Creating MTD custom policies

The Ivanti Neurons MTD solution provides protection for three threat types - Device, Network, and Applications. Depending on the importance for your organization, each threat can be configured in Ivanti Neuron’s Mobile Endpoint Security (MES) Console with low, medium, or high severity level.

For each threat level, you can create custom policies based on the threat severity. The administrator can choose from a list of compliance actions to be taken against violating devices. This allows the administrator to better manage access control. (For more information see Compliance Actions in the Ivanti Neurons for MDM Administrator Guide.)

MES determines the device threat level based on the threats detected on the device, and updates the device threat level via the device custom attribute IvantiMTDThreatLevel in MDM.

The compliance actions are evaluated during the regularly scheduled client check-in event, and the selected compliance actions are enforced on the client when the device is determined to be non-compliant with policy.

With tiered compliance actions, you can customize the policy to include up to three levels of action to better manage compliance actions: Low, Medium, and High.

As a best practice, you should have the following custom policy rules:

  • For Low threat levels - monitor, send initial notification, wait four hours, then block and send block action notification
  • For Medium threat levels - monitor, block, send block action notification, wait four hours, then quarantine and send quarantine action notification
  • For High threat levels - monitor, quarantine, send quarantine action notification, wait eight hours, then retire and send retire action notification
  • A tiered compliance custom policy can apply to any of the above situations. The following are different types and can be applied over hours or days: 
    • Block - notify
    • Notification
    • Quarantine - remove. If Low, send notification and let user decide what action to take.
    • Tiered Compliance 23 hours
    • Tiered Compliance 4 hours

Important! If a policy has previously been triggered on a device, adding the tiered policy will reset the policy and any compliance actions that had previously been applied. The new custom policy will be applied at the next device check-in.

Procedure 

  1. In Ivanti Neurons for MDM Administrator console, go to Policies.
  2. Select + Add.
  3. Select Custom Policy.
  4. Enter MTD Low Threat as the policy name.
  5. Under Conditions, select Custom Device Attribute.
  6. Select IvantiMTDThreatLevel from the drop-down box and set the condition is equal to Low.
  7. Under Choose Actions, select Monitor and Send Email and Push Notification, or both.
  8. Under Email Message fields, enter your preferred subject and body text.
  9. Under Push Notification, enter your preferred message text.
  10. Select Yes,Next, and Done.

  11. Repeat this procedure to add the following policies (and any other custom policies you create) :

    Table 7.  Recommended policies
    Policy Name Custom Device Attribute Value Compliance Action

    MTD Medium Threat

    Medium

    • Monitor
    • Send email and Push Notification
    • Block

    MTD High Threat

    High
    • Monitor
    • Send email and Push Notification
    • Quarantine
    • Retire