Getting Started Guide – Unmanaged Customer

Trustd MTD will keep your business, mobiles, employees and data secure from cyber criminals. In order to protect your business, there are a few quick and easy steps to follow.

If you’re only protecting a few devices, you only need to follow Step 1 and Step 2

Step 1 – Login to Trustd MTD for the first time

  1. Search your mailbox for an email from “noreply@control.traced.app” with the subject “Trustd console sign in invitation
  1. Press “Start using the Trustd console” and sign in with your email and the temporary password from the email in the previous step.
  1. Set a unique password, agree to our terms and conditions, then press “Update

Step 2 – Add your first device

  1. Login to Trustd MTD with the new password you set in step 1
  2. Enter the email address for the first user you wish to protect, then press “Next

Note: If you are using an MDM to deploy the Trustd app to your first device, press the “Have an MDM?” button and skip to “(Optional) Bulk enrol devices”.

  1. On the mobile device that you wish to protect, follow one of these instructions:
  1. Once your device is reporting “protected”, you’re all set. You can return to the Trustd MTD console and hit “Done” if you wanted to familiarise yourself with the dashboard, or if you want to protect more devices, follow the instructions in the previous section for each device.

Note: If you’re enrolling more than 10 devices, refer to (Optional) Bulk enrol devices”.

 (Optional) Bulk enrol devices

If you would like to add multiple devices at once, there are a number of options available. To see these options, navigate to “Devices” -> “Import” in the Trustd MTD dashboard.

Trustd MTD Bulk Enrolment Options: Microsoft Intune, MDM Microsoft Entra ID and CSV

If you don’t use Microsoft Entra ID, Microsoft Intune or another MDM, then you simply need to hit “Get Started” under the “CSV” header and follow the instructions to upload a list of emails to be invited.

(Optional) Bulk enrol via Microsoft Entra ID (formerly Azure AD)

If you’d like to bulk enrol your Microsoft Entra ID users via email, follow these steps:

  1. Hit “Get Started” under “Microsoft Entra ID (formerly Azure AD)” in “Devices” > “Import” in the Trustd MTD dashboard.
  1. If you haven’t already done so, click the “authorise us” link to integrate Trustd MTD with Entra ID.
  1. Check that your Microsoft user and tenant meet the requirements section, and if so, press “Authorise Now”.
  1. Authenticate with your Microsoft credentials and press “Accept” to link Trustd MTD with your Entra ID Tenant.
  1. Press the “Invite people” link then “List Users
  1. From the list, select the users you want to invite, then click “Invite Selected Users”.
  1. Select Personal or Corporate mode, depending upon who owns this device. 

Note: for more information on the differences between these two modes, go to What my company can see.

  1. On the mobile devices that you wish to protect, the user should follow one of these instructions:

(Optional) Bulk enrol via Microsoft Intune

If you’d like to bulk enrol your devices via Microsoft Intune, follow these steps:

  1. (Optional) If you want to enabled one-touch enrolment to reduce the steps users need to take in-app to get started, go to “Devices” > “Policies” > “Enrolment” and “Edit Policy” and toggle on “Skip terms and conditions on device enrolment”.
  3. Hit “Get Started” under “Microsoft Intune” in the page from “Devices” -> “Import” in the Trustd MTD dashboard.
  4. Select which platforms you plan to protect.
  1. Press “Next”.
  2. (Optional) If you want to enable one-touch enrolment to reduce the steps users need to take in-app to get started, toggle on “Skip terms and conditions on device enrolment”.
  1. If you’re protecting only Apple iOS devices, skip to step 7 below. Otherwise, add the Trustd app for Android to Microsoft Intune as a Managed App from the Google PlayStore: https://play.google.com/store/apps/details?id=app.traced&hl=en_GB&gl=US 
  2. Create a Managed Devices – App Configuration Policy for the Android app. When prompted select “Configuration settings format” choose “Enter JSON Data” and copy and paste the contents of the Android template section from step 5. 
  3. If you’re protecting only Android devices, skip to step 9 below. Otherwise, add the Trustd app for iOS to Microsoft Intune as a Managed App from the Apple AppStore: https://apps.apple.com/gb/app/id1519403888  
  4. Create a Managed Devices – App Configuration Policy for the iOS app. When prompted to select “Configuration settings format” choose “Enter XML Data” and copy and paste the contents of the iOS template section in step 5. 
  5. Click “Next
  6. Follow the recommended guides to reduce enrolment steps for each device by automatically configuring Trustd’s protection in Microsoft Intune. Then press “Next”.
  7. Deploy the Trustd app to your device(s) through Microsoft Intune.
  1. You may want to copy and paste the email instructions to circulate amongst your users which will guide them through the few clicks that they’ll need to follow to protect their devices.

(Optional) Automatic VPN Configuration via Microsoft Intune

  1. Follow the instructions in this guide to automatically configure VPN-based Web Protection

(Optional) Automatic Configuration for Supervised iOS via Microsoft Intune

  1. Login to Microsoft Intune (aka Microsoft Endpoint Manager)
  2. Navigate to Devices > iOS/iPad > Configuration Profiles
  3. Click “Create Profile” and choose:
    • Platform: iOS / iPadOS
    • Profile Type: Templates
    • Template Name: Device Features
  4. At the “Configuration Settings” page, input the following configuration:
    • App Notifications: Add
      • App Bundle ID: app.traced
      • App Name: Trustd Mobile Security
      • Publisher: Traced Ltd
      • Notifications: Enable
      • Show in Notifications Centre: Enable
      • Show on Lock Screen: Enable
      • Alert Type: Banner
      • Badges App Icon: Enable

(Optional) Zero-touch protection on Android to automatically Enrol Devices via Intune

  1. Edit the Configuration Settings of the Device Restrictions Configuration Policy that was created in the “Automatic VPN Configuration via Microsoft Intune” section above.
  2. Under “General” > “Fully managed…” set “Default permission policy ” to “Auto-grant”

You can also use the Samsung Knox Service Plugin app to enable zero-touch deployment to Android apps. Before following these settings, make sure that your devices have a Knox version >3.0 in this list here and your environment meets the minimum requirements listed here.

  1. Login to Microsoft Intune
  2. Navigate to apps > Android
  3. Press “Add”
  4. Select “Managed Google Play App”
  5. Press “Select”
  6. Search for “Knox Service Plugin”
  7. Select “Knox Service Plugin”
  8. Press “Select” > “Sync”
  9. Navigate back to apps > Android
  10. Select “Knox Service Plugin”
    • If you don’t see it yet, make a cup of tea, then hit “Refresh”
  11. Press “Properties”
  12. Press “edit” next to Assignments
  13. Choose the desired assignments
  14. Press “Review & Save”
  15. Navigate to Devices > Android > Configuration Profiles
  16. Press “Create profile”
  17. Select “Android Enterprise”
  18. Select “OEM Config”
  19. Press “Create”
  20. Name the Policy “Knox Configuration”
  21. Press “select an OEMConfig app”
  22. Select “Knox Service Plugin”
  23. Press “Select”
  24. Press “Next”
  25. Press “Configure” next to “Device-wide policies”
  26. Set “Enable device policy controls” to “true”
  27. Press “Application management policies”
  28. Next to “Application management controls” select “true”
  29. Next to “Battery optimization allowlist” add:
    • app.traced
    • any other apps, separated by commas, to grant the Unrestricted battery optimization policy to.
  30. Choose the desired assignments
  31. Press “Save”

(Optional) Bulk enrol via an MDM

If you’d like to bulk enrol your devices via an MDM, follow these steps:

  1. (Optional) If you want to enabled one-touch enrolment to reduce the steps users need to take in-app to get started, go to “Devices” > “Policies” > “Enrolment” and “Edit Policy” and toggle on “Skip terms and conditions on device enrolment”.
  2. Hit “Get Started” under “MDM” in the page from Devices” -> “Import in the Trustd MTD dashboard.
  3. Enter the configuration values for the managed app configuration into your MDM’s app configuration template.

Note: make sure you replace the “app.traced.globalEnrollmentKey” value with the key shown by pressing the pink “Show” button.

4. Deploy the app out to your devices

5. You may want to copy and paste the email instructions to circulate amongst your users which will guide them through the few clicks that they’ll need to follow to protect their devices. 

(Optional) Setup zero-trust conditional access

If you’d like to setup Trustd MTD to automatically restrict access to company data for users with untrusted mobile devices, follow these steps:

  1. Navigate to “Devices” > Zero Trust
  1. If you haven’t already linked Trustd MTD with your Microsoft Tenant, “Integrations”, then click “Authorise Now”. Otherwise, press skip to step 5.
  1. Authenticate with your Microsoft credentials and press “Accept” to link Trustd MTD with your Entra ID Tenant.
  1. Navigate back to Devices > Zero Trust
  1. Toggle On the “Zero trust is enabled” setting – this will create the Conditional Access Policy and Entra ID Group in your connected Entra ID Tenant. 

Note: You may want to check these by looking for the Entra ID Group “Trustd conditional access policy” and Conditional Access Policy “Access to Cloud requires Trustd on mobile”

  1. You can now choose when you want Trustd to automatically revoke access to users from mobile devices. To help explain the scenarios that Trustd will restrict access to company data from users with untrusted mobile devices, please refer to the below diagram:

See what the settings in the Zero Trust page do when turned on.

(Optional) Reporting and Notifications

Trustd MTD has a number of reporting and notification options prebuilt. 

You can: