Configure mobile policies for your organization based on your security requirements.

  • A user, group or organizational unit can only be on the target list of one policy at a time.
  • In Google Workspace, one user can only be assigned to one organizational unit.
  • If a user is the member of multiple groups and the groups are targets of different policies, only the highest priority policy affects the user.
  • If a user is on the target list of a policy, and another policy targets a group the user is a member of, then only the highest priority policy affects the user.


  1. On the Trend Vision One console, go to Mobile SecurityMobile Policy.
  2. Click one of the available tabs.
    • Android
    • iOS/iPadOS
    • ChromeOS
  3. Click Create or click the name of an existing policy.
  4. On the General Settings screen, specify a policy name and select the protection strength that best suits your needs, or click Custom to customize your own policy.
    The protection strength selected in the General Settings screen provides predefined settings accordingly in subsequent steps. You can modify the predefined settings during later configuration.
    If you modify the predefined settings, the protection strength changes to Custom.
  5. (For Android and ChromeOS only) Configure Malware Detection settings.
    1. Click Malware Detection.
    2. Choose the scan scope.
    3. Configure malware scan criteria.
      • Malware
      • Unofficially modified app content/data
      • Transmission of personal data without consent
      • System/App vulnerabilities
  6. Configure Wi-Fi Protection settings.
    1. Click Wi-Fi Protection.
    2. Configure Wi-Fi scan criteria.
      • Automatic decryption of HTTPS traffic
        The Wi-Fi network traffic is decrypted, which may result in data leakage.
      • Unsafe access point
        The device is connected to an insecure Wi-Fi network.
      • Invalid or malicious SSL certificate
  7. Configure Configuration Manager settings.
    1. Click Configuration Manager.
    2. Configure configuration scan criteria.
      Supported Operating System
      Rooted device
      The device is rooted.
      Android, ChromeOS
      Developer mode enabled
      The developer mode is enabled.
      Android, Chrome OS
      USB debugging enabled
      USB debugging is enabled.
      Android, ChromeOS
      Outdated security patch
      The device security patch is out of date.
      Jailbroken device
      The device is jailbroken.
      Lock screen disabled
      • (For Android) The device is not locked with a PIN, pattern, or password.
      • (For iOS/iPadOS) The device is not locked with a passcode, Touch ID, or Face ID.
      Android, iOS/iPadOS
      Outdated OS
      The device operating system is out of date.
      Android, iOS/iPadOS
      Vulnerable OS
      The device operating system is vulnerable.
      Android, iOS/iPadOS
  8. Configure Web Reputation settings.
    Trend Micro Web Reputation technology assigns websites a "reputation" based on an assessment of the trustworthiness of a URL, derived from an analysis of the domain.
    1. Click Web Reputation.
    2. Select a security level.
    3. To automatically approve or block certain websites, specify the websites in the following formats based on device platforms and add them to the allow list or to the block list.
      Website format
      • URL
      • FQDN
      • URL
      • FQDN
      • URL
      • FQDN
      • IP address
      • CIDR block
      Wildcard character support
      • *
      • ?
      • * : Matches any number of characters
      • ? : Matches a single character in a specific position
  9. Configure policy targets.
    1. Click Targets.
    2. Specify one or more users, groups, or organizational units.
      Specifying a user, group or organizational unit that is on the target list of another policy removes the user or group from the previous policy. The previous policy no longer affects the user, group or organizational unit.
  10. Click Save.
  11. (Optional) Click Continue if you are prompted to confirm the policy changes.
    This step is required only if you have added or deleted policy targets when editing a policy.