Nine41 Consulting | Set and Maintain a Desired Security State for MDM Managed Devices
apple, device management, dep, vpp, systems management, landesk, ivanti, lanrev, absolute, heat, mdm,
1172
post-template-default,single,single-post,postid-1172,single-format-standard,qode-quick-links-1.0,ajax_fade,page_not_loaded,,columns-3,qode-child-theme-ver-1.0.0,qode-theme-ver-11.0,qode-theme-bridge,wpb-js-composer js-comp-ver-5.1.1,vc_responsive
 

Set and Maintain a Desired Security State for MDM Managed Devices

Set and Maintain a Desired Security State for MDM Managed Devices

LANDESK Management and Security Suite 2016.3 has MDM management built into its core functionality.  Once a device is enrolled, you’ll have access to apply a number of different “Agent Settings” commonly known as Configuration Profiles in the Apple world.

LDMS 2016.3 has 4 out-of-the-box editable agent settings that can be built and assigned to a Mac or iOS device; Mobile Compliance, Mobile Connectivity, Mobile Exchange/Office 365 and Mobile Security.  You’ll find all of these profile in the Agent Settings tool within the Configuration toolbar of the Management Suite console.

Mobile Compliance can be used to ensure the device’s integrity.  For example, you can enable a compliance rule to detect if the device has been jailbroken and if it has, choose to selectively wipe it removing access to everything you’ve deployed to the device. mdm-mobilecompliance

Mobile Connectivity is where you would upload certificates to be used to bind to WiFi as well as the appropriate settings for the device to access your corporate WiFi. mdm-wifi-cert

Mobile Exchange/Office 365 should be self-explanatory.  Within this setting you’ll configure how your MDM devices will be configured to access your corporate email. mdm-o365

Mobile Security has the real meat and potatoes for the agent settings.  You can set a password policy, restrict the device functionality such as access to FaceTime, block access to the iTunes store, set the accessible ranges for content and ratings, control the behavior of iCloud and even block TouchID from unlocking the device.  mdm-mobilesecurity

Mix and match the agent settings as desired, when deploying them out you do not need to employ a “one-size-fits-all approach.”   When you create your Agent Settings task, you can select one of each to deploy at, giving you a ton of available combinations of configurations.

Once you have all of your Agent Settings created as desired, just create a Change Agent Settings task and target your MDM devices.

  1. While still in the Agent Settings window, click on the Calendar/Clock icon, it’s the second one in the menu bar and then select Change Settings.change-settings
  2. Give your task an appropriate name, I named mine “Passcode”
  3. Find the “Mobile …” from the list on the right hand side of the panel and click on the corresponding Keep agent’s current settings window area.
  4. Find your newly created Mobile Agent Setting and select it.mdm-changeagentsettings
  5. Now set your desired Task Settings (policy, push, policy supported push) and desired portal settings (required, recommended, optional). I used a policy-supported push and required.
  6. Add in your Targets
  7. Schedule your Change Settings task

Once a device is added to a task and the task is started, every time the device “syncs” with the LANDESK Management Suite server, it will compare itself against the current scheduled tasks on the core with what it currently has applied and will add/remove profiles accordingly.  So don’t delete your task once you’ve successfully applied an agent setting, so doing would in effect tell LANDESK to remove the agent setting from the device the next time it syncs.

No Comments

Post A Comment

ARE YOU READY TO GET STARTED?
Please fill out your information, and a specialist will reach out to discuss our services in more details.
Your Information will never be shared with any third party.
        
Free Training Videos
Register to gain access to all of our free content.
YOUR PHONE
YOUR NAME
YOUR EMAIL
        
Get Started
Provide us your contact information and we will reach out as quickly as possible.
YOUR PHONE
YOUR NAME
YOUR EMAIL
        
Additional Questions?
Provide us your contact information and we will reach out as quickly as possible.
YOUR PHONE
YOUR NAME
YOUR EMAIL
        
Pay by PO?
Provide us your contact information and we will reach out to help you sign up by PO.
YOUR PHONE
YOUR NAME
YOUR EMAIL
Subscribe Now
Subscribing to our site gives you access to our Apple Admin 101 training videos as well as allowing us to notify you of each new blog post we release.
YOUR PHONE
YOUR NAME
YOUR EMAIL
Pay by PO
Send us your contact information and we will reach out to help you sign up by PO.
YOUR PHONE
YOUR NAME
YOUR EMAIL
Additional Questions?
Send us your contact information and your questions and we will reach out as quickly as possible.
YOUR PHONE
YOUR NAME
YOUR EMAIL
YOUR QUESTIONS
Get Started
Provide us your contact information and we will reach out as quickly as possible.
YOUR PHONE
YOUR NAME
YOUR EMAIL
Free Training Videos
Subscribing to our site gives you access to our Apple Admin 101 training videos as well as allowing us to notify you of each new blog post we release.
FIRST NAME
LAST NAME
PHONE
EMAIL
Subscribe Now
Subscribing to our site gives you access to our Apple Admin 101 training videos as well as allowing us to notify you of each new blog post we release.
FIRST NAME
LAST NAME
PHONE
EMAIL