Security settings for iOS devices

Accessing the settings

From the top menu, select Settings.
From the side menu, select Mobile devices.
Select the iOS devices tab. Click Add. The Add settings page opens.

Required permissions

Permission	Access type
Configure security for mobile devices	Create, edit, delete, copy, or assign settings profiles for iOS devices.
View security settings for mobile devices	View the settings profiles for iOS devices defined.
Use the anti-theft protection for mobile devices	Send actions to target mobile devices to prevent data loss, locate them in the event of loss or theft, and lock them.
Permissions required to access the iOS device security settings

Antivirus for web browsers

The antivirus protection for iOS devices scans the URLs that the device connects to to prevent the installation of malware apps and phishing attacks.

To enable detection of malware and phishing URLs, enable the toggles.

This feature is not available for iOS devices not enrolled into an MDM solution. See Installation on iOS systems.

Exclusions

You can exclude certain URLs and domains from scans. In the text box, type the URLs and domains that you want to exclude.

Anti-theft

The anti-theft feature enables you to send actions to target iOS devices to prevent data loss or locate them in the event of loss or theft.

Accessing the anti-theft protection

From the top menu, select Settings. From the side menu, select Mobile devices.
Select the iOS devices tab. A list opens and shows all created settings profiles.
To create a new setting profile, click the Add button. The Add settings page opens.
To edit an existing setting profile, click it. The Edit settings page opens.
Select the Anti-Theft section. To enable or disable the anti-theft feature, use the toggle.
Click Save.

For more information about the anti-theft actions available in Advanced EPDR, see General section for mobile devices.

Anti-theft protection settings

Field	Description
Behavior	Advanced EPDR uses the device GPS to get its GPS coordinates and send them to the Advanced EPDR server. If this feature is unavailable, it tries to get them through Wi-Fi or the carrier communication infrastructure. To enable or disable this option, use the toggle.
Privacy	Enables users to enable private mode. Private mode disables geolocation tracking. To enable or disable this option, use the toggle.
Anti-theft features for iOS devices

Field

Description

Behavior

Advanced EPDR uses the device GPS to get its GPS coordinates and send them to the Advanced EPDR server. If this feature is unavailable, it tries to get them through Wi-Fi or the carrier communication infrastructure.

To enable or disable this option, use the toggle.

Privacy

Enables users to enable private mode. Private mode disables geolocation tracking. To enable or disable this option, use the toggle.

Anti-theft features for iOS devices

Web access control

This protection enables you to limit access to specific web content categories and configure a list of URLs to allow and deny access to.

This feature is not available for iOS devices not enrolled into an MDM solution. See Installation on iOS systems.

Namely, web access control enables you to:

Select the days and hours when you want to enable web access control.
Deny access to specific web pages.
Configure lists of allowed/denied addresses and domains.
Keep a database of the URLs accessed from each computer.

Enabling web access control

From the top menu, select Settings.
From the side menu, select Mobile devices.
Select the iOS devices tab.
Click Add.
Select the Web access control section.

To enable or disable the feature, click the Enable web access control toggle.

Configuring time periods for web access control

This option enables you to limit access to certain website categories and denied sites during business hours and authorize it during non-business hours and weekends.

To specify when you want to enable web access control, select the Enable only during the following times option.

On the calendar, select the days and hours when you want to enable web access control.

Click the day to select the whole day.
Click and drag the squares to select multiple days and times.
To select all times every day of the month, click the Select all button.
Click Clear to disable web access control for all of the times selected.

Click the Save button.

Denying access to specific web pages

Advanced EPDR groups the web pages it classifies into 160 content categories. To prevent users from accessing a specific set of web pages:

Select the web page categories.
In the upper-right corner of the page, click Save.

To select all categories, click Select all. To clear all selections, click Clear.

If a user visits a web page that belongs to a forbidden category, a warning page appears that indicates that access is denied and the reason.

Denying access to pages categorized as unknown

To Deny access to pages categorized as unknown, select the toggle.

Internal and intranet sites accessible on ports 80 and 8080 could be categorized as unknown. To avoid this, add exclusions for internal pages you want to allow.

List of allowed/denied addresses and domains

You can set a list of pages that are always allowed (allowlist) or blocked (blocklist), regardless of the category that they belong to:

In the text box, enter the URL of the relevant IP address or domain. Press Enter. The URL appears inside a tag.
To add another domain or address, click Add URL.
To edit the list, use the Copy and Clear buttons. These buttons appear when you point the mouse to the text box.
To save the settings profile, click Save in the upper-right corner of the page.

URL matches can be full or partial. With long URLs, it is enough to enter the beginning of the URL in the text box to allow/block all URLs that start with the entered characters.