@iota-big3/sdk-mdm
v2.0.2
Published
Mobile Device Management (MDM) capabilities for enterprise device control and security
Maintainers
allan1361Readme
@iota-big3/sdk-mdm
Enterprise Mobile Device Management (MDM) for comprehensive device control, security policy enforcement, and compliance monitoring.
Features
📱 Device Enrollment
- Zero-touch enrollment for corporate devices
- BYOD (Bring Your Own Device) support
- Apple DEP (Device Enrollment Program) integration
- Android Enterprise enrollment
- Windows Autopilot support
- QR code and NFC enrollment
🔒 Security Policies
- Password policies (complexity, rotation, history)
- Encryption enforcement (device & SD card)
- App restrictions (blacklist/whitelist)
- Network policies (VPN, Wi-Fi, certificates)
- Compliance rules with automated actions
- Geofencing and location tracking
📦 App Management
- Enterprise app store creation
- Silent app installation and updates
- App configuration deployment
- License management for volume purchases
- App usage analytics
- Containerization for work apps
🔧 Remote Actions
- Remote wipe (full or selective)
- Device lock with custom message
- Password reset assistance
- Location tracking for lost devices
- Remote diagnostics and troubleshooting
- Configuration updates push
📊 Compliance & Monitoring
- Real-time compliance checking
- Device health monitoring
- Security posture assessment
- Audit trail for all actions
- Automated remediation workflows
- Custom compliance rules
🎫 Certificate Management
- Certificate deployment (user & device)
- Automatic renewal before expiry
- SCEP (Simple Certificate Enrollment Protocol)
- Certificate revocation support
- Multi-CA support
Installation
npm install @iota-big3/sdk-mdmQuick Start
import { MDMManager } from "@iota-big3/sdk-mdm";
// Initialize MDM
const mdm = new MDMManager({
tenant: "enterprise-corp",
platforms: ["ios", "android", "windows"],
enrollment: {
methods: ["qr", "email", "dep", "zero-touch"],
requireApproval: true,
},
});
// Enroll a device
const device = await mdm.enrollDevice({
platform: "ios",
udid: "device-unique-id",
owner: "[email protected]",
ownership: "corporate",
});
// Apply security policy
await mdm.applyPolicy(device.id, {
passcode: {
required: true,
minLength: 8,
complexity: "alphanumeric",
maxAge: 90,
},
encryption: {
required: true,
sdCard: true,
},
apps: {
blacklist: ["com.games.*"],
whitelist: ["com.company.*"],
},
});Device Enrollment
Zero-Touch Enrollment
// Configure Android Enterprise zero-touch
await mdm.configureZeroTouch({
dpc: "@iota-big3/mdm-android",
configuration: {
wifi: { ssid: "CorpNet", security: "WPA2" },
apps: ["com.company.app"],
policies: ["default-corporate"],
},
});
// Configure Apple DEP
await mdm.configureDEP({
server: "mdm.company.com",
profile: {
department: "IT",
supportPhone: "+1-555-0100",
isSupervised: true,
isMultiUser: false,
},
});BYOD Enrollment
// Create enrollment profile
const profile = await mdm.createEnrollmentProfile({
name: "Employee BYOD",
platform: "ios",
ownership: "personal",
containerization: true,
selectiveWipe: true,
});
// Generate enrollment QR code
const qrCode = await mdm.generateEnrollmentQR(profile.id);Security Policies
Creating Policies
const policy = await mdm.createPolicy({
name: "High Security",
platforms: ["ios", "android"],
settings: {
device: {
passcode: {
required: true,
minLength: 10,
requireAlphanumeric: true,
maxFailedAttempts: 5,
maxInactivity: 5, // minutes
},
encryption: { required: true },
jailbreakDetection: true,
},
apps: {
preventBackup: true,
allowedApps: ["com.company.*"],
blockedApps: ["com.facebook.*", "com.tiktok.*"],
managedAppConfig: {
"com.company.app": {
serverUrl: "https://api.company.com",
enableOffline: true,
},
},
},
network: {
vpn: {
required: true,
config: "company-vpn-profile",
},
wifi: {
onlyManaged: true,
profiles: ["CorpNet", "CorpGuest"],
},
},
},
});Compliance Rules
// Define compliance rules
await mdm.defineComplianceRule({
name: "OS Version Check",
condition: {
osVersion: { min: "15.0" }, // iOS 15+
lastCheckin: { maxDays: 7 },
},
actions: {
nonCompliant: [
{ type: "notify", target: "user", message: "Please update your OS" },
{ type: "restrict", apps: ["com.company.confidential"] },
{ type: "notify", target: "admin", after: "3 days" },
],
critical: [
{ type: "block", resource: "corporate-email" },
{ type: "wipe", selective: true, after: "7 days" },
],
},
});App Management
Enterprise App Distribution
// Upload enterprise app
const app = await mdm.uploadApp({
platform: "ios",
file: "./apps/company-app.ipa",
metadata: {
name: "Company App",
version: "2.1.0",
description: "Internal company application",
category: "business",
},
});
// Deploy to devices
await mdm.deployApp(app.id, {
target: { groups: ["sales-team"] },
installation: {
silent: true,
preventBackup: true,
vpnRequired: true,
},
});App Configuration
// Push app configuration
await mdm.configureApp("com.company.app", {
serverEndpoint: "https://api.company.com",
syncInterval: 300, // seconds
offlineMode: true,
features: {
camera: false,
location: true,
},
});Remote Actions
Device Management
// Lock device
await mdm.lockDevice(deviceId, {
message: "This device is locked. Contact IT: x1234",
phone: "+1-555-0100",
});
// Remote wipe
await mdm.wipeDevice(deviceId, {
type: "selective", // or 'full'
preserveESIM: true,
confirmation: "CONFIRM-WIPE-12345",
});
// Location tracking
const location = await mdm.locateDevice(deviceId);
console.log(`Device at ${location.latitude}, ${location.longitude}`);Monitoring & Reporting
Real-time Monitoring
// Device health monitoring
mdm.on("device:health", (event) => {
if (event.battery < 20) {
console.log(`Low battery on ${event.deviceId}`);
}
if (event.storage.free < 1024) {
// MB
console.log(`Low storage on ${event.deviceId}`);
}
});
// Compliance monitoring
mdm.on("compliance:violation", async (event) => {
console.log(`Compliance violation: ${event.rule} on ${event.deviceId}`);
// Auto-remediate
if (event.rule === "outdated-os") {
await mdm.pushNotification(event.deviceId, {
title: "OS Update Required",
body: "Please update your device OS to remain compliant",
action: "settings://system/update",
});
}
});Reporting
// Generate compliance report
const report = await mdm.generateReport({
type: "compliance",
period: "last-30-days",
groupBy: "department",
});
// Device inventory
const inventory = await mdm.getInventory({
include: ["hardware", "software", "certificates"],
filters: {
platform: "ios",
ownership: "corporate",
},
});Platform-Specific Features
iOS-Specific
// Supervised mode features
await mdm.ios.configureSupervisedMode(deviceId, {
allowAirDrop: false,
allowAppCellularDataModification: false,
forceAirPrintTrustedCertificates: true,
});
// Shared iPad configuration
await mdm.ios.configureSharedIPad(deviceId, {
maxUsers: 20,
userSessionTimeout: 30, // minutes
guestAllowed: false,
});Android-Specific
// Work profile setup
await mdm.android.setupWorkProfile(deviceId, {
crossProfileSharing: "blocked",
workAppsOnly: true,
separatePasscode: true,
});
// Kiosk mode
await mdm.android.enableKioskMode(deviceId, {
app: "com.company.kiosk",
allowedApps: ["com.company.kiosk"],
systemBars: false,
homeButton: false,
});Integration
With Other SDK Packages
import { MDMManager } from "@iota-big3/sdk-mdm";
import { SecurityManager } from "@iota-big3/sdk-security";
import { AuthManager } from "@iota-big3/sdk-auth";
// Integrate with security policies
const security = new SecurityManager();
await mdm.integrateSecurityPolicies(security);
// Integrate with auth for SSO
const auth = new AuthManager();
await mdm.configureSSOAuth(auth);Contributing
See CONTRIBUTING.md for development setup and guidelines.
License
MIT