Advanced device configurations

IBM® MaaS360® identifies devices that configured advanced settings such as Developer mode and marks those devices as non-compliant.

Advanced device settings help the users to remotely control the device and perform potentially dangerous actions. The actions can include installing and uninstalling apps, changing app permissions, or deleting the app data. For example, if USB debugging mode is turned on, hackers can gain total control of the connected device from a remote computer.

IBM MaaS360 monitors managed devices to identify the following settings.
  • Devices with developer mode enabled
  • Devices with device attestation status failed
  • Devices with USB debugging enabled
Supported devices
  • Android
Note: MaaS360 automatically detects advanced device settings if Endpoint Threat Management is enabled. Administrators do not need to configure and push endpoint security policies to devices.

Configuring risk rules for advanced device configurations

When a risk incident is detected, MaaS360 validates that risk incident against your risk rule to calculate the severity and risk score for the devices and users. By default, the risk rules for advanced device settings are enabled in the MaaS360 portal. You can use the Risk Rule Configurator to disable the risk rule, modify the threshold, and adjust the severity.

Follow these steps to configure risk rules for advanced device settings:
  1. From the IBM MaaS360 Portal home page, go to Security > Security Management > Risk Rule Configurator.
  2. Configure the following settings.
    Enable the following Risk rules.
    • Device attestation status
    • USB debugging enabled
    • Developer debugging enabled

    Condition: Define the severity of the advanced device configuration.

    Default condition

    Condition Severity Description
    Device attestation status = Failed High This rule checks the health of the device every 24 hours.
    USB debugging enabled = True Medium This rule checks if USB debugging is enabled on devices.
    Developer debugging enabled = True Low This rule checks if the development mode is enabled on the device.

What happens when advanced device configurations are detected on the device?

MaaS360 does not support response or remediation actions for advanced device configuration incidents.

Tracking advanced device settings incidents on the Security Dashboard

Devices report all advanced device configuration incidents to the MaaS360 portal in real-time. If those incidents meet the Risk Rule criteria set by the administrators, MaaS360 generates a risk incident in the Security Dashboard.

Follow these steps to track security violations and incidents on the Security Dashboard:
  1. Go to Security > Security Dashboard.
  2. In the Top risk incidents widget, click the Affected devices numbered link.

    The affected devices with details are displayed.

  3. Click the username. The User Summary page displays all the risk incidents against the affected device.
  4. Click an advanced device configuration incident to view more details about that incident.

For more information about other common widgets on the Security Dashboard, see Tracking security events on the Security Dashboard.