Managing Ivanti Mobile Threat Defense through the MTD console and local actions

Detected threats can be remediated through a combination of local- and server-initiated mitigation and compliance actions. Applied together, they provide the highest level of client threat protection.

• Setting up the MTD threat management console is done through the MTD threat management console.
• Setting up the UEM platform is done through the Admin Console.

The process works this way:

• If mitigation is implemented using Local Actions, the threat is remediated based on the Local Actions configuration and does not need connection to Ivanti EPMM or MTD console.

• If the device is connected to Ivanti EPMM and MTD console (server-initiated), any threats detected on the device informs the MTD console of threat status. MTD console instructs Ivanti EPMM that a policy violation has been triggered. Ivanti EPMM assigns the compromised device to the appropriate label, which can trigger a custom enforcement workflow.

• When the threat is remediated on the device, the client passes this state change to the MTD console. The MTD console tells Ivanti EPMM that the policy violation has been removed and removes the label that triggered a custom enforcement workflow from the device. Ivanti EPMM then restores the device back to normal operations.