What is the Latest?
On February 23rd, The Executive Office of the President of United States of America has instituted a ban on using TikTok on Government-owned devices. Similar initiatives have been taken by European Commission and Canada. All these institutions have cited the need to secure their digital infrastructure and protecting security and privacy.
IBM Security MaaS360 is a SaaS Unified Endpoint Management software that helps you manage devices, users and apps and protect them with built in threat management capability, from a single pane of glass. The IT experts using MaaS360 can easily make sure their end users are protected against the use of prohibited technologies such as TikTok.
MaaS360 can help you answer and quickly solve 2 main questions regarding the use of TikTok on your end users’ corporate owned devices.
What Can MaaS360 do for me?
Identification
MaaS360 has an easy method to identify all devices reporting into the portal, which have TikTok installed.
Can provide subsets of devices based on platform (iOS, Android, macOS and Windows).
No additional parts or functions are needed, they are all built-in today.
Example
Showing all Platforms
Reporting
All reporting data at the Alert level and Group level can be extracted and downloaded to the Admin’s desktop for audit trails.
Remediation/Removal
MaaS360 provides the distribution and execution pipelines needed to remove software from devices so that your organization can be in line with regulations.
How do I know if it is installed on Windows?
Using Winget from Command Prompt
Open a Command Prompt – run as Administrator.
Run the command winget list.
You will see the following information:
ID = BytedancePte.Ltd.TikTok_6yccndn6064se
Application Installed
Using the Settings, an IT Administrator can also see if the application is installed.
Question 2: Who has it installed?
IT Administrators can use My Alert Center to find out who has it installed and on what platform.
An Administrator can use MaaS360 to identify all devices reporting into the portal which have a specific application installed.
By creating this query, all devices which have TikTok installed will be reported and seen.
This information can be used to take actions to remediate the situation.
This example specifically calls out Windows devices with TikToc installed.
Android
How do I protect the devices
One of the ways to protect a device is to create a MDM policy which will deny the use of a restricted application no matter how that App was installed.
Creating and implementing Policy
Windows Deny Policy
Create a policy:
Android Policy
Android is a bit out of the ordinary. If the device is corporate owned, then the Google Playstore can be controlled so that an individual will not have the ability to install a restricted application
Regardless, it is still prudent to create a deny policy which will look like this:
iOS Policy
iOS policy is similar to the above. Same work flow.
Out of Compliance Notification – Enforcement Rules
MaaS360 will also send notification to the Administrator and enduser to inform them that a questionable application is installed.
This single function is valid for all platforms.
How do I remove it?
MaaS360 can assist you in removal of an application like TikTok. Obviously then end user can remove it manually,
Automated – Windows
An administrator can leverage the power of MaaS360 to automate the removal of TikTok.
From the previous query used for My Alert Center:
Create a Device Group to determine TikToc installations.
PowerShell
Create a PS1 file using this code.
Get-AppxPackage *tiktok* | Remove-AppxPackage
Upload to MaaS360 App Catalog
Distribute the removal script to single device, group of devices or all devices
Or Assign this script to be run whenever a Windows device has TikTok installed
TikTok on Android
Corporate (Federal Owned)
TikTok on macOS
As of this writing, TikTok is only available from the App Store for iPhone and iPad.
