User Risk Management for MaaS360

The User Risk Management feature assigns a risk score to a MaaS360 user based on risky behaviors and patterns on their devices. This feature allows administrators to address security and compliance issues with devices that are exhibiting risky behaviors and patterns.

Use the Security Dashboard to view the risk in the organization. The Security Dashboard provides an overview of risky users, risky devices, total risk incidents, and the average risk score that exists in the organization. On the User Summary page, administrators can drill down to risky users and devices to view a comprehensive list of incidents by user. Using the risk rule editor, administrators can customize the risk model to accommodate risk incidents in their organization.

Advantages of the User Risk Management feature

The User Risk Management feature provides the following advantages to administrators:

  • Provides a user-centric view of the organization's security posture.
  • Defines the risk with a customized risk score model.
  • Provides analytics and a dashboard that lists the risk profile trends across the organization and generates insights to improve security and compliance status.

Enabling the User Risk Management feature

From the MaaS360 Portal Home page, select Setup > Services > User Risk Management. After you enable this service, MaaS360 identifies risk incidents on devices that are enrolled in the customer account. You can view these risk incidents in the MaaS360 Portal at Security > Security Dashboard > Security Management .

You can also go to Security > Security Management > Risk Rule Configurator to further research risk management incidents.

Globalization support for the User Risk Management feature

The Risk Rule Configurator and the Security Dashboard support all the languages that are supported in the MaaS360 Portal. For more information about the languages that are supported in the MaaS360 Portal, see MaaS360 platform system requirements.

Key terms that are used for the User Risk Management feature

The following terms are used for the User Risk Management feature:
Term Description
Risk rules Conditions that identify risk incidents. For example, Jailbroken or Rooted State = True is a risk rule that leads to a risk incident. Administrators can view risk rules in the Risk Rule Configurator.
Risk incident An event satisfied the conditions that are associated with a risk rule and is considered risky.
  • The following states are used for risk incidents:
    • Active state: The condition that is defined in the risk rule still exists on the device.
    • Resolved state: The condition that is defined in the risk rule was resolved.
Incident severity Every risk rule and every risk incident is associated with a severity. The following severities are defined for rules and incidents: High, Medium, or Low.
Risk score The risk score that is associated with an incident. Currently, the Security Dashboard lists risk scores for users and devices. The higher the severity level of the incident, the higher the risk score.
User risk score The total amount of risk scores across all devices that a user owns. If the device risk score increases, the corresponding user risk score also increases.
Risky user A user who has a risk score.
Risky device Devices that have a risk score above zero.
Decay The rate that the impact of a risk incident on the risk score reduces over time.
Retention period The maximum number of days that the risk incident is retained for risk score evaluation.