Creating compromised devices policy

Creating a compromised devices policy for MTD is optional, however, Ivanti recommends having standard policies in place. You can choose from a wide array of Ivanti Neurons for MDM policy templates, that you can use or modify to create robust compliance policies. As an example, let's set up a policy to restart an iOS device if the jail-breaking policy is violated.

For reference and other information about these options, see Policy > Adding a custom policy in the Ivanti Neurons for MDM Administrator Guide.

Procedure 

  1. From the Ivanti Neurons for MDM Administrator console, select Policies. The Policies page displays.

  2. Select +Add for policy options. The Choose Policy Type page displays.

  3. Select Compromised Devices. The Compromised Devices menu displays.

  4. Give the policy a useful name in the Name field. Add an optional description, if you desire.

  5. From the Choose Actions section, select Monitor to configure tiered compliance actions.

    Ivanti Sentry version 9.0.0 or later is required to utilize the tiered compliance actions.

  6. In the first Actions field, select an option from the menu:

    Figure 1. Tiered compliance action menu

    Screen shot of the Tiered compliance action menu

    • Do Nothing (the default) – Take no action.
    • Send Notification – Follow the prompts to create a warning email.
    • Wait – Select the waiting time in minutes, days, or hours.
    • Restart Device Once – When a device goes out of compliance, the device is restarted. This will bring some devices back into compliance.
    • Quarantine – Configure default and optional quarantine actions.
    • Block – Uses Ivanti Sentry to block managed devices from accessing email and AppConnect-enabled applications. Ivanti Sentry version 9.0.0 or later is required to utilize the block action.
    • Retire – Retires the device. This action cannot be undone.

  7. For example, you might want your first action to be an email or text message to the user. So select Send Notification, and configure your message.

  8. To add more compliance levels, select the plus (+) icon to the right of the action. To delete any level, select the red minus (–).

  9. For the second action, select Restart Device Once. No configuration for this option is needed.

    Figure 2. Restart Device Once option to limit notifications

    Screen shot showing Restart Device Once option to limit notifications

  10. Select Yes, I understand... after you read how these policies will affect devices.

  11. Select Next. The Distribute page displays.

  12. Select a distribution option.

  13. Select Done. The policy is pushed to devices at the next check-in.