Create a Custom Device Policy

In addition to the MTT-Managed Device Policies that are maintained by the MTT Researchers, Org and Policy Admins can create custom Device Policies tailored for the Organization. A Device Policy uses Device Threat Indicators to detect possible threats on the mobile devices that are running the MTP Mobile App. See Appthority MTP Overview for a discussion about policies. See About the Custom Device Policies Tab for details about the tab.

Process Overview

Before creating a custom Device Policy, first review the MTT-Managed Device Policies to see if what you want has already been configured. Then browse the Device TIs in the Compliance > Threat Indicators tab to see what is available, decide which ones to use, and whether to group some together in a single policy.

When you create a custom Device Policy, it contains one or more activated TIs that may have parameters. You can optionally use policy filters to narrow the scope of the policy. You can optionally change the Policy Risk Score by changing its TI Risk, to either make it higher or lower than the default.

What you do next depends on your use case scenario:

• If you are not performing remediation and just want to see what devices are in violation of a policy, do not activate the policy. Appthority MTP determines what devices are in violation of the policy and shows a link to them, if any, next to the policy name. You can also go to the Devices tab to see more information.
• You assign the Device Policy to a Remediation Policy. When you are ready to roll it out and start using it to monitor devices that have the MTP Mobile App, you activate both policies.

The following steps describe activities involved in creating Device Policies. Many are optional or situational, depending on what you need the policy to accomplish.

• Prior to creating a custom Device Policy
• Start creating a custom Device Policy
• Add Threat Indicators
• Specify TI parameters, if any
• Add Device Policy filters
• Save a Custom Device Policy
• Assign the Device Policy to a Remediation Policy (for MTP Mobile App)
• Configure policy enforcement in the EMM
• Activate the Device Policy

After you create and activate Device Policies, you can:

• Modify them in the same Compliance > Device Policies tab.
• See them listed and perform various actions on them in the Devices tab sidebar. See Manage Devices.
• Monitor policy violations using the Dashboard, in particular the Active High Risk Threats and Threat Impact dashlets.

Device Policy Steps

Prior to creating a Custom Device Policy

Before you begin, make sure the following prerequisites are in place.

• You have either the Org Admin or Policy Admin role on your user account.
• Any TIs you want to use in policies are activated. See Configure Threat Indicators.
• The MTP Mobile App is deployed to the devices you wish to monitor. See the Devices tab to confirm.
  

To start creating a custom Device Policy

1. Go to Compliance > Device Policies.
   By default a new policy template displays in the main section.
   Tip: If you previously navigated away from the default, you can click + New Device Policies.
   
   
2. Enter a unique name for the policy.
   
3. Enter a description of the policy. For example, you can say something about what threats it addresses, or when and who added the policy.
   

To add Threat Indicators

1. In the Threat Indicators section of the Device Policies tab, click Add New.
   The Device Threat Indicators selector window opens. It lists and categorizes all activated TIs that apply to devices.
   
   
2. Select one or more TIs and click the right arrow to add it to the policy.
   Tip: If do not see a TI that you expect to see in this list, check and make sure the TI is activated and that its Risk Level is 1 or above. See Configure Threat Indicators.
3. Click Add Selected.
   The Threat Indicators section lists the selected TIs and shows important information about each.

To specify TI parameters, if any

A TI may include parameters that further refine the TI threat criteria. If there are multiple parameters, the TI evaluates as an AND condition (all parameters are considered together, not just one or the other). For example, the "Vulnerable OS" TI has parameters that refine the OS information, including:

• iOS Version: iOS version number.
• Android API: The Android API level.
• Security Patch: Month and year of a patch.

To add Device Policy filters

As Appthority MTP evaluates the Threat Indicators of a policy, it can further refine TI violation detection against a set of filters.

1. In the Filters section, click Filters. The Available Filters popup opens.
   
   
2. Select a type of filter from the popup. You can use multiple filters. Filters include:
   

   Filter	Policy applies to...
   Device Profile	By default neither profile is selected.
   iOS	iOS devices
   Android	Android devices
   Device Filters
   Risk	Low, Medium, or High Policy Risk Score.
   Last Check	Number of days since the last time the Appthority MTP checked in with Appthority MTP. This could be useful for identifying devices where the MTP Mobile App is inactive.
   Apps Not Compliant	Number of apps on the device that are not compliant with this policy.
   MTP Mobile App	Whether or not the MTP Mobile App is installed on the device.

3. Click X to exit the popup.
   
4. Save the policy.

Tip: To remove a filter from the policy, click its X button. The TI moves back to the popup.

To save a Custom Device Policy

Click Save. Appthority MTP determines what devices (that have the MTP Mobile App) are in violation of the policy and shows a link to them, if any, next to the Save button.

Tips: 

• Click the Devices in violation link to see details about violations.
• As you update a policy, the list of devices in violation may change.
• A custom Device Policy does not actively triggering remediation when it is saved the first time. A later step is required to activate the policy.

To assign the Device Policy to a Remediation Policy for MTP Mobile App

1. Click Assign Remediation Policy.
   The Remediation Policies tab opens.
2. Name the new Remediation Policy, assign device groups to it, and set its Remediation Actions. See Create a Custom Remediation Policy.

To activate the Device Policy for remediation

When you activate the Device Policy, and the Remediation Policy is also activated, Appthority MTP immediately engages in the Remediation Policy activities of the MTP Mobile App. Even if the policy is not activated, Appthority MTP processes the policy against the MTP Mobile App devices and provides analysis in the Devices tab.

1. In the Device Policies tab for the relevant policy, click Actions > Activate.
2. In the dialog, click Yes, Proceed.

Copyright ©Appthority, Inc. 2017-2018 All Rights Reserved. Contact Support