Enabling MobileIron Threat Defense for Mobile@Work devices

This procedure is applicable to both Android and iOS devices.

Enabling MobileIron Threat Defense involves:

  • Completing the prerequisites listed in Before You Begin.
  • Obtaining your MTD Activation token.
  • Creating a new MTD Activation Configuration.
  • Apply label(s) to the configuration.

When this is done, the MTD Activation token is delivered to devices.

Note The Following:  

  • If you have an existing MTD Activation configuration, do not delete it. Install the new MTD Activation token first, and then optionally delete the old one.
  • To be valid, the MTD license must be purchased from MobileIron or a licensed partner.

Before You Begin

Before you set up MobileIron Threat Defense, complete the following prerequisites:

  1. Install MobileIron Core.

    See the "Core Installation" section in the On-Premise Installation Guide for information about how to install MobileIron Core.

  2. Purchase a MobileIron Threat Defense license from MobileIron or a licensed partner.

  3. Complete the following configuration tasks:

    See the On-Premise Installation Guide for more information on required ports and firewall rules.

    • Note the FQDN of the Core UEM server
    • Open Port 443 in the firewall
    • Allow access to the AppGateway URL
    • Allow access to the VNS URL
    • Allow access to APNS, FCS, GCM, etc.
    • Allow access to the App_Config_Spec_File repository URL
    • Allow incoming API calls and modify the ACL configuration for the specific source IPs
  4. Upload your TLS (Transport Layer Security) trust certificate to Core (formerly called an MDM certificate). See the "Managing Certificates and Configuring Certificate Authorities" section of the MobileIron Core Device Management Guide.

  5. Contact your MobileIron representative to request your unique, encrypted MTD Activation token, or get it from zConsole.

    NOTE: To be valid, the MTD license must be purchased from MobileIron or a licensed partner.

  6. Request and upload an MDM certificate for iOS, if you have not already done so. In addition, you need to enable iOS MDM support and confirm MDM for an iOS device. For information, see the "Managing Mobile Device Management (MDM) certificates for iOS and macOS" section of the Getting Started with MobileIron Core.

    NOTE: If you are using only mobile application management (MAM)-only iOS devices, skip the MDM-related sections. For more information, see “Managing apps on MAM-only devices” in the MobileIron Apps@Work Guide
  7. Update the device last check-in and policy update time in Core. See the"Managing device compliance checks" section in the MobileIron Core Device Management Guide.
  8. Continue to Enabling MobileIron Threat Defense for Mobile@Work devices.

Creating an MTD activation configuration

Procedure 

  1. Log into zConsole and download the MobileIron MTD Activation Code.
  2. In Core, go to Policies & Configs > Configurations.
  3. Click Add New > MTD Activation. The Add MTD Activation Configuration dialog box opens.
  4. Enter a name for the configuration.
  5. (Optional) Click + Add Description to enter a description.

  6. In the Configuration Setup section, make the following entries:

    • Vendor: Zimperium
    • License Key: enter your MobileIron Threat Defense activation code.

    • Wake up Intervals (mins): 60 (the default) or set a higher interval.

  7. Click Save. The Configurations page refreshes with the name of the new MTD Activation Configuration.
  8. Apply a label to the MTD Activation Configuration. Upon next check-in, the new activation configuration is pushed to the device(s). See Creating MTD labels in Core for Android and iOS devices.

Pushing new MTD activation configurations to existing devices

Android

  • For Mobile@Work 10.2.0.0, when the Android XML Configuration (zConsole) is pushed to the device and then the Administrator applies a label to the MTD activation configuration, upon the next device checkin, the MTD Activation token will take precedence.
  • For Mobile@Work 10.1.0.0, when the Android XML Configuration (zConsole) is pushed to the device and then the Administrator applies a label to another MTD Activation Configuration, upon the next device checkin, the device user will see an error message stating that the license was already activated. The functionality will work, but it is advised you remove the old Android XML Configuration.
  • In case of both Mobile@Work 10.1.0.0 client and Mobile@Work 10.2.0.0 client, if the first MTD Activation Configuration is pushed to the device and the Administrator applies a label to another MTD Activation Configuration, upon the next device checkin, the device user will see an error message stating that the license was already activated.

iOS

  • For Mobile@Work 10.2.0.0, when the MTD Activation Configuration is pushed to the device and then the Administrator applies a label to the MTD Activation Configuration, the MTD Activation token will take precedence. You can optionally choose to delete the old configuration (Apps > App Catalog > select Mobile@Work > Edit > Managed App Configuration section.)