IBM MaaS360

IBM MaaS360

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

MaaS360: Ask Me Anything on Security Features

By Ernesto Soto posted 6 hours ago

  
MaaS360: Ask Me Anything about Security Features
 
Thank you for joining our recent Ask Me Anything session on security features. In this blog, we’ve recapped the key highlights and answered some of the FAQs to help you get the most out of MaaS360’s main security features.
You can find the September 17th, 2025, replay and presentation here: MaaS360 AMA Security Features.
 
Key Takeaways:
Below is an overview of the presentation and discussion regarding security features from the session.
 
-What are Compliance Rules?
  • Compliance Rules are a list of rule sets that ensure enrolled devices follow your organization’s security measures, mobile usage and regulatory standards.
  • Configuring Compliance Rules in MaaS360 can actively monitor, enforce, and perform an immediate device action when a device falls out of compliance.
 
 
-Creating and Assigning a Compliance Rule Set
  • In MaaS360, hover over Security, select Compliance Rules, then click on Add a Rule Set. Ensure to configure the basic settings tab to include the applicable platforms, event notification recipients and exemptions.
  • The main security categories to configure from include Enforcement Rules, Geo-Fencing Rules and Groups Based Rules.
  •  In MaaS360> Security> Compliance Rules> Assign to assign the entire rule set to a group. Selecting the rule set as default ensures all devices are monitored by its enforcements.
 
 
-What are Enforcement Rules?
  • Enforcement Rules within a MaaS360 compliance rule set are what makes a compliance rule actionable when a violation or risk is detected.
  • Enforcement rules not only monitor and detect an out of compliance device but also performs a device action as soon as flagged out of compliance.
  • Configuring enforcement rules to perform a device action, ensures corporate data is restricted from being accessed via an unsafe device.
  • device actions include Alert, Selective Wipe, Change Policy, Wipe, Remove Control and Hide.
 
 
-OS Enforcements and App Compliance within the Enforcement Rule
  • OS Versions ensures your managed devices are up to date with the required OS version.
  • App Compliance ensures devices are following the application compliance requirements. Application compliance is based on MDM policy settings.
  • With the above two settings configured to enforce these categories via devices, ensures devices don’t become vulnerable to security attacks.
 
 
-Group Based Rules
  • Configuring Group Based Rules within a compliance rule set is recommended as it is the way to enforce a device action once a device falls into a pre-configured group.
  • While group creation can be helpful in managing different organization departments, creating a group-based rule for a specific group can help perform a device action once a device falls into that group’s search condition.
  • A group can be created via Devices> Groups> Add> Add Device Group. Select the search criteria and conditions for the system to add devices into the group upon meeting those group conditions. To configure a Group Based rule, edit or create a rule set, then edit the Group Based rule section. Give it a name, select a group from a drop down, then select the desired device action. Ensure the entire rule set then gets applied to the appropriate group.
 
 
-Geo Fencing Rules & Locations
  • Configuring a Geo-Fencing within a compliance rule set allows you to select from a device action to enforce when a device falls out of compliance due to its current location or WIFI connectivity.
  • Add an address-based location via Security> Locations in MaaS360  
  • Add a WIFI based location within the same path, for the Geo-Fencing rule to enforce the connectivity to the set WIFI network.
 
-What happens when a device falls out of compliance?
  • Once a compliance rule is configured and applied to devices, MaaS360 automatically enforces the defined rule set. If a device falls out of compliance, the corresponding device actions will be triggered.
  • Out of compliance devices can be viewed via the Compliance Status widget on the home page or navigate in MaaS360 to Security> Compliance Log.
  • The compliance log tab displays all associated actions that have been recorded.
 
 
-Privacy Management
  • Privacy Management tab allows administrators to restrict the type of information collected from personal owned devices enrolled into MaaS360.
  • Privacy features to restrict from being accessed or viewed include Location, Network and App Inventory.
  • The settings can be applied to Corporate Owned devices, Employee-Owned devices, all devices  or specific groups only.
 
 
-What is Mobile Threat Defense (MTD)
  • Mobile Threat Defense is a cybersecurity solution designed to protect mobile devices from a range of mobile threats.
  • MTD actively detects and mitigates threats in real-time protecting Android and iOS devices as they face different security threats than a normal computer.
  • Security feature works by pushing the app directly to devices conducting an initial scan for any vulnerabilities. The end user is then recommended to remediate any detected threat.
 
 
-Security Dashboard
  • The Security Dashboard displays all security events and risk incidents. This tab can be found in MaaS360> Security> Security Dashboard.
  • Risk Rule configurator allows you to select the severity of each configured risk rule that’s enabled.
  •  
                                                                                    FAQs
Q: Is there a limit of Compliance Rule sets allowed in MaaS360?
A: There is no total limit of allowed compliance rule sets to configure.
Q: How long does an end user have to remediate their out of compliance device before losing access to corporate data?
A: When selecting the device action to perform when OOC, additional device actions can be taken at the required time intervals. For example, first device action can be an alert sent out to the device and after a certain amount of time, (In hours or days) a second action can be performed allowing you to select the same alert action or a different action. Click on the + symbol for additional device actions.
Q: What happens if a device is part of different groups with each of those groups having a compliance rule set assigned?
A: If a device is assigned multiple compliance rules from multiple group memberships, the device receives the compliance rules with the highest precedence. Security> Compliance> Precedence.
Q: Is Mobile Threat Defense FedRamp compliant?
A: MTD is not FedRamp compliant as it is an endpoint security service for mobile threat detection and does not see data or access data found on the device.
 
                                                       Upcoming Webinars & Community Engagement
 
The next MaaS360 Ask Me Anything is in the works! Topic and date are coming soon-stay tuned. Meanwhile, be sure to check out our New Customer/Admin Workshops blog to view registration links and dates for the next webinar session.
 
Have a topic you want us to explore?
Drop a comment below or email your suggestions to the IBM MaaS360 Customer Success team at csmaas@us.ibm.com
 
We appreciate your continued support and time with us. We look forward to helping you make the most out of our latest features.
 
Regards,
IBM MaaS360 Support Team
0 comments
3 views

Permalink

https://community.ibm.com/community/user/blogs/ernesto-soto/2025/09/19/maas360-ask-me-anything-on-security-features