MTD Support for Android 10

MobileIron Threat Defense supports Android 10 OS with the following configuration caveats:

table 1. Expected behavior for new and upgraded Android 10 installations

Deployment mode

Expected behavior

All modes

The local action Disconnect Wi-Fi cannot be applied to Android 10 devices.

Android enterprise modes (AE)

If location services are not enabled in Android enterprise mode, the threats Unsecured Wi-Fi and Rogue Access Point are not detected.

AE Profile Owner
mode (PO)

During installation or upgrade of the client on Android 10, the user is prompted to turn on location services for both device and profile settings:

If the user agrees, the app opens the device location service setting, so the user can enable it.

To complete the process, the user must manually navigate to the Profile settings to enable location services for the Profile.
If the user does not enable the location services, Unsecured Wi-Fi and Rogue Access Point threats are not detected.

NOTE:

If Disallow share location is enabled in the PO lockdown config, this will block the user's ability to turn on location services. Uncheck this feature to prompt the user to enable location services.

AE Work profile modes Device Owner (DO)
Managed device (COPE)

Location settings are enabled without user action, allowing MTD detection of all network threats.

Device administrator mode (DA)

Unsecured Wi-Fi and Rogue Access Point network threats cannot be detected for these devices.

Mobile application management mode (MAM)

Unsecured Wi-Fi and Rogue Access Point network threats cannot be detected for these devices.

For full information about MobileIron support for Android devices, see the MobileIron Core Device Management Guide for Android and Android enterprise Devices.