Mobile Threat Defense Deployment Modes and Protection
With your Mobile Threat Protection, you can utilize different deployment modes for connected mobile devices. These modes help you minimally protect the network traffic of your devices, but also extend protection to threat detection of certain events on mobile devices.
Mobile device ecosystem and supervision levels
In today’s mobile device ecosystem, there are many different devices, and different levels of ownership and supervision. Device users in your company can have iOS or Android devices, depending on their personal preference or work requirements.
For each type of device, you can provide various levels of supervision:
Device type |
Supervision available |
---|---|
iOS |
For iOS devices, you can have supervised or unsupervised devices. You make an iOS device a supervised device through the Apple Device Enrollment Program (DEP). |
Android |
Android have both partially managed and fully managed devices through Android Enterprise. For fully managed devices, you can have:
For partially managed devices, you add a Work Profile to user devices. You can use the Work Profile for:
|
Before you select your deployment mode, you need to evaluate the devices in your organization and assess what types of devices you have and the required level of supervision you need.
For each device type and level of supervision, the effect on and the needs of the device user vary:
Device type |
Supervision |
Device user involvement |
---|---|---|
iOS |
Supervised |
The device user manages the settings and controls for the device. Through your UEM/MDM, you can install applications and profiles without the need for the device user to perform any actions. There are a limited number of permissions that require the device user’s approval. |
iOS |
Unsupervised |
The device user is in full control of the device. You can use these devices with your UEM/MDM, which will give you partial control and visibility into the device. However, all required apps, profiles, and permissions required the full cooperating of the device user to perform the necessary actions. |
Android |
Fully managed |
For company-owned devices, the device is in the control of the organization. In general, these devices are locked down and only used for specific actions. While the device settings and controls are managed by the device user, you can install apps and profiles without the need for the device user to take any action. A limited number of permissions will require device user interaction. For employee-owned devices, the device user is in full control of the device. Use of these devices requires manual steps by you and the device user. |
Android |
Partially managed |
For both company-owned and employee-owned devices, the device uses the Work Profile. For employee owned-devices, the device user must install the Work Profile with the apps and settings required. For company owned devices, the profile installation is done automatically. The mobile sensor is installed inside the Work Profile. Both types of devices enable the device user to maintain control over device settings. |
What deployment modes are available?
Deployment modes include:
Level |
Details |
---|---|
Cloud Proxy |
The proxy protection mode provides a secure proxy for your mobile devices to access the network. Mobile Threat Defense routes device traffic through the proxy to provide protection against network-based attacks. |
Secure Access Layer (SAL) - Secure DNS |
This protection mode extends the proxy protection and provides additional benefits:
|
Next-Gen VPN |
This mode provides a VPN with a data encryption protocol for applications without user interactions. |
For details on the device support and service support for each of these modes, see Traffic Vectoring Options in the Jamf Security documentation.
Please see our Legal Disclaimer on links to third party web sites.