Device Classification for Android
Device Classification for Android
You can classify Android devices based on these criteria:
- Minimum OS version
- Passcode required
- Device not compromised
- Primary storage encrypted
- Managed configuration
Go to Settings > Manage > Device Classification and select Android on the New Device Classification dropdown list, and then follow these steps to classify your Android device. Select options and enter the requested parameters.
- Rule Name: Enter a name for this classification rule.
- Device Classification: This option is only visible on the webUI only if you have enabled Custom Device Classification for your tenant. This is currently a beta feature. From the options displayed in the dropdown menu, choose the desired label you want to assign to this rule. You cannot assign more than one label to a rule.
- Classification Criteria: Select an Any or All criteria match.
- Minimum OS Version: Select an OS version from the dropdown list or create a custom OS version.
- Passcode Required: No parameters required.
- Device Not Compromised: No parameters required.
- Primary Storage Encrypted: No parameters required.
- Managed Configuration: If you already added a managed configuration for this device on the MDM Distribution page, the key-value pair is shown here. This key-value pair is sent from the MDM to the device so the Netskope app can validate the key-value pair and mark it as Managed or Unmanaged. To regenerate the key-value pair, click Regenerate.
Managed Configuration does not work when an app is installed on an Android device using the onboarding email or with the AirWatch SDK.
- When finished, click Save.
After creating a device classification rule, you can use it in a Real-time Protection policy.
To use this Device Classification in a Real-time Protection policy, click Policies > Real-time Protection in the Netskope UI. Select an existing policy or click New Policy and choose a policy type.
Proceed through the Users, Cloud Apps + Web, DLP/Threat Protection, and Select Activities sections.
For Additional Attributes, click Access Method and select either Client, Mobile Profile, or Reverse Proxy, and then click Save. Click Device Classification, and then select label from Custom Device Management and Managed or Unmanaged from Device Classification, based on the devices you just classified.
Managed means the device is managed; the device posture information sent by the Client matches at least one of the device classification checks configured for that Client’s OS.
Unmanaged means the device is unmanaged; the device posture information sent by the Client matches none of the device classification checks configured for that Client’s OS.
When finished, click Save and then Next.
Combine device classification with other policy elements, like using the Block Action for specified applications for activities like uploading files from managed or unmanaged devices. Finish creating or updating this policy to establish this device classification. Click Apply Changes for this policy.
After the policy has been created, perform the process for which the policy was created. Next go to Skope IT > Application Events and click the magnifying icon for an event to open the Application Event Details panel. In the User section you’ll see a Device Classification field, which shows one of these device classifications.