Вы находитесь на странице: 1из 43

Internal Use Only

MOBILE SECURITY FAQ AND USER GUIDE

MOBILE SECURITY
FREQUENTLY ASKED QUESTION
And
USER GUIDE

Page 1 of 43

Internal Use Only

MOBILE SECURITY FAQ AND USER GUIDE

TABLE OF CONTENTS
Contents

Page

PART I: FREQUENTLY ASKED QUESTION

PART II: MOBILE SECURITY AGENT INSTALLATION GUIDE

11

INSTALLING MOBILE SECURITY/TEM CLIENT ON ANDROID


DEVICES

12

UN-INSTALL MOBILE
ANDROID DEVICE.

21

SECURITY/TEM

CLIENT

FROM

INSTALLING MOBILE SECURITY/TEM CLIENT ON APPLE /


IOS DEVICES

30

UN-INSTALLING TEM CLIENT FROM IOS / APPLE DEVICE.

41

Page 2 of 43

Internal Use Only

MOBILE SECURITY FAQ AND USER GUIDE

PART I: FREQUENTLY ASKED QUESTION

Page 3 of 43

Internal Use Only

MOBILE SECURITY FAQ AND USER GUIDE

Q1. What is Mobile Security


Mobile Security is to ensure only compliant smartphones & tablets can access
MHMail. It will safeguard company data on these devices in compliance with
Personal Data Protection Act 2010. The summary as follow:
Which Device?
MHmail Mobile users using
the following smartphone
and tablets:
1. iOS
2. Android
MHmail Mobile users using
Windows smartphone and
tablets

Non supported device


1. Blackberry Enterprise
Services (BES)
2. Blackberry Service (BIS)

What is required?
Users to install Mobile
Security application in
their devices.
No agent will be
required.
User profile will be
visible from the
monitoring console
BES supported by
our BB enterprise
system
BIS will not be
supported by Sept
2013.

When will it happen?

Phase 1: Agent
deployment May 13
Phase 2: Policy
enforcement - Jun 13
.

BES Not applicable

Q2. What are the Application Details?


Details
Version Date:
Client Version
Size
URL address

IOS
23 Nov 2012
8.2.40035
0.9 MB
https://mobilesecios.malaysiaairlines.com/

Android
17 Jan 2013
8.2.50627.0
4.2 MB
https://mobilesecandroid.malaysiaairlines.com/

Screen
Captured

Page 4 of 43

Internal Use Only

MOBILE SECURITY FAQ AND USER GUIDE

Q3. What do you mean by Mobile Security?


Mobile Security refers to enabling a set of basic security settings to protect data
residing on a smartphone or tablet in the event that the device is lost or stolen.
Q4. Why is MAS requiring this?
More than 5,000 staff access MAS business information on mobile devices. Many of
these people store email messages with sensitive MAS business data such as
financial data, contract, passenger data and employee information. In addition, a
number of regulations require the protection of certain types of data. PDPA 2010
protects Customer and employee information, and PCI protects credit card
information.
Q5. How does this protect MAS data?
The settings enabled on the device will protect the data from unauthorized exposure
by placing a screen lock timeout of no longer than 15 minutes and allowing the user
(or an authorized IT staff member) to remotely wipe the device of all data. These
simple settings will protect MASs and your personal data in the event that the device
is lost or stolen.
Q6. What devices are going to be affected?
The Mobile Device Security Standard affects all iOS devices (iPhones, iPads, iPod
touch), Android devices (both phones and tablets) and Windows mobile devices that
connect to MASs Exchange email system.
Q7. Why should I care about this? I dont think I store any MAS data on my
device.
The fact that you work at Malaysia Airlines means that you could receive sensitive
MAS business data on your mobile device at any time via email. In addition, your
personal data on the device will be protected. Do you access your Facebook or other
social network site from your phone? Do you carry pictures of your family that you
wouldnt want to lose? Do you have any online accounts like Dropbox or Evernote
that someone who found your phone would have access to? These security settings
with specific configuration will protect your personal data, too.
Q8. What should I do to prepare?
There are three things that you need do to prepare for the Mobile Device Security
Standard:

Update your device. Ensure your device is running the most current
operating system software. Check with your device manufacturer for
updates.
Page 5 of 43

Internal Use Only

MOBILE SECURITY FAQ AND USER GUIDE

Check your Email Setting. Make sure that your mobile device is
fetching email using an ActiveSync configuration This is the approved
configuration to enable receiving MHmaill on your mobile device. For
assistance in this regard visit ExQuizIT

Back up your device. While it's unlikely that you'll have any problems,
its a good idea to make a copy of important information that you have
on your device.

Choose a numeric four-digit PIN (passcode) you can remember, and


that is difficult for someone else to guess.

Q9. Where can I read the Mobile Device Security Standard?


You can find the Mobile Device Security Standard at http://oneit.mas.net
Q10. What will I notice when the Policy is activated?
After the enforcement of the policy, MAS mobile users (except Windows smartphone
& Tablet) without the Mobile Security agent will not be able to access email via their
mobile device.
Youll also notice that the screen will lock after 15 minutes of inactivity (or as per your
configuration, whichever is earlier)
Q11. What will happen to my personal data when Group IT perform remote
wipe?
Remote wipe it is not a new feature, it has been enabled by default for a number of
years on any device that connects to MASs Exchange system via Microsoft's
ActiveSync protocol. The protocol does not allow any selectivity in wiping data; only
the entire device is erased back to a factory default state. A device will only be wiped
in the event of loss or theft, or upon instruction by employee to IT Helpdesk.
Q12. Can I wipe my own device? How do I do that?
Yes, you can wipe your own device. BE CAREFUL, this is NOT reversible.
To remotely erase all data from your device through Outlook Web Access (OWA), do
the following:
1.

Open a browser to https://mhmail.malaysiaairlines.com and log in using your


MAS ID and password.

2.

In the upper-right corner of the OWA window click Options > See all options.

3.

Click Mobile Devices on the left.

Page 6 of 43

Internal Use Only

MOBILE SECURITY FAQ AND USER GUIDE

4.

If you have configured multiple devices for Exchange, they will each be listed
here. Select from the list the device you wish to erase.

5.

Click Wipe All Data Device.

6.

A message box will appear that says, Are you sure you want to wipe your
device? After the device wipe is complete, remove the device from the list.

7.

Click Yes.

8.

Before you quit, select the device from the list (if it's not still selected) and
click the Delete icon, (it looks like a black X) to remove it from the list.

9.

All data has been erased from your device.

Q13. Why are you doing this to my personal device?


MAS and its employee are responsible for its data. Therefore in the event of theft of
loss, regardless of ownership, we have to protect the information from being leaked
to unauthorized party.
Q14. I have more than one mobile device (such as a phone and tablet). Is there
any limitation to the number of device accessing MAS Mail? Will the standard
apply to both?
Yes. Each user is allowed to one device either smartphone or tablets regardless of
its operating system (iOS, Android or Windows) to access your Mhmail via
ActiveSync.
Q15. What if I don't check my MAS email on my device?
If you do not check MAS email on your device, then the standard will not be
automatically enforced on your device. However, if you store sensitive non-email
data on your device you are still required to manually apply the security settings. If
you choose to add your MAS email account to your device in the future the security
settings will be enforced the first time you connect to MHmail.
Q16. I use Android's pattern lock feature. Does that meet the PIN requirement?
The Android pattern lock feature is supported as long as it meets the minimum
requirement of 4 characters.
Q17. Will Group IT be able to access data on my device or monitor my
activities?
No, Group IT cannot access data on your device or monitor your activities. The
Mobile Device Security application only ensures that data is secured in the event that
your device is lost or stolen.
Page 7 of 43

Internal Use Only

MOBILE SECURITY FAQ AND USER GUIDE

Q18. I have an Android device and when I receive the "device administrator"
prompt it says something about disabling the camera. Is my camera really
going to be disabled?
No, your camera will not be disabled. The message that you're seeing is static and
reflects what the standard could be set to do, but does not reflect what is actually
being done.
Q19. What if I need to make an emergency call and my phone is locked?
Nearly all phones have an "Emergency Call" feature that you can access from the
lock screen. You can choose this option to call 999 or other phone numbers that are
memorized on your device.
Q20. I don't want to take part in this. What are my options?
The easiest, and preferred, way to opt out is to remove your device from MHmail and
delete any sensitive MAS information from your mobile device. Then you wont be
storing sensitive MAS information on your device and the standard will not apply.
You may still check your e-mail by using your browser to visit
https://mhmail.malaysiaairlines.com. For all other users, opting out of the standard is
highly discouraged and anyone who stores sensitive MAS information on their
mobile device (including email) is expressly prohibited from opting out
Q21. What if my device is jailbroken or rooted?
Devices that are "rooted" or "jailbroken" are not allowed to access or store MAS data
since these devices have been compromised and are highly insecure.
Q22. I use Touchdown for my e-mail on my Android Device. Why do I have to
type my PIN in twice to get to my e-mail?
Touchdown is a 3rd party mail app for Android that uses its own implementation of
Active Sync protocols instead of the built in implementation on Android. As a result,
when the security settings are applied via Active Sync, they get applied to
Touchdown, not to the phone. If youve manually set a PIN on your phone, you will
be required to enter both PINS to access e-mail. Depending on your Android
device, you may be able to disable the PIN that is used to unlock your phone, but
that would leave the rest of your phone unprotected. We do not have the ability to
change this behavior at the e-mail servers.
Q23. I already have a PIN code. What will happen?
Nothing. Your device will continue to work as you have been using it (as far as the
PIN is concerned).

Page 8 of 43

Internal Use Only

MOBILE SECURITY FAQ AND USER GUIDE

Q24. Are you installing software on my device to monitor anything?


No. TEM Mobile Security software enables the security features already built into
your devices operating system. These features are being activated through the
existing ActiveSync protocols used between your device and the Exchange
Server. We will not be able to monitor the use of your device in any way.

Page 9 of 43

Internal Use Only

MOBILE SECURITY FAQ AND USER GUIDE

PART II: MOBILE SECURITY AGENT INSTALLATION GUIDE

Page 10 of 43

Internal Use Only

MOBILE SECURITY FAQ AND USER GUIDE

PART II: MOBILE SECURITY AGENT INSTALLATION GUIDE


The purpose of this user guide is to equip user with the installation/enrollment
and un-installation/un-enrollment (if required only) procedures of the Mobile
Security agent. This document will cover steps for the following platform:
You may click on the system below to go direct to the user guide for each
system.

Installing Mobile Security agent on ANDROID devices


Un-Installing Mobile Security agent on ANDROID devices
Installing Mobile Security agent on Apple/IOS devices
Un-Installing Mobile Security agent on Apple/IOS devices

Page 11 of 43

Internal Use Only

MOBILE SECURITY FAQ AND USER GUIDE

INSTALLING MOBILE SECURITY/TEM CLIENT ON ANDROID DEVICES


This guide provides instructions on how to install TEM client on Android devices.
Following solutions applies to:

Android (ARM) versions 2.2, 2.3.x, 3.x, 4.x (includes phones and tablets)

* For Windows Mobile 5.x, 6.x do not require this steps as they are agent-less.

Pre-requisite:
Recommended to have 3G or access to WIFI
1. Launch your Internet browser e.g. Google Chrome or Firefox Mozilla (It can
be any Internet browser depending on your device platform)
2. At your URL address, type in https://mobilesec-android.malaysiaairlines.com.
You may receive a security warning. Click Continue to proceed.
NOTE: This is a normal encounter.
3. Key in your Work Email Address and Password as shown below and hit
Login.

suriaty@malaysiaairlines.com

4. You are now at the enrollment page. As you can see, your email address is
now visible in the Work Email Address field.

Page 12 of 43

Internal Use Only

MOBILE SECURITY FAQ AND USER GUIDE

5. Proceed by selecting I own this device under the Device Ownership.


Please read the user terms and agreement carefully before clicking the I
Agree checkbox. Once you are done, hit Submit button.

Page 13 of 43

Internal Use Only

MOBILE SECURITY FAQ AND USER GUIDE

6. Choose Option 1 Install the Mobile Client app.

7. This is where you will need to download the Mobile Application from Google
Store. You will need an Internet connection to do this.
8. Once you have Internet Connectivity, just hit Install to begin the download
and installation of IBM Endpoint Manager mobile client / agent into your
mobile.
NOTE: Depending on your Android version, you may be asked to choose
Accept and Download as well to continue the installation.

9. Click on KEEP SHOPPING to go back to your Google Store IBM Mobile


Client Application Page.
Page 14 of 43

Internal Use Only

MOBILE SECURITY FAQ AND USER GUIDE

10. Your progress bar will indicate that the download has been initiated. The
download may take approximately 10-20 minutes depending on your Internet
connection speed.

11. Once your download is completed, below screen will appear.


NOTE: DO NOT OPEN THE MOBILE CLIENT

12. Now launch your Internet browser again, choose 2. Enroll with the app.

Page 15 of 43

Internal Use Only

MOBILE SECURITY FAQ AND USER GUIDE

13. You will receive a pop-up message to activate the Tivoli Endpoint Manager as
a device administrator. Click on Activate to proceed with the enrollment.
NOTE: This pop-up is just to notify you the capabilities of Mobile
Security/TEM. Clicking Activate button will NOT activate these functions.

Page 16 of 43

Internal Use Only

MOBILE SECURITY FAQ AND USER GUIDE

14. Click on Accept to accept the terms and conditions of the device.

Page 17 of 43

Internal Use Only

MOBILE SECURITY FAQ AND USER GUIDE

Page 18 of 43

Internal Use Only

MOBILE SECURITY FAQ AND USER GUIDE

15. Once you see this image on your device, you have successfully installed
Tivoli Endpoint Client / Agent on your device. You may exit the mobile client
application.

CONGRATULATIONS!
Your device is now ready with the endpoint manager client / agent.

Page 19 of 43

Internal Use Only

MOBILE SECURITY FAQ AND USER GUIDE

HOW TO CONFIGURE ANDROID TO RECEIVE MH MAIL


To enable you to receive MH Mail from your Android device, please go to this
link:
http://xquizit.mas.net/article/how-to-configure-android-to-receive-mh-mail.html

Page 20 of 43

Internal Use Only

MOBILE SECURITY FAQ AND USER GUIDE

UN-INSTALL MOBILE SECURITY/TEM CLIENT FROM ANDROID DEVICE.


This guide provides instructions on how to un-install TEM client on Android devices.
Following solutions applies to:

Android (ARM) versions 2.2, 2.3.x, 3.x, 4.x (includes phones and tablets)

* For Windows Mobile 5.x, 6.x do not require this steps as they are agent-less.

Pre-requisite:
Recommended to have 3G or access to WIFI

Page 21 of 43

Internal Use Only

MOBILE SECURITY FAQ AND USER GUIDE

1. On your android device, go to Settings.

Page 22 of 43

Internal Use Only

MOBILE SECURITY FAQ AND USER GUIDE

2. Scroll down and choose Security.

3. Under Device Administration, choose Device Administrators.

Page 23 of 43

Internal Use Only

MOBILE SECURITY FAQ AND USER GUIDE

4. By default, the IBM Endpoint Manager box is ticked; you will need to deselect
it.

5. By deselecting the tick, will initiate a window which tells you that the
Administrator is active. Click on Deactivate.

6. A prompt window will require your confirmation to disable the Mobile Client
device administrator. Hit OK.

Page 24 of 43

Internal Use Only

MOBILE SECURITY FAQ AND USER GUIDE

7. You will notice that the checkbox is now deselected.

Page 25 of 43

Internal Use Only

MOBILE SECURITY FAQ AND USER GUIDE

8. Return to Settings page, and click on Application manager.

Page 26 of 43

Internal Use Only

MOBILE SECURITY FAQ AND USER GUIDE

9. Click on Mobile Client

10. Choose Uninstall.

Page 27 of 43

Internal Use Only

MOBILE SECURITY FAQ AND USER GUIDE

11. A pop-up window will indicate that the Application will be uninstalled.

Page 28 of 43

Internal Use Only

MOBILE SECURITY FAQ AND USER GUIDE

12. Click on OK to exit the uninstallation.

Please note that you have completed the un-enrollment of TEM from Android
device.

Page 29 of 43

Internal Use Only

MOBILE SECURITY FAQ AND USER GUIDE

INSTALLING MOBILE SECURITY/TEM CLIENT ON APPLE / IOS DEVICES


This guide provides instructions on how to install TEM client on Apple / IOS devices
Following solutions applies to:

Apple iOS 4.x, 5.x, 6, 6.1 (iPhone, iPad, iPod Touch)

NOTE : For Windows Mobile 5.x, 6.x do not require this steps as they are agentless.
Pre-requisite:

Apple user ID is required for you to install the agent.


Recommended to have 3G or access to WIFI
Clear your previous browsing history

1. Launch your Internet browser e.g. Safari (It can be any Internet Browser on
your mobile device)
2. At your URL address, type in https://mobilesec-ios.malaysiaairlines.com.
You may receive a security warning. Click Continue to proceed.
NOTE : This is a normal encounter.
3. Key in your companys Work Email Address and Password and hit Login.

4. You are now at the enrollment page. As you can see, your email address is
now visible in the Work Email Address field. Proceed by selecting I own
this device under the Device Ownership. Please read the user terms and

Page 30 of 43

Internal Use Only

MOBILE SECURITY FAQ AND USER GUIDE

agreement carefully before clicking the I Agree check box. Once you are
done, hit the Submit button.

5. Choose item 1 option Install your organization SSL Certificate shown in


the diagram below.

6. You will be prompted to install the profile. You may also be prompted for your
passcode, if you have an existing passcode. Once you are done, Click
Install to continue. Refer to the screenshot below.

Page 31 of 43

Internal Use Only

MOBILE SECURITY FAQ AND USER GUIDE

Page 32 of 43

Internal Use Only

MOBILE SECURITY FAQ AND USER GUIDE

7. Hit the Install button to proceed with the installation. Refer to the screenshot
below. This will install the certificate into your mobile device.

8. Hit the Install button to proceed with the installation. Refer to the
screenshot below.

9. Once the installation is completed, you will receive this message. Hit Done
to complete the process.

Page 33 of 43

Internal Use Only

MOBILE SECURITY FAQ AND USER GUIDE

10. Now go back to your Internet Browser e.g. Safari, and choose item 2 option
Install the Mobile Client app.

11. This is where you will need to download the Mobile Application from the
iTunes store. You need an Internet connection to do this.
12. Once you have Internet Connectivity, just hit Install to begin the download
and installation of IBM Endpoint Manager mobile client / agent into your
mobile device.
Note i: Some devices will list it as FREE, so choose FREE first, then
click Install.

Page 34 of 43

Internal Use Only

MOBILE SECURITY FAQ AND USER GUIDE

Note ii: You will also be prompted to insert your Apple ID Password to
commence the installation.

Apple ID Password

Cancel

OK

Page 35 of 43

Internal Use Only

MOBILE SECURITY FAQ AND USER GUIDE

13. Once the Client / Agent has been installed, you will see an icon residing in
your app inventory on your mobile devices as shown below.
NOTE: DO NOT OPEN THE MOBILE CLIENT.

14. Now launch your Internet browser again, choose item option 3 Enroll with
the app.

15. You will be taken to the MDM Profile Installation page. This page will
automatically redirect you to the next part of the Install Profile section. If it
does not redirect, just hit Install the profile as highlighted below.

Page 36 of 43

Internal Use Only

MOBILE SECURITY FAQ AND USER GUIDE

16. You will be prompted to install the profile again. You may also be prompted
for your passcode, if you have an existing passcode. Once you are done,
Click Install Now to continue. Refer to the screenshot below.

Page 37 of 43

Internal Use Only

MOBILE SECURITY FAQ AND USER GUIDE

17. You will receive a warning message prior to installation, this is a normal
prompt. Hit Install to begin the installation process.

18. Once the installation is done, hit Done to complete the setup.

Page 38 of 43

Internal Use Only

MOBILE SECURITY FAQ AND USER GUIDE

19. Once the setup is completed, you will be taken back to the MDM Profile
Installation page, just choose Return to the app as highlighted below to
complete the enrollment process.

CONGRATULATIONS!
Your device is now ready with the endpoint manager client / agent.

Page 39 of 43

Internal Use Only

MOBILE SECURITY FAQ AND USER GUIDE

HOW TO CONFIGURE MH MAIL on iOS


To enable you to receive MH Mail from your iOS device, please go to this link:
http://xquizit.mas.net/article/how-to-configure-mh-mail-on-iphone-ipod-touch.html

Page 40 of 43

Internal Use Only

MOBILE SECURITY FAQ AND USER GUIDE

UN-INSTALLING TEM CLIENT FROM IOS / APPLE DEVICE.


This guide provides instructions on how to un-install TEM client on Apple / IOS
devices.
Following solutions applies to:

Apple iOS 4.x, 5.x, 6, 6.1 (iPhone, iPad, iPod Touch)

NOTE : For Windows Mobile 5.x, 6.x do not require this steps as they are agentless.
Pre-requisite:

Apple user ID is required for you to install the agent.


Recommended to have 3G or access to WIFI

1. Open your IBM Endpoint Manager Client / Agent on your mobile device.
Just click on it to open.

Page 41 of 43

Internal Use Only

MOBILE SECURITY FAQ AND USER GUIDE

2. Once the Mobile Client is open, click on Info as highlighted in RED in the
screenshot below on the next page.

3. Click Unenroll to remove the agent from the device. You have completed
the removal of the agent from your device.
Page 42 of 43

Internal Use Only

MOBILE SECURITY FAQ AND USER GUIDE

Please note that you have completed the un-enrollment of TEM from Apple / IOS
device.

Page 43 of 43