Event settings

Each event type has specific settings that need to be configured when you create or edit the event. This section describes the settings for each type.

International roaming event settings

This event type is not supported for macOS devices.

International roaming detection is not supported for dual-mode devices (that is, devices that switch between GSM and CDMA).

Procedure

To create an international roaming event, in the Admin Portal:

  1. Go to Logs > Event Settings.
  2. Select Add New.
  3. Select International Roaming Event from the drop-down menu. The New International Roaming Event dialog box opens.

    New International Roaming Event dialog box

  4. Use the guidelines in the table below to create an international roaming event.

  5. Select Save.

If more than one international roaming event applies to a device, only the last one you edited and saved is triggered.

Table 1. International Roaming Event Options

Field

Description

Name

Identifier for this notification.

Description

Additional text to clarify the purpose of this notification.

Generate Alert

Turns on/off the alert defined for this event.

Alert for Every Country Visited in the Trip

Applies a compliance action for each country visited after the user leaves the home country.

Maximum Alerts

Specifies whether there is a limit on the number of alerts generated for all countries within a given trip. If you select Limited, then you can specify the number of alerts to allow. Once the user returns to the home country, the count is returned to 0.

Severity

Specifies the severity defined for the alert: Critical, Warning, and Information.

Template

Specifies the template to populate the resulting alert. Select View to display the content of the current template. Select an alternate template from the drop-down or select Create to create a new template.

See Customizing Event Center messages for information on creating a new template.

Send SMS

Specifies whether to send an alert in a text message, and whether to send it to the user, the admin, or both. Specify users in the Apply to Users section or by selecting a label in the Apply to Labels section.

If you select “Admin only” or “User + Admin”, then the CC to Admins section appears. Use this section to specify administrative users who should receive the alert.

Send Email

Specifies whether to send an alert in an email, and whether to send it to the user, the admin, or both. Specify users in the Apply to Users section or by selecting a label in the Apply to Labels section.

If you select “Admin only” or “User + Admin”, then the CC to Admins section appears. Use this section to specify administrative users who should receive the alert.

Send through Push Notification

Specifies whether to send a message via, and whether to send it to the user, the admin, or both. Specify users in the Apply to Users section or by selecting a label in the Apply to Labels section.

If you select “Admin only” or “User + Admin”, then the CC to Admins section displays. Use this section to specify administrative users who should receive the alert.

The length of the message is limited to 255 characters.

Apply to Labels

Associate this event with the selected labels. See the “Using labels to establish groups” section in the Getting Started with Ivanti EPMM for more information.

Search Users

Enter the user ID to find devices to which you want to apply this event.

Apply to Users

Associate this group of settings with the selected users.

Search Admins

Enter the administrator ID to find devices to which you want to apply this event.

CC to Admins

If you selected “Admin only” or “User + Admin”, then the CC to Admins section appears. Use this section to specify administrative users who should receive the alert.

SIM changed event settings

This event type is not supported for macOS devices.

Procedure

  1. Go to Logs > Event Settings.
  2. Select Add New.
  3. Select SIM Changed Event from the drop-down menu. The New SIM Changed Event dialog box opens.

    New SIM Changed Event dialog box

  4. Use the guidelines listed in the table below for creating a SIM change event.

  5. Select Save.

If more than one SIM changed event applies to a device, only the last one you edited and saved is triggered.

Table 2. Guidelines for creating a SIM change event

Field

Description

Name

Identifier for this event.

Description

Additional text to clarify the purpose of this event.

Generate Alert

Turns on/off the alert defined for this event.

Severity

Specifies the severity defined for the alert: Critical, Warning, and Information.

Template

Specifies the template to populate the resulting alert.

Select View to display the content of the current template. Select an alternate template from the drop-down or select Create to create a new template. See Customizing Event Center messages for information on creating a new template.

Send SMS

Specifies whether to send an alert in a text message, and whether to send it to the user, the admin, or both.

Specify users in the Apply to Users section or by selecting a label in the Apply to Labels section. If you select “Admin only” or “User + Admin”, then the CC to Admins section appears. Use this section to specify administrative users who should receive the alert.

Send Email

Specifies whether to send an alert in an email, and whether to send it to the user, the admin, or both.

Specify users in the Apply to Users section or by selecting a label in the Apply to Labels section. If you select “Admin only” or “User + Admin”, then the CC to Admins section appears. Use this section to specify administrative users who should receive the alert.

Send through Push Notification

Specifies whether to send a message, and whether to send it to the user, the admin, or both.

Specify users in the Apply to Users section or by selecting a label in the Apply to Labels section. If you select “Admin only” or “User + Admin”, then the CC to Admins section appears. Use this section to specify administrative users who should receive the alert.

The length of the message is limited to 255 characters.

Apply to Labels

Associate this event with the selected labels. See the “Using labels to establish groups” section in Getting Started with Ivanti EPMM for more information.

Search Users

Enter the user ID to find devices to which you want to apply this event.

Apply to Users

Associate this group of settings with the selected users.

CC to Admins

If you selected “Admin only” or “User + Admin”, then the CC to Admins section displays. Use this section to specify administrative users who should receive the alert.

Memory size exceeded event settings

This event type is not supported for macOS devices.

This section address how to create a memory size exceeded event.

Procedure

  1. Go to Logs > Event Settings.
  2. Select Add New.
  3. Select Memory Size Exceeded Event from the drop-down menu.

  4. Use the guidelines in the table below to create a memory size exceeded event.

  5. Select Save.

Memory exceeded events are sent only once per week when the configured memory limit is reached. If more than one memory size exceeded event applies to a device, only the last one you edited and saved is triggered.

Table 3. Guidelines for a memory size exceeded event.

Field

Description

Name

Identifier for this event.

Description

Additional text to clarify the purpose of this notification.

Used Memory Size Exceeds

Specifies the percentage of total memory that triggers the alert.

Generate Alert

Turns on/off the alert defined for this event.

Alert every

Specifies the time, in days, after which the alert count is reset.

Severity

Specifies the severity defined for the alert: Critical, Warning, and Information.

Template

Specifies the template to populate the resulting alert. Select View to display the content of the current template.
Select an alternate template from the drop-down or select Create to create a new template.
See Customizing Event Center messages for information on creating a new template.

Send SMS

Specifies whether to send an alert in a text message, and whether to send it to the user, the admin, or both.

Specify users in the Apply to Users section or by selecting a label in the Apply to Labels section. If you select “Admin only” or “User + Admin”, then the CC to Admins section appears. Use this section to specify administrative users who should receive the alert.

Send Email

Specifies whether to send an alert in an email, and whether to send it to the user, the admin, or both.

Specify users in the Apply to Users section or by selecting a label in the Apply to Labels section. If you select “Admin only” or “User + Admin”, then the CC to Admins section appears. Use this section to specify administrative users who should receive the alert.

Send through Push Notification

Specifies whether to send a message, and whether to send it to the user, the admin, or both.

Specify users in the Apply to Users section or by selecting a label in the Apply to Labels section. If you select “Admin only” or “User + Admin”, then the CC to Admins section appears. Use this section to specify administrative users who should receive the alert.

The length of the message is limited to 255 characters.

Apply to Labels

Associate this event with the selected labels. See the “Using labels to establish groups” section in Getting Started with Ivanti EPMM for more information.

Search Users

Enter the user ID to find devices to which you want to apply this event.

Apply to Users

Associate this group of settings with the selected users.

CC to Admins

If you selected “Admin only” or “User + Admin”, then the CC to Admins section appears. Use this section to specify administrative users who should receive the alert.

System event settings

A system event applies a compliance action when a component of a Ivanti EPMM implementation is not working. System alerts are intended for relevant administrators.

Procedure

  1. In the Admin Portal, go to Logs > Event Settings.
  2. Select Add New.
  3. Select System Event from the drop down menu.
  4. Use the guidelines in System event field description to complete the form:
  5. Select Save.

System event field description

Table 119.  System event field descriptions

Field

Description

Name

Identifier for this event.

Description

Additional text to clarify the purpose of this notification.

Sentry (standalone and integrated) is unreachable

Applies a compliance action if Ivanti EPMM is unable to contact the Sentry.

MobileIron gateway is unreachable

Select this option to send an alert if Ivanti EPMM cannot connect to the Ivanti EPMM gateway.

LDAP server is unreachable

Select this option to send an alert if Ivanti EPMM cannot connect to any of the configured LDAP servers.

DNS server is unreachable

Select this option to send an alert if Ivanti EPMM cannot connect to one of the configured DNS servers.

Mail server is unreachable

Select this option to send an alert if Ivanti EPMM cannot connect to the configured SMTP server.

NTP server is unreachable

Select this option to send an alert if Ivanti EPMM connect to the configured NTP server.

Certificate Expired or Certificate Error

Select this option to send an alert for certificate expiration.

An alert is sent 60 days before expiration and on the expiration date. Certificates supported include MDM APNS/Client (iOS only), Admin Portal, and device certificates.

Provisioning Profile Expired

Generates an alert if an iOS provisioning profile distributed via Ivanti EPMM has expired. In general, this profile will be associated with an in-house app.

SMTP Relay server is unreachable

Applies a compliance action if the configured SMTP relay (used for SMS archive) does not respond to a ping or SMTP ping.

SMTP Relay server error

Applies a compliance action if the configured SMTP relay (used for SMS archive) returns an error. The alert includes available details to enable troubleshooting.

System storage threshold has been reached

Applies a compliance action if the system storage threshold has been reached.

Refer to Ivanti EPMM System Manager Guide for information on setting this threshold or manually purging the data.

Connector state events

 

Applies a compliance action if the health of the Connector changes.

Ivanti EPMM defines a healthy connector as one that connects to the server at expected intervals and syncs successfully with the LDAP server. An alert is generated if a Connector changes from healthy to unhealthy, or from unhealthy to healthy.

Connector requires upgrade

Applies a compliance action if the automated upgrade of the Connector fails. This alert prompts you to manually upgrade the Connector.

Connector can not connect to LDAP server

Applies a compliance action if a configured LDAP server is no longer reachable.

Connector is unreachable

Applies a compliance action if the Ivanti EPMM server does not receive the expected response to the scheduled probe of the Connector.

This alert generally indicates network problems.

Application update failed

Alerts the administrator that the [email protected] or Bridge update for Windows failed. For more information, administrators can the server logs.

Certificate Revoked (MDM APNS)

Generates an alert if an iOS Mobile Device Management (MDM) Apple Push Notification Service (APNS) certificate has been revoked.

Apple License Percentage Used. Alert Threshold

Generates an alert if the licenses used for an iOS app purchased via Apple Licenses reaches the specified level.

The default threshold is 99 percent. An alert is generated when 99 percent of the license for any Apple License purchased-app have been redeemed.

Mobile Threat Definition Update

Alerts administrators when a new version of the mobile threat definition is available. The notification includes any impacts to the existing MTD Local Action policies if threats were removed from the latest update.

Generate Alert

Turns on/off the alert defined for this event.

Maximum Alerts

Specifies whether there is a limit on the number of alerts generated for a given event. If you select Limited, then you can specify the number of alerts to allow. By default, compliance is checked every 24 hours. See Managing Compliance and Creating an event for more information.

Alert Every

Specifies the time, in days, after which the alert count is reset.

Severity

Specifies the severity defined for the alert. Select Critical, Warning, or Information.

Template

Specifies the template to populate the resulting alert. Select View to display the content of the current template.

Select an alternate template from the drop-down or select Create to create a new template. See Customizing Event Center messages for information on creating a new template.

Send SMS

Specifies whether to send an alert in a text message, and whether to send it to the user, the administrator, or both. Specify users in the Apply to Users section or by selecting a label in the Apply to Labels section. If you select “Admin only” or “User + Admin”, then the CC to Admins section appears. Use this section to specify administrative users who should receive the alert.

Send Email

Specifies whether to send an alert in an email, and whether to send it to the user, the administrator, or both. Specify users in the Apply to Users section or by selecting a label in the Apply to Labels section. If you select “Admin only” or “User + Admin”, then the CC to Admins section appears. Use this section to specify administrative users who should receive the alert.

Send through Push Notification

Specifies whether to send a message via Apple Push Notification service, and whether to send it to the user, administrator, or both.

Specify users in the Apply to Users section or by selecting a label in the Apply to Labels section. If you select “Admin only” or “User + Admin”, then the CC to Admins section appears. Use this section to specify administrative users who should receive the alert.

The length of the message is limited to 255 characters.

Apply to Labels

Send the alert to users in the selected labels. See the “Using labels to establish groups” section in Getting Started with Ivanti EPMMfor more information.

In most cases, if you do select a label, it should not be a label with broad coverage. System event alerts are usually not appropriate for device users.

Search Users

Enter the user ID to find users to which you want to send the alert.

Apply to Users

Send the alert to the selected users.

Policy violations event settings

Procedure

  1. In the Admin Portal, go to Logs > Event Settings.
  2. Select Add New.
  3. Select Policy Violation Event from the drop-down menu. The New Policy Violations Event dialog box opens.

    New Policy Violations Event dialog box

  4. Follow the guidelines in Policy violations event field description to complete the form.
  5. Select Save.

Apply only one Policy Violations event to each device. If more than one policy violations event applies to a device, only the last one you edited and saved is triggered. Therefore, do not create a separate policy violations event for each type of security policy violation.

In that one Policy Violations event, select all of the security policy settings that you want to trigger the event. Use the template variable $DEFAULT_POLICY_VIOLATION_MESSAGE in your message template to specify the security policy violation that triggered the event.

Policy violations event field description

The following table describes fields for configuring a policy violation event.

Table 120.  Policy violation event field description

Field

Description

Name

Identifier for this event.

Description

Additional text to clarify the purpose of this notification.

Connectivity

Out-of-contact with Server for X number of days

Select this option to send an alert when a device has been out of contact for the number of days specified in the Security policy assigned to it.

Out-of-policy for X number of days

Select this option to send an alert when a policy has been out of date for the number of days specified in the Security policy assigned to it.

Device Settings

Passcode is not compliant

Applies a compliance action if a device is detected having a passcode that does not meet the requirements specified in the associated security policy.

App Control

Disallowed app found

Applies a compliance action if an app that is specified as Disallowed is installed on a device.

Apps are specified as Required, Allowed, or Disallowed under Apps > App Control.

App found that is not in Allowed Apps list

Applies a compliance action if an app that does not appear on the list of allowed apps has been detected on a device.

Apps are specified as Required, Allowed, or Disallowed under Apps > App Control.

Required app not found

Applies a compliance action if an app that is specified as Required is not installed on a device.

Apps are specified as Required, Allowed, or Disallowed under Apps > App Control.

Data Protection/Encryption - iOS - Android

Data Protection/Encryption is disabled

Applies a compliance action if data protection/encryption is disabled on an iOS device.

Security - Windows

OS Build is less than the required OS build

Select this option to apply a compliance action if the device build is less than the OS build defined in the Security policy.

Last Hotfix is less than the required hotfix

Select this option to apply a compliance action if the device OS build is less than the hotfix build defined in the Security policy.

Last Hotfix installation date is out of date

Select this option to apply a compliance action if the device OS has not been updated in the time interval defined in the Security policy.

iOS

Disallowed iOS model found

Select this option to apply a compliance action when a restricted iOS model is registered.

Disallowed iOS version found

Select this option to apply a compliance action when a restricted iOS version is registered.

Compromised iOS device

Select this option to apply a compliance action when a compromised iOS is registered or connects to the server. That is, an iOS device has been compromised by circumventing the operator and usage restrictions imposed by the operator and manufacturer.

iOS Configuration not compliant

Applies a compliance action if an iOS device does not have the expected security policy or app settings. This state may indicate that a setting was changed or was not applied successfully.

Restored Device connected to server

Applies a compliance action if a previously wiped device has been restored and attempts to connect through the Ivanti EPMM deployment.

MobileIron iOS App Multitasking disabled by user

Applies a compliance action if the device user disables multitasking for the iOS app. Disabling multitasking increases the likelihood that a compromised device will go undetected for a significant period of time.

Device MDM deactivated (iOS 5 and later)

Applies a compliance action when the MDM profile on a managed iOS 5 device is removed.

macOS

Disallowed macOS version found

Applies a compliance action if Ivanti EPMM finds a registered device running a prohibited version of macOS.

Device MDM deactivated

Applies a compliance action if Ivanti EPMM detects that MDM (Mobile Device Management) has been deactivated on a registered macOS device.

FileVault encryption disabled

Applies a compliance action if Ivanti EPMM detects a registered macOS device with disabled FileVault encryption.

Android

Disallowed Android OS version found

Applies a compliance action if an Android device having a disallowed OS version is detected. You can specify disallowed versions in the security policy.

Compromised Android device detected

Applies a compliance action if a modified Android device is detected. That is, an Android device has been compromised by circumventing the operator and usage restrictions imposed by the operator and manufacturer.

Device administrator not activated for DM client or agent

Generate an alert when a managed Android device is found to have no device administrator privilege activated for [email protected] or the Samsung DM Agent.

Actions

Generate Alert

Turns on/off the alert defined for this event.

Maximum Alerts

Specifies whether there is a limit on the number of alerts generated for a given event. If you select Limited, then you can specify the number of alerts to allow.

Alert Every

Specifies the time, in days, after which the alert count is reset.

Severity

Specifies the severity you define for this alert. Select Critical, Warning, or Information.

Template

Specifies the template to populate the resulting alert. Select View to display the content of the current template. Select an alternate template from the drop down or select Create to create a new template.

See Customizing Event Center messages for information on creating a new template.

Send SMS

Specifies whether to send an alert in a text message, and whether to send it to the user, the administrator, or both.

Specify users in the Apply to Users section or by selecting a label in the Apply to Labels section. If you select “Admin only” or “User + Admin”, then the CC to Admins section appears. Use this section to specify administrative users who should receive the alert.

Send Email

Specifies whether to send an alert in an email, and whether to send it to the user, the administrator, or both.

Specify users in the Apply to Users section or by selecting a label in the Apply to Labels section. If you select “Admin only” or “User + Admin”, then the CC to Admins section appears. Use this section to specify administrative users who should receive the alert.

Send through Push Notification

Specifies whether to send a message via Apple Push Notification service, and whether to send it to the user, the administrator, or both.

Specify users in the Apply to Users section or by selecting a label in the Apply to Labels section. If you select “Admin only” or “User + Admin”, then the CC to Admins section appears. Use this section to specify administrative users who should receive the alert.

The length of the message is limited to 255 characters.

Apply to Labels

Send the alert to users in the selected labels. See the “Using labels to establish groups” section in Getting Started with Ivanti EPMM for more information.

Search Users

Enter the user ID to find users to which you want to send the alert.

Apply to Users

Send the alert to the selected users.

CC to Admins

If you selected “Admin only” or “User + Admin”, then the CC to Admins section appears. Use this section to specify administrative users who should receive the alert.

Device status event settings

The device status event applies only to Android and iOS devices. The following describes the steps to create a device status event in the Admin Portal.

Procedure

  1. Go to Logs > Event Settings.
  2. Select Add New.
  3. Select Device Status Event from the drop-down menu. The New Status Event dialog box opens.

    New Status Event dialog box

  4. Use the following guidelines to complete the form:

  5. Select Save.

If more than one device status event applies to a device, only the last one you edited and saved is triggered.

Table 4. Guidelines for Device Status Events

Field

Description

Name

Identifier for this event.

Description

Additional text to clarify the purpose of this notification.

Triggers when

Specifies the conditions on the device that will trigger an alert:

  • Device status is changed (Android and iOS)

  • Android device reports policy/config errors

  • Android device reports policy/config warnings

  • Work schedule policy applied (Android and iOS)

Actions

Severity

Specifies the severity you define for this alert. Select Critical, Warning, or Information.

Template

Specifies the template to populate the resulting alert. Select View to display the content of the current template. Select an alternate template from the drop-down or Select Create to create a new template.

See Customizing Event Center messages for information on creating a new template.

Send SMS

Specifies whether to send an alert in a text message, and whether to send it to the user, the administrator, or both.

Specify users in the Apply to Users section or by selecting a label in the Apply to Labels section. If you select “Admin only” or “User + Admin”, then the CC to Admins section appears. Use this section to specify administrative users who should receive the alert.

Send Email

Specifies whether to send an alert in an email, and whether to send it to the user, the administrator, or both.

Specify users in the Apply to Users section or by selecting a label in the Apply to Labels section. If you select “Admin only” or “User + Admin”, then the CC to Admins section appears. Use this section to specify administrative users who should receive the alert.

Send through Push Notification

Specifies whether to send a message, and whether to send it to the user, the administrator, or both.

Specify users in the Apply to Users section or by selecting a label in the Apply to Labels section. If you select “Admin only” or “User + Admin”, then the CC to Admins section appears. Use this section to specify administrative users who should receive the alert.

The length of the message is limited to 255 characters.

Apply to Labels

Send the alert to users in the selected labels. See the “Using labels to establish groups” section in Getting Started with Ivanti EPMM for more information.

Search Users

Enter the user ID to find users to which you want to send the alert.

Apply to Users

Send the alert to the selected users.

CC to Admins

If you selected “Admin only” or “User + Admin”, then the CC to Admins section appears. Use this section to specify administrative users who should receive the alert.

Related Topics

Work Schedule policy