MaaS 360



IBM MaaS360 is a SaaS Unified Endpoint Management (UEM) solution offered by IBM that manages and protects any existing endpoint including laptops, desktops, mobile devices and apps, wearables, IoT and purpose built devices and allow protected, low risk access to company resources. IBM Security MaaS360 with Watson integrates with current security platforms owned by different companies. It’s AI powered analytics removes friction by reducing actions required from the device user.

Some of the main capabilities of the product include complete UEM with coverage across all endpoints including laptops, desktops, mobile devices and purpose built devices.

MaaS360 also enables co-existence with traditional client management tools (CMT) for laptops/desktops and its platform provides integration  with leading IT systems, eliminating the need add-on investments. From a security point of view, MaaS360 is noted to provide unified security for major operating system such as Apple iOS, macOS, iPadOS, Google Android, and Microsoft Windows.

During September 2022, the MaaS360 team has announced enhanced threat management capabilities that can detect and automate response and remediation on across essentially all apps and devices, with the purpose to provide expanded security detection, prevention, and response.

History
MaaS360 was first developed by Fiberlink Communications. Fiberlink Communications was started in 1991. The company was known for managing laptops in the cloud until developing MaaS360. In 2013, IBM bought Fiberlink for $375 million. This allowed IBM to integrate a Mobile Device Management solution into their IBM MobileFirst product line

Technology
MaaS360 was originally offered only as a Cloud-Hosted solution. Since IBM MaaS360 uses a Software-as-a-Service (SaaS) model, the software resides on IBM's BlueMix cloud platform. It has multi-tenancy allowing for all types of businesses and organizations to use the software from their web based login portal. MaaS360 has a "cloud extender" plugin allowing a corporate Active Directory server to integrate all of a user's normal login credentials. The MaaS360 SaaS architecture is cloud-based and the MaaS360 portal is managed by one of four IBM data centers.

The MaaS360 Portal supports portal administration functions, device management, software distributions, policy self-service, and device compliance functions.

Users can select the MaaS360 features that address the relevant security and productivity requirements for Apps and content, people and identity, and devices and things.

Endpoint management with SaaS architecture

 * MaaS360 can integrate devices with the user’s cloud-based and on-premises resources (eg. Microsoft 365, Microsoft Azure, Azure AD, Box, File Systems, Web services, network/intranet etc.)
 * For integration with corporate resources that are behind the firewall, the users can install an optional module called Cloud Extender
 * The Cloud Extender provides integration with corporate resources to provide seamless integration that unifies the management and security of enterprise devices.
 * If the users implement a cloud-to-cloud integration, Cloud Extender is not necessary.

Container architecture

 * Available for iOS, Android, Microsoft Windows, and macOS
 * Delivered through the MaaS360 app, includes a workplace container for managed mobile devices and a collection of collaborative apps, separating personal and enterprise data
 * Manages device activation, enrollment, policy settings, and updates. It also controls app enablement, single sign-on (SSO), and other settings.
 * Regular app design that includes a launcher icon and a directory structure on the system drive. The MaaS360 API enables the container features for each collaborative app.

Endpoint and mobile security

 * Device management: over-the-air (OTA) configuration of devices, visibility of endpoints across the enterprise, and compliance with security and network policies for iOS, Android, Microsoft Windows, and macOS. MaaS360 integrates with TeamViewer to provide remote support to managed devices from the MaaS360 Portal.
 * Self-service enrollment and email integration: manages email, attachments, calendar and contacts, restricts the ability to forward or move content to other applications or cut/copy/paste. It is FIPS 140-2 compliant and AES-256 bit encrypted
 * Resource and identity access: Cloud Extender module integrations with behind-the-firewall systems, Single Sign-On (SSO) with Conditional access to the cloud resources, cloud-to-cloud deployment with G Suite and Microsoft Azure
 * Application management and security: Mobile Application Management technology to distribute and manage both public and company specific apps to users and user groups, MaaS360 app catalog to administer the Apple Volume Purchase Program (VPP) and track application installations, SDK wrapping to enforce security controls
 * Secure content: Mobile Content Management can be used to create and distribute a company specific content library to managed devices and also integrates with Windows file shares, SharePoint, and CMIS (Content Management Interoperability Services) compatible document repositories. Public content repositories such as Box, Microsoft OneDrive, and Google Docs are also supported
 * Threat management: MaaS360 offers built-in threat management with detections such as SMS and Email Phishing, Excess App Permissions (Android), Microsoft Windows and Mac User/Privilege Detections and a consolidated policy and response framework. Security dashboards, integration with SIEM/SOAR and mobile threat telemetry are also included

Deployment scenarios
BYOD: BYOD, or bring your own device, encourages the use of personal devices (smartphones, tablets, laptops, and wearables) to access company data from anywhere.

Corporate owned:
 * Separate work profile
 * Fully managed
 * Supervised

Kiosk/Single use:


 * Corporate Owned, Single Use (COSU)
 * These devices might be customer facing (check-in device) or employee facing (inventory scanner)
 * Used extensively in multiple industries, which include supply chain and logistics, manufacturing, transportation, hospitality, healthcare, retail, etc.

Enrollment programs
Self enrollment

iOS:


 * Apple Configurator
 * Apple Automated Device Enrollment (DEP)

Android Enterprise:


 * QR code
 * Zero-touch

Microsoft Windows:


 * Out-Of-Box Experience (OOBE)
 * Autopilot
 * Win 10/11 Bulk provisioning
 * Client Management Tools (CMT) coexistence

Samsung KME

Authentication methods
Active Directory (AD)/ Lightweight Directory Access Protocol (LDAP):


 * MaaS360 Cloud Extender
 * Azure AD

Local users passcodes

One-time passcode

Secure authentication:


 * IBM Verify
 * SAML
 * generic single sign-on (SSO)

Supported versions and system requirements

 * Android 5+ (up to Q4 2022)
 * iOS 10+
 * Windows 10+ (Edu, Ent, Pro, Home)
 * MacOS 10.10+
 * Administrator console supported on browsers: Chrome, Firefox, Safari, Opera, Edge, Internet Explorer