Integrating IBM MaaS360 with Mobile Threat Defense

Information about integrating the IBM® MaaS360® Portal with the IBM MaaS360 Mobile Threat Defense (MTD) portal.

Before you begin

Make sure that you have the following access to establish a successful connection to the IBM MaaS360 Mobile Threat Defense Portal from the IBM MaaS360 API by using SSL. If you do not have the IBM MaaS360 MTD Portal, contact MaaS360 Sales Support for more information and license options.

Procedure

  1. Create an administrator in the IBM MaaS360 Portal for device synchronization. For more information, see Adding a portal administrator account, and Creating an admin role for portal administrators. Create a new Role by following the steps.
    1. From the IBM MaaS360 Portal Home page, select Setup > Portal Administration > Roles.
    2. Click Add Role.
    3. In the Basic Information screen, enter a Role Name, Role Description, and select the option Create new.
    4. Click Next to view the Grant Access Rights screen. Some of the rights, the categories, and the description are displayed as follows. For more information, see Access roles and rights for IBM MaaS360 Portal administrators.
    • Manage Custom Attributes
      To add, change, or delete custom attributes.
    • Selective Wipe
      To selectively wipe corporate data from the device.
    • Set Custom Attribute Value
      To set custom attributes.
    • User - Read only
      To set view-only access to the user.
    • View installed apps
      To view installed apps on a device.
    • View Private groups
      To view private device groups for all administrators.

    Contact MaaS360 Support to request an account transition to a Script Only Account. This process prevents the MaaS360 password from expiring and limits its use to the MTD service only.

  2. Create a MaaS360 API Access Key.
    1. From the MaaS360 Portal home page, go to Setup > Web Service API > Manage Access Keys.
    2. Click Generate Access Key, select MaaS360 Web Services from the Type list field, and enter the name in the Key Name filed.
    3. Click Generate. The following details are displayed in the Generate Access Key window.
      • PlatformID
      • Version
      • App ID
      • Access Key
  3. Create a Device Group. IBM MaaS360 uses groups to synchronize devices and associated users. Predefined groups are available in MaaS360, but you must create your groups instead of using predefined groups.
  4. Follow the steps to create an EMM connection from the IBM MaaS360 MTD Portal.
    1. Log in to the IBM MaaS360 MTD Portal.
    2. Go to Integration and click + Add New EMM.
    3. Select the IBM MaaS360 icon from the initial Create New Connection window.
    4. Configure the following fields for EMM connection.
      Name Description
      Connection Name Name for EMM connection.

      It adds a prefix to the group name.
      Team Team name for the EMM connection.
      URL The URL of the IBM MaaS360 API server.
      • M1 service URL (https://services.fiberlink.com)
      • M2 service URL (https://services.m2.maas360.com)
      • M3 service URL (https://services.m3.maas360.com)
      • M4 service URL (https://services.m4.maas360.com)
      • M6 service URL (https://services.m6.maas360.com)
      MDM Username The username (IBM MaaS360 administrator) to access the IBM MaaS360 MTD Portal.
      MDM Password The password to access the IBM MaaS360 MTD Portal.
      App Access Key API key value generated in the IBM MaaS360 MTD Portal after the web services are enabled.
      Billing ID Billing ID of MaaS360 MDM account.
      App ID App identity of MDM provider.
      App Version App version of MDM provider.
      Platform ID Platform ID of MDM provider.
      Threat Policy Create a Threat Policy in the Create New Connection window based on the selected policy.
      Privacy Policy Select the Privacy Policy for the EMM connection.
      Phishing Policy Select the Phishing Policy for the EMM connection.
      App Settings Select the App Settings Policy for the EMM connection.
      Device Inactivity Select the Device Inactivity Policy for the EMM connection.
    5. Select + to add your first group.
    6. Click Sync Connection to initiate the first IBM MaaS360 MTD sync.
      Note: Click Docs in the lower-left for more information about IBM MaaS360 MTD Portal documentation.
  5. Configure Device Actions from the IBM MaaS360 MTD Portal.
    1. Go to Policies > Threats and configure the following device actions.
      • Lock Device
        Locks the device screen temporarily. Users can unlock it manually even before they mitigate the threat.
      • Selective Wipe
        Wipes off specific enterprise data from the device, and you can view the status of the device in the Device Summary page.
  6. For customers with License Management enabled, they must assign the correct MTD license to every device to use the MTD features. To assign an MTD license to a device, see Assigning and managing licenses on devices.
  7. Configure and distribute the IBM MaaS360 MTD App.
    1. Adding an App Configuration. From the IBM MaaS360 Portal home page, select Apps > Catalog.
      IBM MaaS360 MTD for the Type (iOS and Android) apps are displayed in the App Catalog page.
    2. Click View in the IBM MaaS360 MTD.
    3. On the IBM MaaS360 MTD page, go to the App Configuration section and click Add configuration.
      IBM MaaS360 MTD configuration page is displayed.
    4. Select Manual configuration. The Configuration settings section is displayed to add the configurations in the Attribute name and Attribute value fields. Your IBM MaaS360 MTD Portal includes the necessary information for this configuration.
      1. Log in to your IBM MaaS360 MTD Portal.
      2. Go to Integrations.
      3. Click the key icon (Copy Configuration Values) in the Actions column for MaaS360 EMM connection.
      4. From the Key Value Pairs For EMM Configuration window, copy the Configuration Key Name and Configuration Key Value and add it to the App Configuration.
      Tip: To get the configuration details, login to your IBM MaaS360 MTD portal, and click Docs on lower-left. IBM MaaS360 MTD portal documentation is displayed. For detailed list of configuration, go to MTD Console User guide > integration > App config detail
    5. Deploy the App Configuration. Setting the configuration as the default applies to future App Distributions. You can deploy to a single device or groups of devices. Devices in Scope reflects the proper amount for Single or Groups distributions only. Confirm before you publish the configuration.
    6. Distribute the IBM MaaS360 MTD application. To avoid any issues, IBM recommends setting the IBM MaaS360 MTD app to Automatically install. Once the Application is installed, the users must start the IBM MaaS360 MTD app to approve the Data Collection.
  8. Optional: Configure the IBM MaaS360 Portal to fetch Risk Posture from your IBM MaaS360 MTD Portal.
    • Create two Custom Attributes as follows.
      • MTD Risk Posture (mtd_risk_posture) of type Enum. The values are as follows.
        • Normal
        • Low
        • Elevated
        • Critical
        Important: The risk posture values are used to indicate the device's risk level. For example, an EMM action is set to Critical when a particular threat occurs. This value depends on the IBM MaaS360 MTD Portal Threat Policy definition settings.
      • MTD Device of type Boolean.
    • Create the following Device Groups.
      • MTD Risk Posture Low using Custom Attribute with MTD Risk Posture as Low.
      • MTD Risk Posture Elevated using Custom Attribute with MTD Risk Posture as Low.
      • MTD Risk Posture Critical using Custom Attribute with MTD Risk Posture as Low.
      Note: To create a device group, see Creating a device group from Advanced Search results.

Results

The auto-activated version of the IBM MaaS360 MTD application is published and installed on the registered devices.

What to do next

You can monitor the devices' status from the IBM MaaS360 MTD portal.