Event settings
Each event type has specific settings that need to be configured when you create or edit the event. This section describes the settings for each type.
- International roaming event settings
- SIM changed event settings
- Memory size exceeded event settings
- System event settings
- System event field description
- Policy violations event settings
- Policy violations event field description
- Device status event settings
International roaming event settings
International roaming detection is not supported for dual-mode devices (that is, devices that switch between GSM and CDMA).
Procedure
To create an international roaming event, in the Admin Portal:
- Go to Logs > Event Settings.
- Select Add New.
-
Select International Roaming Event from the drop-down menu. The New International Roaming Event dialog box opens.
-
Use the guidelines in the table below to create an international roaming event.
- Select Save.
If more than one international roaming event applies to a device, only the last one you edited and saved is triggered.
Table 1. International Roaming Event Options
Field |
Description |
Name |
Identifier for this notification. |
Description |
Additional text to clarify the purpose of this notification. |
Generate Alert |
Turns on/off the alert defined for this event. |
Alert for Every Country Visited in the Trip |
Applies a compliance action for each country visited after the user leaves the home country. |
Maximum Alerts |
Specifies whether there is a limit on the number of alerts generated for all countries within a given trip. If you select Limited, then you can specify the number of alerts to allow. Once the user returns to the home country, the count is returned to 0. |
Severity |
Specifies the severity defined for the alert: Critical, Warning, and Information. |
Specifies the template to populate the resulting alert. Select View to display the content of the current template. Select an alternate template from the drop-down or select Create to create a new template. See Customizing Event Center messages for information on creating a new template. |
|
Send SMS |
Specifies whether to send an alert in a text message, and whether to send it to the user, the admin, or both. Specify users in the Apply to Users section or by selecting a label in the Apply to Labels section. If you select “Admin only” or “User + Admin”, then the CC to Admins section appears. Use this section to specify administrative users who should receive the alert. |
Send Email |
Specifies whether to send an alert in an email, and whether to send it to the user, the admin, or both. Specify users in the Apply to Users section or by selecting a label in the Apply to Labels section. If you select “Admin only” or “User + Admin”, then the CC to Admins section appears. Use this section to specify administrative users who should receive the alert. |
Send through Push Notification |
Specifies whether to send a message If you select “Admin only” or “User + Admin”, then the CC to Admins section displays. Use this section to specify administrative users who should receive the alert. The length of the message is limited to 255 characters. |
Apply to Labels |
Associate this event with the selected labels. See the “Using labels to establish groups” section in the Getting Started with Ivanti EPMM for more information. |
Search Users |
Enter the user ID to find devices to which you want to apply this event. |
Apply to Users |
Associate this group of settings with the selected users. |
Search Admins |
Enter the administrator ID to find devices to which you want to apply this event. |
CC to Admins |
If you selected “Admin only” or “User + Admin”, then the CC to Admins section appears. Use this section to specify administrative users who should receive the alert. |
SIM changed event settings
Procedure
- Go to Logs > Event Settings.
- Select Add New.
-
Select SIM Changed Event from the drop-down menu. The New SIM Changed Event dialog box opens.
-
Use the guidelines listed in the table below for creating a SIM change event.
- Select Save.
If more than one SIM changed event applies to a device, only the last one you edited and saved is triggered.
Table 2. Guidelines for creating a SIM change event
Field |
Description |
Name |
Identifier for this event. |
Description |
Additional text to clarify the purpose of this event. |
Generate Alert |
Turns on/off the alert defined for this event. |
Severity |
Specifies the severity defined for the alert: Critical, Warning, and Information. |
Specifies the template to populate the resulting alert. Select View to display the content of the current template. Select an alternate template from the drop-down or select Create to create a new template. See Customizing Event Center messages for information on creating a new template. |
|
Send SMS |
Specifies whether to send an alert in a text message, and whether to send it to the user, the admin, or both. Specify users in the Apply to Users section or by selecting a label in the Apply to Labels section. If you select “Admin only” or “User + Admin”, then the CC to Admins section appears. Use this section to specify administrative users who should receive the alert. |
Send Email |
Specifies whether to send an alert in an email, and whether to send it to the user, the admin, or both. Specify users in the Apply to Users section or by selecting a label in the Apply to Labels section. If you select “Admin only” or “User + Admin”, then the CC to Admins section appears. Use this section to specify administrative users who should receive the alert. |
Send through Push Notification |
Specifies whether to send a message, and whether to send it to the user, the admin, or both. Specify users in the Apply to Users section or by selecting a label in the Apply to Labels section. If you select “Admin only” or “User + Admin”, then the CC to Admins section appears. Use this section to specify administrative users who should receive the alert. The length of the message is limited to 255 characters. |
Apply to Labels |
Associate this event with the selected labels. See the “Using labels to establish groups” section in Getting Started with Ivanti EPMM for more information. |
Search Users |
Enter the user ID to find devices to which you want to apply this event. |
Apply to Users |
Associate this group of settings with the selected users. |
CC to Admins |
If you selected “Admin only” or “User + Admin”, then the CC to Admins section displays. Use this section to specify administrative users who should receive the alert. |
Memory size exceeded event settings
This section address how to create a memory size exceeded event.
Procedure
- Go to Logs > Event Settings.
- Select Add New.
-
Select Memory Size Exceeded Event from the drop-down menu.
-
Use the guidelines in the table below to create a memory size exceeded event.
- Select Save.
Memory exceeded events are sent only once per week when the configured memory limit is reached. If more than one memory size exceeded event applies to a device, only the last one you edited and saved is triggered.
Table 3. Guidelines for a memory size exceeded event.
Field |
Description |
Name |
Identifier for this event. |
Description |
Additional text to clarify the purpose of this notification. |
Used Memory Size Exceeds |
Specifies the percentage of total memory that triggers the alert. |
Generate Alert |
Turns on/off the alert defined for this event. |
Alert every |
Specifies the time, in days, after which the alert count is reset. |
Severity |
Specifies the severity defined for the alert: Critical, Warning, and Information. |
Specifies the template to populate the resulting alert. Select View to display the content of the current template. |
|
Send SMS |
Specifies whether to send an alert in a text message, and whether to send it to the user, the admin, or both. Specify users in the Apply to Users section or by selecting a label in the Apply to Labels section. If you select “Admin only” or “User + Admin”, then the CC to Admins section appears. Use this section to specify administrative users who should receive the alert. |
Send Email |
Specifies whether to send an alert in an email, and whether to send it to the user, the admin, or both. Specify users in the Apply to Users section or by selecting a label in the Apply to Labels section. If you select “Admin only” or “User + Admin”, then the CC to Admins section appears. Use this section to specify administrative users who should receive the alert. |
Send through Push Notification |
Specifies whether to send a message, and whether to send it to the user, the admin, or both. Specify users in the Apply to Users section or by selecting a label in the Apply to Labels section. If you select “Admin only” or “User + Admin”, then the CC to Admins section appears. Use this section to specify administrative users who should receive the alert. The length of the message is limited to 255 characters. |
Apply to Labels |
Associate this event with the selected labels. See the “Using labels to establish groups” section in Getting Started with Ivanti EPMM for more information. |
Search Users |
Enter the user ID to find devices to which you want to apply this event. |
Apply to Users |
Associate this group of settings with the selected users. |
CC to Admins |
If you selected “Admin only” or “User + Admin”, then the CC to Admins section appears. Use this section to specify administrative users who should receive the alert. |
System event settings
A system event applies a compliance action when a component of an Ivanti EPMM implementation is not working. System alerts are intended for relevant administrators.
Procedure
- In the Admin Portal, go to Logs > Event Settings.
- Select Add New.
- Select System Event from the drop down menu.
- Use the guidelines in System event field description to complete the form:
- Select Save.
System event field description
Field |
Description |
Name |
Identifier for this event. |
Description |
Additional text to clarify the purpose of this notification. |
Sentry (standalone and integrated) is unreachable |
Applies a compliance action if Ivanti EPMM is unable to contact the Sentry. |
Ivanti gateway is unreachable |
Select this option to send an alert if Ivanti EPMM cannot connect to the Ivanti EPMM gateway. |
LDAP server is unreachable |
Select this option to send an alert if Ivanti EPMM cannot connect to any of the configured LDAP servers. |
DNS server is unreachable |
Select this option to send an alert if Ivanti EPMM cannot connect to one of the configured DNS servers. |
Mail server is unreachable |
Select this option to send an alert if Ivanti EPMM cannot connect to the configured SMTP server. |
NTP server is unreachable |
Select this option to send an alert if Ivanti EPMM connect to the configured NTP server. |
Certificate Expired or Certificate Error |
Select this option to send an alert for certificate expiration. An alert is sent 60 days before expiration and on the expiration date. Certificates supported include Admin Portal and device certificates. |
Provisioning Profile Expired |
This feature is not supported for Android devices. |
SMTP Relay server is unreachable |
Applies a compliance action if the configured SMTP relay (used for SMS archive) does not respond to a ping or SMTP ping. |
SMTP Relay server error |
Applies a compliance action if the configured SMTP relay (used for SMS archive) returns an error. The alert includes available details to enable troubleshooting. |
Applies a compliance action if the system storage threshold has been reached. Refer to Ivanti EPMM System Manager Guide for information on setting this threshold or manually purging the data. |
|
Connector state events
|
Applies a compliance action if the health of the Connector changes. Ivanti EPMM defines a healthy connector as one that connects to the server at expected intervals and syncs successfully with the LDAP server. An alert is generated if a Connector changes from healthy to unhealthy, or from unhealthy to healthy. |
Connector requires upgrade |
Applies a compliance action if the automated upgrade of the Connector fails. This alert prompts you to manually upgrade the Connector. |
Connector can not connect to LDAP server |
Applies a compliance action if a configured LDAP server is no longer reachable. |
Connector is unreachable |
Applies a compliance action if the Ivanti EPMM server does not receive the expected response to the scheduled probe of the Connector. This alert generally indicates network problems. |
Application update failed |
Alerts the administrator that the Apps@Work or Bridge update for Windows failed. For more information, administrators can the server logs. |
Android enterprise app requires new permission approval |
Generates an alert if an Android Enterprise app has new permissions that the administrator needs to approve in the App Catalog. |
Mobile Threat Definition Update |
Alerts administrators when a new version of the mobile threat definition is available. The notification includes any impacts to the existing MTD Local Action policies if threats were removed from the latest update. |
Generate Alert |
Turns on/off the alert defined for this event. |
Maximum Alerts |
Specifies whether there is a limit on the number of alerts generated for a given event. If you select Limited, then you can specify the number of alerts to allow. By default, compliance is checked every 24 hours. See Managing Compliance and Creating an event for more information. |
Alert Every |
Specifies the time, in days, after which the alert count is reset. |
Severity |
Specifies the severity defined for the alert. Select Critical, Warning, or Information. |
Specifies the template to populate the resulting alert. Select View to display the content of the current template. Select an alternate template from the drop-down or select Create to create a new template. See Customizing Event Center messages for information on creating a new template. |
|
Send SMS |
Specifies whether to send an alert in a text message, and whether to send it to the user, the administrator, or both. Specify users in the Apply to Users section or by selecting a label in the Apply to Labels section. If you select “Admin only” or “User + Admin”, then the CC to Admins section appears. Use this section to specify administrative users who should receive the alert. |
Send Email |
Specifies whether to send an alert in an email, and whether to send it to the user, the administrator, or both. Specify users in the Apply to Users section or by selecting a label in the Apply to Labels section. If you select “Admin only” or “User + Admin”, then the CC to Admins section appears. Use this section to specify administrative users who should receive the alert. |
Send through Push Notification |
Specifies whether to send a message Specify users in the Apply to Users section or by selecting a label in the Apply to Labels section. If you select “Admin only” or “User + Admin”, then the CC to Admins section appears. Use this section to specify administrative users who should receive the alert. The length of the message is limited to 255 characters. |
Apply to Labels |
Send the alert to users in the selected labels. See the “Using labels to establish groups” section in Getting Started with Ivanti EPMMfor more information. In most cases, if you do select a label, it should not be a label with broad coverage. System event alerts are usually not appropriate for device users. |
Search Users |
Enter the user ID to find users to which you want to send the alert. |
Apply to Users |
Send the alert to the selected users. |
Policy violations event settings
Procedure
- In the Admin Portal, go to Logs > Event Settings.
- Select Add New.
-
Select Policy Violation Event from the drop-down menu. The New Policy Violations Event dialog box opens.
- Follow the guidelines in Policy violations event field description to complete the form.
- Select Save.
Apply only one Policy Violations event to each device. If more than one policy violations event applies to a device, only the last one you edited and saved is triggered. Therefore, do not create a separate policy violations event for each type of security policy violation.
In that one Policy Violations event, select all of the security policy settings that you want to trigger the event. Use the template variable $DEFAULT_POLICY_VIOLATION_MESSAGE in your message template to specify the security policy violation that triggered the event.
Policy violations event field description
The following table describes fields for configuring a policy violation event.
Field |
Description |
Name |
Identifier for this event. |
Description |
Additional text to clarify the purpose of this notification. |
Connectivity |
|
Out-of-contact with Server for X number of days |
Select this option to send an alert when a device has been out of contact for the number of days specified in the Security policy assigned to it. |
Out-of-policy for X number of days |
Select this option to send an alert when a policy has been out of date for the number of days specified in the Security policy assigned to it. |
Device Settings |
|
Passcode is not compliant |
Applies a compliance action if a device is detected having a passcode that does not meet the requirements specified in the associated security policy. |
App Control |
|
Disallowed app found |
Applies a compliance action if an app that is specified as Disallowed is installed on a device. Apps are specified as Required, Allowed, or Disallowed under Apps > App Control. |
App found that is not in Allowed Apps list |
Applies a compliance action if an app that does not appear on the list of allowed apps has been detected on a device. Apps are specified as Required, Allowed, or Disallowed under Apps > App Control. |
Required app not found |
Applies a compliance action if an app that is specified as Required is not installed on a device. Apps are specified as Required, Allowed, or Disallowed under Apps > App Control. |
Data Protection/Encryption - iOS - Android |
|
Data Protection/Encryption is disabled |
|
Security - Windows |
|
OS Build is less than the required OS build |
Select this option to apply a compliance action if the device build is less than the OS build defined in the Security policy. |
Last Hotfix is less than the required hotfix |
Select this option to apply a compliance action if the device OS build is less than the hotfix build defined in the Security policy. |
Last Hotfix installation date is out of date |
Select this option to apply a compliance action if the device OS has not been updated in the time interval defined in the Security policy. |
iOS |
|
Disallowed iOS model found |
Select this option to apply a compliance action when a restricted iOS model is registered. |
Disallowed iOS version found |
Select this option to apply a compliance action when a restricted iOS version is registered. |
Compromised iOS device |
Select this option to apply a compliance action when a compromised iOS is registered or connects to the server. That is, an iOS device has been compromised by circumventing the operator and usage restrictions imposed by the operator and manufacturer. |
iOS Configuration not compliant |
Applies a compliance action if an iOS device does not have the expected security policy or app settings. This state may indicate that a setting was changed or was not applied successfully. |
Restored Device connected to server |
Applies a compliance action if a previously wiped device has been restored and attempts to connect through the Ivanti EPMM deployment. |
Applies a compliance action if the device user disables multitasking for the iOS app. Disabling multitasking increases the likelihood that a compromised device will go undetected for a significant period of time. |
|
Device MDM deactivated (iOS 5 and later) |
Applies a compliance action when the MDM profile on a managed iOS 5 device is removed. |
macOS |
|
Disallowed macOS version found |
Applies a compliance action if Ivanti EPMM finds a registered device running a prohibited version of macOS. |
Device MDM deactivated |
Applies a compliance action if Ivanti EPMM detects that MDM (Mobile Device Management) has been deactivated on a registered macOS device. |
FileVault encryption disabled |
Applies a compliance action if Ivanti EPMM detects a registered macOS device with disabled FileVault encryption. |
Android |
|
Disallowed Android OS version found |
Applies a compliance action if an Android device having a disallowed OS version is detected. You can specify disallowed versions in the security policy. |
Compromised Android device detected |
Applies a compliance action if a modified Android device is detected. That is, an Android device has been compromised by circumventing the operator and usage restrictions imposed by the operator and manufacturer. |
Device administrator not activated for DM client or agent |
Generate an alert when a managed Android device is found to have no device administrator privilege activated for Ivanti Mobile@Work or the Samsung DM Agent. The Samsung DM Agent is not required on Samsung MDM 4.x, starting with Ivanti Mobile@Work for Android version 5.9. |
Actions |
|
Generate Alert |
Turns on/off the alert defined for this event. |
Maximum Alerts |
Specifies whether there is a limit on the number of alerts generated for a given event. If you select Limited, then you can specify the number of alerts to allow. |
Alert Every |
Specifies the time, in days, after which the alert count is reset. |
Severity |
Specifies the severity you define for this alert. Select Critical, Warning, or Information. |
Specifies the template to populate the resulting alert. Select View to display the content of the current template. Select an alternate template from the drop down or select Create to create a new template. See Customizing Event Center messages for information on creating a new template. |
|
Send SMS |
Specifies whether to send an alert in a text message, and whether to send it to the user, the administrator, or both. Specify users in the Apply to Users section or by selecting a label in the Apply to Labels section. If you select “Admin only” or “User + Admin”, then the CC to Admins section appears. Use this section to specify administrative users who should receive the alert. |
Send Email |
Specifies whether to send an alert in an email, and whether to send it to the user, the administrator, or both. Specify users in the Apply to Users section or by selecting a label in the Apply to Labels section. If you select “Admin only” or “User + Admin”, then the CC to Admins section appears. Use this section to specify administrative users who should receive the alert. |
Send through Push Notification |
Specifies whether to send a message Specify users in the Apply to Users section or by selecting a label in the Apply to Labels section. If you select “Admin only” or “User + Admin”, then the CC to Admins section appears. Use this section to specify administrative users who should receive the alert. The length of the message is limited to 255 characters. |
Apply to Labels |
Send the alert to users in the selected labels. See the “Using labels to establish groups” section in Getting Started with Ivanti EPMM for more information. |
Search Users |
Enter the user ID to find users to which you want to send the alert. |
Apply to Users |
Send the alert to the selected users. |
CC to Admins |
If you selected “Admin only” or “User + Admin”, then the CC to Admins section appears. Use this section to specify administrative users who should receive the alert. |
Device status event settings
The device status event applies only to Android and iOS devices. The following describes the steps to create a device status event in the Admin Portal.
Procedure
- Go to Logs > Event Settings.
- Select Add New.
-
Select Device Status Event from the drop-down menu. The New Status Event dialog box opens.
-
Use the following guidelines to complete the form:
- Select Save.
If more than one device status event applies to a device, only the last one you edited and saved is triggered.
Table 4. Guidelines for Device Status Events
Field |
Description |
Name |
Identifier for this event. |
Description |
Additional text to clarify the purpose of this notification. |
Triggers when |
Specifies the conditions on the device that will trigger an alert:
|
Actions |
|
Severity |
Specifies the severity you define for this alert. Select Critical, Warning, or Information. |
Specifies the template to populate the resulting alert. Select View to display the content of the current template. Select an alternate template from the drop-down or Select Create to create a new template. See Customizing Event Center messages for information on creating a new template. |
|
Send SMS |
Specifies whether to send an alert in a text message, and whether to send it to the user, the administrator, or both. Specify users in the Apply to Users section or by selecting a label in the Apply to Labels section. If you select “Admin only” or “User + Admin”, then the CC to Admins section appears. Use this section to specify administrative users who should receive the alert. |
Send Email |
Specifies whether to send an alert in an email, and whether to send it to the user, the administrator, or both. Specify users in the Apply to Users section or by selecting a label in the Apply to Labels section. If you select “Admin only” or “User + Admin”, then the CC to Admins section appears. Use this section to specify administrative users who should receive the alert. |
Send through Push Notification |
Specifies whether to send a message, and whether to send it to the user, the administrator, or both. Specify users in the Apply to Users section or by selecting a label in the Apply to Labels section. If you select “Admin only” or “User + Admin”, then the CC to Admins section appears. Use this section to specify administrative users who should receive the alert. The length of the message is limited to 255 characters. |
Apply to Labels |
Send the alert to users in the selected labels. See the “Using labels to establish groups” section in Getting Started with Ivanti EPMM for more information. |
Search Users |
Enter the user ID to find users to which you want to send the alert. |
Apply to Users |
Send the alert to the selected users. |
CC to Admins |
If you selected “Admin only” or “User + Admin”, then the CC to Admins section appears. Use this section to specify administrative users who should receive the alert. |
Related Topics