Remediate Threats Using MTP Mobile App

Note: This topic is for Org and Policy Admins to understand the features and functionality of the MTP Mobile App. The app itself has an intuitive design that makes it easy for end users to follow remediation steps.

Devices with the MTP Mobile App benefit from continuous active monitoring, based on the policies configured and device groups to which they are assigned in MTP Manager. When a threat is detected (a compliance policy is violated), the MTP Mobile App executes the associated Remediation Policy actions by displaying information and steps to alleviate the risk. The user is responsible for viewing the information and following the steps.

If the user does not respond to the remediation request, the action repeats and optionally the violation is escalated to the EMM for enforcement, as specified in the Remediation Policy. See Create Remediation Policies and Actions.

Note: MTP Mobile App also has a "Safe Search" feature. See Safe App Search for Mobile.

Push Notifications for End Users

When an active policy is violated on a user device, Appthority MTP sends a push notification that says "New Threat(s) Detected".

When the user taps the notification, the MTP Mobile App opens at the specific threat.

The user can tap the threat to see and follow the remediation actions.

On iOS, in addition to the push notification, a badge displays on the app icon that indicates the number of active high-risk threats.

Remediation Status in MTP Manager

An Org or Policy Admin can see the Remediation Status of each device in the Devices > Device ID > Policy Violations tab.

Click the policy name to see the TI that the user would see on the MTP Mobile App.

The MTP Mobile App Interface

The MTP Mobile App has a dashboard that quickly informs users about the risk status of their device.

Tip: To reduce complexity for end users, the MTP Mobile App focuses on Threat Indicators directly and does not delve into policies. An Org or Policy Admin can find the policies that use the TIs in MTP Manager. Also, the app shows Low/Med/High TI Risk Levels and not the numeric scoring or categorizations.

The Overall Device Risk is High, Medium, Low, or Potential. High/Medium/Low is the TI Risk indicator of the TI that triggered a policy violation.

Note: Potential is a special category that means the app is whitelisted however the Org or Policy Admin has flagged it as a potential problem. This functionality is not yet implemented in the MTP Manager.

Two buttons toggle the home screen view, either Active Threats or Risky Apps.

Tip: An app may contain multiple TIs, and a single TI may be found on multiple apps. Either view will drill down to the TI and the remediation information.

Active Threats

The Active Threats is the number of individual Threat Indicators that are associated with compliance policy violations, sorted by TI Risk Level.

When the user taps an Active Threats button, the Mobile Security Threats screen opens with the list of TIs sorted by the button that was tapped. Users can:

Tap to change the Risk Level filter.
See the filtered listing of TIs.
See whether or not the Required Actions have been initiated.
Tap a TI to see more details and the required actions.

The Actions screen provides the steps required to resolve the compliance policy violation.

The Information link leads to more details about the threat.

The user should follow the steps, tap "I agree to take these actions" and click Submit. The status in the MTP Manager Devices tab changes to "User acknowledged".

Risky Apps

The Risky Apps are the apps on the phone that have violated compliance policies, sorted by TI Risk Level.

When the user taps the Risky Apps button, the Risky Apps screen opens with the list of apps sorted by the button that was tapped. Users can:

Tap to change the Risk Level filter.
See the filtered listing of apps.
See whether or not the Required Actions have been initiated.
Tap an app to see the App Details screen, where users can:
- See the TIs that apply to the app, and tap to see details.
- Tap to see the required actions.