Transcription
Mobile Endpoint SecurityUnlock the benefits ofmobility to work faster,better, and smarterPotential benefits Windows 10, iOS, andAndroid managementavailable Multi-OS Security Effective data security andcompliance Help Desk and IT reportingand efficiencyFeaturesMobileIron Core from AT&T (“the Solution”) providesorganizations with the platform required to moreeffectively secure mobile apps, content, and devices.Users benefit from near seamlessaccess to the business processesand content on mobile devices oftheir choice, while providing IT theability to more effectively securecorporate data on both corporateand personally owned mobiledevices. By providing a modernUnified Endpoint Management(UEM) Solution that supportsboth business productivity and ITsecurity requirements, MobileIronCore from AT&T enables today’senterprises to become mobile first.1MobileIron Core from AT&Tbundles are specifically designedto support the 3 main phases ofthe mobile-first journey: 1) Deviceand Email Security, 2) Mobile Appand Content Enablement, and 3)Business and IT Transformation.Each bundle provides essentialcapabilities required tosuccessfully deploy each phase.With the Solution, organizationshave the foundation they need tobuild a mobile security programthat enables choice whileaddressing specific mobilesecurity requirements. Highly secure enterprisegateway Highly secure applicationsand app-specific VPNs Single sign on Enterprise app store Workflow integration Visibility and reporting End-user and self-service viaBYOD portal Access provides conditionalaccess to services frommobile apps and browsers MobileIron Threat Defenseprovides a view into maliciousthreats using one app on iOSand Android devicesPRODUCT B R I E F
Mobile Endpoint SecurityCore Silver bundleThe Silver bundle provides all the essential capabilitiesrequired to build the foundation of a mobile-firstenterprise. The UEM Silver bundle includes capabilitiesthat allow for near-seamless device onboarding,configuration of security settings, app distribution,policy enforcement, and remediation.Core Gold bundleThe Gold bundle is designed for customers ready totake the next step of the mobile-first journey byproviding highly secure apps and content on anysubscribed devices.Core Platinum bundleFor the best performance, Gold licenses are advised.MobileIron Access is only available for per userlicenses and may be purchased for use with a singlecloud application or for use with multiple applications.Additional installation and configuration services maybe required.MobileIron Threat DefenseMobileIron Threat Defense protects and remediatesagainst known and unknown threats on Android andiOS mobile devices. With one app, you can detect andremediate known and zero-day attacks on the subscribeddevices without disruption to users’ productivity.MobileIron Threat Plus includes additional reportingcapability. Installation at an additional cost.The Platinum bundle is designed for organizationsthat have a solid mobile foundation and are ready toenter the advanced stages of the mobile-first journey.The Platinum bundle provides additional capabilitiesincluding a highly secure per-app VPN, Help Desk toolsfor remote viewing and control over end-user devices,and integrations with specific third-party productsand services.MobileIron optional add-on featuresAccessMobileIron Access is a cloud security Solution thatprovides conditional access to cloud services frommobile apps and browsers. Unlike traditional securityapproaches, MobileIron Access correlates user identitywith unique information feeds such as device postureand app state. MobileIron helps ensure that businessdata stays within IT bounds so it can’t be stored onunsecured devices or shared with unauthorized cloudservices. With MobileIron Access, organizationsbenefit from a standards-based approach, includingOffice 365, without requiring proprietary integrations.2PRODUCT B R I E F
Mobile Endpoint SecuritySilverGoldPlatinumCore PortalA central administrative console SentryAn in-line intelligent gateway that manages, encrypts, andhelps secure the traffic between mobile devices and back-endenterprise systems Apps@WorkAn enterprise app store that can be used to house all of thecustomer’s public and in-house applications AppConnectContainerizes apps to help protect corporate data-at-restwithout touching users’ personal data Email A highly secure email/personal information manager (PIM) appfor iOS and Android Kiosk Mode/AppleBusiness ManagerIn the US, Apple allows accredited businesses with a DataUniversal Numbering System (DUNS) number to automaticallyenroll new devices purchased directly from Apple Bridge and DerivedCredentialsBridge unifies mobile and desktop operations for Windows 10using a single console. Derived Credentials is used by federalagencies so that mobile devices can access agency informationwithout needing additional hardware Docs@WorkEnables users to annotate, share and view businessdocumentation from email, enterprise file repositories andcloud file repositories Web@WorkA highly secure browser that lets users access web contentwithin the enterprise’s intranet without requiring them to use adevice-wide VPN Help@WorkHelp desk tools that allow users to request help with a tap andenable IT staff to remotely view a user’s screen TunnelA per-app VPN for business apps and data that enables mobileapps to access corporate data and content that is behind a firewall ServiceConnectintegrations*ServiceNow integration to streamline IT workflows MobileIron AccessA cloud security Solution that provides conditional access tocloud services from one or multiple mobile apps and browsersMobileIron Threatand MobileIronThreat Defense Help guard against data loss from mobile threat eventsAdd on SKU. Gold bundle recommendedAdd on SKU* ServiceConnect integrations available with the Platinum bundle include MobileIron developed software to integrate with specific thrid-party productsand services. API-based integrations do not require the purchase of the Platinum bundle.3PRODUCT B R I E F
Mobile Endpoint SecurityLicense and pricing optionsSilverGoldPlatinumDevice perpetual license75 110 15 17 30 22 2530 48 72 4 6110 165 22 2530 33 3795 72 108 6 9140 210 28 3220 42 4830 90 138 507 5011 User perpetual licenseDevice maintenance - AT&T supportDevice maintenance - MobileIron supportUser maintenance - AT&T supportUser maintenance - MobileIron supportDevice subscription licenseUser subscription licenseDevice MRC licenseUser MRC license Configuration and trainingEnterprise Supportconfiguration and training – 3,500AT&T will provide implementation services connected with the purchase of SilverMobileIron Software Licenses. The deployment will be conducted remotely in ahosted environment with the integration supported by on-premises MobileIronConnector to Active Directory in the client’s data center and one Sentry.Enterprise Supportconfiguration and training – 7,500AT&T will provide implementation services connected with the purchase of Gold orPlatinum MobileIron Software Licenses. The deployment will be conducted remotely ina hosted environment with the integration supported by on-premises MobileIronConnector to Active Directory in the client’s data center and two Sentries.(required with Silver licenses)(required with Gold & Platinumlicenses)Training topics include: Overview of Core architecture and features Device registration and retirement Device configuration management Device troubleshooting User management Policy management and security Application management Reports and logsFeature add-on options18 ARC Access user – annual subscription with a single enterprise cloud license 48 ARC 72 ARC 72 ARC 108 ARC MobileIron Threat Defense device – subscription MobileIron Threat Defense user – subscription MobileIron Threat Defense device – subscriptionMobileIron Threat Defense user – subscription448 ARCAccess user – subscription 4 MRC4 MRC6 MRC6 MRC9 MRCPRODUCT B R I E F
Mobile Endpoint SecurityOptional professional servicesInstallation of oneadditional MobileIronSentryMobileIronadministratortraining 995 1,500If you require the installation of an additional MobileIron Sentry, AT&T will install it on aserver that you provide and integrate it with MobileIron Core. Customer will provision,set up, and configure any load-balancing equipment or software required to front-endthe MobileIron Sentry softwareFor additional training for system administrators, AT&T will coordinate a webconference for up to 10 people. This half-day training will be a mixture of slidepresentation, lecture, and demonstration regarding the MobileIron virtualsmartphone platform.Customers who want greater uptime can utilize the High Availability Professional Service: Review of the customer’s existing traffic management and monitoring systemrequired to redirect network traffic to the redundant serverHigh availability 6,000 Installation of a redundant server on the customer-provided platformand one optional sentry (an existing in-service Core is required) Installation and testing of the synchronization script between Core and the failover.Note: Customer is responsible for providing a server/appliance for the installation ofthe redundant server and to provide a traffic management and monitoring systemto redirect network traffic to the failover. Optional hardware appliances (servers) areavailable only to U.S. customers at an additional charge of 7,500 or 25,000 each.To use Certificate Authentication, the customer’s UEM server will need to beconfigured to issue certificates. Certificate authentication provides enterprisesthe ability to establish identity while eliminating the need for end users to enterusernames and passwords on their mobile devices to access corporate resources,such as Exchange ActiveSync, VPN, and Corporate Wi-Fi.Service scopeAT&T will implement and configure the integration settings to enable the MobileIronCore appliance to issue certificates to mobile devices from a supported interface tothe customer’s Certificate Authority. AT&T will complete the Certificate Authorityintegration configuration and settings:AdvancedAuthentication usingCertificates andKerberos Delegation 1,750 Create one certificate template representing the customer’s desired type of identitycertificate Define one-device policy profile for Exchange ActiveSync auto-configuration usingan UEM-issued identity certificate Define one-device policy profile for VPN client auto-configuration using anidentitycertificate Define one-device policy profile for preferred WiFi network auto-configuration usingan identity certificate Configure the service accounts in ActiveDirectory (User or Computer object) forKerberos authentication delegation and create service principal names (SPNs) ifnecessaryConfigure the email proxy service to request Kerberos delegated credentials onbehalf of device users for mailbox accessAT&T will assist with the testing of each device profile on a single supported device.**Diagnosis and remediation of failed test cases to verify that a certificate of the correct type is issued by the Certificate Authority and installed within thedevice certificate store. The customer is responsible for any diagnosis or remediation of authentication or authorization failures within the authentication,authorization and accounting (AAA) infrastructure.For more information on AT&T Cybersecurity Mobile Endpoint Security Solutions,contact your sales representative or visit our MobileIron webpage.5PRODUCT B R I E F
Mobile Endpoint SecurityImportant Information:General: MobileIron Core as described in this product brief (the “Solution”) isavailable only to eligible customers with a qualified AT&T agreement (“QualifiedAgreement”). The Solution is subject to (a) the terms and conditions found athttps://www.mobileiron.com/en/legal/customer agreement (“AdditionalProduct Terms”); (b) the Qualified Agreement; and (c) applicable SalesInformation. For government customers, any Additional Product Terms notallowable under applicable law will not apply, and the Qualified Agreementwill control in the event of any material conflict between the QualifiedAgreement and the Additional Product Terms. Any service discounts,equipment discounts, and/or other discounts set forth in the QualifiedAgreement do not apply to the Solution. The Solution may not be availablefor purchase in all sales channels or in all areas. Additional hardware,software, service and/or network connection may be required to access theSolution. Availability, security, speed, timeliness, accuracy and reliability ofservice are not guaranteed by AT&T. Additional fees, charges, taxes andrestrictions may apply.A minimum of 50 Solution licenses is required for initial purchase. TheSolution’s functionality is limited to certain mobile devices and operatingsystems. A list of supported operating systems can be obtained bycontacting an AT&T Account Executive. Not all features are available on alldevices. All amounts paid for the Solution are non-refundable. Billing beginsas of Effective Date of applicable order. Users may download licensedSoftware onto a maximum of 3 devices. If any user exceeds the 3 device limitper license, an additional monthly license fee will be charged.The Solution is available only to Customers with a qualified AT&T business orgovernment agreement (“Enterprise Agreement”) and a FoundationAccount Number (“FAN”). The Solution is available for use with multiplenetwork service providers. Qualified Responsibility Users (“QRUs”), IndividualResponsibility Users (“IRUs”) and Bring Your Own Device (“BYOD”) users areeligible to participate in the Solution. With respect to users subscribed to anAT&T wireless service, activation of an eligible AT&T data plan on acompatible device with short message service (“SMS”) capabilities isrequired. With respect to use of the Solution with devices subscribed tonon-AT&T wireless providers, Customer is responsible for ensuring that itsapplicable end users and the Solution comply with all applicable terms ofservice of such other wireless carrier(s). All associated voice, messaging anddata usage will be subject to the applicable rates and terms of such otherwireless carrier(s). Refer to applicable wireless carrier(s) for such rates, termsand conditions. A compatible device with SMS capabilities is required. TheSolution software requires a MobileIron operating environment server or,where available, the purchase of a MobileIron appliance from AT&T. Customeris responsible for the configuration of the appropriate Domain Name System(DNS) prior to AT&T installation activities. Core integration with enterprisepublic key infrastructure is not included. The Solution’s administrative interfaceis accessed via a Web portal and requires a PC with internet connection. TheSolution may be used as a tool to configure and customize certain settingsand features and perform software updates only for compatible devices.Improper or incomplete configuration and/or downloads performed byCustomer may result in service interruptions and/or device failures. AT&T doesnot guarantee compliance with such customized settings and/or updates.Customer must accept the Additional Product Terms as the party liable foreach CRU, and agrees in such case that the CRU will comply with theobligations under the Additional Product Terms, including but not limited tothe limitations of use in certain countries. See your account representative foradditional information regarding use of the Solution outside the U.S. Customeris responsible for providing each CRU of an enabled mobile device with a copyof the Additional Product Terms. The Customer and the CRU are individuallyand jointly liable under the Additional Product Terms. With regard to use of theSolution by residents of countries other than the U.S., Customer agrees tocomply with the additional terms and conditions of use located in the CountrySpecific Provisions portion of the MobileIron Cloud Service Guide located athttps://serviceguidenew.att.com. Not all optional features are available inevery country.About AT&TCybersecurityData privacy: Customer Personal Data: Customer Personal Data may betransferred to or accessible by (i) AT&T personnel around the world; (ii) thirdparties who act on behalf of AT&T or AT&T supplier’s behalf as subcontractors;and (iii) third parties (such as courts, law enforcement or regulatoryauthorities) where required by law. Customer will only provide or makeCustomer Personal Data accessible when Customer has the legal authority todo so and for which it has obtained the necessary consents from its end users,and will camouflage or securely encrypt Customer Personal Data in a mannercompatible with the Solution. The term Customer Personal Data includes,without limitation, name, phone number, email address, wireless locationinformation or any other information that identifies or could reasonably beused to identify Customer or its end users. Customer is responsible forproviding end users with clear notice of AT&T and Customer’s collection anduse of Customer Personal Data obtained via the Solution, including, withoutlimitation, end user device location information, and for obtaining end userconsent to that collection and use. Customer may satisfy its notificationrequirements as to AT&T by advising end users in writing that AT&T and itssuppliers may collect and use Customer Personal Data by providing for enduser review the relevant links to the Product Brief or other sales informationthat describes the Solution and to AT&T Privacy Policy at https://about.att.com/csr/home/privacy.html. Customer is responsible for notifying endusers that the Solution provides unified endpoint (UEM) capabilities and allowsCustomer to have full visibility and control of end users’ devices, as well as anycontent on them.Professional Services: Upon completion of Professional Services, Customermust either sign the acceptance document AT&T presents or provide withinfive business days of the service completion date written notice to AT&Tidentifying any nonconforming Professional Services. If Customer fails toprovide such notice, Customer is deemed to have accepted the ProfessionalServices. Customer acknowledges that AT&T and Customer are independentcontractors. Customer will in a timely manner allow AT&T access as reasonablyrequired for the Professional Services to property and equipment thatCustomer controls. The Professional Services provided shall be performedMonday through Friday, 9:00 a.m. to 5:00 p.m., Eastern time. The mandatorysoftware installation and configuration is estimated to take two days and mustbe completed within 45 days of order placement. If Customer’s acts oromissions cause delay of installation and configuration beyond 45 days oforder placement, AT&T will invoice Customer for the installation andconfiguration charges after the 45th day. If the Professional Services providedin connection with the Solution are more complex than those described in thisProduct Brief, then a separate statement of work describing the activity andrelated terms and pricing will be executed. If impediments, complications orCustomer-requested changes in scope arise (Changes), the schedule, Solutionand fees could be impacted. In the event any Change(s) affect the Solution orfees, the parties will modify Customer’s order (or statement of work, ifapplicable) accordingly by executing a change order.As between AT&T and the Customer, the Solution is provided “AS IS” with allfaults and without warranty of any kind. AT&T HAS NO DEFENSE, SETTLEMENT,INDEMNIFICATION OR OTHER OBLIGATION OR LIABILITY ARISING FROM THEACTUAL OR ALLEGED INFRINGEMENT OR MISAPPROPRIATION OFINTELLECTUAL PROPERTY BASED ON THE SOLUTION.AT&T reserves the right to (i) modify or discontinue the Solution in whole or inpart and/or (ii) terminate the Solution at any time without cause. AT&Treserves the right to conduct
4 PCT RIEF License and pricing options Silver Gold Platinum Device perpetual license 75 110 140 User perpetual license 110 165 210 Device maintenance - AT&T support 15 22 28 Device maintenance - MobileIron support 17 3025 3220 User maintenance - AT&T support 22 33 42 User maintenance - MobileIron support 25 303795 48 Device subscription license 48 72 90 User subscription license
