IBM Security MaaS360

 View Only

Work from Home Best Practices with IBM Security MaaS360, Part Two

By Margaret Radford posted Tue April 07, 2020 01:43 PM


In Part One of this blog, I covered acceptable use policy, provisioning work from home (WFH) devices (both corporate-owned and BYOD), remote support (via TeamViewer), and configuring MaaS360 for compliance. In this follow-on, I will cover:

  • Unified application catalog
  • Single-sign on (SSO) and conditional access and IBM Cloud Identity
  • Mobile threat defense and Wandera


Providing a unified application catalog across all device types

Every customer I speak to has a common goal: to increase productivity and usability for their workforce. To help with this, MaaS360 has a unified application catalog where you can add approved applications, application bundles, and configuration parameters. One catalog for all your device types makes it easy to administer and support, and users will have a unified experience across all their device types. When users enroll devices in MaaS360, the MaaS360 application catalog is pushed to devices automatically based on how the administrator distributed the applications. Maas360 can also integrate with Apple’s Volume Purchase Program and Android Enterprise, which enables a silent install option on the device. Administrators can also configure required parameters for applications, such as server name so users do not have to enter parameters, greatly reducing the odds that support will need to be contacted.

Learn more about the MaaS360 Application Catalog here

Seamless SSO and conditional access to Software as a Servicer (SaaS) resources

It is essential that your users can easily and securely access SaaS apps from their WFH devices. Most employees are using several external cloud SaaS apps to do their jobs, such as Box and SalesForce.  It’s time consuming and burdensome for users to manage multiple passwords for various SaaS resources, and it is confusing for them to discern which resources they are entitled to. (Too many passwords also leads to sticky-note password management, which believe it or not, is still a dangerous practice.) This can lead to shadow IT, where employees use their credit cards to sign up for cloud app subscriptions. MaaS360’s Identity and Access Management service provide seamless SSO and conditional access to SaaS resources. By enabling and configuring this service, your remote employees will automatically get the SaaS apps they have access to, use SSO across these apps, and will be prevented from using SaaS apps if their device is out of compliance.

MaaS360 administrators can enable the Identity and Access Management service in the MaaS360 portal.

  • Enable the Identity and Access Management service in the MaaS360 portal
  • Configure Cloud Identity with Identity resource and cloud apps
  • Configure Apps in MaaS360 for SSO and Conditional Access
  • Configure Compliance Rules in MaaS360


Check out my blog from last year for more a lot more detail on this topic.

Safeguarding devices from threats

WFH users are typically using their home Wi-Fi with an ISP to access external cloud resources directly and a VPN to access behind the firewall resources. But there are also cases where shared work environments and Wi-Fi hotspots might be employed. Depending on the type of device—e.g., personally owned, corporate owned personally enabled, or strictly corporate owned--the threat levels vary from device, network, apps and content. MaaS360 partners with Wandera to provide a real time risk and threat management solution to help safeguard from threats that can result in:

  • insecure apps leaking sensitive data
  • phishing attacks that compromise the device
  • use of unauthorized file sharing services
  • man in the middle attacks, and
  • unapproved usage such as adult, gambling, and extreme sites


Like MaaS360, Wandera is a cloud solution. MaaS360 and Wandera integrate in such a way that enables real time policy enforcement and remediation on the device when threats are detected. MaaS360 is used to distribute the Wandera app to devices through the MaaS360 unified app catalog. The Wandera app is able to detect configuration issues, bad apps, network usage, phishing attacks, and prevent inbound attacks. Wandera has a cloud gateway component that is able to detect personally identifiable information (PII) data leaks from insecure apps that are outside company control and the gateway can also evaluate and analyze network traffic. If the user connects to a unsecured Wi-Fi hotspot, the Wandera app is able to create an on demand encrypted tunnel to safeguard the data, eliminating man-in-the-middle attacks.

If you have any question, reply to the blog or reach out to your MaaS360 Client Success Manager (CSM). Not sure who your CSM is? Contact

If you are not a current MaaS360 customer you can request access to 90-day no-cost trial.

We also posted a blog with a digest of all more MaaS360 and IBM Security resources aimed to helping you with remote, BYOD and WFH initiatives and challenges.