Mobile Device Management Powered By IBM
This Service Description describes the AAG Mobile Device Management Cloud Service (MaaS) powered by IBM to the Client. Client means the contracting party and its authorised users and recipients of the Cloud Service. The applicable Proposal Document and Service Agreement are provided as separate documents.
1. Cloud Service
AAG’s MDM is an easy-to-use cloud platform with all of the essential functionality for end-to-end management of today's mobile devices utilising the iOS, Android, Windows and Blackberry operating systems. Following is a short description of the Cloud Service offerings:
1.1 AAG’s Mobile Device Management (MaaS) and AAG’s Mobile Device Management (MaaS) Step up for existing customers
The core mobility device management (MDM) features includes device enrollment, configuration, security policy management and device actions, such as send message, locate, lock, and wipe. The Advanced MDM features include automated compliance rules, bring your own device (BYOD) privacy settings, and Mobility Intelligence dashboards and reporting.
1.2 AAG’s MDM Mobile Application Management (MaaS) and AAG’s MDM Mobile Application Management (MaaS) Step up for existing customers
AAG’s MDM Mobile Application Management provides the ability to add applications and distribute them to supported devices managed by AAG’s MDM. This includes AAG’s MDM App Catalog, an on-device application for users to view, install, and be alerted to updated, managed applications.
1.3 AAG’s MDM Mobile Application Security (MaaS) and AAG’s MDM Mobile Application Security (MaaS) Step up for existing customers
AAG’s MDM Mobile Application Security provides additional data protection for enterprise applications that use the WorkPlace SDK during development, or for iOS apps upload the application (.ipa), provisioning profile, and signing certificate to be automatically integrated. Mobile Application Security integrates the app with the Productivity Suite. This enables single sign on, Intranet access through the Mobile Enterprise Gateway, and enforcement of data security settings.
1.4 AAG’s MDM Gateway for Apps (MaaS) and AAG’s MDM Gateway for Apps (MaaS) Step up for existing customers
AAG’s MDM Gateway for Apps provides users outside the enterprise network a seamless access path to internal application resources without requiring a full-device, VPN connection.
1.5 AAG’s MDM Mobile Content Management (MaaS) and AAG’s MDM Mobile Content Management (MaaS) Step up for existing customers
AAG’s MDM Mobile Content Management allows the administrator to add and distribute documents to the supported devices that are managed by AAG’s MDM Mobile Device Management. Includes AAG’s MDM Doc Catalogue, an on-device, password-protected container that provides a protected and simple way for users to access, view, and share documents. It includes seamless access to distributed content and repositories such as SharePoint, Box, and Google Drive. Access to private SharePoint and Windows files shares are available with the AAG’s MDM Gateway for Documents. Documents managed through AAG’s MDM can be version controlled, audited, and protected through data loss prevention (DLP) policy options, such as require authentication, restrict copy-paste functionality, and block from being opened or shared in other applications.
1.6 AAG’s MDM Mobile Document Sync (MaaS) and AAG’s MDM Mobile Document Sync (MaaS) Step up for existing customers
AAG’s MDM Mobile Document Sync provides users with the ability to synchronise user content across managed mobile devices. Administrators can ensure that policies, such as restricting cut-copy-paste, and blocking content from being opened or shared in other apps or are in place for user content across devices. Content is stored in a protected fashion both in the cloud and on the device, and accessed only through the AAG’s MDM Doc Catalogue.
1.7 AAG’s MDM Mobile Document Editor (MaaS) and AAG’s MDM Mobile Document Editor (MaaS) Step up for existing customers
AAG’s MDM Mobile Document Editor is a powerful office suite that allows users to work with business documents while on the go. AAG’s MDM Mobile Document Editor enables to:
● Create and edit .DOC, .PPT, and .XLS files.
● Presentation mode for slides
● Easily work with e-mail attachments and other files from AAG’s MDM for iOS
1.8 AAG’s MDM Gateway for Documents (MaaS) and AAG’s MDM Gateway for Documents (MaaS) Step up for existing customers
With AAG’s MDM Gateway for Documents, organisations can use AAG’s MDM Mobile Content Management to additionally offer devices outside the enterprise network a seamless access to internal Connections sites, SharePoint sites, Windows File Shares and other file stores without requiring a full device VPN connection. Use of AAG’s MDM Gateway for Documents requires also purchasing AAG’s MDM Mobile Content Management. Supports iOS 5.0 and Android 4.0 or above.
1.9 AAG’s MDM E-mail Management (MaaS) and AAG’s MDM E-mail Management (MaaS) Step up for existing customers
AAG’s MDM E-mail Management includes key features in support of Microsoft Exchange ActiveSync and Lotus Traveler.
● Exchange ActiveSync: Provides support for mobile devices connecting to Microsoft Exchange over the ActiveSync protocol. Features include core mobile device management functions, such as the ability to configure devices, create; enforce ActiveSync policies (passcode, block, or allow access to e-mail); and take device actions, such as lock and wipe, and detailed report on device attributes.
● Lotus Traveler: Provides support for mobile devices that connect to IBM Lotus Notes® over the Lotus Traveler protocol. Features include the ability to configure devices, block or allow devices, enforce passcode policies, wipe devices, and develop detailed report on device attributes.
1.10 AAG’s MDM Secure Mobile Browser (MaaS) and AAG’s MDM Secure Mobile Browser (MaaS) Step up for existing customers
AAG’s MDM Browser is a full-featured web browser which enables access to corporate intranet sites and enforce compliance of content policies by defining website filtering and security policies to ensure that users only access approved web content that is based on a number of content categories, such as social networking, explicit, or malware sites. Includes the ability to disable native and third-party web browsers either through application policy or blacklisting when combined with MobileFirst Protect Devices. It allows whitelist exceptions to websites, restrict cookies; copy, paste, and print features; and enable Kiosk mode.
1.11 AAG’s MDM Gateway for Browser (MaaS) and AAG’s MDM Gateway for Browser (MaaS) Step up for existing customers
AAG’s MDM Gateway for Browser allows supported devices to access approved internal web sites without requiring a full-device level, VPN connection.
1.12 AAG’s MDM for BlackBerry (MaaS) and AAG’s MDM for BlackBerry (MaaS) Step up for existing customers
Provides support for BlackBerry Enterprise Server (BES) connected mobile devices by utilising BlackBerry APIs. Features include remote actions such as send a message, reset passcode, assign BES policy and wipe, as well as detailed reporting on device attributes. Installation of AAG’s MDM Cloud Extender is required. Available only for devices viewed or managed with AAG’s MDM through BES 5.0.
1.13 AAG’s MDM Mobile Expense Management (MaaS) and AAG’s MDM Mobile Expense Management (MaaS) Step up for existing customers
AAG’s MDM Mobile Expense Management allows the administrator to create data usage policies and assign them to supported devices that are managed by AAG’s MDM, and assign these policies at a device, group, or global level and configure alert thresholds and messaging for both in network and roaming data usage.
1.14 AAG’s MDM Productivity Suite (MaaS) and AAG’s MDM Productivity Suite (MaaS) Step up for existing customers
Suite/Bundle of products including AAG’s MDM Secure Mobile Mail, AAG’s MDM Mobile Application Management, AAG’s MDM Mobile Application Security, AAG’s MDM Content Service, and AAG’s MDM Secure Mobile Browser.
1.15 AAG’s MDM Secure Mobile Mail (MaaS) and AAG’s MDM Secure Mobile Mail (MaaS) Step up for existing customers
AAG’s MDM Secure Mobile Mail provides a separate office productivity application for users to access and manage e-mail, calendar, and contacts with the ability to control e-mails and attachments to prevent data leakage by restricting the ability to forward or move content to other applications, to enforce authentication, restrict cut-copy-paste, and lock down e-mail attachments for view only.
1.16 AAG’s MDM Gateway Suite (MaaS) and AAG’s MDM Gateway Suite (MaaS) Step up for existing customers
AAG’s MDM Gateway Suite allows supported apps on iOS and Android to seamless communicate back to resources on the company's internal network.
1.17 AAG’s MDM Content Suite (MaaS) and AAG’s MDM Content Suite (MaaS) Step up for existing customers
Suite/Bundle of products including AAG’s MDM Mobile Content Management, AAG’s MDM Mobile Document Editor, and AAG’s MDM Mobile Document Sync.
1.18 AAG’s MDM Mobile Threat Management (MaaS)
AAG’s MDM Mobile Threat Management provides enhanced mobile security with mobile malware detection and advanced jailbreak/root detection. With AAG’s MDM Mobile Threat Management, Client will be able to set and manage compliance policies around detected malware and other security vulnerabilities.
1.19 AAG’s MDM Content Service (MaaS)
AAG’s MDM Content Service (MaaS) provides users with the ability to upload application packages and documents to AAG’s MDM Content Distribution system.
AAG’s MDM provides each Client with 1GB of Storage. AAG’s MDM also provides 6 GB of bandwidth utilisation per device per year as a shared pool of bandwidth. The entire bandwidth pool is shared across all devices. This base storage and bandwidth allocation does not increase regardless of the number of product bundles or line items purchased. Clients are required to purchase additional storage and/or bandwidth for any amount used or required over the base amount provided.
1.20 AAG’s MDM Content Service Storage (MaaS)
AAG’s MDM Content Service Storage (MaaS) provides users the ability to purchase a total amount of data storage available for use with the AAG’s MDM Content Service (MaaS).
1.21 AAG’s MDM Content Service Bandwidth (MaaS)
AAG’s MDM Content Service Bandwidth (MaaS) provides users the ability to purchase the total amount of bandwidth available for use with the AAG’s MDM Content Service (MaaS).
1.22 AAG’s MDM Professional (MaaS)
Provides small and medium-sized businesses with a fast and simple way to remotely configure smartphones and tablets, enforce security policies, push apps and docs, and protect the data on corporate and personal devices. Client can gain access to the right mobility management capabilities for Client's business quickly, easily, and affordably.
1.23 AAG’s MDM VPN (MaaS)
AAG’s MDM VPN is a virtual private network (VPN) solution that enables users to connect seamlessly to their corporate network from mobile devices. The solution consists of the VPN server and the client for mobile devices, and supports features such as Device VPN, On-demand VPN, Always on VPN, Per-app VPN and Split tunneling.
1.24 AAG’s MDM Laptop Location (MaaS)
AAG’s MDM Laptop Location (MaaS) enabled the ability to locate supported laptops and tablets. MaaS360 reports the location of the Wi-Fi or IP address coordinates and translates this data into an easily recognisable address. When a device is online, its current location can be retrieved. AAG’s MDM stores reported locations over time, so location history is available for review. Requires one of the AAG’s MDM Suites. Supports Windows Vista, Windows 7, Windows 8+ and Windows 10.
1.25 AAG’s MDM Suites
AAG’s MDM Suites enable Client to select the most appropriate capabilities to drive their use case. These Suites are available as Subscription offering. Table below captures the primary features and functions included in each AAG’s MDM Suite:
2. Security Description
AAG’s MDM is a Cloud Service, which is powered by IBM and as such follows IBM's data security and privacy principles for IBM MaaS which are available at http://www.ibm.com/cloud/data-security and any additional terms provided in this section. Any change to IBM's data security and privacy principals will not degrade the security of the Cloud Service.
This Cloud Service may process device information, usernames, and e-mail addresses that contain personal data if Client, as the data controller, determines that the technical and organisational security measures are appropriate to the risks presented by the processing and the nature of the data to be protected. Client recognises that this Cloud Service does not offer features for the protection of sensitive personal data or data subject to additional regulatory requirements. Client acknowledges that IBM has no knowledge of the types of data that have been included in the Client's content, and cannot make an assessment as to the suitability of the Cloud Services or the security protections which are in place.
2.1 Security Features and Responsibilities
The Cloud Service implements the following security features:
The Cloud Service does encrypt content during data transmission outside of the IBM network. The Cloud Service does encrypt content when at rest awaiting data transmission.
3. Service Level Agreement
AAG’s MDM provides the following availability service level agreement ("SLA") for the Cloud Service as specified in a Service Agreement. The SLA is not a warranty. The SLA is available only to Client and applies only to use in production environments.
3.1 Availability Credits
Client must log a Priority 1 support ticket with the AAG Service Desk within 24 hours of first becoming aware that there is a critical business impact and the Cloud Service is not available. Client must reasonably assist AAG with any problem diagnosis and resolution.
A support ticket claim for failure to meet an SLA must be submitted within 3 business days after the end of the contracted month. Compensation for a valid SLA claim will be a credit against a future invoice for the Cloud Service based on the duration of time during which production system processing for the Cloud Service is not available ("Downtime"). Downtime is measured from the time Client reports the event until the time the Cloud Service is restored and does not include time related to a scheduled or announced maintenance outage; causes beyond AAG's control; problems with Client or third party content or technology, designs or instructions; unsupported system configurations and platforms or other Client errors; or Client-caused security incident or Client security testing. AAG will apply the highest applicable compensation based on the cumulative availability of the Cloud Service during each contracted month, as shown in the table below. The total compensation with respect to any contracted month cannot exceed 10 percent of one twelfth (1/12th) of the annual charge for the Cloud Service.
For bundled Cloud Services (individual Cloud Service offerings packaged and sold together as a single offering for a single combined price), the compensation will be calculated based on the single combined monthly price for the bundled Cloud Service, and not the monthly subscription fee for each individual Cloud Service. Client may only submit claims relating to one individual Cloud Service in a bundle at a given time.
3.2 Service Levels
Availability of the Cloud Service during a contracted month
4. Technical Support
Technical support for the Cloud Service is provided via:
● E-mail: email@example.com
● Telephone: 0114 303 0266
5. Entitlement and Billing Information
5.1 Charge Metrics
The Cloud Service is available under the charge metric specified in the Service Agreement
a. Authorised User is a unit of measure by which the Cloud Service can be obtained. Client must obtain separate, dedicated entitlements for each unique Authorised User given access to the Cloud Service in any manner directly or indirectly (for example: via a multiplexing program, device, or application server) through any means. Sufficient entitlements must be obtained to cover the number of Authorised Users given access to the Cloud Service during the measurement period specified in Client's Proposal or Service Agreement.
b. Gigabyte is a unit of measure by which the Cloud Service can be obtained. A Gigabyte is defined as 2 to the 30th power bytes of data (1,073,741,824 bytes). Sufficient entitlements must be obtained to cover the total number of Gigabytes processed by the Cloud Service during the measurement period specified in Client's Proposal or Service Agreement.
c. Managed Client Device is a unit of measure by which the Cloud Service can be obtained. A Client Device is a single user computing device or special purpose sensor or telemetry device that requests the execution of or receives for execution a set of commands, procedures, or applications from or provides data to another computer system that is typically referred to as a server or is otherwise managed by the server. Multiple Client Devices may share access to a common server. A Client Device may have some processing capability or be programmable to allow a user to do work. Client must obtain Managed Client Device entitlements for every Client Device managed by the Cloud Service during the measurement period specified in Client's Proposal or Service Agreement.
d. Client Device is a unit of measure by which the Cloud Service can be obtained. A Client Device is a single user computing device or special purpose sensor or telemetry device that requests the execution of or receives for execution a set of commands, procedures, or applications from or provides data to another computer system that is typically referred to as a server or is otherwise managed by the server. Multiple Client Devices may share access to a common server. A Client Device may have some processing capability or be programmable to allow a user to do work. Client must obtain entitlements for every Client Device which runs, provides data to, uses services provided by, or otherwise accesses the Cloud Service during the measurement period specified in Client's Proposal or Service Agreement.
e. Engagement is a unit of measure by which the services can be obtained. An Engagement consists of professional and/or training services related to the Cloud Service. Sufficient entitlements must be obtained to cover each Engagement.
5.2 Set-Up Charges
A one-time setup fee will be billed at the rate specified in the Proposal Document for each setup service ordered.
5.3 Overage Charges
If actual usage of the Cloud Service during the measurement period exceeds the entitlement specified in the Service Agreement, an overage charge will be billed at the rate specified in the Service Agreement in the month following such overage.
6. Term and Renewal Options
The term of the Cloud Service begins on the Service Start Date as provided in the Service Agreement. The Service Agreement will specify whether the Cloud Service renews automatically, proceeds on a continuous use basis, or terminates at the end of the term.
For automatic renewal, unless Client provides written notice not to renew at least 90 days prior to the term expiration date, the Cloud Service will automatically renew for the term specified in the Terms & Conditions.
The renewal entitlement quantity will be equal to the greater of the original order quantity or the monthly reported usage for the month prior to generation of the renewal invoice unless AAG receives a notification specifying a different entitlement quantity.
The renewal entitlement quantity for step up offering will be equal to the original order quantity.
For continuous use, the Cloud Service will continue to be available on a month to month basis until Client provides 90 days written notice of termination. The Cloud Service will remain available to the end of the calendar month after such 90 day period and subject to AAG’s Terms & Conditions for a Managed Service Provision.
7. Additional Terms
7.1 Enabling Software
The Cloud Service requires the use of enabling software that Client downloads to Client systems to facilitate use of the Cloud Service. Client may use enabling software only in connection with use of the Cloud Service.
The following software programs are included as enabling software under the terms of their applicable program licenses, in addition to the limitations below:
a. Cloud Extender
b. Mobile Enterprise Gateway
c. Mobile Device
d. Security Access Manager
● Use Restriction: Client may use Security Access Manager only to proxy connections from mobile devices, managed by this Cloud Service, to enterprise e-mail servers.
7.2 Step up Limitation
For Cloud Service offerings designated as "Step up for existing Customers" ("Step up MaaS"), Client must have previously or simultaneously acquired appropriate license entitlements to the associated program as identified in the name of the Step up MaaS offering. For example, Client who purchases "MobileFirst Protect – Devices (MaaS) Step up for existing customers" must have licensed entitlements to the associated program of MobileFirst Protect. Client's entitlements to the Step up MaaS cannot exceed Client's entitlements to the associated program.
When acquiring Step up MaaS, Client may not use the same associated program license entitlements within their on-premise installed environment as well as with the Step up MaaS entitlements. For example, if Client has 250 Managed Client Device entitlements to the associated program and chooses to purchase 100 Step up MaaS Managed Client Device entitlements, Client can manage 100 Step up MaaS Managed Client Devices from the Cloud Service environment and 150 Managed Client Devices from the software installed on-premise.
Client represents they have acquired the applicable (1) license entitlements and (2) Subscription and Support for the associated program(s). During the subscription period of the Step up MaaS, Client must maintain current Subscription and Support for the program entitlements used in conjunction with the Step up MaaS entitlements. In the event either Client's license to use the associated program(s) or Client's Subscription and Support for the associated program(s) is terminated, Client's right to use the Step Up MaaS will terminate.
7.3 Normative Data
Notwithstanding anything to the contrary, for normative research, analysis, demonstration and reporting purposes only, AAG’s MDM provider may retain and use in aggregated and anonymous format (i.e., so that Client or Client's authorised users cannot be identified as the source of the data and so that personally identifiable information allowing identification of Client or Client's authorised users is removed) data reflecting Client's authorised users' individual experiences with the Cloud Services.
7.4 Authorisation to Collect and Process Data
The Cloud Service is designed to provision, manage, monitor and control mobile devices. The Cloud Service will collect information from users and devices that are authorised by Client to interact with the Cloud Service for which Client has subscribed. The Cloud Service collects information that alone or in combination may be considered Personal Information in some jurisdictions. Collected data may include authorised user name, telephone number, registered e-mail address and device location, userID and browsing history from the AAG’s MDM browser information about end user device hardware, software and settings, and information generated by the device. Client authorises AAG’S MDM provider to collect, process, and use this information in accordance with the terms of this Service Description.
7.5 Data Retention
AAG’s MDM provider will delete any collected information, which may include Personal Information, following expiration or termination of this Service Description, except for that which is required to be retained for the purposes set forth above, or by applicable law, rule or regulation. In such case, AAG’s MDM provider will retain the collected information for the duration required by such purpose, applicable law, rule or regulation. Security Data
As part of the Cloud Service, that includes reporting activities, AAG’s provider will prepare and maintain de-identified and/or aggregate information collected from the Cloud Service ("Security Data"). The Security Data will not identify the Client, or an individual except as provided in (d) below. Client herein additionally agrees that AAG’s provider may use and/or copy the Security Data only for the following purposes:
a. publishing and/or distributing the Security Data (e.g., in compilations and/or analyses related to cyber security);
b. developing or enhancing products or services;
c. conducting research internally or with third parties; and
d. lawful sharing of confirmed third party perpetrator information.