Configuring policy

This section explains how the Forcepoint Mobile Endpoint Agent applies to web access policies configured in the Web Security to manage and secure device traffic.

Policy configuration for the Mobile Endpoint Agent follows the same core structure as Web Security policies. The Mobile Endpoint Agent enforces the web access rules that administrators create in the Web Security application. In simple terms, the Mobile Endpoint Agent receives the user’s assigned policy from the cloud and applies those rules to the device’s network traffic.

For how to create and manage the policies in Web Security, see the Defining Web Policies.

Default Policy

When mobile traffic reaches the Web Security, the system analyzes the connection headers to determine which user is associated with that traffic.
  • If the user is mapped to a specific web policy, that policy is applied.
  • If the user is not mapped to any policy, the system falls back to the Default policy configured in the mobile services.
  • If a user was previously mapped but later removed, the system again applies to the Default policy defined in the Mobile Services configuration.
This ensures that every mobile device always receives an appropriate policy, even when the user is unknown, unmapped, or removed from a specific policy assignment.
To configure the default policy:
  1. Open the Web Security application in the Forcepoint Data Security Cloud.
  2. Navigate to Web > Device Management > Mobile Services.
  3. Select the mobile service entry and click the Edit icon.

    This opens the Assign Forcepoint Mobile App Policy page.

  4. Under Policy Assignment, the only configurable option is the Default policy, which you select from the drop‑down list.