Integrating a Mobile Threat Defense solution with Intune will help you protect corporate data and mobile devices against any network attack or malware attacks and can alert MDM admins if a device is compromised or tampered with. In this blog, we will discuss setting up an MTD connector and will
Integrating a Mobile Threat Defense solution with Intune will help you protect corporate data and mobile devices against any network attack or malware attacks and can alert MDM admins if a device is compromised or tampered with. In this blog, we will discuss setting up an MTD connector and will use MVISION as the MTD product.
McAfee MVISION Mobile detects malicious activity and can take actions locally on the device. When MVISION Mobile is integrated with an Intune, protection actions are performed by the MDM, providing a potent protection tool. When MVISION Mobile is integrated with MAM, the risk posture is identified as mobile threats are detected when the app is launched.
We can configure MVISION Mobile Console with Microsoft Intune in three different modes:
There are typically no prerequisites for integrating MVISION with MEM, as all the communications between MEM & MTD will be over the internet. However, specific requirements exist for the minimum supported iOS & Android devices.
Perform the below steps to set up the MTD Connection:
1. Log in to the Microsoft Endpoint Manager console.
2. Navigate to Tenant Administration > Connectors and tokens > Mobile Threat Defense > Add
3. Click McAfee MVISION Mobile as the MTD Connector.
4. Click Create.
5. The connector is added in Intune but is not acting as a few more configurations are still required.
6. Open a new tab and log in to the MVISION Mobile Console.
7. Navigate to Manage > Integrations > MDM.
8. Click Add MDM and select Microsoft Endpoint Manager.
9. The next step is to add the ‘MVISION Console,’ ‘MVISION Mobile iOS,’ and the ‘MVISION Mobile Android applications to the Azure Active Directory to enable this integration. When you click Add to Azure Active Directory button, Microsoft sign-in window opens, wherein you have to authenticate yourself.
Repeat the step for all three options.
10. Click the Next button, type a unique name in the MDM Name field for the environment in the Add MDM tab, field for the environment in the Add MDM and then click Next.
11. The integration window will close, and Intune is added as MDM in MVISION.
12. Back to the MEM portal, navigate Tenant Administration > Connectors and tokens > Mobile Threat Defense. You will see McAfee MVISION Mobile showing as an active connector. Click on the connector and move the Connect Android and iOS Devices sliders to On.
With these steps, MVISION is integrated with Intune as a Mobile Threat Defense solution, but still, there are a couple more settings you have to configure before it starts protecting your devices.
To deploy the MVISION Mobile application on your corporate-owned devices, it is recommended that you push the app directly from the App Store for the iOS version and the Google Play Store for the Android version and deploy it to your devices with install intent as “Required.”
Since you are deploying the app through Intune and the connector is also integrated, it helps with the auto-activation of the app on the end user’s devices. The steps for activation of the app on iOS and Android Enterprise devices are provided below.
1. Navigate to Apps > App configuration policies and Click on + Add.
2. From the dropdown, select “Managed Devices.”
3. Provide the name and description and select iOS as the platform.
4. Search & select the MVISION app and press Next.
5. Choose Use Configuration designer and set up the configuration keys as shown below:
6. In Assignments, select the groups you want to apply to this configuration.
7. Repeat the same steps for creating an App Configuration Policy for managed Android devices as shown below:
– Select the app from the app library
– Give permissions on external & internal storage
– Configure the app configurations for auto-activation
– Assign the policy to device group.
With all these configurations done, it’s time to configure compliance policies to evaluate devices based on configured threat levels.
Microsoft Endpoint Manager takes actions based on the Device Threat Level configured in the compliance policies. The device threat levels that can be configured are Secured, Low, Medium, and High.
As an Intune admin, you must configure the minimally acceptable device threat level in the compliance policy. These levels correspond to the McAfee MVISION Mobile severity levels as shown below:
(As per McAfee, the minimum configured threat level should be Medium)
The MVISION app continuously collects file system, network stack, device, and application data on a real-time basis from the device. It sends the forensic data to the MVISION Mobile cloud to evaluate the device’s risk based on the threat level configured. You can configure conditional access policies to protect corporate data based on the device health attestation. For non-managed devices, you can configure app protection policies to perform selective wipes based on detected threats or block the device from accessing the corporate resources until it is marked as compliant.
Create the compliance policy – Android Enterprise:
1. Sign in to the Intune Portal.
2. Select Devices > Compliance policies > Policies > Create Policy.
3. Select Android Enterprise – Fully Managed, dedicated, corporate-owned work profile from the dropdown menu and click Create.
4. On the Basics tab, specify a Name and description for the policy.
5. In the Compliance settings tab, expand the dropdown for Device Health and configure settings for Require the device to be at or under the Device Threat Level as shown below:
6. Select “Check basic integrity & certified devices” for SafetyNet device attestation under Google Play protect.
7. Provide value for the Minimum OS version allowed by your organization.
PS – When a device doesn’t meet the minimum OS version requirement, it’s reported as non-compliant.
8. Configure options under System Security.
9. Set Intune app runtime integrity as “Required” and click Next.
10. In the Actions for noncompliance tab, you can configure multiple actions to apply automatically to devices that don’t meet this compliance policy.
11. Click Next to choose scope tags and assign the policy to your groups.
Create the compliance policy – iOS Devices:
1. Sign in to the Intune Portal.
2. Select Devices > Compliance policies > Policies > Create Policy.
3. Select iOS devices from the dropdown menu and click Create.
4. On the Basics tab, specify a Name and description for the policy.
5. In the Compliance settings tab, configure the below settings:
6. In the Actions for noncompliance tab, you can configure multiple actions to apply automatically to devices that don’t meet this compliance policy.
7. Click Next to choose scope tags and assign the policy to your groups.
As the last part of this configuration, you have to add groups in the MVISION console to sync the policies.
1. log in to MVISION Mobile Console.
2. Navigate to the Manage page and select the Integrations tab.
3. Click on Edit and Add MDM Step 3 Setup window opens. Click Next.
4. In the group filter, you can specify either the full name or group initials of the groups to which the MVISION App Configuration Policies were assigned and click Next.
5. Click the green plus icon to synchronize from the MDM Groups shown on the left.
Once you select a group will appear in the Selected MVISION Mobile Console Groups on
the right-hand side.
6. Click Next.
7. Specify the MDM alerts if you want to be notified when there are MDM sync errors and click SYNC Now.
And…your MTD connector is Up & Running to protect your devices and corporate data in real-time.
iOS Devices(supervised devices)
– Activation Tasks are in sequential order (from left to right)
Android Enterprise Devices (Corporate-Owned)
