Ent Mobility Mgmt MDM or low-cost MDM that checks for updated AV & supported IOS/Android

sunhux
sunhux used Ask the Experts™
on
We use Enterprise Mobility Mgmt (from the former Blackberry) MDM
 but support is not that great.

Can this MDM
a) check if an IOS/Android has an anti-malware (plan to use the free
    AV like malwarebytes) installed & updated with latest AV signature
   (at least not more than 2 days old) & only allow the mobile device
   to connect to our corporate Wifi if AV is present & it's up-to-date?

b) supported versions of IOS/Android is used before allowing it to
    connect

If it doesn't, can suggest a low-cost (or free) MDM that could do the
above?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Jian An LimSolutions Architect
Top Expert 2016

Commented:
The main question you gonna ask is how do you control your corporate wifi to not connect without AV?

if you allow any device to connect to your wifi, then it is not a MDM issue, rather than authentication issue.
It is not a simple MDM can resolve.

It is a NAC (Network access control) problem and you want to control any device to your network.
Exec Consultant
Distinguished Expert 2018
Commented:
Here is a example of the MDM policy
- Detect whether or not an antivirus app is running.
- Detect the date of the Android device's most recent security patch from Google. Apples not supported.
https://docs.vmware.com/en/VMware-AirWatch/9.2/aw-mdm-guide-92/GUID-014MDM-CompliancePolicyRulesDesc.html
With compliance action that can be taken
- Block or remove device profile
https://docs.vmware.com/en/VMware-AirWatch/9.2/aw-mdm-guide-92/GUID-014MDM-CompliancePolicyActionsbyPlatform.html

Device profiles grant you control over a wide range of device settings. These settings include passcode complexity, Geofencing, time schedules, device hardware functionality, Wi-Fi, VPN, Email, Certificates, and many more. In AirWatch's compliance engine, it monitors rules, enforces actions, and applies escalations (all of which you define). Compliance profiles, however, seek to provide the compliance engine with all the options and settings ordinarily available only to device profiles.

For example, you can make a special device profile that is identical to your normal device profile, only with more restrictive settings. You can then apply this special device profile in the Actions tab when you define your compliance policy. With such an arrangement, if the user fails to make their device compliant, you can apply the more restrictive compliance profile.
Once devices are determined to be out of compliance, the compliance engine warns users to address compliance errors to prevent disciplinary action on the device. For example, the compliance engine can trigger a message to notify the user that their device is out of compliance.


In addition, devices not in compliance cannot have device profiles assigned to it and cannot have apps installed on the device. If corrections are not made in the amount of time specified, the device loses access to certain content and functions that you define. The available compliance policies and actions vary by platform.

You can automate escalations when corrections are not made, for example, locking down the device and notifying the user to contact you to unlock the device.
https://docs.vmware.com/en/VMware-AirWatch/9.2/aw-mdm-guide-92/GUID-014MDM-CompliancePoliciesOverview.html

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial