Ivanti Mobile Threat Defense overview

The Ivanti Mobile Threat Defense (MTD) consists of three components, as illustrated in the following figure.

  • Mobile Device Management (MDM) server (Ivanti EPMM)
  • MTD client application (Ivanti Mobile@Work for iOS and Android and Ivanti AppStation)
  • Ivanti EPMM Mobile Endpoint Security (MES Console)

Figure 1. Components of Ivanti Mobile Threat Defense

The Mobile Device Management (MDM) administrator is able to configure Ivanti EPMM to automatically install the required version of MTD client application, Ivanti Mobile@Work for Android and iOS, deploy and enable an MTD Activation token on selected devices, and configure the components to interoperate to protect devices from mobile threats.

After initial on-boarding, the following workflow is required to configure Ivanti Mobile Threat Defense:

  1. The administrator prepares Ivanti EPMM and the MTD Management Console for integration. See Ivanti Mobile Threat Defense prerequisites.

  2. The MTD Management Console authenticates and establishes communication with Ivanti MDM and synchronizes custom attributes and other device data. For more information about MTD console, see MTD console configurations.

  3. The administrator defines threat defense policies on the MTD Management Console and assigns them to different groups defined in the MTD Management Console. Each group will have its own activation code. Note that the Ivanti MTD "activation code" is used interchangeably with "license key" in the MTD activation configuration. See Threat protection policy.

  4. Ivanti Mobile Threat Defense is enabled on selected devices. See Activating Ivanti Mobile Threat Defense for MDM.

  5. Ivanti MTD-enabled Ivanti Mobile@Work clients check in and begin communicating with the MTD console and with Ivanti MDM

  6. (Optional) The administrator defines Ivanti MTD Local Actions on the Ivanti MDM console. See Configuring MTD Local Actions for Ivanti MDM.

  7. Ivanti MTD-enabled Ivanti Mobile@Work clients periodically scan the device for threats, and actions are taken in accordance with defined server-initiated and local action policies.