Web-related DLP policies
The following describes the web-related DLP policies:
- Web DLP policy for browser launching
- DLP allowing links from non-AppConnect apps to open in Web@Work
- Web DLP versus Non-AppConnect apps can open URLs in Web@Work DLP
Web DLP policy for browser launching
You configure the Web DLP policy for browser launching in the AppConnect global policy. This Web DLP policy specifies whether an unsecured browser can attempt to display a web page when a device user taps the page’s URL in a secure app.
For example, consider a device user who is viewing an email in a secure email app, and the email body contains a URL. The user taps on the URL to view the web page in a browser. The following table describes the behavior for opening browsers from secure apps:
|
Web@Work installed |
Web@Work not installed |
Web DLP policy: allowed |
The user is prompted to choose between Web@Work and available unsecured browsers to attempt to display the web page. |
Unsecured browser attempts to display the web page. |
Web DLP policy: not allowed |
Web@Work displays the web page. |
Web page does not display. An error message is displayed that indicates that a secure browser is required but not installed. |
If the URL points to a server behind the enterprise’s firewall, an unsecured browser’s attempt to display the web page fails.
DLP allowing links from non-AppConnect apps to open in Web@Work
AppConnect supports a data loss prevention policy (DLP) that determines whether device users can choose to view a web page in Web@Work when they tap a link (URL) in an app that is not AppConnect-enabled. You specify whether to give device users that choice:
- For MobileIron Core deploymenments, on the AppConnect global policy in the data loss prevention policies section for Android.
- For Ivanti Neurons for MDM deployments, on the AppConnect Device configuration for Android.
This DLP also determines whether device users can choose AppConnect-enabled browsers besides Web@Work.
Allowing links from non-AppConnect apps to open in Web@Work benefits device users who use:
- Apps that are not AppConnect-enabled, especially email apps.
- Web@Work for viewing enterprise web pages.
Without this feature, links to enterprise web pages in email apps that are not AppConnect-enabled do not give Web@Work as a choice for viewing the web page. To view the web page, device users have to copy the link’s URL from the email into Web@Work. Now, if you allow it, the user can tap on the link and choose to view the resulting web page in Web@Work, which results in a simpler user experience.
Web DLP versus Non-AppConnect apps can open URLs in Web@Work DLP
The AppConnect global policy has two similar sounding data loss prevention policies for Android devices:
- Web
- Non-AppConnect apps can open URLs in Web@Work
The following table compares them:
If you allow Web... |
You can tap on a link in an AppConnect-enabled app... |
and open the web page in an unsecured browser. |
Therefore, this option is about data leaving the AppConnect container. |
If you allow |
You can tap on a link in an app that is not AppConnect-enabled.... |
and open the web page in Web@Work. |
Therefore, this option is about data coming into the AppConnect container. |
You can allow or not allow these two options in any combination.