Hardware reference guide

GlobalProtect Administrator’s Guide 115

Manage Mobile Devices

After your mobile device users enroll with the GlobalProtect Mobile Security Manager, you can monitor the

devices and ensure that they are maintained to your standards for protecting your corporate resources and data

integrity standards. Although GlobalProtect Mobile Security Manager simplifies the administration of mobile

devices, enabling you to automatically deploy your corporate account configuration settings to compliant

devices, you can also use Mobile Security Manager for remediation of security breaches by interacting with a

device that has been compromised. This protects both corporate data as well as personal end user data. For

example, if an end user loses a device, you can send an over-the-air (OTA) request to the device to sound an

alarm to help the user locate it. Or, if an end user reports a lost or stolen device, you can remotely lock the device

from the Mobile Security Manager or even wipe the device (either completely or selectively).

In addition to the account provisioning and remote device management functions that the Mobile Security

Manager provides, when integrated with your existing GlobalProtect VPN infrastructure, you can use host

information that the device reports to the Mobile Security Manager to enforce security policies for access to

applications through the GlobalProtect gateway and use the monitoring tools that are built into the Palo Alto

next-generation firewall to monitor mobile device traffic and application usage.

This chapter describes how to manage mobile devices from the Mobile Security Manager and how to integrate

information learned by the Mobile Security Manager into your network security infrastructure:

 Group Devices by Tag for Simplified Device Administration

 Monitor Mobile Devices

 Administer Remote Devices

 Create Security Policies for Mobile Device Traffic Enforcement