Endpoint Admission Defense Help >> Operation Guide >> MDM Collaboration Policy

MDM Collaboration Policy

Use this function to configure check items for smart devices. Check items vary with MDM vendors and changes with the MDM vendor type in the vendor configuration. When you select an existing MDM collaboration policy from the Security Policy list, also select a network action (no action, isolate, or kick out) and a device action (no action, lock, wipe corporation data, or wipe data) from the Security Level list for policy violation.

Functions

• Add/Modify Collaboration Policy

Operation Procedure

1. Enter MDM Collaboration Policy page
   Click the User tab.From the navigation tree, select User Security Policy > MDM collaboration policy.
2. Click Add to add a MDM collaboration policy. Click the Modify iconfor a MDM collaboration policy to modify it.
3. Enter or modify the basic information for the MDM collaboration policy, and select the check items.
4. Click OK.

Parameters

• Service Group: Select a service group for the MDM collaboration policy. The service group ensures privilege management of the MDM collaboration policy. The administrators and maintainers can add the MDM collaboration policy to one of the service groups to which they have the management privilege.
• Require Endpoint Registered: Specifies whether the smart device must be registered on the MDM server.
• Require Endpoint Compliant: Specifies whether the smart device must meet the compliant requirements specified on the MDM server.
• Enable GPS Service: Specifies whether the GPS service must be enabled on the smart device.
• Enable Auto Lock: Specifies whether the auto lock service must be enabled on the smart device.
• Disable Bluetooth: Specifies whether the Bluetooth service must be disabled on the smart device.
• Require Camera Disabled: Specifies whether the camera service must be disabled on the smart device.
• Prohibit Jailbreaking or Rooting: Specifies whether the smart device must be prohibited from jail-breaking or rooting.
• Require Password Locking Enabled: Specifies whether the password lock service must be enabled on the smart device.
• Require Storage Encryption Enabled: Specifies whether the storage encryption service must be enabled on the smart device.

Precautions

• The MDM collaboration policy name must be unique.
• When modifying a MDM collaboration policy, you are not allowed to modify the service group to which the MDM collaboration policy belongs.
• The Require Endpoint Registered option is the prerequisite for the other options.
• The check items to be configured changes dynamically with the MDM vendor type in the MDM vendor configuration, so you cannot add a MDM collaboration if the vendor type is disabled in the MDM vendor configuration.
• Delete MDM collaboration policy

Operation Procedure

1. Enter MDM Collaboration Policy page
   Click the User tab.From the navigation tree, select User Security Policy > MDM collaboration policy.
2. Click the Delete iconfor a MDM collaboration policy to delete it. A confirmation dialog box appears.
3. Click OK.

Precautions

• The MDM collaboration policy being used by a security policy cannot be deleted.

Related Topics

• Security Policy Management
• Security Level Management
• MDM Vendor Configuration