In short, we are using a MDM solution that the MDM uses cloudfront.net as it's hosting platform for apps, images, icons, etc.
With the nature of the MDM, firewall, etc in order to make the apps work, the "only" 2 solutions we found are:
whitelist cloudfront.net
but due to security reasons we cannot do that. So instead, every single time our MDM solution uploads to cloudfront, we have to get a pcap data, get the URL, and add that URL to the whitelist. for instance KHIHDGJ.cloudfront.net
The former solution is not a feasible solution since we'd be sitting all day whitelisting URLs individually.
My question, are there any other ways to NOT whitelist the entire domain of cloudfront.net while NOT whitelisting individual URLs?
MDM = Knox Configure
Firewall = ZScaler
*adding a few things
This is regards of cert inspection. ZScaler inspects each path and adds in their "special sauce". but the Samsung devices can't use special sauce and must have a direct link to the cert not a hashed version
No comments:
Post a Comment