Enabling Auto-Quarantine (AQ) for IBM Traveler

Follow these steps to enable the Cloud Extender® Auto-Quarantine (AQ) feature for integration with IBM® Traveler or IBM SmartCloud®.

About this task

The Auto-Quarantine (AQ) feature for IBM Traveler provides the following benefits:
  • Prevents new devices from connecting to your email server with ActiveSync
  • Automatically approves devices that are enrolled in MaaS360®
  • Automatically approves devices that receive email settings only from MaaS360
  • Automatically approves Secure Mail records
  • Automatically approves IBM Verse® client connections

The Auto-Quarantine (AQ) feature is only supported for IBM Traveler 9.0+. You can enable this feature directly on IBM Traveler. Existing ActiveSync devices are not affected when you enable Auto-Quarantine (AQ).

Procedure

  1. Log in to the MaaS360 Portal with Administrator credentials.
  2. Select Setup > Cloud Extender Settings, and then click Edit.
  3. Configure policies in the IBM Traveler section.
    Option Description
    Require approval for any new device discovered Use the default setting, where the Cloud Extender uses the Auto-Quarantine (AQ) setting that is configured on the IBM Traveler server, or enable or disable Auto-Quarantine (AQ).

    Supports only IBM Traveler 9/0+.
    Notification Email address(es) A comma-separated list of email addresses that are notified when a new device is quarantined.
    Number of devices per user before approval is required The Auto-Quarantine feature starts working when the user connects a device.

    If you set the value to two, every user receives email on two devices without being quarantined. The third device that syncs with IBM Traveler is quarantined.
    Auto-approve enrolled devices Automatically approves email connections from devices that are enrolled in MaaS360.

    The device is briefly quarantined before enrollment is confirmed.
    Auto-approve based on policies Automatically approves email connections from enrolled devices when the email configuration is pushed from MaaS360.

    This setting requires that you configure MDM / Persona policies to push email configuration to devices. This setting blocks connections from the device if the user manually configures email on email clients. Only MDM pushed email configuration is approved.
    Auto-approve Verse app on any enrolled device This option works only with the IBM Verse for iOS app because it uses an IBM Traveler ID that is different from the device ID for an enrolled record.

    Android devices are automatically approved based on enrollment status.
  4. Click Save and Publish.
    The Secure Mail records are automatically approved regardless of whether Auto-Quarantine (AQ) is enabled from the MaaS360 Portal or enabled directly on IBM Traveler.