MVP, Experience design, Secondary research | May 2020 - Jan 2021As a junior UX designer, I conducted secondary research on mobile security user requirements and designed mobile security onboarding to operate end-to-end experience.
Companies using mobile devices for business, such as restaurants and post offices, store customer information in the devices; employees using personal mobile devices to check emails or company documents outside the office. The solution was to test the market, allowing users to set the mobile devices on a suitable security configuration to prevent data leakage.
The design scope covered the mobile security onboarding process, mobile devices enrolment flow, the end user download agent flow, and the admin’s daily operation flow. In this portfolio, I highlighted 2 of the use cases to demonstrate my design process.
How might we allow a mobile security admin to assign comparable protection to their mobile assets?
The design was started from scratch. We knew little of the actual mobile device management scenario. Trend Micro has strong mobile security protection capability but, at the time, we lacked knowledge about which method to operate to meet their needs. To begin with, I conducted secondary research on the enterprise mobile device use cases. By studying documentation from other mobile management vendors, I sorted the scenarios into 4.
The 4 mobile device management scenarios.
From the study, I concluded that to protect the mobile devices in the above scenarios, the ideal way to set up the security configuration is to tie the policy to the device owner. A mobile device usually has a dedicated owner or is under a manager who is in charge of the work scenario as the dedicated device with multiple users. Tying the policy with a user means that as long as the user list is well-organised, the devices being associated properly can be well-protected. If a device is transferred to another employee, the assigned policy can be switched to the protection requirement of the person’s role and responsibility.
The notes analysing the management use case.
However, after the PM and developer’s evaluation, tying a policy for a device is more feasible. I therefore adjusted the proposal and designed a “user-based search, device-based policy assignment” logic. With this logic, a mobile security admin can still easily assign the protection level according to a person’s role and responsibility, simplifying the security set up flow of changing the device owner.
The “user-based search, device-based policy assignment” logic.
The below mockups demonstrate how to achieve the policy-assigning method via the management console. The target is assigned to a user or user group, but the policy is tied to the mobile device associated with the user.
How might we remind the end user to complete the mobile settings, so that the security features can work as how it is set by the mobile security admin?
The required settings of the app may be on and off over time based on the user’s usage. For instance, a VPN needs to be enabled so that the security modal can collect data via the pathway but it may be disabled by the end user. However, a user is only expected to open the app under three circumstances:
When the end user first enrol the device to the solution
When the end user sees the notification when the app detects suspicious activity and has required action to take
When requested by the security admin to copy the error code for troubleshooting
I proposed a few user flows guiding the user to finish the pre-settings, such as showing a pop-up notification when opening the app or having a page with the set-up guidance. After an internal validation, we agreed that adding a new navigation tab in the app may be easily overlooked. Besides, in most cases, the app page may become futile when the user has all set up.
The sketches of guiding user to the pre-settings in different forms.
By reconsidering the user behaviour on the app, I came up with the final design, which considered the pre-condition as one of the actionable scan results. The action notification and the user behaviour were then immersed into the original user flow of the app and would be regarded as crucial as a note-worthy action happens.
The landing page of the app Mobile Security for Business. Since the app acts as the agent to collect mobile detection logs, the scan action is scheduled by the admin via management console, I therefore put the scan result as the main content of the app. To trigger a manual scan, the end user can pull the scan result to see the scan button.