Manualshelf

Hardware reference guide

ManualsBrandsAlto ManualsComputer equipmentBEXT 100H
81828384858687888990
84 GlobalProtect Administrator’s Guide
Define Deployment Policies Set Up the GlobalProtect Mobile Security Manager
Push a GlobalProtect VPN configuration profile to
simplify deployment—To simplify the deployment of the
GlobalProtect agent settings to the iOS devices you manage,
create an iOS configuration profile and configure the VPN
settings so that the device will automatically be able to connect
to your GlobalProtect VPN upon deployment of the
corresponding policy.
Create separate configuration
profiles for access to different
accounts—Although you can create
configuration profiles that push
settings for multiple accounts, you can
simplify administration and enhance
usability by creating separate
configuration profiles for each service.
This allows users to delete profiles for
accounts that they do not need or want.
Similarly, when user access needs to a
particular service change, you can simply change the policy deployment settings so that the profile is
automatically removed from or added to user devices as appropriate. In addition, by segregating the account
configurations into separate files, you can more easily create policies that are tailored to the access needs of
your user groups.
Use iOS provisioning profiles to simplify deployment of enterprise apps—Provisioning profiles
provide a convenient and automated method for distributing internally-developed enterprise apps to the
managed iOS devices on your network. Although the Mobile Security Manager simplifies the deployment of
provisioning profiles to a large number of mobile devices, there are some security factors to consider. When
revoking access to an app that has been enabled via a provisioning profile, the app will continue to run on
the device until the next power cycle even if the Mobile Security Manager policy removes the profile. In
addition, because provisioning profiles are synchronized with iTunes, the profile may get re-installed the next
time the end user syncs the device with iTunes. Consider the following best practice recommendations:
Require authentication to use the app. This prevents access to users who are not longer authorized to
use the app, but still have the provisioning profile installed on their devices.
To ensure that corporate app data is not backed up to iCloud or iTunes where it could be accessed by
unauthorized users, make sure the apps you develop internally us the application’s Caches folder to
store data because this folder is excluded from backup.
When removing a user’s access privileges to the app, do not rely solely on removal of the provisioning
profile from the Mobile Security Manager policy, but also deactivate the user’s account on your internal
servers.
Make sure that you have the ability to erase the local app data on the mobile device when user access
to the app is removed.