Creating an MTD anti-phishing protection configuration

You can create an MTD anti-phishing configuration for managed Android devices and optionally, iOS devices. The configuration applies URL Handler for Android devices, and on-device VPN and Content Blocker are options for iOS devices.

Procedure 

  1. Log in to MobileIron Core admin portal.

  2. Go to Policy & Configs > Policies.

  3. Click Add New > MTD Anti-Phishing. The Add MTD Anti-Phishing Policy page opens.

  4. In the Add MTD Anti-Phishing Policy dialog box, enter a name for the policy.

  5. For status select Active. This is the default setting.

  6. Specify a priority for this policy, relative to the other custom policies of the same type. Select Higher than or Lower than, then select an existing policy from the drop-down list. This priority determines which policy is applied if more than one policy is available.

    NOTE: Only one active policy can be applied to a device.

  7. (Optional) Enter a description.

  8. In the iOS section, select from the following policy options:
    1. Use on-device VPN to analyze malicious URLs - This option auto-installs a VPN profile to managed clients without requiring end-user confirmation. Tapped links are checked against an on-device database of malicious URLs.
    2. Enable Content Blocker anti-phishing - The end user must enable this feature. When enabled, all network traffic is blocked when a phishing threat is detected. Once cleared, network traffic is again allowed.
  9. In the Android section, URL Handler is enabled by default, and requires the end user to enable the feature.

  10. Click Save.

  11. Apply a label to the policy. See Creating MTD labels in Core for Android and iOS devices.

  12. Create a compliance policy rule to ensure that device users enable MobileIron Phishing Protection. See Creating compliance policy rules and groups. Give the policy the following settings:

    1. Condition: MTD Anti-Phishing status / Equals / Not Enabled

    2. Regular Expression: "common.mtd_anti_phishing_status"="CLIENT_NOT_ENABLED"

      This expression makes the devices go out of compliance, and it triggers a compliance action that forces device users to enable MobileIron phishing protection.

  13. Force device check in.