Secure Mobile Access 12.4 Administration Guide

Device Profile Attributes

A device profile can have several attributes: the platforms on which it can be used and whether multiple attributes of the same type (where allowed) are ORed or ANDed:

There are a few things to note about these attributes:

  • The attributes from which you can choose differ, depending on the platform you selected for your device profile.

  • Users who have Advanced EPC can pick from a wide range of security programs.

  • Where multiple entries are allowed for an attribute, a device profile must either match all (and) or any (or) items on the device.

  • To delete an item in the list, select the checkbox in the left column and click Delete. To delete a single (or) item, move your pointer to the left of the item you want to delete and click the red X icon that appears.

Device Profile Attributes: ChomeOS version
ChromeOS versionPlatformMatch

Type the major and minor versions, and the build number for the operating system.

The comparison Operator applies to all three values. To specify all versions, enter “greater than or equal to” (>=) as the Operator, and then type the major version number in the Major field and the minor version number in the Minor field. You can also specify the Build and the Patch numbers. For more information, see Using Comparison Operators with Device Profile Attributes.

ChromeOS

(Match all)

Device Profile Attributes: Android/Windows/ Mac/ Linux/ ChromeOS application
Android/ Windows/ Mac/ Linux/ ChromeOS ApplicationPlatformMatch

Type the application name with extensions that EPC should check for in this profile.

Android

Windows

Mac

Linux

ChromeOS

(Match all)

Device Profile Attributes: Android version
Android versionPlatformMatch

Type the major and minor versions, and the build number for the operating system.

The comparison Operator applies to all three values. To specify all versions, enter “greater than or equal to” (>=) as the Operator, and then type the major version number in the Major field and the minor version number in the Minor field. For more information, see Using Comparison Operators with Device Profile Attributes.

Android

(Match all)

Device Profile Attributes: Antimalware program (Advanced EPC only)
Antimalware programPlatformMatch

(This attribute is available only if you have Advanced EPC). Select the antimalware programs that EPC should check for in this profile. See Advanced EPC: Extended Lists of Security Programs for more information.

If you don’t have Advanced EPC, or if you don’t see the security programs that your users require, you can still specify programs by adding them to a device profile using another attribute, such as Application or Windows registry entry.

Windows

macOS

Linux

(Match any)

Device Profile Attributes: client certificate
Client certificatePlatformMatch

Select a Certificate Authority from the drop-down menu in the CA certificate area. (See Importing CA Certificates if the CA you want to use is not listed).

A client device will match this profile as long as the appliance is configured with the root certificate for the CA that issued the client certificate to your users.

Select the certificate store(s) you want searched:

  • System store only specifies that only the system store (HKLM\SOFTWARE\Microsoft\SystemCertificates) is searched

  • System store and user store specifies that the system store is searched first, followed by the user store (HKCU\Software\Microsoft\SystemCertificates)

  • A device profile can contain only one client certificate attribute.
  • The system store cannot be searched unless the user has administration privileges on the client device.

  • Enable the option “Trust” to trust Intermediate CAs without verifying the entire chain.

Windows

macOS

Apple iOS

Android

Linux

Chrome OS

(Match any)

Device Profile Attributes: directory name
Directory namePlatformMatch

Type the name of a directory that must be present on the hard disk of the device. Directory names are not case-sensitive.

  • For jailbroken Apple iOS devices, the directory name is /Applications/Cydia.app.

When creating a device profile for jailbroken iOS devices, be sure to configure a denied EPC zone for the profile and bind this zone to at least one community.

The directory must be accessible to the user logging in. If the directory is not accessible to the user, the End Point Control evaluation will fail.

Windows

macOS

Linux

Apple iOS

Android

Chrome OS

(Match all)

Device Profile Attributes: Equipment ID
Equipment IDPlatformMatch

Type the identifier for the device or use variables to define the identifier based on user attributes.

You can choose to allow access to users who do not have any registered devices on the external AD/LDAP server. Typically this would be done to allow a user access until their device identifier can be registered. Whether or not you choose to allow access, all requests for access that come from unregistered devices will be logged in the Unregistered Device Log.

Windows

macOS

Linux

Apple iOS

Android

Chrome OS

(Match all)

Device Profile Attributes: file name
File namePlatformMatch

Type the name of a file (including its extension and full path) that must be present on the hard disk of the device. File names are not case-sensitive. You can use environment variables (such as %windir% or %userprofile%), or wildcard characters (* and ?).

You can optionally specify a File size or the date and time (GMT) the file was Last modified. Both of these options use a comparison Operator; for more information and examples, see Using Comparison Operators with Device Profile Attributes. The file’s modification date and time can be specified as an Absolute or Relative value.

The device profile can be configured to validate file integrity using an MD5 or SHA-1 hash (valid on all platforms), or use a Windows catalog file to validate Windows system files.

Device profiles that check for the name of the file(s) used by jailbroken or rooted devices include:

  • For jailbroken Apple iOS devices, the file name is cydia.

  • For rooted Android devices, the file names are /system/bin/su and /system/xbin/su.

If creating a device profile for jailbroken iOS devices or rooted Android devices, be sure to configure a denied EPC zone for each profile and bind each of these zones to at least one community.

The files and directories must be accessible to the user logging in. If the file is not accessible to the user, the End Point Control evaluation will fail.

Windows

macOS

Linux

Apple iOS

Android

Chrome OS

(Match all)

Device Profile Attributes: iOS version
iOS versionPlatformMatch

Type the major and minor versions, and the build number for the operating system. For example, enter Major 5, Minor 0, and Build 9A405 for the iOS 5.0.1 build 9A405 version.

The comparison Operator applies to all three values. To specify all versions of 5.0, for example, enter “greater than or equal to” (>=) as the Operator, and then type 5in the Major and 0 in the Minor fields. For more information, see Using Comparison Operators with Device Profile Attributes.

Apple iOS

(Match all)

Device Profile Attributes: macOS version
macOS versionPlatformMatch

Type the major and minor versions, and the build number for the operating system. Examples of versions for macOS are:

macOS

(Match all)

Device Profile Attributes: Personal firewall program (Advanced EPC only)
Personal firewall programPlatformMatch

(This attribute is available only if you have Advanced EPC). Select the firewall programs that EPC should check for in this profile. See Advanced EPC: Extended Lists of Security Programs for more information.

If you don’t have Advanced EPC, or if you don’t see the security programs that your users require, you can still specify programs by adding them to a device profile using another attribute, such as Application or File Name.

Windows

macOS

Linux

(Match any)

Device Profile Attributes: Windows domain
Windows domainPlatformMatch

Type the domain name the computer belongs to in NetBIOS syntax (for example, mycompany), without a DNS suffix. Separate multiple entries with a semicolon. The domain can contain wildcard characters (* and ?).

Due to client operating system limitations, Mobile Connect cannot convert host name, URL, or domain type resources containing wildcards to an IP address and, therefore, cannot redirect them to the appliance.

Windows

(Match any)

Device Profile Attributes: Windows registry entry
Windows registry entryPlatformMatch

Type the Key name, and optionally enter a Value name and Data, and then select a comparison Operator for the Data field. See Using Comparison Operators with Device Profile Attributes for more information.

Wildcards can be used for the value and data, but not for the key. To enter a special character (such as a wildcard or back slash), you must precede it with a back slash.

Windows

(Match all)

Device Profile Attributes: Windows version
Windows versionPlatformMatch

Type the major version, minor version, build, and revision number for the operating system. Example major/minor versions, build number, revision number for Windows 10 are:

  • Windows 10: 10/0/17134/523

The comparison Operator applies to all three values. For more information, seeUsing Comparison Operators with Device Profile Attributes.

Windows

(Match all)

Device Profile Attributes: Microsoft Intune
Windows versionPlatformMatch

Configure the following options: AAD registered, Compliant, Last Sync, Device Owner, and Encrypted.

By default, this attribute is disabled. To enable, in AMC navigate to User Access > End Point Control > Mobile Device Management Profiles and configure Microsoft Intune settings.

Windows

(Match all)

Device Profile Attributes: Linux Kernel version
Linux versionPlatformMatch

Type the major version, minor version, and build for the operating system. Example major/minor versions, and build number.

  • Linux: 5.8.66

The comparison Operator applies to all three values. For more information, seeUsing Comparison Operators with Device Profile Attributes.

Linux

(Match all)

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.