cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

Sandblast mobile and MS Intune

Has anyone got MS Intune and Sandblast mobile working correctly?

My setup seems to be properly setup but once Sandblast is installed on my iOS devices, they will report as non compliant in intune.

In the company portal app, it reports that the device does not meet  a mobile policy and to open sandblast to resolve the issue but when sandblast app opens it does not report anything wrong.

If I remove sandblast the device becomes compliant again.

The sandblast portal shows the devices as connected and no issues.

Intune reports the sandblast connector as active and in sync.

0 Kudos
5 Replies
Employee+
Employee+

Re: Sandblast mobile and MS Intune

Hello Ian,

With the device actively syncing to SandBlast Mobile Dashboard, open the device details by clicking on the device id.

Go to the severity pulldown menu and select all. Are there any warnings in that area? If so, are they sufficient to company policy to be flagged? If not, then go back into MS Intune Portal and navigate to Device compliance > Policies and select the policy that you want to edit. Under Properties > Settings, select the appropriate MTD level. They are: Secured, Low, Medium, and High.

 The definitions are as follows:

   Secured:  This is the most secure. The device cannot have any threats present and still access company                         resources. If any threats are found, the device is evaluated as non-compliant.

Low:        The device is compliant if only low level threats are present. Anything higher puts the device in a non-compliant status.

Medium:  The device is compliant if the threats found on the device are low or medium level. If high level threats are detected, the device is determined as non-compliant.

High:       This is the least secure. This allows all threat levels, and uses Mobile Threat Defense for reporting purposes only. Devices are required to have the MTD app activated with this setting.

Select the setting that is most appropriate, I would suggest trying Low.

Best Regards!

Pam

0 Kudos
Employee+
Employee+

Re: Sandblast mobile and MS Intune

Hi Ian, how are you?

1. What guide did you use to setup the entire environment? Did you use all the steps?

2. In building this environment,  missing one of the steps can create such issues.

D

0 Kudos

Re: Sandblast mobile and MS Intune

Thanks for the replies. 

My setup was done following Microsoft documentation and all steps were followed.

Set up the Check Point SandBlast integration with Intune - Intune on Azure | Microsoft Docs 

I have also changed my MTP policy from 'Secured' down to 'Low' then to 'Medium' and finally 'High' my device always reports as non compliant.

Nothing is reported in the SB portal and annoyingly in Intune my device shows as non compliant but when I look at the device compliance policies they all show as green.

If I remove SBM from my device, it instantly becomes compliant again.

0 Kudos
Employee+
Employee+

Re: Sandblast mobile and MS Intune

Ian, can you please contact me offline so that I can help you troubleshoot?

pslee@checkpoint.com

I would like to know the OS, OS version, Device Manufacturer/Model.

Ping me and perhaps we can organize a quick chat.

Thank you!

Pam

Re: Sandblast mobile and MS Intune

Thank you for replying.

I stripped the whole thing out and started again and now it seems to be working, at least on my device, i'll try a couple more and hopefully all is now good.