MTD console configurations

After configuring MDM, you will need to configure the MTD console.

  • Adding Ivanti EPMM as your MDM server in MTD console

  • Threat protection policy

  • Phishing and Content Protection (PCP)

Leave the browser with the MTD Management Console open for easy access during the global enrollment code process (see Activating Ivanti Mobile Threat Defense for MDM.

Adding Ivanti EPMM as your MDM server in MTD console

You must add Ivanti EPMM as your Mobile Device Management(MDM)server in the MTD threat management console to enable Ivanti Mobile Threat Defense. You will need to select the MDM label required to identify the MTD enabled devices and to set the MTDthreatlevel. In Ivanti MTD’s MES console make the following selections:

  • Use the following label to identify devices that should have Lookout for Work app activated - Ivanti MTD Enrolled .

  • Custom attribute used to convey issue state level, if any - IvantiMTDThreatLevel.

The relevant devices, and apps from Ivanti MDM are shown in the MTD console.

Before you begin

  • Locate the user name and password for the MTD console tenant you received from MTD after purchasing Ivanti Mobile Threat Defense Solution for MDM.
  • Be sure you have completed Assigning roles to the API user.

ProcedureProcedure

  1. Log in to your MTD console tenant with the credentials provided by MTD. The username and password defined for the MTD administrator are required to establish communication with Ivanti EPMM and synchronize the two servers.

  2. Navigate to Manage > Integrations > Add MDM.

  3. Select Ivanti EPMM to add it to the MTD console as an MDM server.

  4. Create your configuration using the following required information:

    Table 6.  Configuring Ivanti EPMM as an MDM server
    Item Description
    Label for this MDM connection

    Enter a name for your MDM connection.
    Ivanti EPMM

    Enter the FQDN or externally accessible URL for your Ivanti MDM in secure hypertext protocol (HTTPS). For example: https://na2.ivanti.com

    You may need to allow list Ivanti MTD IP addresses to establish connectivity.
    Username/Password

    Enter the API user name and password created earlier. The administrator user should be assigned several roles, including API, as described in MDM preconfigurations.

  5. Select Create Integration. The Connector Settings page expands to include more sections.

  6. In the Enrollment Management > Device Enrollment section, make the following selections:

    1. Move the slider to ON in the Automatically drive Lookout for Work enrollment on Ivanti MDM managed devices field.

    2. Enter Ivanti MTD Enrolled in the Use the following label to identify devices that should have the Lookout for Work app activated field.

    3. Select the number of minutes in the How often should Lookout check for new devices field. Ivanti recommends the following sync intervals for optimal performance:

      1. 10K MTD device deployments - use 15 minute sync intervals

      2. 20K MTD device deployments - use 30 minute sync intervals

      3. 50K MTD device deployments - use 90 minute sync intervals

    4. Move the slider to ON in the Treat devices which are removed from the enrollment custom attribute as unenrolled from Ivanti MDM field.

  7. Slide "Automatically deactivate Lookout on select devices" to ON.

  8. Deactivate Lookout on devices with any of these Ivanti EMM statuses.

    9. Select the device statuses accordingly:

    lost, wiped, retired (check boxes)

    In the State Sync section, both the "Synchronize device status to Ivanti EMM" and "Override Labels with Custom Attributes for State Sync" options should be set to ON.

    State Sync / Risk Status Section.

  9. Set "Devices with any issues present" to ON and select the corresponding IvantiMTDThreatLevel custom attribute that was previously defined.
    The next four flags should be set to OFF for low, medium, high, and no risk issues present.