Prepare for ETP Client setup
Whether you plan to set up the desktop or mobile version of ETP Client or use the client on a user’s personal device, initial configuration tasks are required for ETP Client. Before you set up ETP Client, complete these tasks.
- Make sure your enterprise firewall allows traffic for endpoints that are required by ETP Client. For more information, see Update enterprise firewall, on-premise proxy, and allowlists.
- Assign a policy to the Off-Network ETP Clients location. For more information, see Assign a policy to the off-network location.
To use ETP Client with the full web
proxy, enable the proxy in your policies. Depending on whether your deployment includes an
on-premises proxy, you can also configure ETP Client 3.0.4 or later as a proxy on the
client computer. For more information, see Enable full web proxy.
Note: If you do not install version 3.0.4 or later of the client, you cannot direct web traffic from ETP Client to the proxy. In this situation, the full web proxy is only available if you have an on-premises proxy that directs traffic from ETP Client to the proxy.
To secure connections from ETP Client to
ETP with DNS over TLS (DoT), select the DoT mode in the policy settings. By default, the
mode is Always Attempt. You can change this setting and select the port that’s used. For
instructions, see Configure DNS-over-TLS settings.
Note: Make sure you enable DoT in policies that are associated with the mobile client.
- Configure the behavior of ETP Client. For more information, see Configure ETP Client.
- Configure the internal IP addresses and DNS suffixes that end users can access in the corporate network. If you plan to let users activate ETP Client on their device, you must also specify the corporate email domains that are associated with the users who will activate the client. For more information, see Configure internal IP addresses, DNS suffixes, and email domains.
- To use ETP Proxy, you must distribute the MITM TLS certificate to your devices. For more information, see Certificate distribution and Distribute MITM certificates to ETP mobile devices.
- If you want to set up ETP Client on a computer or laptop, see Set up ETP desktop client.
- If you want to distribute ETP mobile client to mobile devices, see Distribute ETP mobile clients with Mobile Device Management (MDM).
- If you want to allow users to activate ETP Client on a personal device, see Bring your own device (BYOD) support.