Create and Deploy
Adding additional Admin Tags allows Administrators to specify Groups or levels of security to their Silverback Installation. Once a Device is enrolled it should already have its ‘Base Level of Security’ so Administrators can now create additional Tags and apply these to selected devices which will then receive the updated settings.
- To create a new Tag navigate to Tags
- Click New Tag
- Enter a friendly name (required)
- Enter a description (required)
- Select the Enabled Features Area
- Select the Device Types (required)
- Windows 10
- Windows 10 Mobile
- Enable Auto Population (optional)
- Click Save
After clicking Save all Enabled Features will be activated in the left panel.
Once an Admin Tag has been created, you can set up conditions so that devices enrolling into Silverback are auto-assigned upon enrollment. Using the information captured during enrollment, Silverback will determine if the incoming device needs to have Tags associated with it.
The Device Variable field does not always have to be ‘absolute’, by using a wildcard (*) character in the Device Variable Value field the scope of the Auto-Population is widened to allow more devices.
|*||Wildcard||Allows the Administrator to specify Wildcards when filtering devices.|
|>||Greater Than||Used for Numerical Fields, will allow the Admin to specify values Greater than a value.|
|<||Less Than||Used for Numerical Fields, will allow the Admin to specify values Less than a value.|
|Device Variable Key||Device Variable Value||Description|
|Type||e.g. Galaxy A5||Device Model Name|
|OS Version||e.g. > 12.1.1||The OS version reported by the device|
|Model Number||e.g. SM-A520F||Device Model Number|
|Current Country||e.g. Germany||Device Current Country|
|Current Network||e.g. o2 - de||Device Current Network|
|Subscriber Country||e.g. Switzerland||The country that the device reported on enrollment|
|Subscriber Network||e.g. o2 - ch||The network that the device reported on enrollment|
|Label||e.g. Marketing||Device Label as specified in the console|
|Roaming||True or False||The tag is assigned to roaming devices|
|IP Address||e.g. 10.0.0.110||
The IP address of the device(e.g. 192.168.1.100/32)
The acceptable formats are:
Single IP address (10.10.1.1)
IP range with hyphen (10.10.1.1-10.10.1.200)
IP range using CIDR notation (e.g. 10.0.0.0/24)
IP range using wildcard (10.10.1.*)
|SSID||e.g. Imagoverum Wi-Fi||
The name of the WiFi SSID that device is connected to
Full SSID name (e.g. Airport)
Wildcarded SSID name (e.g. Airp*)
Multiple SSID values using + as delimiter (e.g. Airport+Linksys)Note: This value is only reported by Companion client
|MDM Version||e.g. 6.1||*only for Samsung Safe. Samsung SAFE MDM Version for the device|
|iTunes Account||True or False||For iOS devices, set to true or false to populate if the user has an iTunes account configured.|
|Serial Number||e.g. F9FWFJD4JF89||Device Serial Number|
|Device Owner||Yes or No||Include or exclude devices in Device Owner Mode. If no is selected all Non Device Owner devices will receive the configuration|
|Supervised||Yes or No||Include or exclude devices in Supervised Mode. If no is selected all Non supervised devices will receive the configuration|
|Azure AD Joined||Yes or No||Include or exclude Azure AD Joined devices. If no is selected all Non Azure AD joined devices will receive the configuration|
LDAP Base DN
In some scenarios, it is necessary to specify the Base DN where the LDAP filter should be performed. The Base DN should be entered into the text box provided, with a Full DN Syntax (Distinguished Name), which can be found using Active Directory User and Computers or another LDAP Browser.
Auto Populating an Admin Tag can also be done using containers that exist within your LDAP schema (or Active Directory). This means that if you have setup distribution groups for individual departments, you can auto assign Tags based on these groups. When adding an LDAP Filter it must be done in Full DN Syntax (Distinguished Name), which can be found using Active Directory User and Computers or another LDAP Browser. An example of Full DN Syntax is displayed below:
Full DN Syntax Example for a Sales Department Distribution group: MemberOf=CN=Sales Department, CN=Groups,DC=imagoverum,DC=com
Ignore Empty Results
The option for “Ignore Empty Results” will tell the server to not remove users from the Tag, if the response from LDAP is empty. In some scenarios an LDAP source can return a valid, successful result however without any LDAP results. Normally this would cause Silverback to remove all users from this Tag. If your LDAP source is returning empty results validly, then use this option to ensure minimal user interruption.
Define to which Ownership Type the Tag should be applied. You can choose between All, Corporate and Personal
Manually Associate Devices
- After saving the configured Tag click Associated Devices
- You will see a list of already associated devices
- Click Attach More Device
- Select applicable Devices from the List
- Click Attach Selected Devices
- To detach devices use the Detach functionality.
To Export a list of users associated with a specific Tag, use the following steps:
- Click the Export button and choose the location to save the output file (in XLS Format).
- Click Push to Devices to force an policy update for all associated devices.