IBM MaaS360

In today’s world there are a multitude of use cases wherein a given organization’s Security administrators aim to limit and secure and restrict the browsing habits of their employees on managed Windows devices. In many cases the internal intranet sites require access occur via an organization’s gateway. If you are looking to address such use cases in your own organization for managed Windows laptop/desktop devices, IBM Security MaaS360 achieves this through the use of its Secure Browser application for Windows configured under the Workplace Persona policy.

Here is a quick guide on the capabilities available within this browser as well as how to enable and deploy this application:

Capabilities

1. All basic browser client capabilities (Tabs, Navigation, Caching, Cookie management, History tracking and Download management, Bookmarks, Different authentications like Basic, NTLM, Kerberos etc.)
2. The ability to set a default ‘Homepage’ via Workplace Persona policy
3. Bookmarks for frequently used sites with categorization (Admin Bookmarks, etc.) via Workplace Persona policy
4. The option to import user bookmarks from Google Chrome
5. Document reader mode
6. Enabling/ Disabling Debug logging mode

Enforcements Actions

1. Secure browser activity by enforcing URL filtering – Administrator can define the specific domains/ URLs to be allowed or blocked. If an end user attempts to browse URLs falling in those categories via IBM MaaS360 Secure Browser, the administrator can choose how that user is notified (Text notification/ HTML notification / URL redirect to specified allowed site etc.). The admin will also get notified via email about this suspicious activity.
2. Enabling/ Disabling File downloads – Portal Administrator can allow or disallow file downloads for end users via IBM MaaS360 Browser.
3. Restrict Clipboard export from Browser – Restrict copying content from MaaS360 Browser browsed webpages to ensure proper data handling.

Enabling Secure Browser

The first step is to enable the ‘Secure Browser’ service. Navigate to Setup > Services in the MaaS360 portal.

Upon enabling the Secure Browser service, the Default Workplace Persona policy shows up under Security > Policies with published state.

Admins can then add a new Workplace Persona policy with desired configurations according to their organization’s needs. This policy can be applied to all or specific groups of devices or users.

Note: Policy can be applied using the Change policy action.

The below screenshot illustrated some sample configurations of a Workplace Persona policy:

 

 

Installation of the Windows Secure Browser application

1. Once the Workplace Persona policy is applied to a device or group of devices the devices will get entitlements for the Secure Browser application, notifications for which will be available in the MaaS360 device application. Upon clicking the newly-visible ‘Browser’ icon users will navigate to Settings > Update, showing the installation option for Secure Browser.
2. On clicking the ‘Install’ button, the IBM MaaS360 Browser application will download to the MaaS360 app.

Accessing Intranet Sites via MaaS360 Gateway

If you currently have the IBM Security MaaS360 Mobile Enterprise Gateway module configured as a part of your Cloud Extender integration, the MaaS360 Browser application can facilitate access to corporate intranet sites pending user authentication.

The below screenshot is an example of Gateway configuration:

And that’s it! Simple steps for a valuable capability. Try it yourself today, and feel free to reach out to myself or your IBM account representative with any questions.