Encrypting device logs with your own certificate

You can define a log encryption configuration that enables device users to send encrypted logs to an administrator's email address from their devices. The configuration includes a certificate for encrypting logs and an email address to which encrypted logs are to be sent. Devices sync with Ivanti EPMM and receive the configuration after you assign the configuration to the relevant labels.

This feature requires:

  • Ivanti Mobile@Work for Android or supported newer versions
  • Secure Apps Manager or supported newer versions
  • On the security policy, device log encryption must be on.

Related Topics

Device log encryption on Android devices

Before you begin

Upload a certificate to Ivanti EPMM, as described in Certificates settings.


  1. In the Admin Portal, select Policies & Configs> Configurations.
  2. Select Add New and select LogEncryption. The New Log Encryption Setting dialog box opens.
  3. Fill in the following:




    Enter a name for the configuration.

    Email Address

    Enter an email address to which encrypted logs may be sent. The To: field of the email is automatically filled with this address. If you do not enter an email address here, the device user fills in the To: field.


    From the drop-down list, select a certificate you have already uploaded to Ivanti EPMM.

  4. Select Save.
  5. On the Configurations page, select the configuration you just defined.
  6. Select Actions Apply to Label, and select the label to which you want to apply the log encryption configuration.