VPN Sinkhole for iOS clients without user action

Configure iOS sinkhole VPN protection without client user action. MTD admins can now configure sinkhole protection for iOS clients that will push an MTD virtual private network (VPN) to the client without user action. After upgrade to Core 10.6.0.0, a new default MTD VPN configuration is created and pushed silently to the device when a threat configured for Sinkhole action is discovered. The process works like this:

1. When a threat is detected on an iOS device, and a Network Sinkhole action is associated with this threat in the Local Actions configuration, the threat triggers the MobileIron Threat Defense VPN profile to isolate the device from the network, without user assistance.

2. While the Network Sinkhole action is active on the device, be aware of the following issues:

   • Attempts to reach Internet or other network destinations will fail.
   • Other threats may not be detected and displayed until the original threat (that caused the compliance action) is remediated.
   • The full list of threats may not display on the iOS device.
3. After the threat is remediated on the device, the VPN profile is disabled automatically, and network traffic is no longer affected by the sinkhole. At this point, browser traffic now succeeds.

For more information, see Configuring the iOS sinkhole VPN local action.

Longer default MTD wake-up interval

Previously, the MTD wake-up interval default was 15 minutes, which sometimes resulted in excessive battery usage for iOS clients. From Core version 10.6.0.0 through the most recently released version as supported by MobileIron, the MTD default wake-up interval is 60 minutes, which can be adjusted for your network.

For more information, see Enabling MobileIron Threat Defense for Mobile@Work devices.

GDPR-enabled users have view and edit restrictions

Edit restrictions for GDPR-enabled users. When the GDPR profile is enabled for a user, some functionality and edit rights in the Core Devices and Users pages are restricted. After upgrade to Core 10.6.0.0, GDPR-enabled users will see a banner across the top of the Admin portal, reminding them that these restrictions are in place.

For more information, see Assigning users to a GDPR profile.

MTD Local Actions threat names updated

Changes to the MTD Core Local Actions threat categories. MobileIron Core previously used the threat category names Host threats, Malware threats, and Network threats for MTD Local Actions Policies. After upgrade to Core 10.6.0.0, the Core threat category names match those of the Mobile@Work client:

• Host threats changed to Device threats
• Malware threats changed to App threats
• Network threats (no change)

For more information, see Creating compliance policy rules and groups.

App status on managed devices

zConsole correctly lists the category type and management status of apps installed on managed devices. MTD can evaluate Apps installed on a device by whatever means, and correctly categorize them. Previously, App management information was not reported to zConsole, so some apps were being incorrectly flagged. After upgrade to 10.6.0.0, the MobileIron API reports the status to zConsole.

For more information, see How zConsole classifies installed Apps.

Android support for whitelisting a sideloaded App

From Mobile@Work 10.6 and Core 10.6.0.0 through the most recently released version as supported by MobileIron, you can now whitelist a sideloaded app before or after it is installed on a device:

For more information, see Whitelisting a sideloaded app for Android devices

Core to Cloud Mobile@Work migrations require user action

When Android Mobile@Work clients migrate from Core to Cloud server, the user is prompted to re-enable MTD anti-phishing protection by setting the Mobile@Work client as the default browser from the Go interface, even if it has been configured previously.