Automatic Activation of Harmony Mobile: Prompt the Protect app installation
To let Workspace ONE UEM
Unified Endpoint Management. An architecture and approach that controls different types of devices such as computers, smartphones and IoT devices from a centralized command point. identify the devices where Harmony Mobile Protect app is not installed or removed and enforce its installation you can apply the built-in CHKP status tags.
If Harmony Mobile Protect App is not installed or removed from device, then the device is marked as not protected by the Harmony Mobile dashboard, and tagged with one of the CHKP Status tags. This will prompt the user to install the Harmony Mobile Protect app on the device.
-
The CHKP Status tags must be created at the customer Organization Group, highest parent organization group.
-
Navigating to Groups & Settings > All Settings > Settings > Devices & Users > Advanced > Tags, the following tags should exist:
CHKP_Status_Provisioned
CHKP_Status_Active
CHKP_Status_Inactive
Notes:
-
If you configured Workspace ONE UEM for Allow list Apps, you must add the Harmony Mobile Protect app to the white list.
-
You must add the Harmony Mobile Protect app for both iOS and Android operating systems.
-
To prompt the Harmony Mobile Protect App installation on your devices:
-
Create a Harmony Mobile Protect Application Group for both iOS and Android apps.
-
Assign this group to your organization.
-
Create a compliance policy that uninstalls and, or removes all corporate apps from the device until the user installs the Harmony Mobile Protect App on the device.
Creating app Group for the required apps
Procedure:
-
Go to RESOURCES > Apps > Settings > App Groups and click + Add Group.
-
In the Add Application Group window, on the List tab, configure these settings:
-
In the Type field, select Required.
-
In the Name field, enter a unique group name. I.e. “Harmony_Mobile_ Required_for_ iOS.
Note - The data fields are similar for both iOS and Android users. The examples below are applicable for both platforms.
For iOS Apps
-
In the Platform field, select Apple iOS.
-
In Application Name field, enter the name of the Harmony Mobile Protect app ("Harmony Mobile Protect").
-
Search for the Harmony Mobile Protect App in the Apple Store and select it.
-
You need to set the Harmony Mobile Protect Application ID field as defined in the App Store.
Example:
For Android Apps
-
In the Platform field, select Android.
-
In Application Name field, enter the name of the Harmony Mobile Protect app ("Harmony Mobile Protect").
-
Search the managed Google Play Store for the Harmony Mobile Protect App.
In the search result window select the Harmony Mobile Protect app and click Select.
The Harmony Mobile Protect app ID shows in the Application ID field.
-
-
Click Add Application.
-
Click Enter.
-
Click Next.
-
In the Add Application Group window, on the Assignment tab:
-
In the Description field enter the device group description (for example, Req. iOS devices or Req. Android devices).
-
Assign the Organization Group to the proper Harmony Mobile Protect group.
Enter applicable information in all the fields marked with (*).
-
-
Click Finish.
Creating Smart Groups for Required Apps
Procedure:
-
Go to Groups & Settings > Groups > Assignment Groups.
-
Click Add Smart Group.
Example:
-
In the Create New Smart Group window, assign the tags for the dynamic group devices:
-
Name - Enter a unique Smart Group name, i.e. “Harmony Mobile Required App”
-
Under the Tag section - Select these tags:
-
CHKP_Status_Active
-
CHKP_Status_Inactive
-
CHKP_Status_Provisioned
Example:
-
-
-
Click Save.
Creating a Compliance Policy for Required Apps
The Compliance Check Point Software Blade on a Management Server to view and apply the Security Best Practices to the managed Security Gateways. This Software Blade includes a library of Check Point-defined Security Best Practices to use as a baseline for good Security Gateway and Policy configuration. Policy is activated on the devices that did not install the required apps.
You must create separate compliance policies for specific OS types: iOS and Android.
|
|
Note - In every organization, the customer configures the compliance policies according to the production environment needs, and the internal security policy |
To create a Compliance Policy:
-
Go to Devices > Compliance Policies > List View, and click + Add.
Example:
-
In the Add Compliance Policy window, select a platform to start.
The Add Compliance Policy window opens.
Example:
Note - The data fields are similar for both iOS and Android users. The examples below are applicable for both platforms.
-
On the Rules tab, select Application List and Does Not Contain Required App(s).
Example:
-
Click Next.
-
On the Actions tab, add actions:
-
Enable the Mark as Not Compliant checkbox.
-
Select and add the actions to your policy. For example, Notify the user by email, Send Push Notification to Device, and Block/Remove All Managed Apps.
-
Use the [+] button to add a new action.
Example for iOS:
Example for Android:
In Android we are using the option Disable All managed Apps to block access to corporate data from the work profile in Android Enterprise
Note - If the User cannot resolve an issue, click + Add Escalation to add an escalation action. You can set these actions to repeat themselves over a specified number of times over a specified interval
-
-
Click Next.
-
On the Assignment tab:
In the Smart Groups field, select the dynamic Assignment Group you created in previous step Creating Smart Groups for Required Apps
Example:
-
Click Next.
-
On the Summary tab:
Enter a unique name for the Compliance Policy, and add the description of the policy.
Example:
-
Click Finish & Activate.