Bitdefender GravityZone provides full visibility into organizations' overall security posture, global security threats, and control over its security services that protect virtual or physical desktops, servers and mobile devices. All Bitdefender's Enterprise Security solutions are managed within the GravityZone through a single console, Control Center, that provides control, reporting, and alerting services for various roles within the organization.

This article explains how to configure Mobile Devices Security in GravityZone by adding mobile devices to users in Control Center and by installing the Mobile Client application on corresponding devices.

• Overview
• Security for Mobile Devices prerequisites
• Create Custom Users
• Adding mobile devices to users in Control Center
• Installing GravityZone Mobile Client on devices

Overview

GravityZone Security for Mobile Devices provides a unified enterprise-grade management of iPhone, iPad and Android devices connected to a corporate network by real-time scanning and enforcing organization’s security policies on any number of devices.

To manage the security of mobile devices used in your company, first you have to associate them to specific users in Control Center, then install and activate the Mobile Client application on each of them.

Security for Mobile Devices Prerequisites

To manage mobile devices from GravityZone Control Center, a series of conditions must be satisfied.

Creating Custom Users

To include mobile devices in GravityZone management, you have to associate them to existing users in Control Center. You can add mobile devices to available Active Directory users. If integration with Active Directory is unavailable, you will have to create custom users first. Either way, you can anytime define custom users as owners of mobile devices connected to your company network.

There are two ways to create custom users. You can either add them one at a time or import a CSV file.

To create custom users:

1. Go to the Network page.
2. From the menu in the upper-right corner of the page, choose Mobile Devices.
3. Click the Filters menu at the upper side of the table and go to the View tab. Make sure that the Users option is selected.
4. In the left-side pane, select Custom Groups.
5. Click the Add User icon on the action toolbar. A configuration window will appear.
6. Specify the required user details.
   • A suggestive username (for example, the user's full name)
   • User's email address

     Important: Make sure to provide a valid email address. The user will be sent the installation instructions by email when you add a device.

     Note: Each email address can only be associated with one user.

7. Click OK.

To import mobile device users:

1. Go to the Network page.
2. Choose Mobile Devices from the service selector.
3. Click the Filters menu at the upper side of the table and go to the View tab. Make sure that the Users option is selected.
4. In the left-side pane, select Custom Groups.
5. Click Import users. A new window opens.
6. Select the CSV file and click Import. The window closes and the table is populated with the imported users.

   Note: If any errors occur, a message is displayed and the table is populated only with the valid users. Existing users are skipped.

You can afterwards create user groups under Custom Groups.

The policy and tasks assigned to a user will apply to all devices owned by the corresponding user.

Adding mobile devices to users in Control Center

You can add an unlimited number of mobile devices to each user. You can only add one device to one specific user at a time.

To add a device to a specific user:

1. Go to the Network page.
2. From the menu in the upper-right corner of the page, choose Mobile Devices.
3. Locate the user in the Active Directory group or in Custom Groups and select the corresponding check box in the right-side pane.

   Note: The Filters must be set on Users in the View tab.

4. Click the Add Device icon at the right-side of the table. A configuration window appears.
5. Configure the mobile device details:
   1. Enter a suggestive name for the device.
   2. Use the Auto-configure name option if you want the device name to be automatically generated. When added, the device has a generic name. Once the device is activated, it is automatically renamed with the corresponding manufacturer and model information.
   3. Select the device ownership type (enterprise or personal). You can anytime filter mobile devices by ownership and manage them according to your needs.
   4. Select the Show activation credentials option if you are going to install the GravityZone Mobile Client on the user's device.
6. Click OK. The user is immediately sent an email with the installation instructions and the activation details to be configured on the device. The activation details include the activation token and the communication server address (and corresponding QR code).
   Note: You can anytime view a device activation details by clicking its name in Control Center.
7. If you have selected the Show activation credentials option, the Activation Details window appears, displaying the unique activation token, the communication server address and corresponding QR code for the new device.

   After installing the GravityZone Mobile Client, when prompted to activate the device, enter the activation token and the communication server address or scan the provided QR code.

You can check the number of devices assigned to each user in the right-side pane, under Devices column.

Note: You can anytime view the device activation details by clicking its name in Control Center. You can also add mobile devices to a selection of users and groups. In this case, the configuration window will allow defining the devices ownership only. Mobile devices created by multiple selection will be given by default a generic name. As soon as a device is enrolled, its name will automatically change, including the corresponding manufacturer and model labels.

Installing GravityZone Mobile Client on devices

Mobile devices can be enterprise-owned or personally-owned. You can install and activate GravityZone Mobile Client on each mobile device, then hand it to the corresponding user. Users can also install and activate GravityZone Mobile Client by themselves, following the instructions received by email.

The GravityZone Mobile Client application is exclusively distributed via Apple App Store and Google Play.

To install GravityZone Mobile Client on a device:

1. Search for the application on the official app store:
   • Google Play
   • Apple Store
2. Download and install the application on the device.
3. Start the application.
4. Make the required configuration:
   1. On Android devices:
      1. Allow GravityZone Mobile Client to access the device resources.
      2. Enter the activation token and the communication server address or, alternatively, scan the QR code received by email.

         Note: Activation information is available from Control Center in the mobile device's details and also in the email received by user.

      3. Tap Trust when prompted to accept the Communication Server's certificate and confirm the action. This way, GravityZone Mobile Client validates the Communication Server and will accept only messages from it, preventing man-in-the-middle attacks.
      4. When prompted to enable GravityZone Mobile Client as device administrator, read carefully the provided information and tap OK.
      5. Review the operations GravityZone Mobile Client is allowed to perform and tap Activate this device admin app.

         Note: Lock task for Android devices (7.0 or above) will enforce the password set in your GravityZone console only if there is no lock protection configured on the device. Otherwise, the existing screen lock options such as Pattern, PIN, Password, Fingerprint or Smart Lock will be used to protect the device. Unlock task is no longer available for Android devices (7.0 or above). Due to technical limitations, Lock and Wipe tasks are unavailable on Android 11.

   2. On iOS devices, you are prompted to install the MDM profile. If your device is password protected, you will be asked to provide it. Also, you have to allow GravityZone to access your device settings, otherwise the installation process returns to the previous step.

      Follow the on-screen instructions to complete profile installation. During installation, you must accept the Bitdefender certificate.

Note: Users need to allow on devices background location, not only while using the app, for the Locate feature to work properly.

Once the installation is complete, you can view managed mobile devices in the GravityZone Control Center, under corresponding users.

Click the number of devices for the user you are interested in to display the list of attached mobile devices.

Important: Starting with Android 10, GravityZone Mobile Client does not have access to the serial number, IMEI, IMSI, and MAC address of the device. This restriction leads to the following situations: If the mobile device, already having GravityZone Mobile Client installed, upgrades from an older Android version to Android 10, Control Center will display the correct device details. Before upgrade, the device must run the latest version of GravityZone Mobile Client. If GravityZone Mobile Client installs on an Android 10 device, Control Center will display inaccurate details about that device because of the limitation imposed by the operating system.