This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Kronos
Explorer
‎2022-04-13 01:47 AM

Harmony Mobile BYOD exchange enforcement

Looking at integrating Harmony Mobile product to a Azure AD and using the risk profiles created by the HM product to prevent access to exchange servers from mobile devices that are above a certain risk threshold.

Main intent is to provide BYOD users access to exchange and block if their device is displaying any security risk flags. I know the easy answer is to integrate with an MDM solution but this cant be done on BYOD devices.

Has anyone had any experience of this or the joys of cyber essentials plus assessments.

Many thanks for your help.

0 Kudos
9 Replies
Chris_Atkinson
Employee Employee
Employee
‎2022-04-25 08:16 AM

Have you experimented with Conditional Access settings for "High" risk devices?

Go to Policy > select Policy Profile > On-device Network Protection > Content Inspection > Conditional Access

CCSM R77/R80/ELITE
0 Kudos
Kronos
Explorer
‎2022-04-25 09:33 AM
In response to Chris_Atkinson

Thank you

I am now getting the following alert on the mobile.

Kronos_2-1650904123215.png

Screen shot from my admin portal attached below but i can still access my corporate outlook from my device.

Preview file
29 KB
0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2022-04-25 04:26 PM
In response to Kronos

Unfortunately the screenshot doesn't show in what way On-device Network Protection (ONP) is currently enabled?

It's located just above the portion of the screen captured...

Also depending upon if HTTPs inspection is used you may need to specify the corresponding IP addresses.

CCSM R77/R80/ELITE
0 Kudos
the_rock
Legend
Legend
‎2022-04-25 04:27 PM
In response to Chris_Atkinson

I believe admin guide indicates that conditional access is only for blocking access to domains if you connect to rogue wifi.

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2022-04-25 04:34 PM
In response to the_rock

Don't believe so, can you please share the reference to this ?

(Rogue WiFi is certainly a trigger for a change in device risk however.)

CCSM R77/R80/ELITE
0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2022-04-25 04:46 PM
In response to the_rock

Thanks Im aware of the documentation location, but I cannot see the linkage between rogue wifi and conditional access therein 

CCSM R77/R80/ELITE
0 Kudos
the_rock
Legend
Legend
‎2022-04-25 04:48 PM
In response to Chris_Atkinson

O, sorry, thats what we were told via TAC case when asking about rogue wi-fi / conditional access.

0 Kudos
the_rock
Legend
Legend
‎2022-04-25 04:59 PM
In response to Chris_Atkinson

Unless I misunderstood something about it...reading the guide again, it would seem its more related to blocking access regardless of rogue wi-fi...

0 Kudos
Upcoming Events

    Sort by:
    CheckMates Events