Secure Access Module Deployment

Deploy the Secure Access Module to supported endpoints/mobile devices and manage the deployment status in the Trend Vision One console.

Before deploying the Secure Access Module, install the Agent on desired endpoints or the Mobile Agent on desired mobile devices. The Secure Access Module serves as a separate app on endpoints and a feature of the Mobile Agent on mobile devices.

The Secure Access Module authenticates users when they sign in and then controls their access to internal apps and the internet based on configured secure access rules.

Important:

Make sure you have configured SAML single sign-on under Account > Single Sign-On. Trend Vision One works with your SAML-based IAM vendor to authenticate your company's users when they sign in to and use the Secure Access Module.

The following table outlines the options available on the Secure Access Module screen.

Tab	Description
Endpoint List (Endpoints > Endpoint List)	Displays a list of the endpoints in your environment that have deployed the Agent. The Endpoint List screen allows you to configure Secure Access Module settings by individual endpoint. Select endpoints to deploy or remove the Secure Access Module. Select endpoints with the Secure Access Module deployed to replace the Proxy Auto-Configuration (PAC) file in use. To install the Agent on endpoints, click Download the Agent Installer and download the installation package based on the operating systems. To stop automatic upgrade on the Secure Access Module during a specified time period to avoid service disruption, click , select the check box, and then specify the start and end time. Note: You can specify the time period of no longer than 18 hours.
Endpoint Groups (Endpoints > Endpoint Groups)	Displays a list of the endpoint groups in your environment that have been created in the Endpoint Inventory app. The Endpoint Groups screen allows you to configure Secure Access Module settings by endpoint grouping. Select endpoint groups to deploy or remove the Secure Access Module. Select endpoint groups with the Secure Access Module deployed to replace the Proxy Auto-Configuration (PAC) file in use. To add a new endpoint group, click Create Endpoint Group, and then create a group and assign endpoints in the Endpoint Inventory app.
Mobile Devices	Displays a list of the groups in your environment that have deployed the Mobile Agent Select groups to enable or disable the Secure Access feature. For more information, see Deploying the Secure Access Module to Mobile Devices. To install the Mobile Agent on mobile devices, click Deploy Mobile Agent to go to Mobile Inventory and complete the Mobile Agent deployment process.
Action Required	Displays a list of the endpoints that encountered issues while attempting to deploy or remove the Secure Access Module Note: You may be able to resolve some issues by attempting to deploy or remove the Module again, or by upgrading the endpoints to supported operating systems. For other issues, contact your support provider.
Global Settings	Configure the authentication method for the Secure Access Module Note: Browser-based authentication only supports Azure AD and Okta for SAML single sign-on (SSO) authentication. Configuring an unsupported IdP automatically switches to module-based authentication. Select how the Secure Access Module sends traffic from your users' devices for Internet Access Tip: If your users' devices are using the Wintun virtual adapter for certain applications, Trend Micro recommends using the TUN mode (TAP-Windows) for Internet Access. The Localhost proxy mode forces all Internet Access traffic to go to the local host. The Adaptive mode allows the Secure Access Module to switch among the supported modes based on the network environments of devices.