PRODUCT UPDATE BULLETIN - Business Mobile Protection 1.1 - November 18th 2013
With this 1.1 release, Webroot SecureAnywhere Business Mobile Protection introduces the concept of User Group Management and Device Policy Enforcement.
IMPORTANT NOTE: Please clear your browser’s cache before using the new 1.1 web management console. This release also requires that user’s device software is updated.
NEW – Policies – Administrators now have the ability to create policies for both Android and iOS devices. For the Android operating system, settings available are for AV Shields (install, execution, files system, unknown sources, and USB debugging), AV Schedule, LDP, SMS Blocking, SecureWeb Browsing, and Password/Lock Screen strength. For the iOS operating system, settings are available for Passcode, Wi-Fi, VPN, Exchange ActiveSync, and Mail.
NEW – User Groups – Administrators can now create User Groups to organize their end users. Groups have a default Android and iOS policy assigned to them. All users within a group will get those policies assigned to their respective devices.
NEW – Device level policy override – From the devices tab, an Administrator can now override a policy assigned to a particular device within a group. The console shows which devices fall under the “default” assigned policy for a user/group and which devices have a unique policy set.
NEW – Policies At the time of release, all existing mobile protection users will be moved into a group called “Default Group.” The devices in this group have a “default” policy assigned according to whether they are iOS or Android devices.
New custom policies can easily be created, as necessary, for each OS platform and assigned to a group or individual device.
New Device Policy Groups
Below are the default settings which are applied for Android and iOS.
New Default Policy Settings
NEW – User Groups Administrators now have the ability to manage and place your users within a specific group. At the time of release, all existing users will be moved to into the “Default Group.”
New groups can be manually created and assigned users by dragging and dropping the users into the group. This allows an Administrator to create policies specific to a user group and then assign the policy to all users within that group. When the default policy for a group is created or changed, all user devices within that group update automatically.
New Drag and Drop Policy Groups
NEW – Device Level Policy Override As an Administrator, you are now able to override the group policy at the device level if a device requires a special policy. Go to the “Device Attributes” tab after double-clicking on a device to see more details. There, you have the option to change the policy for the device, which is applied automatically.
Mandatory Device Updates: Android Devices For Android users there is a new version of the Webroot SecureAnywhere Business – Mobile Protection software available on the Google Play Store. Please update your users from the current version (220.127.116.1171) to the latest version (18.104.22.16845).
With this update all policy driven settings are placed in read-only mode on the device. This ensures end-users are not able to change any policy settings deemed important by an Administrator.
The scan engine has also been updated and now utilizes Webroot’s cloud security intelligence, the Webroot Intelligence Network™ service, to perform faster scans and increase application efficacy. It also reduces CPU, bandwidth, and memory utilization, which equates to far less battery consumption.
New Locked-Down Policies
Apple iOS Devices With this release we have added a great deal of new policy-driven options for iOS devices. As an Administrator, you are now able to configure Passcode, Wi-Fi, VPN, Mail, and MS Exchange ActiveSync settings for your users. At the time of release, all iOS enrollments are assigned the default iOS policy, which is pushed down to their devices automatically. Please note the Default Settings as per the table under Section 1 – NEW – Policies.
If for any reason you would like to turn the passcode policy off or change the screen lock timeout to be greater than one minute, the user will have to re-enroll their profile.
NOTE: this is only for existing users that were enrolled prior to the upgrade. The reason for this is the passcode strength and screen lock timeout were originally part of the old enrollment profile and cannot be changed directly from the console.
MOBILE PROTECTION CLIENT CHANGES IN BUILD 22.214.171.12445
Updated Android WSA Mobile client to support Mobile Protection policies.