App Center allows the administrator to control Android and iOS devices, performing such tasks as:
Remote data wipe
Device lock
Password reset
Password length and quality enforcement
Enable device management
To enable device management, check the box and save the form. Immediately after saving this form, MDM is required for all devices going forward. Mobile users will not be able to access App Center until their devices comply with the required policy.
Policies are defined on the Device Policy tab. These policies are associated with groups, and the policies are applied to devices belonging to users in the associated group.
Groups and policies can be combined such that a single device may have several available policies associated with it. In that case, the highest priority policy is associated with the device (according to the Device Policy tab).
The device management box can be unchecked and saved, and MDM will no longer be required. However, MDM is not automatically uninstalled from user devices.
iOS Settings
For iOS Device Management, you must generate and upload an MDM Certificate with the correct appids. MDM certificates are created in the iOS Provisioning Portal and uploaded to App Center.
See “Creating an MDM App ID and Certificate” section in “Symantec iOS Certs and App Center Client” document.
For iOS 5 and later devices, App Center can install native and web clip apps using the MDM protocol. Apps installed using this method can be removed without user consent by clicking on an "Uninstall" button within the App Center Admin Portal.
The options that can be selected are:
Install iOS native apps via MDM (for devices running iOS 5.x and later)
Install iOS web clip apps via MDM
Allow devices that do not have remote management capabilities
App Center can be configured to allow or deny access to Android devices that do not support device management. You can choose to allow these devices access to App Center even though they can't do remote management.
Checking policy and reporting problems
App Center will poll registered devices on a regular schedule to ensure that the device is under management. The frequency of the check can be configured.
If a device is not configured as expected, or if a device cannot be polled, a notification is sent to the administrator. The mobile user can also receive a notification email if the policy check fails.
Check policy every __ hours
Set this field to configure the CheckInterval - how long to wait before checking for MDM policy compliance. This defaults to 72 hours. Once a device is being checked, App Center waits for a response for the specified check timeout (see below - default is 30 min).
If the device does not communicate back to the App Center, these checks will go indefinitely until the check times out and then a “compliance could not be checked” email is sent. After the check times out, App Center will wait for another CheckInterval before restarting the MDM Policy compliance check.
A device is considered out-of-compliance if the device is not compliant with the MDM policies or if the device doesn‟t have an MDM profile installed.
Alert administrator if check takes longer than __ minutes
Set this field to send a notification if a device is in communication with App Center and does not come back with an MDM check status within the specified interval (default is 30 mins).
Device users can also receive a notification email when policy checks fail
If for some reason mobile users need to be notified that their device is out of compliance, check this box.
Administrators and the device user can receive a notification email when policy checks fail. The options that can be selected are:
Alert administrator about policy problems
Alert device user about policy problems
Customized MDM removal message
If you have an app policy applied and a user removes MDM, they will receive this message.
Customized Terms & Conditions
Before a user installs MDM on their devices, a Terms & Conditions screen is presented. The T&C screen must be accepted before installation continues.
The text of the Terms & Conditions page can be customized. If it is not customized, a default T&C screen is presented.
Default Device Policy
If MDM is being enabled for the first time, a dialog will be displayed to assist the administrator define the default Device Policy.
See Device Policy section below for details on the MDM policy options.
Notifications
There are several types of notifications that can be configured:
Ops Alerts (on-premises options only)
Push Notifications
Administrative Notifications
Licensing Notifications
Ops Alerts
Ops alerts are generated by the system software supporting the App Center, such as monitoring software, daemons, etc.
The email address(es) where these alerts should be sent are configured on this screen. Debug information can also optionally be included in these emails.
Push Notifications
App Center sends notifications to mobile users when new applications are available. For most devices, notifications are delivered from App Center to the mobile device using the standard platform service: Google GCM or Apple Push Notification Service.
Notifications are sent to the native App Center mobile client. Devices using the iOS App Center web clip client cannot use Apple Push Notifications. Certain Android devices do not support notification either, in particular those without the Google Market App or those that have not been configured with a Google Account.
App Center configures itself to communicate with Google GCM and uses a site-wide account and self-signed certificates.
The GCM account is embedded in the native Android App Center mobile client too.
The Apple Push Notification Service (APNS) requires special certificates to enable communication from App Center via APNS to the client device. (APNS requires that Apple act as the go-between for notifications.)
APNS certificates are created in the Provisioning Portal on http://developer.apple.com. They are created at the same time as mobile provisioning files are created for the native mobile client. See “Creating an App ID Push Certificate” section in “Symantec iOS Certs and App Center Client” document.
For devices that are not enabled for push notifications, App Center can be configured to send email message with this check box:
Send email notification if push notifications are unavailable.
Administrative Notifications
App Center sends a wide variety of notifications about system events via email to the email account of the primary administrator.
App Center allows such email to be directed to a different address, perhaps to be logged or entered into a tracking system.
It also allows a custom prefix to be pre-pended to each subject line for easier mail filtering.
Licensing Notifications
If your license is in a warning state (i.e., the tenant is within 10% of the licensed user count, or the storage is 200 MB away from the licensed storage limit, or the license is close to expiring), or if the licensed user count is exceeded, the storage limit is exceeded, or the license has expired, Symantec App Center can issue emails to notify the administrator of these issues. You can activate or deactivate licensing notifications on the Settings > Notifications page.
For more information about Symantec App Center licensing, see The Account Page.