Specify CylanceGATEWAY options on Android Enterprise devices Skip Navigation

Specify
CylanceGATEWAY
options on
Android Enterprise
devices

For
Android
devices, you can specify which apps send data through the
CylanceGATEWAY
tunnel using the
CylanceGATEWAY
service policy
. If your organization manages
Android Enterprise
devices using an EMM solution such as
BlackBerry UEM
, you can configure settings in your EMM provider that affect
CylanceGATEWAY
.
You can use the IT policy in
BlackBerry UEM
to specify whether
CylanceGATEWAY
is always enabled on devices and whether users can change VPN configurations in the work profile on the device. For more information on
UEM
IT policy rules, download the UEM IT Policy Reference.
  1. In the
    UEM
    management console, create or edit an IT policy.
  2. Perform one of  the following actions:
    1. To force
      CylanceGATEWAY
      to always be enabled, set the following IT policy rules for the
      Android
      work profile.
      IT policy rule
      Description
      Force always-on VPN
      Selected
      Use
      BlackBerry Secure Connect Plus
      for VPN connection
      Not selected
      VPN app package ID
      com.blackberry.protect
      Force work apps to only use VPN
      Not selected. If this option is selected, the
      CylancePROTECT Mobile
      app can't be activated on the device.
      Work apps exempt from VPN
      If the Force work apps to only use VPN rule is selected, you must enter
      com.android.chrome
      to allow the
      Chrome
      browser to access the network and activate the
      CylancePROTECT Mobile
      app on the device before the VPN is connected. This rule applies to devices running Android OS 10.0.0 or later.
    2. To allow devices to send data through the
      CylanceGATEWAY
      tunnel if
      Force always-on VPN
      is not selected, select
      Allow user-configured VPN in workspace
      .
    If neither
    Force always-on VPN
    nor
    Allow user-configured VPN in workspace
    is selected, the device will not allow work apps to send data through the tunnel.
  3. Assign the IT policy to users.