MTD support for Android 10
Ivanti Mobile Threat Defense supports Android 10 OS, with the following configuration caveats:
Location services are required to detect network threats – Android 10 devices require that location services be on to configure Wi-Fi. Turning off location services impacts the client’s ability to identify network threats, including Unsecured Wi-Fi and Rogue Access Points. Irrespective of location permission status on the device, the critical network-based threats like MiTM, MiTM Fake SSL Cert, and Internal Network Access are still detected.
Note the expected location and Wi-Fi behavior for different modes of Android, described below.
Deployment mode | Expected behavior |
---|---|
All modes |
Disconnect Wi-Fi local action is disabled in all modes on Android 10 devices. |
Android Enterprise
|
During installation or upgrade of MTD on Android 10, the device user is prompted to enable location services for both device and profile. If Disallow share location is enabled in the PO lockdown config, this will block the user's ability to turn on location services. Uncheck this feature to prompt the user to enable location services.
|
Android Enterprise
|
Location settings are enabled without user action, allowing Wi-Fi configurations and MTD detection of network threats. |
Device administrator
|
Wifi APIs are not available for DA and mobile application management (MAM) modes, even if location services are enabled. So MTD cannot detect network threats for these devices. All configured non-network threats will be detected. |
Corporate owned, personally enabled
|
MTD requires that COPE devices running Android 10 have location enabled at all times, and currently cannot be disabled. |