Sync policies

Sync policies specify how [email protected] ([email protected] on Windows) behaves on the device and interacts with Ivanti. These interactions include synchronizing profiles, configurations, and app inventory.

For Windows Phone 8.1 devices, only Sync Interval is applied. The sync interval is applied when the device registers with Ivanti. Any changes to the sync interval after the device has registered are not applied to the device. If you change the sync policy with sync-interval and user-added value, the device syncs the first three times at a 3 min interval time period and then it syncs with the specified user sync interval time.

The following table summarizes fields and descriptions in the Sync Policy window.

Table 38.   Sync policy fields
Item Description Default Policy Setting

Name

Required. Enter a descriptive name for this policy. This is the text that will be displayed to identify this policy throughout the Admin Portal. This name must be unique within this policy type.

Though using the same name for different policy types is allowed (e.g., Executive), consider keeping the names unique to ensure clearer log entries.

Default Sync Policy

Status

Select Active to turn on this policy. Select Inactive to turn off this policy.

Active

Priority

Specify a priority for this policy in relation to other custom policies of this type. Priority determines which policy is applied in the case of a conflict. For example, if a device has two labels assigned to it, and each label has a different sync policy, then the priority determines which policy is applied.

Select “Higher than” or “Lower than” and select the relative policy from the drop-down list. Because priority applies only to custom policies, this setting is not available when you create the first custom policy of this type. Default policies are not included in prioritization.

 

Description

Enter an explanation of the purpose of this policy.

Default Sync Policy

Server IP/Host Name

Displays the IP address or host name of the Ivanti instance that the Client will communicate with. This setting is completed automatically when the first phone registration is requested.

 

Use TLS

Specify whether to use Transport Layer Security for interactions between Ivanti and the [email protected] app ([email protected] on Windows devices) installed on devices.

selected

Migrate [email protected] Client

Select to migrate [email protected] for Android from using port 9997 without mutual authentication to using port 443 with mutual authentication. The device users do not need to re-register with Ivanti.

For more information, see "Migrating [email protected] for Android to use mutual authentication" in the Ivanti EPMM Device Management Guide for Android and Android Enterprise devices.

 

Sync While Roaming

Specifies which data, if any, should be synchronized with Ivanti while the device is roaming.

All Activity and Content: Causes all activity and content to be synchronized while the device is roaming.

Only Activity and SMS Content: Restricts synchronized data to activity and SMS content while the device is roaming. Eliminates synchronization of some data to reduce the cost of data transfer when additional charges may apply. This option is selected by default.

Only Roaming Status: Restricts synchronized data to roaming status while the device is roaming. Eliminates synchronization of most data to minimize the cost of data transfer when additional charges may apply. Synchronizing roaming status ensures that location data is communicated to the server and that roaming alerts can be generated in a timely fashion. International roaming alerts are not generated.

No Sync: Prevents all data from being synchronized while the device is roaming. Roaming alerts may not be generated by Event Center in a timely fashion because the device cannot communicate its roaming status. Thus, if international roaming alerts have been configured, the [email protected] app ([email protected] on Windows devices) on the device generates a local roaming alert.

Only Activity and SMS Content

Android Notification Mechanism

Specifies the type of notification for device updates.

Google Cloud Messaging: Device depends on Google Cloud Messaging (GCM) to receive notifications and updates from Ivanti.

Notification URL: Device uses the push notification URL to receive update notifications.

Auto: Depending on the state of the device it will choose one of the notification mechanisms described above.

To configure the Android notification mechanism, mutual authentication must be enabled. See "Mutual authentication between devices and Mobile Ivanti " in the Ivanti EPMM Device Management Guide for Android and Android Enterprise devices.

Auto

Mutual Certificate Authentication Renewal Window

Enter the number of days prior to the expiration date that you want to allow devices to renew their identity certificate used for mutual authentication with Ivanti. Enter a value between 1 and 60.

A blank value defaults to 60 days.

"Mutual authentication between devices and Ivanti" in the Ivanti EPMM Device Management Guide.

60

Heartbeat Interval

Heartbeat Interval on iOS is only supported when the app is in use (not running in the background). As such, using the heartbeat interval on iOS is not recommended.

Specify the maximum amount of time that the [email protected] app ([email protected] on Windows devices) will wait before sending a request to Ivanti to confirm that the client and server are connected.

[email protected] ([email protected] on Windows devices) does not connect to the server according to this interval unless the Client is Always Connected option is selected.

Ivanti will close the network connection for clients that have been inactive for twice the interval specified for this setting, thereby reducing demand on Ivanti.

Why: Increasing the heartbeat interval can help preserve battery life. Decreasing the heartbeat interval helps [email protected] ([email protected] on Windows devices) detect disconnection from the Ivanti more quickly.

14

 

Sync Interval

Specify the frequency for starting the synchronization process between the device and Ivanti.

For iOS devices only:

This setting determines how often Ivanti sends a check-in notification to iOS devices, which determines the frequency of jailbreak detection.

Decreasing this interval requires additional resources that may increase the drain on phone batteries.

240

iOS Location-Based Wakeups Interval

 

For iOS devices only:

Specifies the minimum duration between attempts to send iOS device details to Ivanti. This duration is adhered to when iOS brings [email protected] into memory following major location change events.

When enabled, this setting specifies the minimum time period between server polling intervals if a significant location change wakes the app. For example, if the location-based wakeup interval is set to 15 minutes, but a significant location change wakes a given app at 5, 12, and 16 minute intervals, the app will only poll Ivanti at the 16 minute interval. The default interval is 15 minutes.

See “iOS location-based wakeups interval and syncing with Ivanti” in the Ivanti EPMM Device Management Guide for iOS and macOS devices.

15 minutes

 

MTD wakeup interval

Enter an MTD iOS wake-up interval in minutes. This interval determines how often [email protected] wakes up and scans an iOS device. Setting this field to a low interval value, such as fifteen minutes, is more taxing on the device's battery than setting it at a higher interval value such as 60 minutes.

60 minutes

Client is Always Connected

This feature is not supported on iOS devices.

Specify whether [email protected] ([email protected] on Windows devices) should remain connected to Ivanti during the sync interval. Keeping the client connected ensures timely communication between [email protected] ([email protected] on Windows devices) on the device and Ivanti. You might consider disabling this feature if battery drain becomes an issue. See “Android devices and the Client Is Always Connected” in the Ivanti EPMM Device Management Guide for Android and Android Enterprise devices.

Disabled