Device status and threat detail reporting to your EMM solution

Document created by Pamela S. Lee on Jan 19, 2018Last modified by Pamela S. Lee on Feb 20, 2018
Version 2Show Document
  • View in full screen mode

SandBlast Mobile offers enhanced features for integrations with EMM solutions and now reports the device life cycle status, device security risk, and device threat factors to the EMM solution.

 

This per device information on the EMM can be used to create granular device policies.

 

For example: By using the device life cycle status, the EMM can apply one policy for devices that have SandBlast Mobile installed and running, and apply a different policy for devices which are Provisioned or Inactive.

 

Another example: By using the device security risk level, the EMM can apply one policy for devices with a high risk level, and apply a different policy for devices with a medium risk level.

 

The threat factor information reflected in the EMM can also be used to apply different policy by device threat factor; for example, devices under network attack or devices which are rooted/jailbroken.

 

The feature was implemented with different approaches per EMM vendor base on the vendor API support.

 

The following table lists the method used and availability per EMM vendor.

EMM PlatformLife Cycle StatusSecurity RiskThreat FactorsComment
BlackBerry BES/UEMDevice GroupDevice GroupNot AvailableGeneral Availability
Citrix XenMobileDevice PropertyDevice PropertyDevice PropertyGeneral Availability
IBM MaaS360Device Custom AttributeDevice Custom AttributeDevice Custom AttributeGeneral Availability
Microsoft IntuneDevice ComplianceDevice ComplianceNot AvailableGeneral Availability
MobileIronDevice Custom AttributeDevice Custom AttributeDevice Custom AttributeEarly Availability. Limited to specific versions of MobileIron
VMware AirWatchDevice TagDevice TagNot AvailableGeneral Availability

 

There are 3 Life Cycle Status states:

StatusDescription
ProvisionedWhen a device is first added in SandBlast Mobile Dashboard by the EMM, prior to device registration.
ActiveAfter the user has installed and registered to SandBlast Mobile.
InactiveIf the device hasn’t checked-in with SandBlast Mobile for X number of days (configured by the SandBlast Mobile Admin)

 

There are 4 Security Risk states: None (No Risk), Low, Medium, and High.

For example, if the device has a Low risk app and a High risk (malicious) URL in a SMS message, then the device will be marked as at High Risk. Once the High Risk issue has been remediated (SMS deleted), then the device will be marked as at Low Risk. Once the Low Risk issue has been remediated, the device will be marked as None (No Risk).

 

The Threat Factor is a list of threat factors associated with the Security Risk level, such as TF_BACKUP_TOOL, etc. These threat factors can be used to provide additional detail and granularity of the current Risk level, however, they are not necessarily appropriate for policy triggers.

 

Configuration of these states is done on the MDM Configuration screen by navigating to Settings > Device Management > Setting > MDM Service.

Attachments

    Outcomes