Configuring UEM to Deploy the Harmony Mobile Protect app

Use Microsoft Intune UEMClosed Unified Endpoint Management. An architecture and approach that controls different types of devices such as computers, smartphones and IoT devices from a centralized command point. to deploy Harmony Mobile Protect app and keep the device protected. If Harmony Mobile Protect app is not installed or removed from device, the device is marked as not protected.

Notes -

  • If you configured Microsoft Intune for Allowed Apps, you must add the Harmony Mobile Protect app to the Allowed List.

  • You can only synchronize devices from the UEM to the Mobile Security dashboard. You cannot synchronize users.

  • You must add the Harmony Mobile Protect app for the iOS and for the Android operating systems.

General Workflow:

  1. If you selected Automatic integration in Configuring UEM Integration Settings, continue with Creating a Compliance Policy for the Organization Devices.

  2. If you selected Manual integration in Configuring UEM Integration Settings:

    1. Add the Harmony Mobile Protect app to your App Calatog.

    2. Configure the Application Configuration Settings.

    3. Install the Harmony Mobile Protect app on your devices.

    4. Create a compliance policy for your devices.

Adding the Harmony Mobile Protect app to your App Catalog

To protect your devices, deploy the Harmony Mobile Protect app from the public stores to your devices.

You must add the Harmony Mobile Protect app for both iOS and Android operating systems.

For more information about adding apps to the Microsoft Intune App Catalog, see the Microsoft Intune online guide.

Notes:

  • As you add the Harmony Mobile Protect app to your catalog, rename this new Mobile Device App to Harmony Mobile Protect app.

  • For Android, approve the Harmony Mobile Protect app in the managed Google Play account.

Import Mobile Security Harmony Mobile Protect to Intune:

  1. In the Microsoft Intune Admin Center, go to Apps > All Apps and click Create.

  2. On the right panel, select the App type.

  1. Select App type as iOS store app and click Select.

  2. In the App information tab, click Search the App Store.

  3. Search for Mobile Security Protect application. Click the application and click Select.

    The App information section displays the information about the app.

  4. Click Next.

  5. In the Assignments tab, under Required, select +Add group.

  6. Search and select the security group you created.

  7. Click Next.

  8. In the Review + create section, review the details and click Create.

  1. Select App type as Android store app and click Select.

  2. In the App information tab:

    1. In the Name field, enter Mobile Security Protect.

    2. Enter a description, as listed in the app store description.

    3. In the Publisher field, enter Check Point Software Technologies.

    4. For the Appstore URL, build the URL for Mobile Security Protect Android:

      1. In the Mobile Security dashboard, go to Settings > Integrations.

        In the Deployment section, copy the token of your dashboard. See Configuring UEM Integration Settings > Deployment configuration.

      2. Concatenate the above Token to the end string of this URL that points to Mobile Security Protect Android Google Play store: 

        "https://play.google.com/store/apps/details?id=com.lacoon.security.fox&referrer=UEM%3DIntune%26token%3D{Token}"

        Enter this as the Appstore URL.

  3. Click Next.

  4. In the Assignments tab, under Required, select +Add group.

    Select the security group created before and click Select.

  5. Click Next.

  6. Review and click Create.

  1. Select App type as Managed Google Play app and click Select.

  2. Search and select Mobile Security Protect.

  3. Click Select.

  4. Click Sync.

    After successful sync, the system adds the Harmony Mobile Protect app in Managed Google Play to the All Apps page.

  5. Review the changes and click Save.

Configuring the Application Configuration Settings

To auto-register the Harmony Mobile Protect app on devices to the Mobile Security dashboard, we use App Configuration Policy to send registration parameters to the device and to the Mobile Security gateway.

  1. In the Microsoft Intune Admin Center, go to Apps > All Apps > Manage apps > Configuration.

  2. Click Create and select Managed devices.

    1. In the Name field, enter a name for your app configuration (example, Harmony Mobile app Config iOS).

    2. From the Platform list, select iOS/iPadOS.

    3. In Targeted app, click Select app.

    4. On the side panel, search and select Mobile Security Protect.

    5. Click OK.

    6. Click Next.

    7. In Configuration Settings format, select Use configuration designer.

    8. Add the configuration values from the table below:

      Note - It is highly recommended to copy and paste the Configuration Key and Configuration Value directly from the table where applicable.

      Configuration Key

      Value Type

      Configuration Value

      DEVICE_UDID

      String

      {{AzureADDeviceId}}

      token

      String

      Dashboard ID Hash *

      Lacoon Server Address

      String

      Enter the Security GatewayClosed Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. server for your region:

      Region

      Server

      US

      gw.locsec.net

      Ireland (EU region)

      eu-gw.locsec.net

      Australia (Asia region)

      au-gw.locsec.net

      Canada (Canada)

      ca-gw.locsec.net

      UK region (UK)

      uk-gw.locsec.net

      India

      in-gw.locsec.net

      portalAccountId

      String

      Account ID of the application in the Check Point Portal.

      ios_dep_notification_permission

      (Enable this key to grant Zero Touch notification permissions for iOS)

      Boolean

      true

      * For the token key , in the Mobile Security dashboard:

      1. Go to Settings > Integrations.

      2. In the Deployment section, click Edit.

      3. Copy the token of your dashboard. See Configuring Deployment.

    9. After entering the values, click Next.

    10. In the Assignments tab, under Included groups, click Add groups.

    11. Search and select the security group you want to associate the app configuration with.

    12. Click Next.

    13. Review the policy configuration and click Create.

    1. In the Name field, enter a name for your app configuration (example, Harmony Mobile app Config AE).

    2. From the Platform list, select Android Enterprise.

    3. From the Profile Type list, select one of these:

      • Fully Managed, Dedicated, and Corporate-Owned Work Profile Only

      • Personally-Owned Work Profile Only

        Note - It is important to select the correct profile type to ensure it is pushed to the device and allow the automatic activation of Mobile Security.

    4. In Targeted app, click Select app.

    5. On the side panel, search and select Mobile SecurityProtect.

    6. Click OK.

    7. Click Next.

    8. In the Settings tab, under Configuration Settings, select Configuration settings format as Use configuration designer.

      Note - It is highly recommended to copy and paste the Configuration Value directly from the table where applicable.

    9. Click +Add.

    10. Add the configuration keys according to this table:

      Configuration Key

      Value Type

      Configuration Value

      MDMClosed Mobile Device Manager. A security software that enable organizations to implement policies that secure, monitor, and manage end-user mobile devices. UUIDClosed Universal Unique Identifier. A UUID is a 128-bit value used to uniquely identify an object or entity on the internet.

      String

      {{AzureADDeviceId}}

      GW Address

      String

      Enter the Security Gateway server for your region:

      Region

      Server

      US

      gw.locsec.net

      Ireland (EU region)

      eu-gw.locsec.net

      Australia (Asia region)

      au-gw.locsec.net

      Canada (Canada)

      ca-gw.locsec.net

      UK region (UK)

      uk-gw.locsec.net

      India

      in-gw.locsec.net

      Token

      String

      Dashboard ID Hash *

      portalAccountId

      String

      Account ID of the application in the Check Point Portal.

      * For the token key , in the Mobile Security dashboard:

      1. Go to Settings > Integrations.

      2. In the Deployment section, click Edit.

      3. Copy the token of your dashboard. See Configuring Deployment.

    11. After entering the values, click Next.

    12. In the Assignments tab, under Included groups, click Add groups.

    13. Search and select the security group you want to associate the app configuration with.

    14. Click Next.

    15. Review the policy configuration and click Create.

Creating a Compliance Policy for the Organization Devices

ComplianceClosed Check Point Software Blade on a Management Server to view and apply the Security Best Practices to the managed Security Gateways. This Software Blade includes a library of Check Point-defined Security Best Practices to use as a baseline for good Security Gateway and Policy configuration. Policies are activated on devices that did not install the required apps. The Harmony Mobile Protect app defines the security levels for the devices. You select the security level that marks the device as Not Compliant with company policy.

You must create separate compliance policies for specific OS types, such as iOS and Android.

Note - In every organization, the customer configures the compliance policies according to the production environment, needs, and the internal security policyClosed Collection of rules that control network traffic and enforce organization guidelines for data protection and access to resources with packet inspection..

For more information about Intune compliance policy, see the Microsoft Intune online guide.

To create a Compliance Policy:

  1. In the Microsoft Intune Admin Center, go to Devices > Manage devices > Compliance > Policies.

  2. Click Create policy.

  3. In the Create a Policy panel, select a platform.

    Note - The data fields are similar for both iOS and Android platforms.

  4. Click Create.

  5. In the Basics tab, enter a name for your policy.

  6. Click Next.

  7. In the Compliance settings tab, go to Device Health and select Require the device to be at or under the Device Threat Level as Medium (recommended).

    This setting makes your device as non-compliant if its risk level detected by the MTD app (Check Point Mobile Security) is High. The table below lists the different device threat levels:

    Device Health  Level

    Description

    Secured

    This is the most secure. The device cannot have any threats present and still access company resources. If any threats are found, the device is evaluated as non-compliant.

    Low

    The device is compliant only if Low level threats are present. Anything higher puts the device in a non-compliant status.

    Medium

    The device is compliant if the threats found on the device are Low or Medium level. If High level threats are detected, the device is determined as non-compliant.

    High

    This is the least secure. This allows all threat levels, and uses Mobile Threat Defense for reporting purposes only. Devices are required to have the MTD app activated with this setting.

  8. Click Next.

  9. In the Assignments tab, under Included groups, click Add groups.

  10. Search and select the relevant security group to apply this policy.

  11. Review and create the policy.