The GlobalProtect Mobile Security Manager provides management, visibility, and automated configuration deployment for mobile devices—either company provisioned or employee owned—on your network. Because the Mobile Security Manager is part of the integrated GlobalProtect mobile solution, the GlobalProtect gateway can leverage information about managed devices and use the extended host information collected by the Mobile Security Manager to provide enhanced security policy enforcement for managed devices.
Read on to learn more about new GlobalProtect Mobile Security Manager features for 6.2!
App Store Reporting
You can now customize or configure PDF reports for new mobile device reports on the GlobalProtect Mobile Security Manager dashboard. When added as widgets to the dashboard, the reports display bar graphs showing the top 5 iOS managed public apps, iOS Enterprise apps, iOS VPP apps, Android public apps, or Android Enterprise apps. In addition, the Device Summary widget on the dashboard now displays pie charts showing the percentage of Android versus iOS devices and the top 5 device models.
For more information, see App Store Reports.
New Configuration Profiles for iOS 7
To support new iOS 7.0 MDM features, you can now configure iOS Configuration Profiles for AirPrint, AirPlay, Fonts, Global HTTP Proxy, Content Filter, and Single Sign-On in the GlobalProtect Mobile Security Manager. In addition, updates to the Restriction profile enable you to enforce backup restrictions that control enterprise data movement to the iCloud, security and privacy restrictions that control lock screen preferences, and settings that are specific to supervised iOS devices. Each profile contains the configuration settings that you push to a specific group of iOS devices and/or users.
Username Options for iOS Configuration Profiles
To support Email and Exchange Active Sync configuration requirements for Office 365, new options enable you to specify an email address as the username or a user-configured domain suffix as a fixed username.
For more information, see Username Options for Email and Exchange Active Sync Profiles.
S/MIME Email Support
When configuring S/MIME for Exchange Active Sync profiles, you can now enable per-message S/MIME signing and encryption. The new option provides device users flexibility and control over the security of email messages.
Android Password Combinations
You can now configure complex password combinations for Android devices using an Android Passcode profile. To enforce a complex password combination, specify the minimum number of complex characters and choose whether to require at least one letter and one number. You can also specify the minimum numbers, automatic lock timeout (in minutes), minimum password length, and other options to increase password security.
Android Client Certificates
You can now configure and deploy client certificates that you generate on the Mobile Security Manager or certificates that you import from a different CA to Android devices using an Android Certificate profile. Use any certificate the device will need to connect to your internal applications and services. If a passcode is set and the server has the private key of the certificate, the Mobile Security Manager pushes both the certificate and private key to the device. If no passcode is specified, the Mobile Security Manager pushes only the certificate to the device.
Device Enrollment Workflow
Instead of first connecting to the GlobalProtect portal, the GlobalProtect app now allows users on iOS devices to enroll with Mobile Security Manager first so that only known mobile devices can connect to GlobalProtect portal and gateway and establish VPN connection. Using the GlobalProtect Mobile Security Manager, you can configure VPN settings and configurations for the end user including the required certificates and app-level VPN settings. During the enrollment process, the Mobile Security Manager server will issue an identity certificate with the username of the enrolled user in the common name (CN) and authenticates using that identity certificate when setting up the VPN.
iOS Jailbreak Detection Without Locations Services
A GlobalProtect app running on iOS 7 now uses push notifications to report the status of rooted/jailbroken devices to the Mobile Security Manager. A key benefit to using push notifications is that they run periodically in the background. GlobalProtect apps running on earlier iOS versions use location services for this purpose, which run all the time. The change does not require any configuration changes and takes effect automatically for iOS 7 devices.
Want More GlobalProtect Documentation?
Check out the following resources:
- New Features Guide: Your go-to resource for all the new features in GlobalProtect Mobile Security Manager 6.2!
- Administrator’s Guide: Contains comprehensive information for setting up your GlobalProtect infrastructure to extend policy to all users, regardless of location or device. In addition, this guide provides instructions for setting up the GlobalProtect Mobile Security Manager for enhanced policy control and management of mobile devices.
- Release Notes: Provides information about the GlobalProtect Mobile Security Manager 6.2 release, known issues, software compatibility information, and addressed issues.
- Mobile Security Manager Quick Start (not updated for 6.2): Provides start-to-finish setup instructions for the GP-100.
- Agent User Guide (not updated for 6.2): Guides end users through the process of installing the GlobalProtect agent software on Mac and Windows platforms.
Pro tip: On the documentation search page, use the OS Version > 6.2 search facet to filter results for only documentation about GlobalProtect 6.2 or use Product Category > GlobalProtect to search across all GlobalProtect documentation.