Devices

The Devices tab shows a list of all of the organization-protected devices with no filters. On this screen, you can add, remove, edit devices, import and export their details, and activate them.

Note - For environments equipped with a Harmony Mobile Connector and with PII decryption enabled, an icon reflecting the status of the Connector appears on the top-right corner of the Devices screen.

Item

Description

ID

A unique ID that is generated for each device upon installation of the Harmony Mobile Protect App. It is used by the system as a reference to the device (instead of the device actual details for privacy). Device IDs with a status that requires attention are clickable. Click on a Device ID to navigate to the Device Risk screen with specific filters for the device.

Name

(Device Owner)

Device name is given by the administrator when you send the registration link (or by UEMClosed Unified Endpoint Management. An architecture and approach that controls different types of devices such as computers, smartphones and IoT devices from a centralized command point., if used for deployment).

Email

Email is an identifier. The registration email is sent to the device.

When adding new devices, an email is sent to the email address defined in the wizard. Users logged on to devices with this email receive a registration request and are directed to download the App (Google Play store for Android or The Dashboard for iOS).

Note - The registration email is a one-time registration code. In case the user email is used on more than one device, the first mobile device that installs the app will be the only one registered. A new registration email will need to be sent for multiple devices logged on with the same user.

Device Number

Device Number is also configured by the administrator or in UEM during the app installation link creation. This is usually the phone number for the device.

This number only helps to identify the device, and is not used by the system. This field is optional.

OS

Device type (OS) is determined by the information received from the device upon the app installation. (iOS/Android/Android Enterprise)

Device Details

Device details are determined by the information received from the device post the Protect installation.

OS Version

OS Version is determined by the information received from the device post the Protect installation.

Installed Patch

The security patch version installed on the Android device.

Client Version

Client version indicates the Harmony Mobile Protect App version that is currently installed on the device.

Status

Status indicates the device current state:

  • Processing – A temporary state that occurs between adding the device manually and the Registration Invitation has been sent.

  • User Notified – A Registration Invitation was sent, device has not yet registered.

  • Provisioned – Device was added via UEM, device has not yet registered.

  • Active – Harmony Mobile Protect App is installed, the device was successfully registered, and the device was successfully scanned.

  • Inactive – Harmony Mobile Protect App was installed, the device was registered with Harmony Mobile Dashboard, and then Harmony Mobile Protect App was removed, or the device has not connected to the Dashboard in over X days.

Last Seen

Indicates one of these:

  • Last time when the device contacted the Harmony Mobile server to check for updates. This occurs twice every 24 hours.

  • Last time when the user initiated a full scan from the Harmony Mobile Protect App on the device.

Notes -

  • Last time when the traffic, application, or a web page was blocked by the Harmony Mobile Protect App is not recorded under Last Seen.

  • Devices with the Last Seen duration more than two days require your attention.

Member of

The device groups to which the device is added.

Device groups imported from UEM are labeled with the UEM logo.

Policy

Policy enforced on the device.

Note - To verify whether the latest policy is enforced on the mobile device, check the time stamp of the last policy update on the Harmony Mobile Protect App:

  • In Android devices, tap the three dots > Settings > About.

  • In iOS devices, tap the three dots > About > Policy.

UEM

UEM that manages the device.

Adding a New Device

Devices are invited to install the Harmony Mobile Protect App and register themselves in the dashboard through an invitation email generated from the dashboard under the Devices tab. Devices can be added through UEM sync as well. For customers who use UEM solutions such as BlackBerry, Workspace ONE UEM, or MobileIron, refer to the specific UEM in the Harmony Mobile UEM Integration Guide.

For customers who use Android Enterprise devices, please refer to the specific UEM integration guide for further guidance on how to configure UEM to synch Android Enterprise devices with Harmony Mobile.

The invitation is sent to an email address which must be read from the device. The first part of the email can be customized with customer specific message from Settings > Email customization.

  • iOS devices is redirected to install the app from the Apple App Store or to download the Enterprise signed App from the dashboard – this will be determined by a dashboard settings configured by Check Point. iOS installation consists of two steps in after the app is installed to activate. You must download iOS agent from the Dashboard and the Enterprise app must be trusted. After the installation process is completed, you must enter the server details and registration code. You will find the registration information and instructions in the registration email.

  • Android devices are redirected to Google Play Store to download the latest available Harmony Mobile Protect App. All registration information will be automatically entered by the system when using the download link in the email from the device during the installation process.

Note - For the Harmony Mobile solution to operate as expected on the end-user device, Harmony Mobile Protect App requires certain permissions. For more information, see Appendix D - Permissions for Harmony Mobile Protect App.

  1. Go to DevicesNew and click Add new device.

    The New Device window appears.

  2. Do these:

    • In the Name field, enter the device name.

    • In the Email Address field, enter the email address of the device owner.

    • In the Phone number field, enter the phone number of the device owner.

    • In the Group field, enter the device groups to which you want to add the device.

  3. Click Add.

    The system sends an email with the registration details and instructions to install the Harmony Mobile Protect App.

    When the device is added to the dashboard, an entry appears under the devices with a unique device ID. The device status is displayed as User Notified until the Harmony Mobile Protect App is installed and the device has communicated with the dashboard.

    When the App is successfully installed and run from the device, the registration screen appears. For Android devices, the system enters the information automatically. On iOS devices, you must enter the information manually.

    If the registration is successful, a full device scan is performed automatically. If no malware or malicious configurations are found, the app status appears in full green. If the communication with the dashboard is successful, the device entry changes from User Notified to Active, and the device details gets updated.

  1. Go to DevicesNew and click Import from file.

  2. Select the file and click OK.

    The system imports the device details to the Harmony Mobile Administrator Portal.

Adding a Device Group

You can assign devices to appropriate group when you add them to the system. You can also assign a group to the existing device.

To add a device group:

  1. Go to Devices > Groups.

  2. In the Manage Groups window, click .

  3. Enter the Name of the group and select the Parent group.

  1. Click Save.

Devices and device groups are imported from the Device Management platform during the integration.

Viewing Connected UEMs

The Connected UEMs option allows you to view the sync status of the UEMs integrated with your tenant.

To view the connected UEMs:

  1. Go to DevicesConnected UEM.

    The system shows a log of UEM syncs.

  2. To force an immediate device sync call without waiting for the next auto sync cycle, click and then Sync now.

  3. To temporarily stop or resume the device sync process, click and then Pause.

Managing Devices with More Actions

  1. Go to Devices and click More actions.

  2. To edit a device:

    1. Select the device and click Edit.

      The Edit Device window appears.

    2. Enter the required details and click Apply.

  3. To generate a registration code to enroll a new device:

    1. Select the device and click Registration code.

      The Registration Code window appears.

    2. Access the Registration URL or scan the QR code on your mobile device.

    3. Click OK.

  4. To renew an existing device:

    Note - The Renew option allows you to renew a device. It deletes a device, automatically adds the same device and send the registration information to the user, all in one click.

    1. Select the device and click Renew.

      The confirmation window appears.

    2. Select the method to send registration information to the user and then click Yes.

      The system deletes the device, automatically adds the device in the Harmony Mobile Administrator Portal with Status as User Notified and sends the registration information to the user.

  5. To resend activation information to provisioned devices:

    1. Select the device and click Resend Activation.

      The Resend Activation window appears.

    2. Select the method to send registration information to the user and then click Yes.

      The system sends the registration information to the user.

  6. To add or remove multiple devices in a device group:

    Note - This procedure applies only to groups and devices added locally in the Harmony Mobile Administrator Portal.

    1. In the Devices table, select the devices you want to add or remove.

    2. Click Assign or remove devices from group.

      The Add / Remove Devices From Group window appears.

    3. Select the group and action.

    4. Click Save.

  7. To export devices:

    1. In the Devices table, select the devices you want to export.

    2. Click More actions > Export.

      The Export Devices window appears.

    3. Click Export.

      The system generates and downloads a .CSV file with the device information.

      If the number of devices exceeds 10,000, processing the data may take time. So the export is performed offline and an email is sent to the registered address with the link to download the CSV file. The link is valid for 7 days. For privacy reasons, PII data is obfuscated in the CSV file.

    4. Click Done.

  8. To delete a device:

    1. In the Devices table, select the devices you want to delete.

    2. Click More actions > Delete.

      The confirmation window appears.

    3. Click Yes.

      The system deletes the devices from the Harmony Mobile Administrator Portal.

  9. To send notification to devices:

    00:00: 00:05: Using Harmony mobile administrator portal administrators can quickly 00:09: send notifications to users mobile devices about critical updates 00:13: such as a security threat this video shows how to 00:17: send notifications to mobile devices from the harmony mobile administrator 00:21: portal. 00:23: Log in to checkpoint Infinity Portal and access Harmony mobile. 00:27: Go to the devices Tab and select the devices. 00:30: From the more actions drop down select send notification to devices. 00:35: In the send notification to devices pop-up that appears enter the message 00:39: title and text for example, alerting about a new attack campaign customize 00:44: the settings as required. 00:46: And then click Send. 00:49: Now the end user receives the notification on the mobile device. 00:59:

    Note - You can send notifications only to devices with Status as Active.

    1. Select the devices from the Devices table.

    2. Click More actions > Send notification to devices.

      The Send Notification to Devices window appears.

    3. To send the notification to specific devices, from the Devices list, select the devices.

    4. To send the notification to devices in a device group, from the Groups list, select the device group(s).

    5. In the Title field, enter a title for the notification.

    6. In the Content field, enter the message you want to notify the user.

    7. Click Send.

      The system sends the notification to the selected device/device groups.

      Note - Due to limitations with Android and iOS, Check Point cannot guarantee that notifications will be received or read on mobile devices.

Filtering the Devices

To filter the devices:

  1. Click above the Devices table.

  2. On the Filters pane on the right side, select the required filters.

    The Devices table shows the information based on the selected filters.