No Matches Found!
Try with a different search term
I noticed under the profiles tab in 14.4.9 there is the option for Out of Contact. I would like a script that automatically revokes the certificate and deletes the device from Mobicontrol if it has not checked in for 3 weeks. Is there a script for this or possibly another way to achieve this?
Thanks
The out of contact script is a locally (on the device) stored script, so you can't delete the device from the console via this profile but you can so everything which is possible with the normal scripting (deleting files/wipe etc...).
I don't know a way of deleting automatically devices from the console with some kind of trigger/dependency like offline time. You have to do that manually or via API-calls.
In addition to do it manually you could generate a report periodically (it's also called out of contact) so you know which devices are to be deleted.
Timothy,
You can use Alert Rule with "Device has not been connected for N (minutes)" device event trigger as a server-side Out-Of-Contact policy, and choose the action to relocate such device to a dedicated device group for holding all devices to be deleted/unenrolled.
Then either use REST API or manual interactive "unenrol" or "delete" device action to process each device in this dedicated device group.
To keep track of such housekeeping task with records of device kept intact for a prescribed period ot time, "Unenrol" action should be better than "Delete" action, as associated device license is released but various device records/logs can still be easily checked within the web console.
I deployed the out of contact policy to run a script if offline over 7 days, for example resetpassword ####. I confirmed that it would set the lock pin but as a warning if you were to implement something like this i suggest you use the -bypass_secure_startup flag as we encountered numerous devices that got a startup pin in addition to a lock pin. We are unable to remove the startup pin without factory resetting the devices so far.
Also, i tried testing the threshold to something like 10 minutes, 1hr, 2hr, and it will not fire off the policy for some reason. Looking at the local mobi agent and navigating to the event logs i can see it says Device Out of Contac Policy Configured and then right after an event that says Device Out of Contact Policy removed and the device never gets a pin.
I am not sure why it would work with a 7 day timer but not something short like a few minutes. You may want to try testing that first. Im not sure if its an issue with the agent version but that seems like a bug to me. On the web console i dont see that on the device logs when the device eventually reconnects. I can see when the profile is installed and it says Out of Contact Policy Configured