HIP Objects Mobile Device Tab

Select ObjectsGlobalProtectHIP ObjectsMobile Device to enable HIP matching on data collected from mobile devices that run the GlobalProtect app.
To collect mobile device attributes and utilize them in HIP enforcement policies, GlobalProtect requires an MDM server. GlobalProtect currently supports HIP integration with the AirWatch MDM server.
HIP Object Mobile Device Settings
Description
Mobile Device
Select this option to enable filtering on host data collected from mobile devices that are running the GlobalProtect app and to enable the Device, Settings, and Apps tabs.
Device tab
  • Serial Number—To match on all or part of a device serial number, choose an operator from the drop-down and enter a string to match.
  • Model—To match on a particular device model, choose an operator from the drop-down and enter a string to match.
  • Tag—To match on tag value defined on the GlobalProtect Mobile Security Manager, choose an operator from the first drop-down and then select a tag from the second drop-down.
  • Phone Number—To match on all or part of a device phone number, choose an operator from the drop-down and enter a string to match.
  • IMEI—To match on all or part of a device International Mobile Equipment Identity (IMEI) number, choose an operator from the drop-down and enter a string to match.
Settings tab
  • Passcode—Filter based on whether the device has a passcode set. To match devices that have a passcode set, select Yes. To match devices that do not have a passcode set, select no.
  • Device Managed—Filter based on whether the device is managed by an MDM. To match devices that are managed, select Yes. To match devices that are not managed, select No.
  • Rooted/Jailbroken—Filter based on whether the device has been rooted or jailbroken. To match devices that have been rooted or jailbroken, select Yes. To match devices that have not been rooted or jailbroken, select No.
  • Disk Encryption—Filter based on whether the device data has been encrypted. To match devices that have disk encryption enabled, select yes. To match devices that do not have disk encryption enabled, select no.
  • Time Since Last Check-in—Filter based on when the device last checked in with the MDM. Select an operator from the drop-down and then specify the number of days for the check-in window. For example, you could define the object to match devices that have not checked in within the last 5 days.
Apps tab
  • Apps—(Android devices only) Select this option to enable filtering based on the apps that are installed on the device and whether or not the device has any malware-infected apps installed.
  • Criteria tab
    • Has Malware—Select Yes to match devices that have malware-infected apps installed. Select No to match devices that do not have malware-infected apps installed. Select None to not use Has Malware as match criteria.
  • Include tab
    • Package—To match devices that have specific apps installed, Add an app and enter the unique app name in reverse DNS format. For example, com.netflix.mediaclient and then enter the corresponding app Hash, which the GlobalProtect app calculates and submits with the device HIP report.

Related Documentation