scheduled: Allows the admin to set a time frame within which the device will auto update.

• Postpone: Postpone the update for 90 days and then auto-update the firmware.

(16:43)

Communication Settings

Communication settings control what calls the end user can make by white listing allowed numbers and provides the ability to preload a list of contacts. For more information on the contacts feature, please see our knowledgebase article [here].

On this page, there are policies with blue shield icons next to the hint icons. These icons indicate that this policy must have Samsung Knox Mobile Enrollment or KME enabled before you can select them and use them. For more information on Samsung KME, please see the knowledgebase article here.

(17:31)

Security Settings

Security settings is where you can set restrictions on the device for security purposes. From here, you can disallow certain accounts such as Facebook or OneDrive accounts, as well as disabling certain features such as the lock screen camera, face authentication, and airplane mode. You can also set the password restrictions and qualifications here, so any password created for and by the user is subject to those conditions

(18:12)

Connectivity Settings

The connectivity settings page is used to preload Wi Fi configurations, enable/disable Bluetooth settings, and enforce always on VPNs.

(18:22)

Network Settings

The network settings page is used to control global device DNS configuration or a global proxy. These settings are useful when integrating with a third party content filtering server.

(18:35)

Device Suspension Settings

The device suspension settings are used to configure the appearance and branding of the device suspension screen. If a device has been lost or stolen, you can suspend that device so that way it cannot be used by an unknown third party. This feature locks the device down to a single screen with a logo, message, emergency, and support dialer. It can be triggered either by a day and time schedule or via a command to the devices individually or through the csv batch uploader.

(18:59)

Inter App Messaging

Inter App Messaging provides access to the APIs that a third party can use to interact with the Ensemble MDM. For more information on this, please see our knowledgebase article here.

(19:13)

APNs

The next section on the left hand side of the project screen is the APNs tab. An APN is an access point name which is used to find the right IP address that the device should be identified with on the cellular network, as well as determine if a private network is needed and ensure the correct security settings are used. If you are working with a carrier, you can get a special APN setup for the SIM cards on the devices which can allow you to manage the network even more minutely including using your own server for transmitting cellular data. To configure an APN, you can enter the information on this screen by hitting the plus button on the right hand side of the table. For more information, please see our APN knowledgebase article here.

(19:53)

Certificates (Project)

Certificates is the next section on the left hand side of the screen. This is where you can select certificates to be installed for use by a VPN or other applications on the device.

(20:05)

Deployment

Next is the Deploy tab. The deploy screen is where you push out any and all changes that you have made to your project to ensure that your devices have the most up to date data. If you change a setting or add a new application, you need to deploy to actually send that policy to the devices.

If you want it to be deployed to the devices immediately, check the “Instant” checkbox to force the device to wake up and check-in. 

User interaction required will download the latest policy but will not apply them until the user agrees to continue through the check-in process. A forced update will start applying policies immediately and the check-in will be visible to the user and a silent update will apply the latest policies in the background. For more detailed information on deployments, please see our knowledgebase article here.

(20:57)

Devices and Users (Project)

The devices and users pages connect these policies and applications to the devices. This section will behave very similarly to the device management table that is present on your company page.

In here, you can see the devices that are currently assigned to the project, or you can add a device to it by clicking the plus button on the right hand side of the table. 

• Note: This will not allow you to register a new device to the company, it will only associate a prior added device to the project.

Application users can be added to the user's page in a similar manner; any device that is logged in to Ensemble with the user account associated with the project will load the policies of that project. A default license is associated with each user. When a new device is logged into with that user account, a seat from that default key is used. If there are no available seats, the login will fail.