Benefits of Sentry
Benefits of using Sentry in your deployment include the following:
•Device and user authentication support with Standalone Sentry
•Enforcement of security policies with Sentry
•Visibility into which devices are accessing the backend resource with Sentry
•Ability to take action on ActiveSync device with Sentry
Device and user authentication support with Standalone Sentry
Using Standalone Sentry, you can choose how the user authenticates with the ActiveSync server or the backend resource. You can choose password authentication, certificate authentication, or Kerberos Constrained Delegation.
Enforcement of security policies with Sentry
UEM applies security, privacy, lockdown, and sync policies to registered devices. These policies ensure that devices can connect only if they comply to your organization’s security requirements. Standalone Sentry gets device posture and compliance information from UEM, and allows access based on the device posture.
ActiveSync policy and Sentry (Ivanti EPMM only)
When you use Sentry for ActiveSync, you also have the option to configure an ActiveSync policy that is applied to the device. The ActiveSync policy determines, for example, the password requirements for devices, whether you require device encryption, and whether devices can access email using a browser.
An ActiveSync device is typically registered. However, for devices that cannot support the Ivanti EPMM-provided policies, you can use the ActiveSync policy to support your organization’s security requirements.
Visibility into which devices are accessing the backend resource with Sentry
When using Standalone Sentry for ActiveSync or AppTunnel, devices access the backend resource through Standalone Sentry. Because of this single point of access, Standalone Sentry knows which devices and users are accessing backend resources.
Standalone Sentry for ActiveSync creates a unique record for each combination of user and device accessing the ActiveSync server. Standalone Sentry then associates the ActiveSync record to a device and user in UEM. Without Sentry, a user could configure multiple devices to access the ActiveSync server, and you would have no automated way of knowing about all the devices or managing access for these devices.
Standalone Sentry for AppTunnel creates a unique AppTunnel session (connection) for each unique combination of user, app, and device. For example, Standalone Sentry creates an AppTunnel for UserA using AppA on DeviceA, and a new AppTunnel for UserA using AppB on DeviceA. Each AppTunnel provides visibility into the user, device and the backend resources being accessed.
Ability to take action on ActiveSync device with Sentry
You can take actions on ActiveSync devices. For example, you can block email access on a device, or wipe the device (reset it to factory defaults). You can take these actions regardless of whether an ActiveSync device is registered with Ivanti EPMM.
You can also take action on AppTunnels. You can Allow or Block an AppConnect app on a device from accessing the backend resource. You can also Remove an AppTunnel.
Ivanti Neurons for MDM
If there are policy violations, registered ActiveSync devices and AppTunnels can be blocked. You can take Allow, Block, and Remove actions on unregistered ActiveSync devices.