Benefits of Sentry

Benefits of using Sentry in your deployment include the following:

Device and user authentication support with Standalone Sentry

Enforcement of security policies with Sentry

Visibility into which devices are accessing the backend resource with Sentry

Ability to take action on ActiveSync device with Sentry

Device and user authentication support with Standalone Sentry

Using Standalone Sentry, you can choose how the user authenticates with the ActiveSync server or the backend resource. You can choose password authentication, certificate authentication, or Kerberos Constrained Delegation.

Enforcement of security policies with Sentry

UEM applies security, privacy, lockdown, and sync policies to registered devices. These policies ensure that devices can connect only if they comply to your organization’s security requirements. Standalone Sentry gets device posture and compliance information from UEM, and allows access based on the device posture.

ActiveSync policy and Sentry (Core only)

When you use Sentry for ActiveSync, you also have the option to configure an ActiveSync policy that is applied to the device. The ActiveSync policy determines, for example, the password requirements for devices, whether you require device encryption, and whether devices can access email using a browser.

An ActiveSync device is typically registered. However, for devices that cannot support the Core-provided policies, you can use the ActiveSync policy to support your organization’s security requirements.

Visibility into which devices are accessing the backend resource with Sentry

When using Standalone Sentry for ActiveSync or AppTunnel, devices access the backend resource through Standalone Sentry. Because of this single point of access, Standalone Sentry knows which devices and users are accessing backend resources.

Standalone Sentry for ActiveSync creates a unique record for each combination of user and device accessing the ActiveSync server. Standalone Sentry then associates the ActiveSync record to a device and user in UEM. Without Sentry, a user could configure multiple devices to access the ActiveSync server, and you would have no automated way of knowing about all the devices or managing access for these devices.

Standalone Sentry for AppTunnel creates a unique AppTunnel session (connection) for each unique combination of user, app, and device. For example, Standalone Sentry creates an AppTunnel for UserA using AppA on DeviceA, and a new AppTunnel for UserA using AppB on DeviceA. Each AppTunnel provides visibility into the user, device and the backend resources being accessed.

Integrated Sentry gets the list of ActiveSync devices and users from the Microsoft Exchange Server, and provides the list to Core. From the Admin Portal, you can then control every device that accesses the ActiveSync server, regardless of whether the device is registered with Core.

Ability to take action on ActiveSync device with Sentry

Core

You can take actions on ActiveSync devices. For example, you can block email access on a device, or wipe the device (reset it to factory defaults). You can take these actions regardless of whether an ActiveSync device is registered with Core.

You can also take action on AppTunnels. You can Allow or Block an AppConnect app on a device from accessing the backend resource. You can also Remove an AppTunnel.

Ivanti Neurons for MDM

If there are policy violations, registered ActiveSync devices and AppTunnels can be blocked. You can take Allow, Block, and Remove actions on unregistered ActiveSync devices.