This article provides a guide with the best practices for Device Enrollment, which helps secure end-users' data on their devices. In addition to configuring an Attachment Protect or URL Protection policy, we recommend enabling Device Enrollment to enhance Targeted Threat Protection security. Other benefits of enabling Device Enrollment in relation to these two policies are outlined below:
| Policy | Device Enrollment Benefits |
|---|---|
| URL Protect |
|
| Attachment Protect |
|
When a user clicks on a URL link or a link to release an original attachment, they're presented with an enrollment page. Once their device has been enrolled, a cookie is added to their browser. This is used for future interactions with our Targeted Threat Protection service.
Device Enrollment Best Practice Settings
The following Best Practice settings should be used to configure your definitions:
| Field / Option | Best Practice Setting | Comments |
|---|---|---|
| Targeted Threat Protection Authentication | Enabled | This option is in the User Access and Permissions settings. |
| Authentication Duration (Days) | A value between 1 and 365 |
This controls when the cookie expires, and the user has to re-enroll their device. The default is 30 days. This field is only displayed if the Targeted Threat Protection Authentication option is enabled. |
Disabling Targeted Threat Protection Authentication can resolve frequent device re-authentication issues, but be aware that disabling this setting:
- Will result in the loss of detailed logs for URL clicks and released attachments.
- Will no longer allow forwarded rewritten URLs and Attachment Protect download links from being associated to the requester in the logs, and Attachment Protect requested files will be sent to the original recipient and not the requestor.
- Does not affect how policies are applied to users.
Comments
Please sign in to leave a comment.