Creating MTD local actions in Ivanti EPMM

Using Ivanti Mobile Threat Defense Local Actions policies, you can set specific local actions to be taken on supported iOS and Android devices when the MTD-enabled client detects a threat. The MTD local actions policy is enforced on devices, independent of the device being connected to and in communication with Ivanti EPMM or the MTD console server. On the device, Ivanti Mobile@Work enforces the policy locally.

Before you begin 

Be sure you have completed MTD prerequisites.


  1. From the Ivanti EPMM Admin Portal, select Policies & Configs > Policies > Add New > MTD Local Actions.
  2. Enter the policy name into the Name field and an optional Description.
  3. In the Status field, select Active to enable the policy. Select Inactive to disable the policy.
  4. Specify the priority of this policy relative to other custom policies of the same type, to determine which policy Ivanti EPMM applies if more than one policy is available.

    Select Higher than or Lower than, and then select an existing policy from the drop-down menu.
    For example, to give "Policy A" a higher priority than "Policy B," select “Higher than” and “Policy B”.

  5. In the Threat category names and related threats table, click ^ to expand a threat category, displaying all of the threats contained within that category. This selection controls which notifications are enabled on the device and which migration actions are taken locally on the device when a threat is detected.
  6. Make your selections.
  7. Click Save to save the policy.

The Network Sinkhole action in the MTD Local Action policy is not applicable for Apple User Enrolled devices.