1. What actually happened or you saw:
Prompts are disabled, new detected networks are set to Public. However, most public networks are not filtered out from “bad” sites.
2. What you wanted to happen or see:
Protect mobile users by making a firewall rule to automatically set system to use a custom DNS (eg. Comodo Secure DNS) based on the following conditions (at least):
a. When outside company’s network or domain, check if custom DNS can communicate at port 53.
b. Check latency if reasonable. If yes, configure system to use custom DNS.
c. Else, use DNS provided by DHCP (no change).
d. Upon detecting known or work network, use DNS provided your DHCP.
3. Why you think it is desirable:
Public networks can easily lure users to visit Phishing/Malware/Forged websites to disclose username/password (and the like).
Even with the updated CIS in place, new threats emerges and may not be discovered right away. To provide a layer of protection, a safe and secure DNS must be in place.
4. Any other information:
Comodo Secure DNS is optimized to any location in the globe (geo-aware), having this DNS in your system not be an issue specially overseas.
Might be a problem if a network requires a user to enter their portal before using their service.