Manualshelf

Hardware reference guide

ManualsBrandsAlto ManualsComputer equipmentBEXT 100H
81828384858687888990
GlobalProtect Administrator’s Guide 81
Set Up the GlobalProtect Mobile Security Manager Define Deployment Policies
characteristics of the device, such as OS version, tag, or device model. See About HIP Matching.
Configurations—Contain the configuration settings, certificates, provisioning profiles (iOS only), and
device restrictions to push to the devices that match the corresponding policy rule. Because the iOS
and Android operating systems support different settings and use different syntax, you must create
separate configurations to push to each OS; you can attach both an iOS and an Android configuration
to the same policy rule and the Mobile Security Manager will automatically push the correct
configuration to the device. For details on how to create configurations, see Create Configuration
Profiles.
Notification of Non-Compliance—In some cases, a device may not match any of the policy rules you have
defined due to non-compliance. For example, suppose you create a HIP profile that only matches devices
that are security compliant (that is, they are encrypted and are not rooted/jailbroken) and attach it to your
deployment policy rules. In this case, configurations are only pushed to devices that match the HIP profile.
You could then define a HIP notification message to send to devices that do not match the profile, specifying
the reason that they are not receiving any configuration. For more details, see About HIP Notification.
Collection of Device Data
The Mobile Security Manager collects the following information (as applicable) from a mobile device each time
it checks in:
About User and Group Matching
In order to define mobile device deployment policies based on user or group, the Mobile Security Manager must
retrieve the list of groups and the corresponding list of members from your directory server. To enable this
functionality, you must create an LDAP server profile that instructs the Mobile Security Manager how to
connect and authenticate to the LDAP server and how to search the directory for the user and group
information. After the Mobile Security Manager is successfully integrated with the directory server, you will be
able to select users or groups when defining mobile device deployment policies. The Mobile Security Manager
Category Data Collected
Host Info
Information about the device itself, including the OS and OS version, the GlobalProtect app
version, the device name and model, and identifying information including the phone
number, International Mobile Equipment Identity (IMEI) number, and serial number. In
addition, if you have assigned any tags to the device, this information is reported also.
Settings
Information about the security state of the device, including whether or not it is
rooted/jailbroken, whether the device date is encrypted, and if the user has set a passcode on
the device.
Apps
Includes a listing of all app packages that are installed on the device. if it contains apps that
are known to have malware (Android devices only), and, optionally, the GPS location of the
device.
GPS Location
Includes the GPS location of the device if location services are enabled on it. However, for
privacy reasons you can configure the Mobile Security Manager to exclude this information
from collection.