Devices are considered to be inside the Trusted Zone when they are connected to a computer inside the Trusted Network or the computer has a Trusted Certificate.
Trusted Network can be configured for each policy much, in the same way, GeoLocation is configured. For more information see: Geolocation Management Functions
If not enabled all live connections to the SafeConsole Server are considered to be inside the Trusted Network and thus inside the Trusted Zone. Configuring an IP, Country, or ISP will then create an allowlist so only devices inside this network will be inside the Trusted Network.
Trusted Certificates are the other way to be inside the Trusted Zone. A certificate is installed on the computer when ZoneBuilder is enabled and the computer is inside the Trusted Network. This allows the computer to leave the Trusted Network yet still be inside the Trusted Zone. An example would be an employee who could register their device on a laptop that is inside the Trusted Network then take it off-site or offline and still get the benefits of being in the Trusted Zone.
***If using a Custom CA signed certificate, the client certificate will not automatically install when unlocked inside the Trusted Network. An admin will have to implement a way to install the client certificates into the user's personal trust store.
Once the Trusted Zone is established, an admin can set policies that dictate based on if the device is inside the Trusted Zone or not. Examples of these policies include:
- Unlocking in Read-Only mode outside the Zone
- Allowing Automatic Login inside the Zone
- Blocking the Device from unlocking outside the Zone
- Publishing files inside the Zone
Hierarchy of Restrictions:
GeoFence / Device State will block devices even if they are inside the Trusted Zone.