There are two (2) major function categories in TMMS - the mobile device management (MDM) related features and the security related features. The MDM application needs to be installed with an MDM profile on an Apple device. Apple devices only allow one MDM profile to be installed. If there are other MDM solutions that need to be installed, we can provide TMMS Security Only Mode.
TMMS Security Scan Only Mode has security scan related functions only, that is why it will not install an MDM profile. TMMS 9.7 can integrate with AirWatch and MobileIron, TMMS 9.8 SP1 can integrate with IBM MAAS360 and Citrix XenMobile, while TMMS 9.8 SP3 can integrate with BlackBerry UEM.
BlackBerry UEM is a provider of MDM software and standalone management systems for devices, content, applications, and email. To provide security information in the third-party MDM console, TMMS Security Only Mode will share security information to the third-party MDM, then the mobile administrator can see the security information using the third-party MDM console. This document gives detailed steps on how to integrate with BlackBerry UEM.
To integrate other MDM solutions with Trend Micro Mobile Security, you must use the following:
- Mobile Security for Enterprise 9.8 SP3 or later
- Local Communication Server or Cloud Communication Server configured in Mobile Security
The following image shows the high-level architecture of integration with BlackBerry UEM.
- Mobile App Reputation Services (MARS)
Mobile App Reputation is a cloud-based technology that automatically identifies mobile threats based on app behavior, crawls and collects huge number of Android apps from various Android markets, identifies existing and brand new mobile malware, and identifies apps that may abuse privacy or device resources. It is also the world’s first automatic mobile app evaluation service.
- Smart Protection Network (SPN)
Trend Micro Smart Protection Network delivers proactive global threat intelligence against zero-hour threats to ensure that you are always protected. We use our up-to-the-second threat intelligence immediately.
We need to have a BlackBerry UEM account to be used for the communication between the TMMS server and BlackBerry UEM. The user will need the administrator permissions on BlackBerry UEM.
Add a device in BlackBerry UEM and then enroll the device to BlackBerry UEM. TMMS will use the BlackBerry UEM agent to install mobile security agent for Android and iOS.
- Log on to the Mobile Security Administration web console.
- On the menu bar, click Administration and select Communication Server Settings. Make sure the Communication Server settings are configured.
If the settings are not configured, refer to the topic Configuring Communication Server Settings in the Installation and Deployment Guide for the configuration steps.Only Local Communication Server supports this integration. Cloud Communication Server does not support integration with BlackBerry UEM.
- Go to Administration > Deployment Settings.
- Under the Server tab, select Security Scan, and then select BlackBerry UEM as the MDM Solution from the drop down list.
- Under Register Service, configure the following BlackBerry UEM settings:
- API URL
- SRP ID
- Account Name (The account used in the integration feature should have BlackBerry UEM administrator role privilege.)
- Provider (It is recommended to use LOCAL provider.)
- Click Verify Settings to make sure Mobile Security can connect to the BlackBerry UEM server.
- Once the connection is verified, click Synchronize Now and click Save to update the data from BlackBerry UEM and save the settings in TMMS.
TMMS has two (2) Android agent versions. BlackBerry UEM administrator needs to choose one of the following versions:
- Google Play version. Administrator needs to send an email to end-user with QR code or Enrollment Key. End-users need to open the TMMS agent and scan the QR code or manually enter the Enrollment Key to register the device to server. Agent can be updated automatically.
- TMMS Server version. Administrator needs to send an email to end-user asking them to launch TMMS Agent. Once the end-user launched the TMMS Agent, it will register to TMMS server. When TMMS agent has new version, end-user needs to click the upgrade button in the notification bar.
Google Play Build
- Tick the Use preset Enrollment Key option for the application to be enrolled with this key.
- Deploy BlackBerry UEM agent and launch it, then log on to BlackBerry UEM agent console.
- On the BlackBerry UEM web console, add Trend Micro Mobile Security from Google Play Store.
- On the BlackBerry UEM agent console, install Enterprise Mobile Security agent application.
- Launch the Mobile Security application, and then scan the QR code to enroll device to TMMS server. While doing a security scan and security issues are found, the information will be reported to the TMMS server.
Local Server Build
- Tick the Use preset Enrollment Key option.
- On the TMMS for Enterprise web console, go to Administration > Deployment Settings > Android Agent.
- Choose Download from Trend Micro Mobile Security server and tick Auto Enrollment.
- Click the Upload button to upload the TMMS application to BlackBerry UEM server.
- Find the application and schedule the deployment for TMMS Mobile Security. Once the application has been deployed, TMMS Mobile Security will do a scheduled scan for the devices.
- Launch the Mobile Security application on the end-user to enroll the device to the server. It also has real-time scan. When you install new application, TMMS will scan and report to server too.
- Log in to the BlackBerry UEM admin console and add Trend Micro Mobile Security from Apple Store under the Add Application page.
- Follow the wizard to set the deployment.
- On the Apple device, install BlackBerry UEM agent and enroll the device to BlackBerry UEM server.
- On the web console, configure the settings to deploy the mobile security application. Wait for the BlackBerry UEM application to install the mobile security agent.
- Once the application is installed on the Apple device, go to Deployment Settings page and click the Data Sync button. The device should now be available on the TMMS management console.
- Perform a scan on the device. If there are malwares found, it will be set to dangerous on TMMS Server console, TMMS will also do scheduled scan.
For more details, refer to Trend Micro Mobile Security 9.8 SP3 Administrator's Guide (Security Scan Deployment Mode, Chapter 3).