Hexnode + ZScaler (device ownership) for mobile devices

expand collapsive


We’re currently implementing a BYOD policy in the organization, and we’re required to inject the device ownership into the ZScaler Client Connector app for mobile devices.

ZScaler provides zero-trust network access, cloud firewall among other features, and we can specify URL control based on device risk level composed of device posture checks. An ownership posture check is available for both Android and iOS, but it requires to be injected during app instalation.

On Hexnode side, when injecting the app configuration into an application deployment in the policy, I’d imagine we could use a wildcard %ownership% or even %device_ownership%. It turns out this wildcard is not supported.

For Android, we ended up solving this by creating 2 policies, one injecting a pre-fabricated XML configuration for ownership=corporate and another one for ownership=personal. Finally, we created 2 dynamic groups for each type of Hexnode Ownership information and associated each corresponding policy.

For iOS, we were not so lucky. We must inject app configuration at the Applications level, not at a policy. We attempted to create 2 Applications (one for corporate, one for personal) without success. We can either have a personal app, or a corporate app.

We were told the best suggestion would be to use the wildcard %devicenotes% and place comments as “corporate” or “personal”. While this is a stop-gap until a proper solution exists in Hexnode, how can we automate the device notes to be added during enrollment so the proper configuration can be defined as intended?

Assuming the answer leads to nowhere, what would be the ETA to have either %ownership% (or %device_ownership%) or a policy-based app configuration for iOS?

All Replies

  • Hello @guilherme-blanco, welcome to Hexnode Connect!

    Thank you for taking the time to provide us with a detailed explanation of your requirements. We have taken it up with our team to add a new wildcard representing the ownership of the device. We’ll make sure to treat it with priority and let you know as soon as we have an update.

    Please don’t hesitate to reach out in case of any further queries.

    Best regards,
    Chloe Edison
    Hexnode UEM