Welcome back to the blog series, . Use cases 1 to 4 focused on IT Operations and quality of life improvement. The next 4 use cases cover Security Enhancement. Today is use case #5, Compliance Policy Engine (on steroids).
As a reminder, this is just one of many resources for you around Workspace ONE Intelligence. There are numerous blog posts and articles covering various aspects of the solutions, including this awesome . Check it out!
For now, let’s investigate the security aspect of Workspace ONE Intelligence. I pick the top four security enhancement use cases through Workspace ONE Intelligence — three of which are out-of-the-box which you can take advantage of right now, while the other one requires a third-party integration with your Mobile Threat Defense (MTD) solution of choice.
Compliance Policy Engine (on steroids)
I am sure 99.9% of you reading this are familiar with the Compliance Policy Engine in Workspace ONE UEM. After all, that is the predecessor of Workspace ONE Intelligence Automation. Compliance Policy Engine in UEM has been a great solution. However, what we can achieve with Workspace ONE Intelligence Automation will lift the compliance standard to the next level.
The main limitation of Workspace ONE UEM’s Compliance Policy Engine, as you may already know, is its pure focus on the device management portion. For Android and iOS devices, you have just a bit more than a dozen rules you can enforce and only a few options for remediation actions — sending user notifications, blocking resources (profiles & apps), installing additional restrictions, and, as a last resort, enterprise wiping the devices.
Now, in a lot of cases, that would be sufficient. With Workspace ONE Intelligence Automation, though, there is a lot more we can do. Workspace ONE Intelligence can give you much more flexibility than the UEM’s Compliance Engine can. First, the world is your oyster. Virtually any data points collected from the devices can be used in your ruleset, including advanced attributes like device risk score, sensor (for desktop use case), or any data from your integrated third-party platforms.
Second, apart from having the full Workspace ONE UEM API library that you can utilize as your remediation action, Workspace ONE Intelligence integrates with other solutions through and . We can send user notifications, remove apps and profiles, install additional restrictions, or wipe the devices, just like the legacy Compliance Engine can. We also can create an incident through ServiceNow, send group messages in or , move devices to a different organization group to quarantine, and even tag the devices and trigger another workflow to run.
Compliance Rule Examples
Here are some of the compliance rule examples you may want to consider adding to your environment. (A fair warning…some of these examples are likely to pop up again in other use cases. However, I will go deeper into those use cases as we get to them.)
- Devices with Compromised Status.
- Devices without passcode & restriction policies.
- Devices with out-of-date OS or a potential target for a zero-day exploit — we will dive deeper into this in use case #6.
- Devices with a high-risk score (calculated by Intelligence Risk Analytics - we will cover high-risk score in this post.)
- Devices without security-related apps that your organization chooses e.g., Lookout, Better Mobile, Check Point, Intelligent Hub (yes, Intelligent Hub is a security-related app), and more.
- Devices with high threat levels gathered from Workspace ONE Trust Network (We will cover this example in this post as well.)
In addition to the custom template that you can create yourselves, there are also a few available workflow templates you can explore. Here are the currently available workflow templates you can choose from, under Device Compliance.
Figure: Available Workspace ONE Intelligence Automation workflow templates for Device Compliance
Here is one example of the workflow from the pre-configured template readily available in Workspace ONE Intelligence. We are creating a incident flagging compromised enrolled devices, allowing the helpdesk team to reach out to the end-users to resolve the issue.
Figure: Automation workflow to create ServiceNow incident for compromised devices
Here is another example of a compliance policy you can create through a custom workflow. In this case, we are checking if iOS devices have Workspace ONE Intelligent Hub installed or not. (Intelligent Hub is used for compromised status detection and, if enabled, Mobile Threat Defense). If the devices do not have Intelligent Hub installed for any reason, we re-push the application down to the devices.
Figure: Workflow to reinstall Intelligent Hub application if devices do not have the app installed
Let us know if you have any other use cases with Workspace ONE Intelligence Automation. We love to learn more from you as well! Watch this space for the next post in this series, Intelligence Use Case: .