Device-initiated security controls for AppConnect for Android

You can protect corporate data on devices even when the devices are off-line. If the device is compromised (rooted) or USB debugging is enabled, Go can retire all secure apps on the device. Retiring secure apps means that they become unauthorized (blocked), and their data is deleted (wiped).

The detection of these two security violations occurs on the device. Furthermore, the decision to retire secure apps because of these violations also occurs on the device. Connectivity with Ivanti Neurons for MDM is not required for these security controls.

You configure these actions in the Compromised Devices, Data Protection/Encryption Disabled, or Custom Policy policies on Ivanti Neurons for MDM.

For information about configuring actions in policies, see "Policies" in the Ivanti Neurons for MDM Administrator Guide.

Interaction with the Exchange setting

These compliance actions retire all secure apps, which can include email clients. However, the device user can still use lower priority email clients, such as the native Samsung email client, if the device’s Exchange setting allows them.

Therefore, if you do not want to allow any email access when the device is compromised or USB debugging is enabled, modify the Exchange setting:

  1. In Ivanti Neurons for MDM, go to Configurations.
  2. Edit the Exchange setting that is applied to the devices of interest.
  3. In the Android section, modify the Exchange App Priority so that only AppConnect-enabled email clients are selected.
  4. Click Save