Configuring UEM to Deploy Harmony Mobile Protect app
Prerequisites
Harmony Mobile Gateway/Server – Server name of the Harmony Mobile gateway/server, which should be us-gw01. If you don’t know your Harmony Mobile server name, follow the instructions in section Integration Information to find out.
Adding the Harmony Mobile Protect App to Your App Catalog
Now that the UEM Unified Endpoint Management. An architecture and approach that controls different types of devices such as computers, smartphones and IoT devices from a centralized command point. and Harmony Mobile Dashboard are communicating, you can start deploying the Harmony Mobile Protect app from the public stores to those devices that will be protected by Harmony Mobile.
You need to add the App for both iOS and Android operating systems.
Get Dashboard’s Token
-
Go to your Harmony Mobile dashboard > Settings > Integration > Click on the three dots on the top right > Edit:
-
Click Deployment on the left nav, and then copy the token of your dashboard:
iOS App – Add to Catalog
The Harmony Mobile Protect App for iOS can be automatically configured and deployed. The user only needs to accept the installation, and then launch the app once it is installed to finish activation and registration.
-
Navigate to APPS > Catalog.
-
Click Add > iOS > iTunes App Store App.
-
In the App field, enter Harmony Mobile Protect to start actively searching the store. Select the Harmony Mobile Protect app as indicated below.
-
Navigate to the Policies and Distribution tab, and select Distribute to > select Group or All Devices, and select Install Automatically.
-
Navigate to the Configuration tab, and select App Config Source of “Key/Value”.
-
Add the following Key/Value pairs:
Configuration Key
Configuration Value
Lacoon Server Address
Region
Server
US
gw.locsec.net
Ireland (EU region)
eu-gw.locsec.net
Australia (Asia region)
au-gw.locsec.net
Canada (Canada)
ca-gw.locsec.net
UK region (UK)
uk-gw.locsec.net
India
in-gw.locsec.net
Device Serial Number
%csn%
token
Take the copied value from section Configuring UEM to Deploy Harmony Mobile Protect app
portalAccountId
Account ID of application in the Infinity Portal, to integrate it with the UEM.
-
Click Add.
-
Enter your admin password and click Confirm.
Android Enterprise App – Add to Catalog
The Android Harmony Mobile Protect App can be automatically configured and deployed. The user only needs to accept the installation, and then launch the app once it is installed to finish activation and registration.
-
Navigate to APPS > Catalog and click Add > Android > Google Play App.
-
In the Google Play search field, enter Harmony Mobile Protect to start actively searching the store. Select the Harmony Mobile Protect app as indicated below.
-
Navigate to the Policies and Distribution tab, and select Distribute to > Group or All Devices, and select Install Automatically.
-
Navigate to the App Config tab, and select Configure App Settings.
-
Add the following Key/Value pairs:
Item
Configuration Value
mdm_uuid
%deviceid%
gwAddress
Security Gateway servers:
Region
Server
US
gw.locsec.net
Ireland (EU region)
eu-gw.locsec.net
Australia (Asia region)
au-gw.locsec.net
Canada (Canada)
ca-gw.locsec.net
UK region (UK)
uk-gw.locsec.net
India
in-gw.locsec.net
Token
Take the copied value from section Configuring UEM to Deploy Harmony Mobile Protect app
portalAccountId
Account ID of application in the Infinity Portal, to integrate it with the UEM.
-
Click the Add button.
-
Enter in your admin password and click the Confirm button.
Deploying Harmony Mobile Protect app
To deploy the Harmony Mobile Protect app to devices that will be registered to the Harmony Mobile solution you need to link the Harmony Mobile Protect app in our app catalog to the Device Provisioning Check Point Software Blade on a Management Server that manages large-scale deployments of Check Point Security Gateways using configuration profiles. Synonyms: SmartProvisioning, SmartLSM, Large-Scale Management, LSM. Group you created in section Creating a Device Provisioning Group.
-
Navigating to Apps > App Catalog, select both the iOS and Android Harmony Mobile Protect apps.
-
Click the Distribute link.
-
On the Distribute pop-up window, set Available for equal to ''All''.
-
Set Target equal to “Group” and choose the device provisioning group you created in Section Creating a Device Provisioning Group, in our example “MP_Devices_Group”.
-
Select Install Automatically and Send Email check boxes.
-
Click the Distribute button.
-
Enter your admin password, and click the Continue button.
Setting Policy to Require Harmony Mobile Protect to be installed
To require the Harmony Mobile Protect app to be installed create a Security Policy Collection of rules that control network traffic and enforce organization guidelines for data protection and access to resources with packet inspection. for iOS and Android devices, then create a compliance rule Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session. set to the Device Provisioning Group you created in section Creating a Device Provisioning Group, and apply the compliance policy to the Device Provisioning Group.
Creating Compliance Actions for iOS Devices (Policy)
The policy specifies the actions taken on all Harmony Mobile iOS devices.
-
Navigate to Security > Policies, and click the Add Policy button.
-
Enter a Name for the policy, such as “MP_App_iOS”, select a Type of “iOS UEM”, and select Start From equal to “My Existing Policies''. On My Existing Policies select ''(def) Default iOS UEM Policy”.
-
Click the Continue button.
-
On the menu to the left, on the Device Settings pane there are several sections for policy sets, such as “Passcode, Restrictions, Application Compliance Check Point Software Blade on a Management Server to view and apply the Security Best Practices to the managed Security Gateways. This Software Blade includes a library of Check Point-defined Security Best Practices to use as a baseline for good Security Gateway and Policy configuration., etc. We will make our modifications in the ''Application Compliance'' section.
-
Click the Edit button.
-
Under the Application Compliance section, select Configure Required Applications.
-
In the Application Name field, start typing Harmony Mobile Protect and the app will pop-up, select Harmony Mobile Protect.
-
Click the Save and Publish button.
-
On the ''Publish'' pop up window click Continue.
-
Enter in your admin password and click the Confirm button.
Creating Compliance Actions for Android Devices (Policy)
The policy specifies the actions taken on all Harmony Mobile Android devices.
-
Navigate to Security > Policies, and click the Add Policy button.
-
Enter a Name for the policy, for example “MP_App_Android”, select a Type of “Android UEM”, and select Start From equal to ''My Existing Policies''. On My Existing Policies select “Default Android UEM Policy”.
-
Click the Continue button.
-
On the menu to the left, on Device Settings there are several sections for policy sets, such as “Passcode'', ''Security'', ''Restrictions'', ''Application Compliance'', etc. Make the modifications in the “Application Compliance” section.
-
Click the Edit button.
-
Under the Application Compliance section, scroll down and select Configure Required Applications.
-
In the Application Name field, enter Harmony Mobile Protect
-
In the Application ID field, enter “com.lacoon.security.fox”.
-
Click the Save And Publish button.
-
On the Publish pop up window click on Continue.
-
Enter in your admin password and click the Confirm button.
Applying App Required Policy to Device Provisioning Group
The policies created in the previous section are assigned to the device provisioning group created in section Creating a Device Provisioning Group, in our example “MP_Devices_Group”.
-
Navigate to Devices > Groups, locate the device provisioning group, click the More… link, and select Change Policy.
-
Set iOS Policy to the compliance policy we created in Section 4.4.1, in our example “MP_App_iOS”.
-
Set Android Policy to the compliance policy we created in Section 4.4.2, in our example “MP_App_Android”.
-
Click the Submit button.
-
Enter in your admin password, and then click the Confirm button.
-
The policies and the apps added to the MP_Devices_Group.
|
Note - Any device that belongs to the Device Provisioning Group (“MP_Devices_Group”) that hasn’t installed the Harmony Mobile Protect app will be out of compliance. |