https://community.checkpoint.com/t5/Mobile/New-Capability-for-ONP-Conditional-Access/m-p/41046#M226 <HTML><HEAD></HEAD><BODY><P>When a compromised device accesses corporate resources, data is immediately at risk.</P><P>The Conditional Access feature allows an organization to automatically control access to corporate resources by compromised devices.</P><P>As a result, if a device is exposed to an attack, access to corporate networks or any on-premise and cloud apps will be controlled.</P><P>The enforcement of this policy is independent of Unified Endpoint Management (UEM) solutions.</P><P></P><H2>Enabling&nbsp;Conditional Access</H2><OL><LI>Navigate to&nbsp;<STRONG>Settings &gt; Policy Settings &gt; On-device Network Protection</STRONG>.</LI><LI>Under "Conditional Access" section, enter in an IP address with bitmask or a FQDN hostname into the Network Address field.</LI><LI>Click "Add".<BR /><IMG __jive_id="66999" class="image-1 jive-image" height="750" src="https://community.checkpoint.com/legacyfs/online/checkpoint/66999_pastedImage_1.png" width="1458" /></LI></OL><P></P><H2>Conditional Access&nbsp;In Action</H2><H3>User Experience</H3><P><SPAN style="color: #333333; background-color: #ffffff;">The user experience is similar on iOS and Android.</SPAN></P><OL><LI>When the user's device is at high risk, they will see a reminder in SandBlast Mobile Protect that Corporate Access is Blocked.<BR /><IMG __jive_id="67284" alt="" class="image-3 jive-image" height="300" src="https://community.checkpoint.com/legacyfs/online/checkpoint/67284_conditional-access-1.png" width="175" /></LI><LI>If the user tries to access a restricted corporate asset via a browser or an app such as mail, they will receive an in-app notification pop-up.</LI></OL><P></P><H3>ONP&nbsp;Conditional Access - Administrator's Dashboard View</H3><OL><LI><SPAN style="color: #333333; background-color: #ffffff;">Navigating to&nbsp;</SPAN><SPAN style="color: #333333; background-color: #ffffff; border: 0px; font-weight: bold; margin: 0px;"><STRONG>Events &amp; Alerts</STRONG></SPAN><SPAN style="color: #333333; background-color: #ffffff;">, the Administrator can see the On-device Network Protection event.<BR /></SPAN><IMG __jive_id="67283" alt="" class="image-2 jive-image" height="750" src="https://community.checkpoint.com/legacyfs/online/checkpoint/67283_ONP_Testing_Events&amp;Alerts-conditional-access.png" width="1460" /></LI></OL></BODY></HTML> Mon, 07 May 2018 21:05:36 GMT Pamela_S__Lee 2018-05-07T21:05:36Z https://community.checkpoint.com/t5/Mobile/New-Capability-for-ONP-Conditional-Access/m-p/41046#M226 <HTML><HEAD></HEAD><BODY><P>When a compromised device accesses corporate resources, data is immediately at risk.</P><P>The Conditional Access feature allows an organization to automatically control access to corporate resources by compromised devices.</P><P>As a result, if a device is exposed to an attack, access to corporate networks or any on-premise and cloud apps will be controlled.</P><P>The enforcement of this policy is independent of Unified Endpoint Management (UEM) solutions.</P><P></P><H2>Enabling&nbsp;Conditional Access</H2><OL><LI>Navigate to&nbsp;<STRONG>Settings &gt; Policy Settings &gt; On-device Network Protection</STRONG>.</LI><LI>Under "Conditional Access" section, enter in an IP address with bitmask or a FQDN hostname into the Network Address field.</LI><LI>Click "Add".<BR /><IMG __jive_id="66999" class="image-1 jive-image" height="750" src="https://community.checkpoint.com/legacyfs/online/checkpoint/66999_pastedImage_1.png" width="1458" /></LI></OL><P></P><H2>Conditional Access&nbsp;In Action</H2><H3>User Experience</H3><P><SPAN style="color: #333333; background-color: #ffffff;">The user experience is similar on iOS and Android.</SPAN></P><OL><LI>When the user's device is at high risk, they will see a reminder in SandBlast Mobile Protect that Corporate Access is Blocked.<BR /><IMG __jive_id="67284" alt="" class="image-3 jive-image" height="300" src="https://community.checkpoint.com/legacyfs/online/checkpoint/67284_conditional-access-1.png" width="175" /></LI><LI>If the user tries to access a restricted corporate asset via a browser or an app such as mail, they will receive an in-app notification pop-up.</LI></OL><P></P><H3>ONP&nbsp;Conditional Access - Administrator's Dashboard View</H3><OL><LI><SPAN style="color: #333333; background-color: #ffffff;">Navigating to&nbsp;</SPAN><SPAN style="color: #333333; background-color: #ffffff; border: 0px; font-weight: bold; margin: 0px;"><STRONG>Events &amp; Alerts</STRONG></SPAN><SPAN style="color: #333333; background-color: #ffffff;">, the Administrator can see the On-device Network Protection event.<BR /></SPAN><IMG __jive_id="67283" alt="" class="image-2 jive-image" height="750" src="https://community.checkpoint.com/legacyfs/online/checkpoint/67283_ONP_Testing_Events&amp;Alerts-conditional-access.png" width="1460" /></LI></OL></BODY></HTML> Mon, 07 May 2018 21:05:36 GMT https://community.checkpoint.com/t5/Mobile/New-Capability-for-ONP-Conditional-Access/m-p/41046#M226 Pamela_S__Lee 2018-05-07T21:05:36Z