Quarantining users and devices

Quarantine users and devices from Security Dashboard to restrict unauthorized access to your corporate resources.

Notes:
  • The user quarantine action has higher precedence over the device quarantine action.
  • The Quarantine option is available for an individual device only when the user who manages that device is not quarantined.

Prerequisites

  • Administrators must have Quarantine access rights.
  • Quarantine restrictions are configured through quarantine templates. For more information on quarantine templates, see Configuring quarantine templates.

Quarantine users

You can quarantine users from multiple workflows in the Security Dashboard. When you quarantine a user, the quarantine restrictions are applied to all devices managed by that user, including the devices that are not considered risky.

Follow the steps to quarantine the user from the Security Dashboard.

  1. From the IBM MaaS360 Portal home page, go to Security > Security Management > Security Dashboard.
  2. Apply the quarantine action from the following workflow.
    • Top Users with Risk Incidents widget
      1. In the Top Users with Risk Incidents widget, click Top Risky users tab.
      2. Click the icon and then select Quarantine. The Quarantine <username> window is displayed.
    • User List page
      1. In the Top Users with Risk Incidents widget, click Top Risky users tab.
      2. Click the View more link.
      3. On the User List page, click the icon and select Quarantine. The Quarantine <username> window is displayed.
    • Summary View page
      1. In the Top Users with Risk Incidents widget, click Top Risky users tab.
      2. Click username.
      3. On the Summary View page, click Quarantine. The Quarantine <username> window is displayed.
  3. Perform one of the following.
    • Select the preconfigured quarantine template from the Quarantine restrictions drop-down list. The selected template restrictions are displayed on the right side of the frame.
    • Select Custom to define a unique set of quarantine restrictions without selecting the preconfigured templates.
    For more information on quarantine templates and the custom option, see Configuring quarantine templates.
  4. Turn on the Notify user via email toggle icon to notify users about the restrictions that were applied to the device.
    Note: The email notification is sent to the email address that was provided during the enrollment. To update or sync email addresses in the User Directory, go to the Users > Directory page.
  5. Review the list of devices managed by the user, risk score, and risk incidents.
  6. Click Quarantine. A confirmation message is displayed.

The Quarantine action is applied to all devices managed by the user. You can click the Refresh icon to reflect the quarantine status for the user. MaaS360 displays the quarantine icon next to the username to distinguish quarantined users from other users.

Quarantine devices

You can quarantine a single or multiple devices. When you select devices for the quarantine action, the restrictions are applied only to the selected devices.

Important: You can quarantine individual devices only when the user who manages those devices is not quarantined.

Follow these steps to quarantine the device from the Security Dashboard:

  1. From the IBM MaaS360 Portal, go to Security > Security Management > Security Dashboard.
  2. In the Top Users with Risk Incidents widget, click the Top Risky users tab.
  3. Click username. The Summary View page of that user is displayed.
  4. In the Risky devices section, select the device.
    • For an individual device, click the icon, then select Quarantine. The Quarantine <device name> window is displayed.
    • For multiple devices, select the check-boxes next to the device names and click the Quarantine button. The Quarantine devices window is displayed.
    • For all devices, select the checkbox next to the Device name and click the Quarantine button. The Quarantine devices window is displayed.

    The Quarantine devices window is displayed.

  5. Perform one of the following.
    • Select the preconfigured quarantine template from the Quarantine restrictions drop-down list. The selected template restrictions are displayed on the right side of the frame.
    • Select Custom to define a unique set of quarantine restrictions without selecting the preconfigured templates.
    For more information on quarantine templates and the custom option, see Configuring quarantine templates.
  6. Turn on the Notify user via email toggle icon to notify users about the restrictions that were applied to the device.
    Note: The email notification is sent to the email address that was provided during the enrollment. To update or sync email addresses in the User Directory, go to Users > Directory.
  7. Review the list of devices managed by the user, risk score, and risk incidents.
  8. Click Quarantine.

A confirmation message is displayed that the Quarantine action is applied to the selected devices.

You can click the Refresh icon to reflect the quarantine status for the device. MaaS360 displays the quarantine icon next to the device name to distinguish quarantined devices from other devices.