McAfee MVISION Mobile Microsoft Intune Integration Guide

Similar documents
McAfee MVISION Mobile Microsoft Intune Integration Guide

McAfee MVISION Mobile IBM MaaS360 Integration Guide

McAfee MVISION Mobile IBM MaaS360 Integration Guide

McAfee MVISION Mobile AirWatch Integration Guide

McAfee MVISION Mobile Citrix XenMobile Integration Guide

McAfee MVISION Mobile MobileIron Integration Guide

McAfee MVISION Mobile epo Extension Product Guide

McAfee MVISION Mobile Silverback Integration Guide

Data Loss Prevention Discover 11.0

Installation Guide. McAfee Web Gateway Cloud Service

McAfee Content Security Reporter 2.6.x Migration Guide

Migration Guide. McAfee Content Security Reporter 2.4.0

Reference Guide Revision B. McAfee Cloud Workload Security 5.0.0

McAfee MVISION Mobile Threat Detection Android App Product Guide

Product Guide Revision A. McAfee Client Proxy 2.3.2

McAfee MVISION Endpoint 1808 Installation Guide

Installation Guide. McAfee Endpoint Security for Servers 5.0.0

McAfee Client Proxy Product Guide. (McAfee epolicy Orchestrator)

McAfee Content Security Reporter Installation Guide. (McAfee epolicy Orchestrator)

McAfee Client Proxy Installation Guide

McAfee Content Security Reporter Release Notes. (McAfee epolicy Orchestrator)

McAfee Client Proxy Product Guide. (McAfee epolicy Orchestrator)

McAfee MVISION Endpoint 1811 Installation Guide

McAfee Client Proxy Product Guide

McAfee Host Intrusion Prevention 8.0

McAfee Investigator Product Guide

McAfee Content Security Reporter 2.6.x Installation Guide

McAfee Endpoint Security for Servers Product Guide. (McAfee epolicy Orchestrator)

McAfee epolicy Orchestrator 5.9.1

Installation Guide Revision B. McAfee Cloud Workload Security 5.0.0

McAfee Boot Attestation Service 3.5.0

McAfee Application Control Windows Installation Guide. (McAfee epolicy Orchestrator)

McAfee Endpoint Security for Servers Product Guide

McAfee Drive Encryption Client Transfer Migration Guide. (McAfee epolicy Orchestrator)

McAfee File and Removable Media Protection Installation Guide

Migration Guide. McAfee File and Removable Media Protection 5.0.0

Addendum. McAfee Virtual Advanced Threat Defense

McAfee Cloud Workload Security Suite Amazon Machine Image Installation Guide

McAfee Firewall Enterprise epolicy Orchestrator Extension

Product Guide. McAfee Web Gateway Cloud Service

Boot Attestation Service 3.0.0

McAfee Endpoint Security Migration Guide. (McAfee epolicy Orchestrator)

McAfee Data Protection for Cloud 1.0.1

Addendum. McAfee Virtual Advanced Threat Defense

Product Guide. McAfee Web Gateway Cloud Service

Reference Guide. McAfee Security for Microsoft Exchange 8.6.0

Product Guide. McAfee Endpoint Upgrade Assistant 1.5.0

Account Management. Administrator Guide. Secure Gateway (SEG) Service Administrative Guides. Revised August 2013

McAfee Rogue Database Detection For use with epolicy Orchestrator Software

McAfee Endpoint Security

McAfee Endpoint Security Threat Prevention Installation Guide - Linux

McAfee File and Removable Media Protection 6.0.0

McAfee File and Removable Media Protection Product Guide

Product Guide. McAfee Endpoint Upgrade Assistant 1.4.0

McAfee Endpoint Upgrade Assistant 2.3.x Product Guide

McAfee Endpoint Upgrade Assistant Product Guide. (McAfee epolicy Orchestrator 5.9.0)

McAfee Cloud Identity Manager

Archiving Service. Exchange server setup (2010) Secure Gateway (SEG) Service Administrative Guides

McAfee Endpoint Security Threat Prevention Installation Guide - macos

Product Guide Revision B. McAfee Cloud Workload Security 5.0.0

McAfee Endpoint Upgrade Assistant Product Guide. (McAfee epolicy Orchestrator)

McAfee epolicy Orchestrator Software

McAfee Application Control Windows Installation Guide. (Unmanaged)

Firewall Enterprise epolicy Orchestrator

McAfee Policy Auditor 6.2.2

McAfee Network Security Platform

McAfee Cloud Workload Security Product Guide

McAfee Endpoint Security for Linux Threat Prevention Interface Reference Guide

McAfee Agent Interface Reference Guide. (McAfee epolicy Orchestrator Cloud)

McAfee Management for Optimized Virtual Environments AntiVirus 4.5.0

McAfee Network Security Platform

Product Guide. McAfee Content Security Reporter 2.4.0

McAfee Application Control Windows Installation Guide

McAfee Enterprise Mobility Management 12.0 Software

Product Guide. McAfee Performance Optimizer 2.2.0

McAfee Application Control and McAfee Change Control Linux Product Guide Linux

Best Practices Guide. Amazon OpsWorks and Data Center Connector for AWS

McAfee Cloud Identity Manager

Hardware Guide. McAfee MVM3200 Appliance

McAfee Cloud Identity Manager

McAfee Data Exchange Layer Product Guide. (McAfee epolicy Orchestrator)

McAfee Cloud Identity Manager

McAfee Cloud Identity Manager

McAfee Cloud Identity Manager

McAfee MVISION Mobile Console Product Guide

McAfee Cloud Identity Manager

McAfee Application Control Linux Product Guide. (McAfee epolicy Orchestrator)

McAfee Content Security Reporter Product Guide. (McAfee epolicy Orchestrator)

Product overview. McAfee Web Protection Hybrid Integration Guide. Overview

Deploying the hybrid solution

McAfee Cloud Identity Manager

Installation Guide. McAfee Enterprise Mobility Management 10.1

McAfee Network Security Platform 8.3

McAfee Content Security Reporter 2.6.x Product Guide

Deploying Lookout with IBM MaaS360

McAfee Performance Optimizer 2.1.0

McAfee Management of Native Encryption 3.0.0

Scripting Guide. McAfee Drive Encryption 7.2.0

McAfee Agent 5.6.x Product Guide

McAfee Network Security Platform 8.1

Transcription:

McAfee MVISION Mobile Microsoft Intune Integration Guide Administrator's guide for providing Integration with Microsoft Intune MDM September 2018

COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee epo, McAfee EMM, Foundstone, McAfee LiveSafe, McAfee QuickClean, Safe Eyes, McAfee SECURE, SecureOS, McAfee Shredder, SiteAdvisor, McAfee Stinger, True Key, TrustedSource, VirusScan are trademarks or registered trademarks of McAfee, LLC or its subsidiaries in the US and other countries. Other marks and brands may be claimed as the property of others. LICENSE INFORMATION License Agreement NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND.

Contents Integration with Microsoft Intune... 4 Overview... 4 Requirements... 4 Architecture... 4 Protection Methods... 5 Configuration Levels... 5 Level 1: Basic Application Deployment... 5 Level 2a: User Synchronization... 6 Create an Administrator User... 7 Create Groups... 7 Set Up User Synchronization in the MVISION Mobile Console... 7 Ad-hoc MDM Synchronization... 8 Level 2b: Auto Sign-in/Advanced Application Deployment... 8 Level 3: Basic Protection... 9 Level 4: Granular Protection... 9 Appendix A - ios User Experience...10 Appendix B - Android User Experience...11

Integration with Microsoft Intune Overview Integration with an MDM is not required, however, when an MDM is integrated, the MVISION Mobile Console can synchronize users and devices from the MDM, provide transparent user access to MVISION Mobile Threat Detection Application and provide more granular and specific protection actions. McAfee MVISION Mobile Threat Detection Application detects malicious activity and depending on the platform, is able to take actions locally. When MVISION Mobile Threat Detection Application is integrated with an MDM, protection actions can be performed by the MDM, providing a very powerful protection tool. Upon detection of an event, the new risk posture level, defined by the severity of the event, is sent to Microsoft Intune via secure API s. Microsoft Intune starts a workflow to take specific actions that match the level provided, as defined by the Microsoft Intune Administrator. Different workflows can be created to handle different risk posture levels on devices via device compliance policies. Requirements Integration with Microsoft Intune requires a connection between the McAfee MVISION Mobile Console and the Microsoft Intune API server. This is accomplished via the Internet using SSL on TCP port 443. In a typical Microsoft Intune deployment, there are no changes that need to occur for this communication. The following table details specific requirements for the Intune Integration. Item Microsoft Intune enrolled device Android MVISION Mobile Threat Detection Application ios MVISION Mobile Threat Detection Application Administrator Account for Microsoft Intune management console. MS Authenticator on ios Specifics ios or Android v4.1 or higher v4.1 or higher Initially the role of Global Administrator is required. Once the initial set up is completed, the Limited Administrator with Intune Administrator is sufficient. Required for SSO on ios devices Architecture McAfee integrates with Microsoft Intune MDM with different configuration levels which are described in the McAfee MVISION Mobile Console Configuration Guide available in the customer portal. Each level is addressed further on in this document with specific configuration instructions. To achieve level 2 4

integrations, the MVISION Mobile Console is configured to share information with the Microsoft Intune console through API access. When MVISION Mobile Threat Detection Application detects an event, it consults the current Threat Response Policy/Matrix resident on the device and if there is a specific MDM action defined, this is communicated to the Cloud server. The Cloud server then reaches out to the proper Microsoft Intune API Server and performs the action defined for the risk posture level of the device. Protection Methods McAfee interacts with the Microsoft Intune MDM through API s that provide the ability to modify device configurations securely over the internet. Microsoft Intune takes specific actions based on the Mobile Threat Level defined for a device and the Device Health setting: Device Compliance/ Policies/ Create Policy. The possible mobile threat levels are: Secured, Low, Medium and High. Define the minimally acceptable mobile threat level in the Device Health policy. These levels correspond to the McAfee severity levels of the following: Intune Mobile Threat Level Secured Low Medium High McAfee Mobile Threat Level Normal Low Elevated Critical The device Risk Posture in MVISION Mobile Console is the highest severity level of a pending event assigned to a device. McAfee sends the devices updated risk posture in response to a threat if the Threat Response Policy/Matrix is set to Inform Intune for that threat. The Severity of the threat is sent to Microsoft Intune and matched up with the mobile threat level on Intune. Configuration Levels Level 1: Basic Application Deployment To deploy the MVISION Mobile Threat Detection Application through Microsoft Intune, ask your Customer Success Team at McAfee for the ios Enterprise and/or Android version of MVISION Mobile Threat Detection Application. Both ios and Android MVISION Mobile Threat Detection Application are in their respective public application stores, but it is good practice to deploy the Android MVISION Mobile Threat Detection Application through Microsoft Intune as a Line-of-business app. This allows

McAfee to provide updates to the MVISION Mobile Threat Detection Application ahead of being in the store. To deploy as a Line-of-business app, login to Microsoft Intune with the admin account of where the application should be installed. Navigate to: Mobile Apps/ Apps and click on +Add. Choose Line-of business app for the App type and select the App package file for the MVISION Mobile Threat Detection Application app you are adding. To publish the MVISION Mobile Threat Detection Application from the public application store instead, create a new public application and search the appropriate store for MVISION Mobile Threat Detection Application. Assign the app as defined by your corporate policy to whatever groups are to be protected. To do this, navigate to Mobile Apps/ Apps and click on the app you just added and click on Assignments. Click Add Group. Select the Assignment type, most likely this is a value of Required and then click on Included Groups to select the groups to deploy MVISION Mobile Threat Detection Application. Then click Select Groups to pick the groups. You finish by clicking Select and then Save. Level 2a: User Synchronization To avoid having to create user credentials and to manage the user management lifecycle, devices and their associated users can be synchronized through MDM integration. This allows all device and user management functions to be handled at the MDM console. User sync also provides SSO access so that users can utilize their Azure credentials when starting MVISION Mobile Threat Detection Application. To support SSO in ios, the Microsoft Authenticator app is required on the device where MVISION Mobile Threat Detection Application is installed. Set this app up in Intune from the App store and assign to the same ios devices that are protected by MVISION Mobile Threat Detection Application. When ios users startup MVISION Mobile Threat Detection Application, they are redirected to login via Microsoft Authenticator with their Azure credentials. Android users do not need to have Microsoft Authenticator on their device, but still use their Azure credentials to log in to MVISION Mobile Threat Detection Application. See Appendix A for the ios user experience and Appendix B for the Android user experience. After the initial User Synchronization during the MDM Integration setup, devices are managed through a scheduled synchronization process that runs every four hours. Any changes in the group(s) being used for synchronization are duplicated at the MVISION Mobile Console. If devices are removed, then they are removed from the MVISION Mobile Console. Doing this does not remove any of the events associated with that device.

The integration needs to be enabled to allow Intune to synchronize devices and data with MVISION Mobile Console. From the Intune console on Azure, navigate to Device compliance/ Mobile Threat Defense/ McAfee. Toggle the connection options so that they are On for both Android and ios Devices as required for your deployment. The link to Open the McAfee admin console is a live link that opens a new window and perform Single- Sign-On to your specific console. Create an Administrator User Create an administrator user ID to use for API access by performing the following steps: 1) Navigate to Intune/ Users/ click on + New user 2) Enter the Name, User name and choose Global administrator for the directory role. Then click OK. Click Show Password if you need to see the default password, and then click Create. Note: You set the roles for the administrator after these steps are completed. See the Note after the last step. Create Groups 1) Create the group of type Security 2) Provide the group name. 3) Select the membership type of Assigned 4) Click the Members and add the users to the group. Set Up User Synchronization in the MVISION Mobile Console Perform the following steps to set up the synchronization: 1) Navigate to the Management page and select MDM Settings. 2) Click on Add MDM and select the Microsoft Intune icon. 3) Click each button to Add to Azure Directory for the Microsoft Intune integration to be complete. 4) When you click on the buttons you are taken to your Microsoft Intune console to accept the connection. Enter the Admin credentials just created, click the Accept button and repeat for the other two integration links. 5) When the page below appears, the tenant ID should be automatically filled in. Ensure Sync users is checked and click Next.

6) Choose the Azure group(s) to synchronize with from the Available MDM Groups on the left. After a group is chosen it appears in the Selected MVISION Mobile Console Groups on the right hand side. 7) In the example below two groups have been chosen, Executives and Grunts. If a device is in more than one group, the first group from the top down is the group the MVISION Mobile Console uses for that device. You can move groups in the hierarchy by selecting them and dragging them up or down. Click Finish to save the configuration and start the first synchronization. 8) The Azure Groups are retrieved and user/device synchronization is completed. 9) You can verify this by going to the Devices or Users pages in the MVISION Mobile Console to verify they are showing up. The device entries are greyed out until the user starts up MVISION Mobile Threat Detection Application and activates (logs in). Note: After the initial setup (add and grant of the applications) and the synchronization has completed, you can update the administrator (used as the API administrator) to the Limited administrator directory role and select the role of Intune administrator. Ad-hoc MDM Synchronization Due to the four-hour MDM synchronization window, there are times when a newly enrolled MDM user has MVISION Mobile Threat Detection Application pushed down to their device and attempt to start it prior to the device actually being synchronized from the MDM. This is not an issue when integrated with Microsoft Intune, MVISION Mobile Threat Detection Application handles ad-hoc synchronization with single sign-on via Microsoft Azure and Intune services. To handle this auto sign-in has to be enabled. Level 2b: Auto Sign-in/Advanced Application Deployment The McAfee MVISION Mobile Threat Detection Application automatically performs auto sign-in when integrated with Microsoft Intune. The Microsoft Intune implementation needs to be configured to send extra information to the ios MVISION Mobile Threat Detection Application app when it is pushed down to the device. To do this, navigate to: Mobile Apps/ App configuration policies and click on +Add. After entering a name for the policy and a description choose Managed Devices and then ios. Navigate to Configuration settings. Choose XML Configured. Next, navigate to Assignments and select the groups this configuration applies. The following details the XML data to use: <dict><key>provider</key><string>intune</string><key>defaultchannel</key><string>https://acce ptor.mcafee.com:443/srx</string><key>userprincipalname</key><string>{{userprincipalname}}</s tring><key>serial</key><string>{{serialnumber}}</string></dict> Note: This string format cannot contain any spaces or line feed/carriage returns. Your Customer Success contact at McAfee or your Pre-Sales Engineer can provide the proper defaultchannel value to be used in your environment.

Level 3: Basic Protection This is not applicable. Level 4: Granular Protection The McAfee integration with Microsoft Intune provides a way to block access to company data such as email and other services. Compliance policies can be used to allow only devices below a defined mobile threat level to access certain data and services. If a threat is detected on a device and that threat has an MDM action of Inform Intune, then MVISION Mobile Console sends the new mobile threat level of that device to Microsoft Intune. The mobile threat level of the device is the highest threat event classification that is pending for that device, also known as the Risk Posture. To set Itune to take actions when a device falls below a defined threat level, in the Intune portal on Azure, navigate to: Intune/ Device Compliance/ Policies. Create policies for each OS Platform in your environment by clicking on the Create Policy tab. Enter the Name of the policy, a short description and choose the platform. In the next page that shows up click Device Health and select the minimally safe Mobile Threat Level for this platform. Options are Secured, Low, Medium, High. This is typically set to Medium so that when the device has a High Mobile Threat level it makes the device non-compliant. When a Critical threat is detected by MVISION Mobile Threat Detection Application, it corresponds to the High Mobile Threat Level in Intune. Conditional access policies prevent a non-compliant device from accessing those as defined resources setup by our Intune Administrator. Then navigate to the Policy page in MVISION Mobile Console and select the MVISION Mobile Console group you want to target. For each threat classification that you want Microsoft Intune to know about, set the MDM Action column to Inform Intune. For situations where the threat can be mitigated or is no longer present, set the Mitigation Action column to Inform Intune as well and the Mobile Threat Level of the device is adjusted accordingly.

Appendix A - ios User Experience Upon a successful enrollment in Intune, several apps are pushed down to your device. Two of them should have been: 1) ios McAfee MVSION Mobile App: 2) ios Microsoft Authenticator: The McAfee MVISION Mobile app needs to be started either manually by pressing on it or a link can be sent to the user via text or email that they can then press, as described in the ios McAfee MVISION Mobile Platform guide. Either way, when McAfee MVISION Mobile starts up in an Intune environment, it first tries to authenticate via Azure credentials with Microsoft Authenticator. 1) The first thing the User sees is a request saying McAfee MVISION Mobile wants to open Authenticator. The user should press on Open 2) The Authenticator screen starts up and a notification pops up stating that Authenticator Would like to Send You Notifications. The user should press Allow to continue. 3) At this point it is possible that the user is interrupted by multiple notification and requests from McAfee MVISION Mobile to allow to access certain items. The user should Allow these requests. 4) When done with the requests, the user should see a screen in Microsoft Authenticator showing them their user ID from Azure and asking them to type in the Azure password. The user should enter their password and press sign in. 5) After the sign in or activation process, McAfee MVISION Mobile is automatically opened up again and it should display the main dashboard showing that it is protecting the device. 6) If the authentication failed, the user is prompted to enter their activation information. If this occurs, the SSO with Azure failed and some investigation is required to figure out the reason.

Appendix B - Android User Experience Upon a successful enrollment in Intune, several apps are pushed down to your device. One of them should have been ios McAfee MVISION Mobile Threat Detection Application: The MVISION Mobile Threat Detection app needs to be started either manually by pressing on it or a link can be sent to the user via text or email that they can then press, as described in the Android MVISION Mobile Threat Detection Application Platform guide. Either way, when MVISION Mobile Threat Detection Application starts up in an Intune environment, it first tries to authenticate via Azure credentials. Once started the screen on the left is displayed showing that the user is logging in using the SSO Azure credentials. The user does not need to input a password. When this is completed, the user is logged in and MVISION Mobile Threat Detection Application shows as Protecting the device.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback