Location device policy
You create location device policies in XenMobile to enforce geographic boundaries. When users breach the defined boundary, also called a geofence, XenMobile can do certain actions. For example, you can configure the policy to issue a warning message to users when they breach the defined perimeter. You can also configure the policy to wipe users’ corporate data when they breach a perimeter, right away or after a delay. For information about security actions, such as enabling tracking and locating a device, see Security actions.
To add or configure this policy, go to Configure > Device Policies. For more information, see Device policies.
iOS settings
- Location timeout: Type a numeral and then, in the list, click Seconds, or Minutes to set how often XenMobile attempts to fix the device’s location. Valid values are 60–900 seconds or 1–15 minutes. The default is 1 minute.
- Tracking duration: Type a numeral and then, in the list, click Hours, or Minutes to set how long XenMobile tracks the device. Valid values are 1–6 hours or 10–360 minutes. The default is 6 hours.
- Accuracy: Type a numeral and then, in the list, click Meters, Feet, or Yards to set how close to a device XenMobile tracks the device. Valid values are 10–5000 yards or meters, or 30–15000 feet. The default is 328 feet.
- Report if Location Services are disabled: Select whether the device sends a report to XenMobile when GPS is disabled. The default is Off.
- Geofencing
When you enable Geofencing, configure these settings:
-
Radius: Type a numeral and then, in the list, click the units to be used to measure the radius. The default is 16,400 feet. Valid values for radius are:
- 164–164000 feet
- 50–50000 meters
- 54–54680 yards
- 1–31 miles
- Center point latitude: Type a latitude, such as 37.787454, to define the geofence center point’s latitude.
- Center point longitude: Type a longitude, such as 122.402952, to define the geofence center point’s longitude.
- Warn user on perimeter breach: Select whether to issue a warning message when users breach the defined perimeter. The default is Off. No connection to XenMobile is required to display the warning message.
-
Wipe corporate data on perimeter breach: Select whether to wipe users’ devices when they breach the perimeter. The default is Off. When you enable this option, the Delay on local wipe field appears.
- Type a numeral and then, in the list, click Seconds, or Minutes to set the length of time to delay before wiping corporate data from users’ devices. This setting gives users an opportunity to return to the allowed location before XenMobile selectively wipes their devices. The default is 0 seconds.
Android settings
- Poll interval: Type a numeral and then, in the list, click Minutes or Hours, or Days to set how often XenMobile attempts to fix the device’s location. Valid values are 1–1440 minutes, 1–24 hours, or any number of days. The default is 10 minutes. Setting this value to less than 10 minutes can adversely affect the device’s battery life.
- Report if Location Services are disabled: Select whether the device sends a report to XenMobile when GPS is disabled. The default is Off.
- Geofencing
When you enable Geofencing, configure these settings:
-
Radius: Type a numeral and then, in the list, click the units to be used to measure the radius. The default is 16,400 feet. Valid values for radius are:
- 164–164000 feet
- 1–50 kilometers
- 50–50000 meters
- 54–54680 yards
- 1–31 miles
- Center point latitude: Type a latitude, such as 37.787454, to define the geofence center point’s latitude.
- Center point longitude: Type a longitude, such as 122.402952, to define the geofence center point’s longitude.
- Warn user on perimeter breach: Select whether to issue a warning message when users breach the defined perimeter. The default is Off. No connection to XenMobile is required to display the warning message.
-
Device connects to XenMobile for policy refresh: Select one of the following options for when users breach the perimeter:
- Perform no action on perimeter breach: Do nothing. This setting is the default.
-
Wipe corporate data on perimeter breach: Wipe corporate data after a specified length of time. When you enable this option, the Delay on local wipe field appears.
- Type a numeral and then, in the list, click Seconds, or Minutes to set the length of time to delay before wiping corporate data from users’ devices. This setting gives users an opportunity to return to the allowed location before XenMobile selectively wipes their devices. The default is 0 seconds.
-
Delay on lock: Lock users’ devices after a specified length of time. When you enable this option, the Delay on lock field appears.
- Type a numeral and then, in the list, click Seconds, or Minutes to set the length of time to delay before locking users’ devices. This setting gives users an opportunity to return to the allowed location before XenMobile locks their devices. The default is 0 seconds.
Android Enterprise settings
For Android location tracking to work, make sure that the following requirements are met:
- Android 8.5 or later
- The Allow location sharing setting enabled in the Restrictions device policy for Android Enterprise
- Connection scheduling (Firebase Cloud Messaging recommended)
Apply to fully managed devices with a work profile
For fully managed devices with work profiles, only the location mode setting is available.
-
Apply to fully managed devices with a work profile/Work profile on corporate-owned devices: Allows you to configure the location mode for fully managed devices with work profiles. When this setting is on, configure the location mode settings for the work profile:
- Report if Location Services are disabled: Select whether the device sends a report to the XenMobile Server when the user turns off GPS. The default is Off.
- Geofencing: See the settings in this article under Managed device.
When Apply to fully managed devices with a work profile/Work profile on corporate-owned devices is off, settings apply to the managed device and work profile as shown in the following sections. Default is Off.
Managed device
-
Location Mode: Specify the degree of location detection to enable. You can use the Locate security action only when the location mode is set to High Accuracy or Battery Saving. The default is High Accuracy.
- High Accuracy: Enables all location detection methods, including GPS, networks, and other sensors.
- Sensors Only: Enables only GPS and other sensors.
- Battery Saving: Enables only the network location provider.
- Off: Disables location detection.
- Geofencing:
When you enable Geofencing, configure these settings:
- Poll interval: Type a numeral and then click Minutes or Hours, or Days to set how often XenMobile Server attempts to fix the device’s location. Valid values are 1–1440 minutes, 1–24 hours, or any number of days. The default is 10 minutes. Setting this value to less than 10 minutes might adversely affect the device’s battery life.
-
Radius: Type a numeral and then click the units to be used to measure the radius. The default is 16400 feet (5000 meters). Valid values for radius are:
- 164–164000 feet
- 1–50 kilometers
- 50–50000 meters
- 54–54680 yards
- 1–31 miles
- Center point latitude: Type a latitude, such as 37.787454, to define the geofence center point’s latitude. To look up the value, go to Manage > Devices, select the device, click Secure, and then click Locate. After locating the device, XenMobile Server reports the device location in the Device Details > General page under Security.
- Center point longitude: Type a longitude, such as 122.402952, to define the geofence center point’s longitude.
- Warn user on perimeter breach: Select whether to issue a warning message when users breach the defined perimeter. The default is Off. No connection to XenMobile Server is required to display the warning message.
-
Device connects to XenMobile Server for policy refresh: Select one of the following options for when users breach the perimeter:
- Perform no action on perimeter breach: Do nothing. This setting is the default.
-
Wipe corporate data on perimeter breach: Wipe corporate data after a specified length of time. When you enable this option, the Delay on local wipe field appears.
- Type a numeral and then click Seconds or Minutes to set the length of time to delay before wiping corporate data from user devices. The delay gives users an opportunity to return to the allowed location before XenMobile Server selectively wipes their devices. The default is 0 seconds.
-
Lock device locally: Lock users’ devices after a specified length of time. When you enable this option, the Delay on lock field appears.
- Type a numeral and then click Seconds or Minutes to set the length of time to delay before locking user devices. The delay gives users an opportunity to return to the allowed location before XenMobile Server locks their devices. The default is 0 seconds.
Managed profile
- Report if Location Services are disabled: Select whether the device sends a report to the XenMobile Server when the user turns off GPS. The default is Off.
- Geofencing: See the settings in this article under Managed device.