Web Security - MDM Deployment of Mimecast Security Agent for iOS

The MDMs described SimpleMDM, Mobile Iron, MaaS360 and Meraki. 
If you intend to use a different MDM, please look up the manufacturer's documentation for further information, as required.

Prerequisites

Please ensure you have done the following before continuing with configuring your MDM, for use with the Mimecast Security Agent for iOS:

• • • Met the prerequisites given for Mimecast Security Agent for iOS.
    • Downloaded the Mimecast Root CA certificate, as described in the Configuring the Mimecast Security Agent for iOS section of Mimecast Security Agent for iOS
    • Downloaded and modified the MDM configuration file.

Downloading and modifying the MDM Configuration File

Each of the MDMs listed in this article uses configuration file settings that allow you to insert each user's User ID and Device ID dynamically.

It must be downloaded and modified as follows:

1. Download the configuration file.
2. Open the Configuration File in a text editor.
3. Change the following values:

• • • authenticationKey: Enter the value of the Authentication Key displayed in the Installation tab of the Web Security | Agent Settings menu item. You can click the Copy Key button to copy it to your clipboard.
    • bypassedApplications: Optionally, you can add the application's bundle ID so that it bypasses Mimecast Web Security. See the Configuring the Mimecast Security Agent for iOS section of Mimecast Security Agent for iOS

4. Save the configuration file.

SimpleMDM

Adding the Certificate

You must add a certificate by using the following steps:

1. Log in into your SimpleMDM account.
2. Navigate to Configs | Certificates.
3. Click on the Add button.
4. Add Mimecast Root CA in the Name field.
5. Click on the Choose File button and select the Mimecast certificate.
6. Click on the Save button.

Adding a Custom Configuration Profile

You can add a custom configuration profile by using the following steps:

1. Log in into your SimpleMDM account.
2. Navigate to Configs | Profiles.
3. Select Add Profile and Custom Configuration Profile.
4. Add Mimecast Security Agent in the Name field.
5. Click on the Choose File button and select the SimpleMDM configuration file.
6. Select the Enable Attribute Support option.
7. Click on the Save button.

Adding Custom Attributes

You can add custom attributes by using the following steps:

1. Log into your SimpleMDM account.
2. Navigate to Configs | Attributes.
3. Click on the Add Attribute button.
4. Add email_address in the Name field.
5. Click on the Save button.

Deploying the Configuration

You can deploy the configuration file by using the following steps:

1. Log into your SimpleMDM account.
2. Navigate to Devices | Groups.
3. Select the Target Group to which you are deploying the configuration.
4. Check Mimecast Root CA in the Certificate section.
5. Check Mimecast Security Agent in the Custom Profiles section.
6. Click on the Save button.

Deploying the App

You can deploy the application to your devices by using the following steps:

1. Log into your SimpleMDM account.
2. Navigate to App & Media | Catalog.
3. Click on the Add App | Apple Store App menu item.
4. Search for the Mimecast Security Agent.
5. Select Mimecast Security Agent from the results.
6. Click on the Add button.
7. Select an Assignment Group.
8. Add Mimecast Security Agent in the Apps & Media box.
9. Click on the Install Apps and Media action. Once complete, the application is available on the desired device.

MobileIron

Adding the Certificate

You can add custom attributes by using the following steps:

1. Log on to MobileIron.
2. Navigate to Configuration | Add Configuration.
3. Click on the Certificate tile.
4. Complete the Create Certificate Configuration dialog as follows:

   Field / Option	Description
   Name	Enter a name for the certificate (e.g., Mimecast Root CA Certificate).
   Add Description	Click this link to enter a certificate description. This is an optional field, but we recommend it be completed.
   Configuration Setup	Attach the Mimecast Root CA Certificate file downloaded above.

Adding a Custom Configuration Profile

You can add a custom configuration profile, by using the following steps: 

1. Log on to MobileIron.
2. Navigate to Configuration | Add Configuration.
3. Click on the Custom tile.
4. Complete the Create Custom Configuration dialog as follows:

   Field / Option	Description
   Name	Enter a name for the certificate (e.g. Mimecast Security Agent).
   Add Description	Click this link to enter a certificate description. This is an optional field, but we recommended it is completed.
   Choose OS	Select the iOS icon.
   Configuration Setup	Attach the MobileIron Configuration file.

Deploying the App

You can deploy the application to your devices by using the following steps:

1. Log on to MobileIron.
2. Navigate to the Apps | App Catalog menu item.
3. Click on the +Add button.
4. Click iTunes.
5. Search for the Mimecast Security Agent app.
6. Select the app and click on the Next button.
7. Select either:

• • • Everyone: This makes the app available to all users with a compatible device.
    • Custom: This allows you to specify the individual users or user groups to which the app is available.
    • No One: This makes the app unavailable.

8.   Click on the Next button.
9. Click on the Done button.

MaaS360 

Adding a Certificate

You must add a certificate by using the following steps:

1. Log on to MaaS360.
2. Navigate to Security | Policies.
3. Click on the Add Policy button.
4. Click on Advanced Settings | Certification Credentials.
5. Click on the Edit button.
6. Enter Mimecast Root CA in the Credential Name field.
7. Click on Add New link next to the Credential Identifier field.
8. Select the Certificate File adding a certificate name (e.g. Mimecast Root CA).
9. Click on the Save button to return to the Certification Credentials dialog.
10. Click on the Save button.

Creating a DNS Proxy

You can create a DNS proxy by using the following steps:

1. Log on to MaaS360.
2. Click on Supervised Settings | DNS Proxy.
3. Click on the Edit button.
4. Click on Add New link next to the Provider Configuration field.
5. Complete the Upload a Provider Configuration dialog as follows:

   Field / Option	Description
   Display Name	Enter a name for the DNS Proxy (e.g., Mimecast Security Agent).
   Configuration File	Click on the Browse button to select the .plist configuration file.

6. Click on the Save button.
7. Complete the DNS Proxy dialog as follows:

   Field / Option	Description
   App Bundle Id	Enter a value of com.mimecast.SecurityAgent.
   Provider Bundle Id	Enter a value of com.mimecast.SecurityAgent.DNSProvider.
   Provider Configuration	Select the Provider Configuration created in step 5.

8. Click on the Save button.
9. Click on the More button.
10. Click on the Publish Policy button.

Deploying the App to Your Devices

You can deploy the application to your devices by using the following steps:

1. Log on to MaaS360.
2. Navigate to Apps | Catalog item.
3. Click on the Add button.
4. Select the iTunes App Store.
5. Search for Mimecast Security Agent.
6. Click on the Policies and Distribution tab.
7. Ensure you:

• • • Assign to the correct group in the Distribute To field.
    • Select the Instant Install option.

8. Click on the Add button.

Meraki

Adding a Certificate

You must add a certificate by using the following steps:

1. Logon to Meraki.
2. Navigate to Systems Manager | Manage | Settings.
3. Click on + Add Settings | Certificate.
4. Specify a Certificate Name.
5. Enter a certificate Password.
6. Click on the Choose File button and upload the certificate. 
7. Click on the Save button.

Verifying the App on Your Devices

Once the credentials payload has been pushed onto your devices, you can view the certificate in iOS:

1. Navigate to Settings.
2. Select the General menu item.
3. Select the Profiles & Device Management option.
4. Select the Meraki Management | More Details option.