Device Classification for iOS

You can classify iOS devices based on these criteria:

Go to Settings > Manage > Device Classification and select iOS on the New Device Classification dropdown list, and then follow these steps to classify your iOS device. Select options and enter the requested parameters.

1. Rule Name: Enter a name for this classification rule.

2. Device Classification: From the options displayed in the dropdown menu, choose the desired label you want to assign to this rule. You cannot assign more than one label to a rule.

3. Classification Criteria: Checks for All or Any of the criteria selected.

4. For Devices Installed with iOS Client (for NPA):

   • Minimum OS Version: Select an OS version from the dropdown list or create a custom OS version.

   • Require Passcode: Passcode check is an API call that validates if the device has configured any unlock code. The check fails for devices with no unlock code. No parameters required.

   • Device Not Compromised: To check if the critical system files in iOS devices are compromised such as Jailbreaking or rooting. No parameters required.

5. When finished, click Save.

After creating a device classification rule, you can use it in a Real-time Protection policy.

1. To use this Device Classification in a Real-time Protection policy, click Policies > Real-time Protection in the Netskope UI. Select an existing policy or click New Policy and choose a policy type.

2. For Source, select the Users for this policy, and then click Add Criteria to specify. If you created a Private Apps policy, for Access Method, select Client. Otherwise, you will need to click Add Criteria to add this Access Method.

   Private Apps for iOS requires that the Access Method be set to Client.

   Click Device Classification, and then select label from Custom Device Management and Managed or Unmanaged from Device Classification, based on the devices you just classified.

   • Managed means the device is managed; the device posture information sent by the Client matches at least one of the device classification checks configured for that Client’s OS.

   • Unmanaged means the device is unmanaged; the device posture information sent by the Client matches none of the device classification checks configured for that Client’s OS.

3. Click Add Criteria, select OS, and then select iOS. Click Add Criteria again, select Device Classification, and then select your iOS Device Classification rule.

4. Choose a Destination, like Private App, and then select a destination.

5. Choose Profiles and Actions, like using the Allow Action for specified applications. Finish creating or updating this policy to establish this device classification in a policy.

6. When finished, click Save and then Apply Changes.

7. After the policy has been created, perform the process for which the policy was created. Next go to Skope IT > Application Events and click the magnifying icon for an event to open the Application Event Details panel. In the User section you’ll see a Device Classification field, which shows one of these device classifications.