Product Documentation

Location device policies

Apr 08, 2015

You create location device policies in XenMobile to enforce geographic boundaries, as well as to track the location and movement of users' devices. When users breach the defined boundary, also called a geofence, XenMobile can perform a selective or full wipe immediately or after a specific time period to let users return to the allowed location.

You can create location device policies for iOS and Android. Each platform requires a different set of values, which are described in this article.

  1. In the XenMobile console, click Configure > Device Policies. The Device Policies page appears.


    Select device policies

  2. Click Add to add a new policy. The Add New Policy dialog box appears.


    Select location services

  3. Click Location Services. The Location Policy information page appears.


    Location services policy information page

  4. In the Policy Information pane, enter the following information:
    1. Policy Name: Type a descriptive name for the policy.
    2. Description: Type an optional description of the policy.
  5. Click Next. The Policy Platforms page appears.
    Note: When the Policy Platforms page appears, both platforms are selected and you see the iOS platform configuration panel first.


    Location policy information platforms page

  6. Under Platforms, select the platforms you want to add.
    • If you selected iOS, configure the following settings:

      Location timeout: Type a numeral and then, in the list, click Seconds or Minutes to set how often XenMobile attempts to fix the device's location. Valid values are 60–900 seconds or 1–15 minutes. The default is 1 minute.

      Tracking duration: Type a numeral and then, in the list, click Hours or Minutes to set how long XenMobile tracks the device. Valid values are 1–6 hours or 10–360 minutes. The default is 6 hours.

      Accuracy: Type a numeral and then, in the list, click Meters, Feet, or Yards to set how close to a device XenMobile tracks the device. Valid values are 10–5000 yards or meters, or 30–15000 feet. The default is 328 feet.

      Report if Location Services are disabled: Select whether the device sends a report to XenMobile when GPS is disabled. The default is OFF.

      Geofencing: Select this option to configure the following settings:


      iOS geofencing

      • Radius: Type a numeral and then, in the list, click the units to be used to measure the radius. The default is 16,400 feet.
        Valid values for radius are:
        • 164–164000 feet
        • 1–50 kilometers
        • 50–50000 meters
        • 54–54680 yards
        • 1–31 miles
      • Center point latitude: Type a latitude, such as 37.787454, to define the geofence center point's latitude.
      • Center point longitude: Type a longitude, such as 122.402952, to define the geofence center point's longitude.
      • Warn user on perimeter breach: Select whether to issue a warning message when users breach the defined perimeter. The default is OFF. No connection to XenMobile is required to display the warning message.
      • Wipe corporate data on perimeter breach: Select whether to wipe users' devices when they breach the perimeter. The default is OFF.

        When you enable this option, the Delay on local wipe field appears.

        Type a numeral and then, in the list, click Seconds or Minutes to set the length of time to delay before wiping corporate data from users' devices. This gives users an opportunity to return to the allowed location before XenMobile selectively wipes their devices. The default is 0 seconds.

    • If you selected Android, configure these settings:
      Poll interval: Type a numeral and then, in the list, click Minutes or Hours, or Days to set how often XenMobile attempts to fix the device's location. Valid values are 1–1440 minutes, 1–24 hours, or any number of days. The default is 10 minutes.
      Note: Setting this value to less that 10 minutes may adversely affect the device's battery life.

      Report if Location Services are disabled: Select whether the device sends a report to XenMobile when GPS is disabled. The default is OFF.

      Geofencing: Select this option to configure the following settings:


      Android geofencing on

      • Radius: Type a numeral and then, in the list, click the units to be used to measure the radius. The default is 16,400 feet.
        Valid values for radius are:
        • 164–164000 feet
        • 1–50 kilometers
        • 50–50000 meters
        • 54–54680 yards
        • 1–31 miles
      • Center point latitude: Type a latitude, such as 37.787454, to define the geofence center point's latitude.
      • Center point longitude: Type a longitude, such as 122.402952, to define the geofence center point's longitude.
      • Warn user on perimeter breach: Select whether to issue a warning message when users breach the defined perimeter. The default is OFF. No connection to XenMobile is required to display the warning message.
      • Device connects to XenMobile for policy refresh: Select one of the following options for when users breach the perimeter:
        • Perform no action on perimeter breach: Do nothing. This is the default.
        • Wipe corporate data on perimeter breach: Wipe corporate data after a specified length of time.

          When you enable this option, the Delay on local wipe field appears.

          Type a numeral and then, in the list, click Seconds or Minutes to set the length of time to delay before wiping corporate data from users' devices. This gives users an opportunity to return to the allowed location before XenMobile selectively wipes their devices. The default is 0 seconds.

        • Delay on lock: Lock users' devices after a specified length of time.

          When you enable this option, the Delay on lock field appears.

          Type a numeral and then, in the list, click Seconds or Minutes to set the length of time to delay before locking users' devices. This gives users an opportunity to return to the allowed location before XenMobile locks their devices. The default is 0 seconds.

  7. Expand Deployment Rules and then configure the following settings: The Base tab appears by default.


    Deployment rules

    1. In the lists, click options to determine when the policy should be deployed.
      1. You can choose to deploy the policy when all conditions are met or when any conditions are met. The default option is All.
      2. Click New Rule to define the conditions.
      3. In the lists, click the conditions, such as Device ownership and BYOD, as shown in the preceding figure.
      4. Click New Rule again if you want to add more conditions. You can add as many conditions as you would like.
    2. Click the Advanced tab to combine the rules with Boolean options.


      Advanced deployment rules with base rules

      The conditions you chose on the Base tab appear.
    3. You can use more advanced Boolean logic to combine, edit, or add rules.
      1. Click AND, OR, or NOT.
      2. In the lists that appear, choose the conditions that you want to add to the rule and then click the Plus sign (+) on the right-hand side to add the condition to the rule.

        At any time, you can click to select a condition and then click EDIT to change the condition or Delete to remove the condition.

      3. Click New Rule again if you want to add more conditions.

        In this example, the device ownership must be BYOD, the device local encryption must be True, and the device mobile country code cannot be only Andorra.

        Advanced deployment rules complete

  8. Click Next. The Location Policy assignment page appears.
  9. Next to Choose delivery groups, type to find a delivery group or select a group or groups in the list to which you want to assign the policy. The groups you select appear in the right-hand Delivery groups to receive app assignment list.


    Policy assignment page

  10. Expand Deployment Schedule and then configure the following settings:
    1. Next to Deploy, click ON to schedule deployment or click OFF to prevent deployment. The default option is ON. If you choose OFF, no other options need to be configured.
    2. Next to Deployment schedule, click Now or Later. The default option is Now.
    3. If you click Later, click the calendar icon and then select the date and time for deployment.
    4. Next to Deployment condition, click On every connection or click Only when previous deployment has failed. The default option is On every connection.
    5. Next to Deploy for always-on connection, click ON or OFF. The default option is OFF.
      Note: This option applies when you have configured the scheduling background deployment key in Settings > Server Properties. The always-on option is not available for iOS devices.
    Note: The deployment schedule you configure is the same for all platforms. Any changes you make apply to all platforms, except for Deploy for always on connection, which does not apply to iOS.


    Deployment schedule

  11. Click Save to save the policy.