Using Ivanti Tunnel App for Android Anti-Phishing

If you choose to distribute managed Ivanti Tunnel for Android App, the VPN will be used to provide phishing protection. See Phishing and Content Protection (PCP) for Android devices with the Ivanti Tunnel app. The purpose is to provide a VPN pathway (see Deploying Ivanti Tunnel app to Android and Android Enterprise devices.)

Provision of Ivanti Tunnel for Android App for phishing protection is an optional step - required only if Ivanti Tunnel is deployed as the VPN app for the device.

Before you begin

Complete the following task before you begin:

Phishing and Content Protection (PCP)

Deploying Ivanti Tunnel app to Android and Android Enterprise devices

The Ivanti Tunnel application needs to be distributed in Ivanti Neurons for MDM and the Ivanti Sentry Access configuration needs to be set up along with the Split DNS URL.

Ensure that private DNS is not configured if the administrator is going to use the Ivanti Tunnel for Android app to provide VPN and anti-phishing functionality. When Ivanti Tunnel for Android is running and private DNS is enabled on the device, the internet will be not be connected.
Ensure that Wi-Fi proxy is not configured if the administrator is going to use the Ivanti Tunnel for Android app to provide anti-phishing. If Wi-Fi proxy is configured, Ivanti Tunnel for Android will not receive any network traffic.

Procedure

In the Ivanti Neurons for MDM portal, go to Apps > App Catalog.
Find the app in the Google Play Store.
Select the app entry.
Accept permissions on behalf of Android Enterprise users.
Select Next.
Select a distribution option.
Expand Advanced Options & App Configuration.

Use the following guidelines to complete the options:

**Table 9.** Available app settings
Setting	Description
Install on Device	Select this option to start installation immediately after registration. The user will be prompted to confirm installation of the app except when the device is a Samsung Knox device and the silent installation option below has been selected.
Do not show app in end user App Catalog	Select this option if you do not want the user to see the app in the app catalog on the device.
Silently install on Samsung Knox devices	Select this option if you do not want the user prompted to confirm installation on Samsung Knox devices.
Set App Install Priority	For Android Enterprise apps you can prioritize downloading of specific apps before other apps. For example, you can prioritize the download of Ivanti Tunnel and Email apps before other noncritical apps. The following are the available priority level options: High This setting is for critical or high-priority apps. Medium (selected by default) Low This setting is applicable for In-House, Public, Private and Web apps. The in-house apps are installed via the client and the public and private are installed via Google. The app priority is applied only to those apps that are installed via the same channel.
Install only when connected to Wi-Fi	Select this option to install the app only when the device is connected to the Wi- Fi.
Install only when charging	Select this option to install the app only when the charging of the device is in progress.
Install only when idle	Select this option to install the app only when the device is in idle (not actively used by the user).

Select Next.
Select a promotion option.
Select Done.

It is required to have the Split Domain URL field configured in order to have Anti-Phishing. See Ivanti Tunnel configuration field description for Android Enterprise in the Ivanti Tunnel for Android Guide > SplitDomainsList.

Note the following:

"Use Tunnel For Anti-Phishing Only" should not be selected.
It is required that the Split Domain URL list is configured, else all traffic will be directed to Ivanti Sentry and therefore, Anti-Phishing protection will not be provided.