Netskope Help

Device Classification for Android

You can classify Android devices based on these criteria:

  • Minimum OS version

  • Passcode required

  • Device not compromised

  • Primary storage encrypted

  • Managed configuration

After selecting Android on the New Device Classification dropdown list, follow these steps to classify your Android device. Select options and enter the requested parameters.

  1. Rule Name: Enter a name for this classification rule.

  2. Classification Criteria: Select an Any or All criteria match.

  3. Minimum OS Version: Select an OS version from the dropdown list or create a custom OS version.

  4. Passcode Required: No parameters required.

  5. Device Not Compromised: No parameters required.

  6. Primary Storage Encrypted: No parameters required.

  7. Managed Configuration: If you already added a managed configuration for this device on the MDM Distribution page, the key-value pair is shown here. This key-value pair is sent from the MDM to the device so the Netskope app can validate the key-value pair and mark it as Managed or Unmanaged. To regenerate the key-value pair, click Regenerate.

    Note

    Managed Configuration does not work when an app is installed on an Android device using the onboarding email or with the AirWatch SDK.

  8. When finished, click Save.

After creating a device classification rule, you can use it in a Real-time Protection policy.

  1. To use this Device Classification in a Real-time Protection policy, click Policies > Real-time Protection in the Netskope UI. Select an existing policy or click New Policy and choose a policy type.

  2. Proceed through the Users, Cloud Apps + Web, DLP/Threat Protection, and Select Activities sections.

  3. For Additional Attributes, click Access Method and select either Client, Mobile Profile, or Reverse Proxy, and then click Save. Click Device Classification, and then select Managed or Unmanaged, based on the devices you just classified.

    • Managed means the device is managed; the device information sent by the Client matches at least one of the device classification checks configured for that Client's OS.

    • Unmanaged means the device is unmanaged; the device information sent by the Client matches none of the device classification checks configured for that Client's OS.

    When finished, click Save and then Next.

  4. Combine device classification with other policy elements, like using the Block Action for specified applications for activities like uploading files from managed or unmanaged devices. Finish creating or updating this policy to establish this device classification. Click Apply Changes for this policy.

After the policy has been created, perform the process for which the policy was created. Next go to SkopeIT > Application Events and click the magnifying icon for an event to open the Application Event Details panel. In the User section you'll see a Device Classification field, which shows one of these device classifications.