When a compromised device accesses corporate resources, data is immediately at risk.
The Conditional Access feature allows an organization to automatically control access to corporate resources by compromised devices.
As a result, if a device is exposed to an attack, access to corporate networks or any on-premise and cloud apps will be controlled.
The enforcement of this policy is independent of Unified Endpoint Management (UEM) solutions.
Enabling Conditional Access
- Navigate to Settings > Policy Settings > On-device Network Protection.
- Under "Conditional Access" section, enter in an IP address with bitmask or a FQDN hostname into the Network Address field.
- Click "Add".
Conditional Access In Action
User Experience
The user experience is similar on iOS and Android.
- When the user's device is at high risk, they will see a reminder in SandBlast Mobile Protect that Corporate Access is Blocked.
- If the user tries to access a restricted corporate asset via a browser or an app such as mail, they will receive an in-app notification pop-up.
ONP Conditional Access - Administrator's Dashboard View
- Navigating to Events & Alerts, the Administrator can see the On-device Network Protection event.