Web-related DLP policies

The following describes the web-related DLP policies:

Web DLP policy for browser launching

You configure the Web DLP policy for browser launching in the AppConnect global policy. This Web DLP policy specifies whether an unsecured browser can attempt to display a web page when a device user taps the page’s URL in a secure app.

For example, consider a device user who is viewing an email in a secure email app, and the email body contains a URL. The user taps on the URL to view the web page in a browser. The following table describes the behavior for opening browsers from secure apps:

Table 27.   Web DLP policy behavior with and without [email protected]

 

[email protected] installed

[email protected] not installed

Web DLP policy: allowed

The user is prompted to choose between [email protected] and available unsecured browsers to attempt to display the web page.

Unsecured browser attempts to display the web page.

Web DLP policy: not allowed

[email protected] displays the web page.

Web page does not display. An error message is displayed that indicates that a secure browser is required but not installed.

If the URL points to a server behind the enterprise’s firewall, an unsecured browser’s attempt to display the web page fails.

DLP allowing links from non-AppConnect apps to open in [email protected]

AppConnect supports a data loss prevention policy (DLP) that determines whether device users can choose to view a web page in [email protected] when they tap a link (URL) in an app that is not AppConnect-enabled. You specify whether to give device users that choice:

  • For MobileIron Core deploymenments, on the AppConnect global policy in the data loss prevention policies section for Android.
  • For Ivanti Neurons for MDM deployments, on the AppConnect Device configuration for Android.

This DLP also determines whether device users can choose AppConnect-enabled browsers besides [email protected]

Allowing links from non-AppConnect apps to open in [email protected] benefits device users who use:

  • Apps that are not AppConnect-enabled, especially email apps.
  • [email protected] for viewing enterprise web pages.

Without this feature, links to enterprise web pages in email apps that are not AppConnect-enabled do not give [email protected] as a choice for viewing the web page. To view the web page, device users have to copy the link’s URL from the email into [email protected] Now, if you allow it, the user can tap on the link and choose to view the resulting web page in [email protected], which results in a simpler user experience.

Web DLP versus Non-AppConnect apps can open URLs in [email protected] DLP

The AppConnect global policy has two similar sounding data loss prevention policies for Android devices:

The following table compares them:

Table 28.   Web DLP versus non-AppConnect apps can open URLs in [email protected] DLP

If you allow Web...

You can tap on a link in an AppConnect-enabled app...

and open the web page in an unsecured browser.

Therefore, this option is about data leaving the AppConnect container.

If you allow
Non-AppConnect apps can open URLs in [email protected]....

You can tap on a link in an app that is not AppConnect-enabled....

and open the web page in [email protected]

Therefore, this option is about data coming into the AppConnect container.

You can allow or not allow these two options in any combination.