Update: We have now added a PDF which visually shows the steps needed for migration when an MDM is not in use, as well as a link to a video showing the same:
As we have now stopped new sales of the legacy mobile products (Mobile Security and Freedome for Business), F-Secure has now created a subscription for F-Secure Mobile Protection matching the legacy mobile product (same quantity, expiration date).
After that, F-Secure will set the termination date of the legacy mobile product to the End of Life (EoL) date of these products. The EoL date for both products has been set to 31 March 2022, after which we can no longer guarantee that they will function correctly.
For a short time, the customer will have both subscriptions valid in parallel leaving them time to migrate their end users. These will both appear in the product portal.
Below are the alternatives about how to migrate the end-user mobile devices to F-Secure Mobile Protection
Devices managed via MDM
Through the MDM, the administrators can control the installation of the new product and removal of the legacy mobile product. As there are many different MDM solutions, it is beyond the scope of this article to describe the steps needed, and the administrator should refer to the MDM documentation.
Once installed, the MDM administrator should ensure that to archive best possible protection, they have set “always on” tag for F-Secure Mobile Protection on mobile OS level.
Devices not managed via MDM
Using the new F-Secure Mobile invitation service, the administrator can send emails with an installation link for F-Secure Elements Mobile Protection.
1. Get a list of the end-user to invite
This list may be extracted from a customer’s CRM system, but it is also possible to extract this from the F-Secure Elements Endpoint Protection portal (formerly PSB portal):
- Extract the relevant emails from PSB using the export mobile information (PSB device view/ three dot menu/Export all mobiles report (CSV) ). It provides a CSV including information related to legacy mobile products including user name, email, status, subscription key
- Decide who to send the invitation to install the new F-Secure Mobile Protection:
- Only active devices or also the once that are disconnected or never connected
- Check that emails are unique as some customers use the same email for many devices.
2. Import the list of users to the new mobile invitation service
Prepare a CSV file to be imported. This can either be the file exported in step 1, or a new CSV file
- If creating a new CSV file, the expected CSV file format is <owner email>,<owner last name>,<owner first name>,<alias>
- Only <owner email> is mandatory, the other fields are optional
- If optional fields are omitted, the separators must be kept
- For each Mobile Protection subscription key, a separate CSV file is needed
- Inform the end users that they will receive an email from F-Secure to install a new product: “F-Secure Elements Mobile Protection”
e. Import the data
- Select the right company from scope selector
- Click on add new device and select Mobile Protection subscription key
- Add the CSV file
- The invitation email will be sent. It includes an installation link unique for this user (only one installation is possible) and valid 30 days
f. Manage the invitations
- Once a user installs the product, their email address is removed from the pending invitation list
- Users can be reminded by resending the invitation as many times as needed. For example, after 7 days the PSB administrator may select all, and resend all the remaining invitations.
- After 30 days, it is not anymore possible for the user to install. The user will be moved to an expired invitation list.
- On the expired invitation page in PSB (Device / three dot menu / Manage Mobile Protection invites / Expired tab) the admin may send a new invitation with a new link valid another 30 days, or may delete the user
Note: Subscription seats are used after the user installed the Mobile Protection application.
Post-Installation steps
Once Mobile Protection is installed to a device, the PSB admin can remove old clients for the user in PSB portal. Then it is up to the PSB admin to inform end user that old client must be removed from the user’s device.
Finally, PSB admin must inform end user that to archive best possible protection end user must set “always on” tag for F-Secure Mobile Protection on mobile OS level.
Security
IMPORTANT if “Allow installation from any source” was enabled earlier on Android to allow installation of Mobile Security, it is very important that this is disabled once the migration process is completed. This will ensure that applications can only be installed via the Play Store.