App Inactivity Threat Category

Jamf Protect Documentation
Solution
Application
Content Type
Technical Documentation
Utilities & Services
ft:locale
en-US

The App Inactivity threat category indicates when the Jamf Trust app is inactive on a device, thus posing a potential risk. An application is considered inactive if Jamf has not received an application status from a user for a specified amount of time, or if the application was never activated at all. You can enable this feature and use it in combination with conditional access policies to encourage your users to fully enroll into Jamf.

A device may have an inactive app for various reasons, but is often due to users not completing the activation process. It is also possible that some users have activated the app, but have later removed it. Notifying or restricting users without an active app on their devices helps you ensure that devices are adequately protected.

There are two modes relating to this threat category:
  • Active

    Threat occurrences are reported in the Reports > Security > Threat View or Device View, and notifications (if set up) are sent.

  • Log-Only

    Threat occurrences are only visible in the Event Log, and are not reported on the Threat View or Device View. Users and admins are not notified.

While all other threat categories are active by default and can be changed, the App Inactivity threat category is in Log-Only mode mode by default.

To view the App Inactivity threat category in Jamf Security Cloud, select Policies > Security > Threat Prevention, then scroll down to the Device list.

The severity of a threat affects the Device Risk Level. If you enable the App inactivity threat category, the threat will affect device risk posture and reporting. Select the Settings icon to adjust the threshold for when a device should be considered inactive. If the threshold is set to 7 days, the default setting, the risk level and any UEM conditional access policies will be applied to devices that have not sent a status update to Jamf for 7 days.

If your method of device enrollment allows, you can encourage your users to complete the app activation process by selecting Alert User.

Conditional Access Policy

To enforce the activation of the Jamf Trust app, you can set a UEM conditional access policy so that users without an active app will not be able to access some of your company resources, such as emails or internal portals. This can be done by using the Signal UEM column for most UEM solutions, or by letting the threat affect the Risk Level for Microsoft Intune.

For more information, see Configuring Signal UEM Using Jamf Security Cloud.