SRP VPN does not automatically turn off on iOS after initial assessment completes when app is in non-interactive mode

book

Article ID: 195977

calendar_today

Updated On:

Products

Endpoint Protection Mobile

Issue/Introduction

This happens under very specific circumstances.

1. Non-Interactive App Mode is enabled under Settings>SEP Mobile App>NonInteractive App Mode
2. Sensitive Corporate Resources are configured under Settings>Security>Sensitive Corporate Resources
3. Block access to defined Sensitive Corporate Resources is checked under Settings>Security>Compliance

After enrolling iOS devices with these settings enabled, enrolled iOS devices will have be initially non-compliant and unable to access sensitive corporate resources as the Selected Resources Protection (SRP) VPN will be enabled. After the initial security assessment completes, the device will become compliant, but the SRP VPN will not automatically disengage and allow connections to the Sensitive Corporate Resources. The SRP VPN can be manually disabled.

Environment

iOS

Resolution

To workaround this issue, disable non-interactive app mode under Settings>SEP Mobile App>NonInteractive App Mode.

To partially simulate non-interactive mode , push notifications to users can be disabled.