Installing the Harmony Mobile Protect App

Permissions for iOS Devices

To ensure that the Harmony Mobile solution works as expected on your device, you must provide these permissions when you install Harmony Mobile Protect App. If your organization uses UEM Unified Endpoint Management. An architecture and approach that controls different types of devices such as computers, smartphones and IoT devices from a centralized command point., then the permissions can be granted automatically by the UEM.

Permission	Description
Location Permission	Allows an application to access the device location. Harmony Mobile uses this permission to enrich threat event reports with the location.
Notification Permission	Allows an application to display notifications on the device. Harmony Mobile uses this permission to: Notify mobile devices that a policy update is available so that the policy can be enforced in a timely manner, instead of waiting for the next policy polling time (occurs once per day/24 hours by default). Wake-up the iOS.
VPN User Consent	Allows an application to intersect the mobile device network traffic. Harmony Mobile uses this permission to bring up a local VPN to inspect the data traffic and mitigate any detected network threat.
Camera	Allows an application to use the camera. Harmony Mobile uses this permission to scan QR code in the on-boarding process.
Local Network Permission	Allows ONP to establish direct connection to the local DNS Domain Name System. A hierarchical distributed naming system for computers, services, or resources connected to the internet or a private network. Used to translate names into IP addresses. server(s). ONP requires this permission to access the local network to send TCP/UDP requests. In most home networks, the router serves as the DNS server, so ONP requires local network permission to send direct DNS request (UDP) to the local DNS server. Note - The only thing ONP does after accessing your local network is sending the direct DNS resolution requests to avoid malicious DNS resolutions.
SMS Filtering	Allows Harmony Mobile to scan SMS messages for malicious URLs. To enable SMS filtering on the end-user device, see Preventing SMS Phishing in Harmony Mobile Protect App for iOS User Guide.

Installation Procedure

Prerequisite

For iOS 17.3 and higher, make sure to turn off Stolen Device Protection on the device before you begin the installation. Otherwise, Unable to Install Profile error appears.

To turn off Stolen Device Protection on the device:

1. Go to Settings and do one of these:

   • On a device with Face ID, tap Face ID & Passcode and enter your passcode.

   • On a device with Touch ID, tap Touch ID & Passcode and enter your passcode.

2. Go to the Stolen Device Protection section and tap Turn Off Protection.

   

To install the Harmony Mobile Protect App:

1. Open the Harmony Mobile registration email or the SMS sent by your System Administrator. The email or the SMS contains:

   • Server address and the registration key to register the app.

   • Link and QR code to download the app.

     Sample Email:

     

     Sample SMS:

     

2. Tap the Download link or scan the QR code.

   The Apple App Store page for the Harmony Mobile Protect App appears.

3. Download the Harmony Mobile Protect App and tap Open when the download completes.

   

4. Tap Sign in with Server/Email and key.

   Enter the Server Address or Email Address and the Registration Key and tap Login.

   

5. Tap Continue.

   

6. Tap Download to start the app configuration.

   

7. To allow installation of the configuration profile, tap Allow.

   

8. To review the downloaded profile in your device Settings, tap Close.

   

9. Tap App Settings and follow the instructions on this screen to access your device Settings.

   

10. Tap Profile Downloaded.

    

11. Tap Install.

    

12. Enter your passcode.

    

13. Tap Install.

    

14. Tap Trust.

    

15. Tap Done.

    

16. Go to Harmony Mobile Protect App and enable the security permissions (based on policy configuration in the dashboard).

    

    Note - Check Point recommends you enable Notifications, Location, and Network Protection.

17. Tap Notifications and then tap Allow.

    

18. Tap Location and then tap Allow.

    

19. Tap Network Protection. The prompt suggests to add VPN configuration to enable the On-device Network Protection feature.

    Tap Allow and enter your device passcode.

    

Note - To protect the user privacy, this VPN does not direct the traffic externally. It keeps all data on the device and uses the VPN functionality only to examine the destination, while it makes sure the device does not connect to malicious or fraudulent locations.

20. Harmony Mobile Protect App performs an initial scan of your device.

    

    Check Point Harmony Mobile now protects your device.

    

21. (Optional) For iOS 17.3 and higher, you can turn on Stolen Device Protection.