Allow only pre-authorized devices to become managed
Pre-authorize Devices
The Hardware authentication in Silverback is a part of access control, which ensures that only pre-authorized devices are allowed to become a managed device, e.g. only corporate owned devices that are issued and are fixed assets of your organization. Within the Hardware Authentication section, you define the list of devices that are allowed to be fully managed in Silverback. To enforce the Hardware Authentication compliance, you need to configure additionally the Lockdown Policy Enforce Hardware Authentication within an Tag that will be applied to devices during or after the enrollment. Silverback will verify then the serial number and/or IMEI of the device against the pre-authorized list and only known devices will get to the managed status. Unknown devices will remain as blocked. Additionally, you can use the Hardware Authentication to predefine the device ownership, a label, and a visibility flag for each device.
Please note that not all management types allows you to get the Serial or IMEI number of your managed devices as these identifiers are marked as particularly sensitive data from the operating system vendors. The following management types are protecting this sensitive data:
- Android Legacy Management starting with Android 10 (due to the general deprecation of the legacy management)
- Android Enterprise Work Profiles
- Apple User Enrollment
In case you are using one of these management types, we recommend to enforce the Hardware Authentication only for corporate devices and ensure to flag devices with Work Profiles and User Enrollment with a Personal Ownership.
Overview
| Detail | Example | Description |
|---|---|---|
| Id | e.g. 1 | Database ID for the item |
| Serial Number | e.g. F17M9VN8FFG8 | Serial number of the device |
| IMEI | e.g. 35303609258938 8 | IMEI number of the device |
| Username | e.g. tim.tober@imagoverum.com | Displays the associated user to this device when it is enrolled. |
| Ownership |
|
Displays the pre-defined ownership for this device and will overwrite whatever end users are choosing from Self Service Portal |
| Device Name | e.g. Imagoverum-iPad-001 | Displays the pre-assigned device name |
| Label | e.g. Marketing | Displays the currently associated Label |
| Visibility Flag | e.g. Executive Board | Displays the currently associated Visibility Flag |
| Edit |  |
Edit the selected device id |
| Remove |  |
Removes the selected device id |
Add New Device ID
- Open to your Silverback Management Console
- Login as an Administrator
- Navigate to Admin
- Select Hardware Authentication
- Press New Device IDs
- Enter the Serial Number and/or an IMEI number of your device
- Enable the Pre-Assign Ownership checkbox and select the Ownership
- Configure additional options and press save
Either Serial or IMEI is required, but one must exist. It’s also allowed to populate both serial and IMEI, but this will match either or (i.e. it will not make sure the device matches both values, it will find the first match and allow this).
| Setting | Options | Example | Description |
|---|---|---|---|
| Serial Number | Enter Serial Number | e.g. F17M9VN8FFG8 | Serial number of the device you want to detect |
| IMEI | Enter IMEI | e.g. 353036092589388 | IMEI number of the device you want to detect |
| Pre-Assign Device Name | Enabled or Disabled | e.g. Imagoverum-iPad-001 |
If enabled, the Device Name column in the CSV will be used to populate the device name value for this serial number. Supported for iOS supervised devices |
| Pre-Assign Ownership | Enabled or Disabled | Corporate or Personal | If enabled, the console user can select the Ownership that will be assigned to the imported devices, either Corporate or Personal. It will overwrite whatever end users are choosing from Self Service Portal |
| Pre-Assign Label | Enabled or Disabled | e.g. Marketing | If enabled, the Label will be populated to this serial device |
| Pre-Assign Visibility Flag | Enabled or Disable | e.g. Executive Board | If enabled, the Visibility Flag will be populated to this serial device |
Bulk Import Device IDs
Besides adding a single Device ID to the Hardware Authentication, you can use the Bulk Import option to upload a *.csv file containing all of your assets.
Create your *.csv file
- Download the example file: Hardware Authentication.csv
- Open the Example File with an editor (e.g. Notepad++)
- Review the additional notes and create a list with your devices
Review Additional Notes
- The Hardware Authentication *.csv file needs to be created in the following format: Serial Number,Label,Device Name,Visibility Flag,IMEI
- Either Serial or IMEI is required, but one must exist
- Our recommendation is to use Serial Number as criteria
- Create for any Device Platform (iOS, Android) separated *.csv files
- For all other then iOS, keep the *.csv format, enter a dummy Device Name and do not Enable Pre-Assign Device Name
iOS example:
F9FWFJD4JF85,Frankfurt,Tim Tobers iPad,Executive Board,353036092589388
F17M9VN8FFG8,Frankfurt,Tim Tobers iPhone,Executive Board
F9FWFJD4JF86,New York,Maria Millers iPad,Executive Board
F17M9VN8FFG9,New York,Maria Millers iPhone,Executive Board
F9FWFJD4JF81,London,Vincent Valentines iPad,Executive Board,353036092589389
Android example:
02503a0759313c6b,Frankfurt,Android,Executive Board
00cebf02959bc196,New York,Android,Executive Board
Bulk Import Device IDs
- Click Bulk Import
- Click Choose File
- Select your *.csv file
- Click Open
- Enable Pre-Assign Device Name (optional)
Silverback System Variables are not supported
- Enable Pre-Assign Ownership (optional)
- Enable Pre-Assign Label (optional)
- Enable Pre-Assign Visibility Flag (optional)
- Click Save
Enforce Hardware Authentication
To enforce the Hardware Authentication compliance, you need to configure the Lockdown Policy Enforce Hardware Authentication within an Tag that will be applied to devices during or after the enrollment. You can decide which action (Lock, Block, Delete Business Data or Factory Wipe) should be executed, when a non listed hardware authentication device will be enrolled to Silverback and if Administrators should receive a warning about a detected policy violation.
Additional Notes
| Silverback will display a Policy Violation in the Device Overview for devices that are not present in the Hardware Authentication. From here you add either the Serial Number, the IMEI number or both values to the Hardware Authentication list. |  |
| Administrators that have enabled the Receive Email Alerts option will receive the following notification |  |
| By executing the Delete Business Data operation, you will receive the following question for devices that are part of the Hardware Authentication. By selecting yes, the device will be removed from the Hardware Authentication list. S,o if the device will leave you company, you will probably select yes. |  |