Devices are considered to be inside the Trusted Zone when they are connected to a computer inside the Trusted Network or the computer has a Trusted Certificate.
Trusted Network can be configured for each policy much in the same way GeoLocation is configured. For more information see: Geolocation Management Functions
If not enabled all live connections to the SafeConsole Server are considered to be inside the the Trusted Network and thus inside the Trusted Zone. Configuring an IP, Country, or ISP will then create an allowlist so only devices inside this network will be inside in the Trusted Network.
Trusted Certificates is the other way to be inside the Trusted Zone. A certificate is installed to the computer when ZoneBuilder is enabled and the computer is inside the Trusted Network. This allows the computer to be leave the Trusted Network yet still be inside the Trusted Zone. An example would be an employee could register their device on a laptop that is inside the Trusted Network then take it off site or offline and still get the benefits of being in the Trusted Zone.
***If using a Custom CA signed certificate, the client certificate will not automatically install when unlocked inside the Trusted Network. An admin will have to implement a way to install the client certificates into the user's personal trust store.
Once the Trusted Zone is established, an admin can set policies that dictate based on if the device is inside the Trusted Zone or not. Example of these policies include:
- Unlocking in Read Only mode outside the Zone
- Allowing Automatic Login inside the Zone
- Blocking the Device from unlocking outside the Zone
- Publishing files inside the Zone
Hierarchy of Restrictions:
GeoFence / Device State will block devices even if they are inside the Trusted Zone.