Enabling additional MTD anti-phishing protection

You have the option to enable additional Ivanti Mobile Threat Defenseanti-phishing protections for managed Android and iOS devices:

  • On-device VPN to analyze malicious URLs – This option uses VPN to provide anti-phishing protection without requiring end-user confirmation. Tapped links are checked against an on-device database of malicious URLs.

  • Content Blocker – (iOS devices) This option blocks all network traffic when a phishing threat is detected. Once cleared, network traffic is again allowed. The end user must enable this feature.

  • URL Handler – (Android devices) When the device user taps on a URL, the MTDphishing protection intercepts the URL on the default browser, scans it, and if malicious, blocks it. Otherwise, the URL opens. See Understanding URL Handler.

These additional anti-phishing configurations can be used in conjunction with Threat Management Console anti-phishing policies.

Procedure 

  1. Log in to Ivanti EPMM Admin Portal.

  2. Go to Policy & Configs > Policies.

  3. Click Add New > MTD Anti-Phishing. The Add MTD Anti-Phishing Policy page opens.

    Figure 1. Creating an MTD anti-phishing policy

  4. In the Add MTD Anti-Phishing Policy dialog box, enter a name for the policy.

  5. For status select Active. This is the default setting.

  6. Specify a priority for this policy, relative to the other custom policies of the same type. Select Higher than or Lower than, then select an existing policy from the drop-down list. This priority determines which policy is applied if more than one policy is available.

    Only one active policy can be applied to a device.

  7. (Optional) Enter a description.

  8. In the iOS section, select from the following policy options:

    Figure 2. iOS MTD anti-phishing options

    1. Use on-device VPN to analyze malicious URLs
    2. Enable Content Blocker anti-phishing
  9. In the Android section, select from the following policy options:

    Figure 3. Android MTD anti-phishing options

    1. Use on-device VPN to analyze malicious URLs
    2. Enable URL Handler anti-phishing. See Understanding URL Handler.
  10. Click Save.

  11. Apply a label to the policy. See Creating MTD labels in Ivanti EPMM for Android and iOS devices.

  12. Create a compliance policy rule to ensure that device users enable MTD anti-phishing protection. See Creating compliance policy rules and groups.

    Give the policy the following settings:

    1. Condition: MTD Anti-Phishing status / Equals / Not Enabled

    2. Regular Expression: "common.mtd_anti_phishing_status"="CLIENT_NOT_ENABLED"

      This expression makes the devices go out of compliance, and it triggers a compliance action that forces device users to enable MTD phishing protection.

  13. Force device check in.

MTD Anti-Phishing policy using VPN is not supported on Apple User Enrolled devices.

Content Blocker anti-phishing will not work on iOS devices that have "Popups in Safari not allowed" enabled in their iOS device settings. Distribute an iOS restriction configuration with "Block pop-ups" disabled, and verify that this restriction is disabled on client devices.