October 22, 2024

Introducing Workspace ONE UEM Smart Group Based Configuration of Workspace ONE Mobile Threat Defense

Omnissa Workspace ONE Mobile Threat Defense is a complete mobile security solution that protects against a variety of risks. It addresses issues like device weaknesses, unsafe settings, rogue Wi-Fi networks, man-in-the-middle attacks, and harmful applications.

Omnissa Workspace ONE Mobile Threat Defense is a comprehensive mobile security solution that addresses the full breadth of risks including device vulnerabilities and risky configurations, rogue Wi-Fi access points and machine-in-the-middle (MiTM) attacks, application, phishing and malicious content that that are present on mobile devices (iOS/iPadOS, Android and ChromeOS).

Support for Workspace ONE Mobile Threat Defense Activation using UEM Smart Groups

Assignment groups in Workspace ONE UEM are used to organize and assign configurations, applications, and policies to specific devices and users. These groups allow administrators to target and deploy resources based on various criteria. An assignment group can either be an organization group (OG) or a smart group.

While organization groups help to structure devices hierarchically based on factors such as location or business unit, smart groups provide administrators with more specific targeting options. They allow you to create dynamic groups based on multiple criteria, such as device type, operating system, user group, or even custom attributes. This flexibility ensures that resources like apps or policies are assigned with greater precision. For example, you can deploy a security profile to devices running a specific OS version or assign applications only to users in certain departments, without needing to rework the entire organization structure. In contrast, organization groups work well for broad assignments but lack the detailed targeting that smart groups provide.

Workspace ONE Mobile Threat Defense administrators have been limited to configure the activation of Workspace ONE Mobile Threat Defense using only organization groups (OG) in UEM. This posed a challenge for administrators wanting to roll out Workspace ONE Mobile Threat Defense in a phased approach for certain devices or users and manage different sets of policies for different sets of devices.

We are introducing the ability for administrators to assign Workspace ONE Mobile Threat Defense to smart groups. This will significantly improve the process of deploying and managing Workspace ONE Mobile Threat Defense security policies. Some key benefits to Omnissa customers include the following:

  • Ability to assign and manage Workspace ONE Mobile Threat Defense policies for a dynamic and targeted set of devices.
  • Ability to prioritize Workspace ONE Mobile Threat Defense assignments such that devices receive only their highest-ranking assignment and Workspace ONE Mobile Threat Defense policies.

Requirements

To assign Workspace ONE Mobile Threat Defense configuration to smart groups in UEM, customers must have the following:

  • Workspace ONE UEM version 24.06+ with the modern architecture enabled
    • During the rollout phase of UEM Modern architecture, you might need to request through Omnissa support the enablement of the MtdProfileConfigurationFeatureFlag feature flag. 
  • Intelligent Hub version 24.09+ on iOS and Android

Configuring Workspace ONE Mobile Threat Defense in Workspace ONE UEM

Omnissa customers deploying this will fall into one of the following two categories:

  • New customers who have deployed Workspace ONE Mobile Threat Defense into their current UEM tenant.
  • Existing customers who have deployed Workspace ONE Mobile Threat Defense previously using the SDK custom settings.

New customers should follow these steps:

  1. Set up the Workspace ONE Mobile Threat Defense console to Workspace ONE UEM console integration.

Note: Administrators need to ensure that the smart group for device synchronization must include ALL devices in the smart groups that have been assigned MTD. The same smart group can be used if assigning MTD to only one smart group.

  1. Deploy Workspace ONE Mobile Threat Defense assignments via the Workspace ONE Mobile Threat Defense configuration page by navigating to Groups & Settings > Configurations > Workspace ONE Mobile Threat Defense. Configure the Workspace ONE Mobile Threat Defense assignments, the relevant smart groups the Workspace ONE Mobile Threat Defense enrollment code then publish the assignment.

 

A screenshot of a computer Description automatically generated

  1. Search for MTD configuration in Workspace ONE UEM Console
     

A screenshot of a computer Description automatically generated

  1. Define assignment groups and priorities for devices entitled for MTD activation

A screenshot of a computer Description automatically generated

  1. Assign the Smartgroup(s)

A screenshot of a computer Description automatically generated

  1. Define the enrollment code for the group of devices
    1. Add isEntitled JSON value to SDK custom settings and set value to TRUE. This should be added to top level OG. If the SDK custom settings are overridden in a child OG, this should be added to this child OG.
{
 "mtdSettings":{
    "isEntitled":true
 }
}

Existing customers should follow these steps: 

  1. Administrators should ensure that the smart group for device synchronization must include ALL devices in the smart groups that have been assigned Workspace ONE Mobile Threat Defense. The same smart group can be used if assigning Workspace ONE Mobile Threat Defense to only one smart group.
     
  2. Deploy Workspace ONE Mobile Threat Defense assignments via the Workspace ONE Mobile Threat Defense configuration page by navigating to Groups & Settings > Configurations > Workspace ONE Mobile Threat Defense. Configure the Workspace ONE Mobile Threat Defense assignments, the relevant smart groups the Workspace ONE Mobile Threat Defense enrollment code then publish the assignment.
     
  3. Delete the existing isEnabled and enrollmentCode JSON values in the SDK custom setting configuration. If this configuration is at the top-level OG, simply update Workspace ONE Mobile Threat Defense SDK custom setting configuration to only include the isEntitled value as in (iv) below.
     
  4. Add isEntitled JSON value to SDK custom settings and set value to TRUE. This should be added to top level OG. If the SDK custom settings are overridden in a child OG, this should be added to this child OG.
{
 "mtdSettings":{
    "isEntitled":true
 }
}
 

Please refer to the Workspace ONE Mobile Threat Defense documentation page for more on configuring Workspace ONE Mobile Threat Defense.

Bringing Management and Security Closer

Workspace ONE Mobile Threat Defense simplifies device protection for organizations by integrating security management directly into the Workspace ONE platform. This solution brings device management and security closer together, allowing administrators to prevent, detect, and respond to threats more effectively. This integration reduces the need for separate security solutions, streamlining the overall management process while ensuring devices remain secure.

As security needs evolve, Workspace ONE Mobile Threat Defense will continue to enhance its capabilities to offer a more integrated administration experience. Future updates will focus on deeper integration and more intuitive tools, enabling even greater control and protection for mobile devices across the enterprise.

These advancements reflect Omnissa’s ongoing commitment to providing an autonomous workspace that is smart, seamless and secure.

You can learn more about Workspace ONE Mobile Threat Defense on Tech Zone.

Filter Tags

Workspace ONE Workspace ONE MTD Workspace ONE UEM Blog Announcement

Andreano Lanusse

Read More from the Author

Staff Architect, End User Computing. Andreano Lanusse is an experienced professional with a diverse background in multiple technologies, including the Omnissa portfolio. He has successfully led some of Omnissa's largest Digital Workspace deployments within the financial sector. In his role as Staff Architect, he serves as a subject matter expert, empowering the technical community through the creation of comprehensive technical content across the Omnissa Platform, Security, and Workspace ONE. His contributions include developing Reference Architectures for Workspace ONE and Horizon, fostering innovation and best practices in digital workspace solutions.

VIEW MORE

Chukwudi Udenze

Read More from the Author

Chukwudi Udenze is a Product Manager on the Security Solutions team at Omnissa. He is responsible for Omnissa's Workspace ONE Mobile Threat Defense solution as well as other security and access initiatives within the Omnissa product portfolio.

VIEW MORE