Configuring MTD local actions for Cloud

Using the MobileIron Threat Defense Local Actions configuration, you can set specific local actions to be taken on supported iOS and Android devices when the MTD-enabled client detects a threat. Local actions will only be taken on devices that are licensed and activated for MTD.

Before you begin 

Be sure you have configured the items listed in Activating MobileIron Threat Defense.

Procedure 

  1. Log in to MobileIron Cloud.
  2. Go to Configurations.
  3. Click +Add.
  4. Click MobileIron Threat Defense Local Actions.
  5. In the Create MobileIron Threat Defense Local Actions Configuration page, enter a Name for the configuration.
  6. Enter an optional Description.

  7. In the Configuration Setup section, scroll to the category containing the threat you want to enable.

    • Network Threats
    • Device Threats
    • App Threats

    The number of threats are indicated for each threat category.

  8. (Optional) Select specific threats and turn notifications on or off for them. To do so:

    1. Expand the threat category.
    2. Click the check box for the threats you want to configure. See the following tables for iOS and Android devices.
    3. Threats with available actions for iOS clients will have a drop-down menu in the Local IOS Action category.
    4. Threats with available actions for Android clients will have a drop-down menu in the Local Android Action category.
    5. Click the Show Notification slider to the right of the action menus to enable notification for the threat.
    6. (Optional) Select multiple threats and click the Set Bulk Local Actions to perform Local Android Action, Local iOS Action, or set Notification on or off. The total number of enabled local actions is displayed for your reference.

  9. Click Next.
  10. Select the Enable this configuration option, if it is not already enabled.

  11. Select one of the following distribution options:

    • All Devices
    • No Devices (default)
    • Custom

  12. Click Done.

The following table lists the actions that are available for MTD threats on iOS devices:

Table 1. threats on iOS devices

Local Compliance Action

Definition

None

No action will be taken on the device.

Block Email Access and AppConnect Apps
  • Disables email access.
  • Disables AppConnect-enabled applications and blocks the transfer of AppConnect data between Client and Cloud.

Network Sinkhole

Isolates the device from the network.
NOTE: MobileIron recommends ONLY selecting the Network Sinkhole action for network-related threats. Use of Network Sinkhole action for device and application threats can result in disabling network connectivity to the device without the ability to restore network connectivity.

The following table lists the actions that are available for MTD threats on Android devices:

Table 2. MTD Threats on Android Devices

Local Compliance Action

Definition

None

No action will be taken on the device.

Wipe the device

Retires the device.

Quarantine - Remove all configurations

Removes configurations that provide access to corporate resources, such as certificates. Configurations that secure the device are not removed.

Quarantine - Do not remove Wi-Fi settings for Wi-Fi only devices

Removes configurations that provide access to corporate resources, such as certificates, with the exception of the Wi-Fi settings on Wi-Fi only devices. Configurations that secure the device are not removed.

Quarantine - Do not remove Wi-Fi settings for all devices

Removes configurations that provide access to corporate resources, such as certificates, with the exception of Wi-Fi settings on all devices. Configurations that secure the device are not removed.

Quarantine - Remove managed apps and block new downloads

Removes access to the company App Catalog and/or work apps.

Disable Bluetooth

Disables Bluetooth to the company App Catalog and/or work apps.

Disconnect from Wi-Fi

Disables Wi-Fi to the company App Catalog and/or work apps.

Editing an MTD local actions configuration

The threat detection list is updated when new threats are identified or existing threats are removed. To edit an MTD local actions configuration to update the threats, use the following procedure:

  1. Log in to MobileIron Cloud.
  2. Go to Configurations.
  3. Select the check box next to the MTD configuration that you want to edit.
  4. Click Edit. The Edit MobileIron Threat Defense Solution Local Actions Configuration page is displayed.
  5. Click ^ next to Network, Device, or App Threats to edit the actions for a threat category. This selection controls which notifications are enabled on the device and which mitigation actions are taken locally on the device when a threat is detected. For more information about each threat, hover over the info icon next to the name of the threat.
  6. (Optional) Select multiple threats and click the Set Bulk Local Actions to perform Local Android Action, Local iOS Action, or set Notification on or off. The total number of enabled local actions is displayed for your reference.
  7. Click Next.
  8. Select the Enable this configuration option if required.

  9. Select one of the following distribution options:

    • All Devices
    • No Devices (default)
    • Custom
  10. Click Done.