Cloud Services MDM. Application Management Admin Guide

(1)

Cloud Services

10/24/2014

MDM

(2)

APPLICATION MANAGEMENT

MDM's mobile Application Management solution enables the administrator to wirelessly distribute and manage internal, public, and purchased apps to iOS and Android devices across the mobile fleet. Furthermore, the Enterprise App Catalog allows the corporation to build secure business applications, which can be deployed, managed, and secured alongside public apps via a custom app catalog. Through the Application Management tools in the Admin Console, administrators can allow users to effortlessly view, install, and update both internal and public applications.

USING THE APPLICATIONS PAGE

The Applications page on the Admin Console is responsible for managing and pushing applications to end-‐user devices over-‐ the-‐air. It provides detailed list of Internal, public, and purchased applications that have been created or recommended for the specified location groups or child location groups. It is the centralized interface for you to recommend public applications and deploy internal or purchased applications to your smart device fleet.

(4)

From here, you can view all the Applications that are being managed in the Admin Console. You can

categorize applications within four Admin Console groups —Internal, Public, Purchased, and

Application groups, as well as determine how to distribute those applications as described in Advanced Application Assignment.

Navigating the Applications Page

There are several ways for you to select, order, identify, find, filter (and more) specific applications within the Admin Console. This section is divided into the following:

• Search Bar • Grid • Icons Search Bar

• Platform – Search for applications based on the device platform.

• Status – Search for applications based on the activity status of a device. Select All, Active, Retired, or Inactive for Public and Purchased (with the addition of Retired for Internal). This is not available in Groups.

• Categories – Search for Applications only within Internal based on the category assigned to it by you in the Info screen prior to uploading the application into the Admin Console.

• Type – Search for Applications only within Application Groups that meet a specific type defined by you. Select All, Whitelist, Blacklist, or Required.

• Search – Search for specific application by name, partial name, or keyword. Enter any keyword in the Filter Grid field and press <Enter>. The grid re-‐sorts and only displays those devices that contain the keyword(s) entered.

(5)

Multiple Criteria Search Using Only the Search Bar:

In this scenario, the search criteria used is Platform: Apple iOS and Status: Active; Categories: All and Search: sales. The result for this multiple criteria is shown in the grid below:

Grid

The grid displays sortable and non-‐sortable columns within each of the four groups —Internal, Public, Purchased, and Application Groups. Depending on which group you view, the column(s) change. A description of the sortable columns in all four groups:

• Assignment – The combination of the Device Ownership and Managed By selections made by you when the application was assigned.

• Comments – The comments entered by you in the Comments field when the application was assigned.

• Description – The description entered by you in the Description field when the application was assigned.

• Name – The name of the application entered in the Name field when the application was assigned.

• Platform – The platform (e.g., Apple) on which the application runs.

• Platform / OS / Model – Provides information on the platform, the operating system, and model.

• Status – Indicates whether the application is Active, Inactive, or Not Assigned. • Type – Indicates applications as Whitelisted, Blacklisted, or Required.

• Uses SDK – Indicates which applications are using the Software Developers Kit (SDK). Available only for Internal applications.

• Version – Is the version entered by you in the Version field when the application was assigned. Available only for Internal applications.

NOTE: Actions, Applications, Category, Icon, Installed/Assigned, Managed By, Rank, and

(6)

Icons

There are icons throughout the page that when either hovered over or clicked provides more features or perform functions. They are as follows:

Tiles and Lists

Click Tiles in the upper right corner — screen displays application icons in the far left column, as illustrated in the example below:

Click List in the upper right corner — the screen displays all information textually without any graphical representations, as illustrated in the example below:

Refresh

Click Refresh — the grid refreshes to display the default Available Columns layout, as well as all device data based on any search criteria in the Filter drop-‐down and Filter Grid field, as illustrated in the example below:

(7)

Export All

Click Export All — the data in the grid exports into an Excel spreadsheet, as illustrated in the example below:

Actions

Click Actions to manage the application using the following options listed in the Action menu:

• View – Allows you to view the application assignment. You can also edit the assignment from this screen.

• Edit – Allows you to edit information about the existing application assignment. • Edit Assignment – Allows you to edit the existing application assignment. • View Devices – Shows devices that are available for that application.

• Publish – Pushes out the application to devices that match the profile criteria. • Notify Devices – Allows you to notify the device users about the apps.

• Add Version – Allows you to upload the latest version of the application. • Retire – Allows you to remove the previous version of the application from the

device and exists in the Admin Console as Retired.

• Deactivate – Allows you to keep the application, but deactivate it. • Activate – Allows you to keep the application active.

• User Ratings – Allows you to view both the admin ratings as well as user ratings.

• Unretire – Allows you to push the already retired application to the device. • Delete – Deletes the application and removes it from devices.

(8)

Enabling the App Catalog

The first step to deploying applications through MDM is deploying the Enterprise App Catalog in the form of a Web Clip (iOS) or Bookmark (Android) profile:

1. Navigate to Profiles & Policies ► Profiles. 2. Select [Add].

The Select Platform form displays.

3. Choose Android or Apple based on the device you would like to configure. 4. Configure the Profile General Settings (see Creating Profiles).

5. Select Web Clips for iOS devices or Bookmarks for Android devices from the left profile list. 6. Click the [Configure] button and enter all Web Clip/Bookmark profile parameters.

• Label– The name displayed on managed devices for the Web Clip/Bookmark. For example, App Catalog could be used.

• URL – The App Catalog URL is in the following format:

https://<Environment>/devicemanagement/AppCatalog?uid={DeviceUid}, where

<Environment> is the URL to your MDM Server. In a multi-‐server on-‐premise deployment, this URL is your Device Services server URL.

NOTE: If you are in Shared SaaS environment, use the following convention:

https://dsXX.<MDMEnvironment>/devicemanagement/AppCatalog?uid={DeviceUid}. For example, if you are in the CN22 environment, use the following:

(9)

NOTE: You can also change the landing page for the App Catalog. Use the conventions listed below:

o Internal:

https://<MDMEnvironment>/devicemanagement/AppCatalog?uid={DeviceUid}&defaultTab=Internal o Public:

https://<MDMEnvironment>/devicemanagement/AppCatalog?uid={DeviceUid}&defaultTab=public o Categories:

https://<MDMEnvironment>/devicemanagement/AppCatalog?uid={DeviceUid}&defaultTab=categories o Purchased:

https://<MDMEnvironment>/devicemanagement/AppCatalog?uid={DeviceUid}&defaultTab=purchased o Updates:

https://<MDMEnvironment>/devicemanagement/AppCatalog?uid={DeviceUid}&defaultTab=updates • Icon −To add a custom icon, select a graphic file in .gif, .jpg, or .png format.

o For best results provide a square image no larger than 400 pixels on each side and less than 1 MB in size when uncompressed. The graphic is automatically scaled and cropped to fit, if necessary and converted to .png format. Web clip icons are 104 x 104 pixels for devices with a Retina display or 57 x 57 pixels for all other devices. • Show as web app in the app catalog – Enable this option for the device users to use Web

Clip profiles on the app catalog as web applications.

NOTE: Administrators can assign and manage on-‐demand web applications in the App Catalog, which allows the device users to navigate and install the web applications from App Catalog.

7. When complete, click [Save & Publish] to immediately deploy the Web-‐Based App Catalog to all appropriate devices.

Advanced Authentication for App Catalog

Administrators can allow the users to use App Catalog by assigning user name and password. 1. Navigate to System Settings ► Applications ► App Catalog.

2. Authentication:

• Enable the Require Authentication for Application Catalog checkbox to prompt the device user to enter the user name and password to authenticate the App Catalog.

• Select an option under the Default tab to make it display as the first tab in the App Catalog. 3. App Catalog without MDM:

• Enable the App Catalog without MDM checkbox to prevent the user from enrolling into MDM. In this case, the user can have access to applications assigned to the location group through a separate App Catalog.

• Enable the Allow New User Registration checkbox to allow the new users to register to have access to the App Catalog.

• Enter a title for the App Catalog Web Clip. • Upload an image for the App Catalog. 4. Click [Save].

(10)

ENABLING THE BOOK CATALOG

Identical to App Catalog, the first step to deploy iBooks through MDM is deploying the Enterprise Book Catalog in the form of a Web Clip (iOS) or Bookmark (Android) profile:

1. Navigate to Profiles & Policies ► Profiles. The Device Profiles page displays.

2. Select [Add].

The Select Platform form displays.

3. Choose Android or Apple based on the device you would like to configure. 4. Configure the Profile General Settings.

5. Select Web Clips for iOS devices or Bookmarks for Android devices from the left profile list. 6. Click the [Configure] button and enter all of the Web Clip/Bookmark profile parameters.

• Label – The name displayed on managed devices for the Web Clip/Bookmark. For example, MDM Book Catalog could be used.

• URL – The Book Catalog URL format:

https://<Environment>/devicemanagement/AppCatalog/BookCatalog?uid={DeviceUid}, where <Environment> is the URL to your MDM Server.

In a multi-‐server on-‐premise deployment, this URL is your Device Services server URL. • Precomposed Icon −To add a custom icon, select a graphic file in .gif, .jpg, or .png format.

o For best results provide a square image no larger than 400 pixels on each side and less than 1 MB in size when uncompressed. The graphic is automatically scaled and cropped to fit, if necessary and converted to .png format. Web clip icons are 104 x 104 pixels for devices with a Retina display or 57 x 57 pixels for all other devices.

7. When complete, click [Save & Publish] to immediately deploy the Web-‐Based Book Catalog to all appropriate devices.

(11)

Application Categories

MDM provides the administrators to have their own application categories and to filter the applications by those categories. Administrators can create, view, edit, delete, and assign one or more categories to both public and internal applications for a selected location group. These categories are also displayed on the App Catalog allowing the end-‐users to browse and filter the applications by category. To create an application category:

1. Navigate to Catalog ► Applications page.

2. Select Application Categories from the Configuration menu on the left.

• Name – Name of the category.

• Description – Description of the category.

• Category Type – Indicates whether the category is added in the system as seed data (System type) or added by an admin user (Custom type). Only the Custom categories can be edited.

• Managed By – The location group at which the category is created. By default, the categories of System type are assigned to all the managed and its lower location groups. 3. Click [Add Category] to create a new category to assign for applications for a selected location

group.

4. Fill in the Add Category form with all required fields. • Category Name – Enter the name for the category.

• Category Description – Enter a short description for the category. 5. Click [Save].

The Category gets saved as Custom category.

6. Click the Actions menu located on the right for editing, viewing, or deleting the application categories.

NOTE: The Resources need to be added to enable the administrators with the roles to view,

(12)

Assigning Custom Category to Apps

The administrator can assign or un-‐assign categories to internal and public apps. To assign a category: 1. Navigate to Catalog ► Applications page.

2. Select either Internal or Public from the Applications menu on the left. 3. Click [Add Application] and fill in the form with all required fields.

• Categories – While adding a new internal or public application, the system automatically looks up all the existing seeded system categories and selects the one that matches the application as received from the app store. To add multiple categories, select from the

(13)

APPLICATION WRAPPING – ANDROID APPS

Application Wrapping (or App Wrapping) is the process of providing a management layer to internal Android apps without requiring changes to the source code of the existing application. App Wrapping allows administrators to set and expose certain functionality elements that can be applied to an application or group of applications. The functionality elements can include the following:

• The user authentication is required for a specific app • An app can run on a rooted device

• To allow copy and paste or file sharing • The camera is enabled

• Bluetooth is enabled

App Wrapping allows administrators to associate extra security and management features to an existing app and then re-‐deploy that app to an enterprise app store.

App Wrapping Process

The administrator must perform the two processes below for wrapping and publishing an Android wrapped application.

Creating an App Wrapping Profile

The administrator has to create a Wrapping Profile to configure a wrapped internal app from the console.

1. Navigate to the Applications page.

2. Select Profiles from the Configuration list on the left side of the page.

3. Click [Add Profile] and then select App Wrapping Profile as the configuration type. The Add a New Profile page displays.

4. Enter the Name, Description for an app wrapping profile, and the location group that manages it in the General payload profile.

5. Click Authentication payload and enter the following information:

• Enable the Require Authentication checkbox to prompt the user to authenticate before launching the app.

• The users can use the same credentials used during enrollment.

(14)

6. Enable the Require Passcode checkbox to allow the user to create a password for the app. • Enter the minimum passcode length, the complexity for the passcode (Simple/Complex),

and the minimum number of complex characters that are to be included while setting a passcode.

7. Click the Restrictions payload to set certain restrictions for the wrapped app. Enter the following information:

• Enable the Detect Compromised Device checkbox and set an action that has to be

performed on the device when found compromised. The actions can require the end-‐user to exit the app, wipe app content, or remove app from the device.

• Enable other checkboxes to prevent copying content from the app and/or to enable Bluetooth and camera.

8. Click [Save] to preserve the profile in the console.

(15)

Creating a Wrapped Internal App 1. Login to the Console.

2. Navigate to Application ► Internal ► Add Internal Application screen.

3. Upload an APK file for an internal Android app. For more information, refer to Deploying Internal Enterprise App.

4. Navigate to the Wrapping tab in the Add Application screen.

5. Check the Enable App Wrapping option to enable the application for wrapping and to associate the wrapped app with the wrapping profile. Below is the screen that interacts with the

Wrapping Engine to perform the actual wrapping process.

6. Click [Save].

When saving, the console puts the APK file and the request in the internal queue.

Upon successful wrapping, the Internal Application page displays the status as Application Successfully Wrapped.

NOTE: If you want to wrap an application that has already been distributed, you need to upload a new version of the app and wrap it before saving and assigning it.

(16)

RECOMMENDING PUBLIC APPLICATIONS

Once the App Catalog is successfully deployed to your smart device fleet, you can begin Recommending Public Applications and distributing corporate applications through the Admin Console. To recommend public apps to the App Catalog from the Admin Console:

1. Select Public from the Applications menu on the left.

2. Click [Add Application].

3. Fill in the Add Application form with all required fields.

• Managed By – Enter the Location Group with permission to edit the application. • Platform – Enter Apple, Android, or Windows Phone/Windows Phone 8.

• Name – Name for the Application as it appears in the App Catalog.

• Search App Store – Select the check box to automatically search the Apple App Store, the Google Play Store (Android Market), or the Microsoft Windows Phone Store for the Application, and populate all app details.

NOTE: In order to search the Google Play Store, a Google Account must first be integrated with the MDM environment. See Google Play (Android Market) Integration for more information. 4. Select [Next].

View the returned search results.

(17)

Most of the application information automatically populates for Apple iOS, Android, and Windows Mobile devices.

• Info:

o URL – MDM populates the URL for Android, Apple iOS, and Windows Phone devices. o Comments – Creates commentary that displays in "additional comments" in the App

Catalog.

o Reimbursable – Designates whether or not a corporation reimburses end-‐users for the app purchase. A small icon in the App Catalog indicates if an app is

reimbursable.

o Rating – Rates apps with 1-‐5 stars and displays the rating in the App Catalog. NOTE: Comments and rating capabilities are added from the console for public applications by the administrators, and can view the user ratings of all other apps.

o Categories – Determines the application type which is displayed in the App Catalog. • Deployment:

o Push Mode – Determines if the application is installed automatically (auto) or manually (on demand) by the user through the App Catalog.

o Remove On Unenroll – Determines if the application is removed when a device is unenrolled.

• Add Exceptions – Enables customized application deployment by creating specific exceptions to the options located under the Deployment view.

o Push Mode

o Remove on Unenroll o Prevent Application Backup

NOTE: This is helpful for deploying the same applications to different groups of users with unique security and deployment requirements. For example, you may wish to push a certain application to one group of users as an "auto" installed application while sending the app to another group of users as an "on-‐demand" application.

6. Select the app specific Terms of Use.

7. When complete, click [Save and Assign] to proceed to the application assignment options. • For more information on Application Terms of Use, refer to Terms of Use Notification under

Application Notifications.

(18)

DEPLOYING INTERNAL ENTERPRISE APPLICATIONS

Once the App Catalog is successfully deployed to the smart device fleet, begin recommending internal applications and distributing corporate applications through the Admin Console. The following platforms support internal corporate applications:

• Apple iOS • Android • Symbian

• Windows Phone 8 (WP8)

To distribute corporate applications to the App Catalog from the Admin Console: 1. Navigate to Catalog ► Application.

2. Select Internal from the Applications menu on the left.

NOTE: Internal is selected by default.

3. Click [Add Application].

The Add Application form appears.

4. Fill in general parameters as needed. Some of the fields include:

• Managed By – Specifies the Location Group with permission to edit the application. • Application File – Specifies the Location of the application file. Apple applications are

uploaded in an .ipa file, Android apps are in an .apk file, Symbian apps are in .sis and .sisx files, and WP8 apps are in a .xap file.

NOTE 1: On the Symbian platform, only internal applications are pushed over-‐the-‐air. No other applications, including public and purchased apps can be pushed. For WP8, both public and internal applications can be pushed.

(19)

NOTE 2: The .sis and .sisx files are either self-‐signed or Symbian-‐signed. Self-‐signed files generate a notification and are installed via the Device Notification tab. Symbian-‐signed files are installed in the phone memory without displaying a notification.

NOTE 3: In certain cases, the application does not get pushed onto the device or show a notification. For example, when the application is already installed on the device, the app does not push or display a notification.

5. Select [Continue] and fill out additional fields as needed.

6. On the Info tab, fill out the following:

• Name – The app name displayed on the device.

• Managed By – The location group where the application is managed. • Application ID – The information entered in this field changes by platform.

o For Android apps, enter the application’s package identifier. o For iOS apps, enter the application’s bundle identifier.

• Actual File Version – The application version recorded in the file. These fields are automatically populated with the detected application data.

• Version – Update application information when uploading a new version of a managed app. Logging these changes in the Change Log is optional.

NOTE: For more information on deploying different versions of the same application, see Application Version Management.

(20)

• Description/Keywords – Enter a description about the application to be displayed in the App Catalog.

• URL – Enter a website address that has more information about the application.

• Support Email/Support Phone – Enter contact information for internal application support. • Internal ID/Copyright – Used for internal purposes.

• Developer/Developer Email/Developer Phone – Enter the name of the developer responsible for developing the application along with email and contact information. • Cost Center – Enter the cost center that the developer providing the application belongs to. • Cost – Enter the cost for developing the application.

• Currency – Enter the currency value.

8. Images (Optional) – Upload screenshots and a description of the app prior to downloading from the App Catalog.

The uploads display on the Application page.

(21)

9. Terms of Use (Optional) – Enter an End-‐user License Agreement as a pre-‐installation application requirement.

10. Required EULA – Select the app-‐specific Terms of Use (EULA).

NOTE: For more information on Application Terms of Use, refer Terms of Use Notification under Application Notifications.

11. On the Files tab, enter the following:

• Application file/Provisioning profile – Populates automatically when the application is uploaded.

• Application Supports GCM – Enables the Admin to send push notifications to Android devices if Yes is selected. Google IDs are required for GCM communication with devices. • Google Account/Password – Enter the Google account and password.

12. Finally, on the Deployment tab, fill out the additional criteria to determine which users/devices receive the application.

• Effective Date/Expiration Date – Set dates for when the app becomes active or expires. • Remove on Unenroll – Determines if the application is removed when a device is unenrolled.

(22)

• Select Add Exception to include:

o User Groups (Optional) – Select User Groups if you are leveraging User Groups in MDM as an additional assignment filter for the application.

o Device Ownership – Assign the application to devices with a specific ownership type. o Push Mode – Determine if the application is installed automatically (auto) or

manually (on demand).

13. When complete, click [Save and Assign] to proceed to the Advanced Application Assignment options.

ADVANCED APPLICATION ASSIGNMENT

MDM offers advanced application management techniques for organizations wishing to further customize application assignment through advanced and facilitated application testing.

• After completing the basic deployment and assignment information for either an internal or public application (see Deploying Internal Enterprise Applications or Recommending Public Applications), you have the option to add more advanced assignment criteria by clicking [Save and Assign] at the bottom of the Add Application screen (you can also edit this advanced information by selecting the Actions menu ► Edit Assignment).

• Or, you can proceed with assigning the application based only on the information on the Assignment tab by going to the advanced assignment screen and clicking [Next].

NOTE: If any editing settings are grayed out, that means that full editing permissions are not permitted at this level (If you believe that you should have editing permissions, please ensure that Override is selected as the current setting).

Criteria

The Criteria window allows you to use the Admin Console to determine which device users have access to a Public application by assigning that app based on many factors, such as, location groups, device owners, user groups, and many more options (including exclusions).

(23)

access to that application.

2. Check the appropriate Ownership checkbox to specify the owner of the devices. You may check one or more checkboxes.

3. Choose the User Group radio button that applies.

The selection applies to only those devices within the specified location group. For example, if the app is only for iOS devices then only iOS devices in that location group have access to the application.

4. To further customize the deployment settings, do the following: • Add Operating System criteria by clicking [Add Criteria]. • Add Model criteria by clicking [Add Criteria].

• Add Location Group criteria by clicking [Add Include Set].

You may click this as many times as needed to define an assignment exception to include additional devices down to a granular level, regardless of any other specified criteria for that Location Group.

• Exclude Location Group criteria by clicking [Add Exclude Set].

You may click this as many times as needed to define an assignment exception to exclude certain devices down to a granular level, regardless of any other specified criteria for that Location Group.

5. Select the appropriate Child Permission radio button to either Inherit only or Inherit or Override the selections you made.

(24)

Devices

The screen below displays all the devices that have access to that Public application (e.g., Salesforce for iPad) based on the selections you made in the previous Criteria screen.

If you review the list of device users and want more or less users to have access to this application, then do the following:

1. Click [Previous] to go back to the previous Criteria page.

2. Modify the Criteria page by making selections that redefines the assignment of the application. 3. Click [Next] to view the Devices page.

4. When you are satisfied with the application assignment, click [Finish] to save all changes and close this window.

APPLICATION VERSION MANAGEMENT

You can leverage the application management tools in MDM to manage different versions of the same internal application. This feature is especially useful for application testing as you may wish to upload a "beta" version of an application update to deploy to specific users for testing purposes while still

deploying the current version of the application to all other users. Once the testing is complete, you can replace the existing version of all devices with the newest version of the application.

To manage application versions:

1. Navigate to the internal applications page and select the Actions menu for the application. 2. Click [Add Version].

• Or, simply upload the new version of the application and MDM detects if that it is a newer version of an existing application.

• Fill in the version and optionally add internal notes in the Change Log.

(25)

3. Upload the new application file and specify the settings:

• Check the box to retire the previous version of the application on the specified devices and replace it with the newer version.

o There is an option to Retire Previous Version the application on the Application Actions menu, so if you do not wish to immediately retire the previous version of the application you have the option to do so at a later time.

• Check the box to copy the application assignment for the previous version. 4. If necessary, enter the new assignment criteria.

5. Click [Save] or [Save and Assign] to proceed with publishing or editing the application assignment.

APPLICATION NOTIFICATIONS

Custom Notification for New and Updated Apps

MDM allows the administrators to notify the end-‐users about the new and updated apps through messages. MDM provides the administrators with few in-‐built message templates and allows them to send messages via email, SMS, or push notifications. A message template can be customized to include application name, description, image, and version information. The administrator can edit the message templates to have a lookup value for the URL for the application page on the Application Catalog to be referenced. MDM also allows the administrator to notify all devices having the assigned app

installed/not installed.

To send an application install notification message:

1. Navigate to Configuration ► System settings and select Message Templates from the System menu on the left.

2. Click [Add].

The Add/Edit Message Template form displays.

(26)

3. Fill in the required information.

• Name – Name of the template.

• Description – Short description of the template. • Category – Select Application.

• Type – Select the type of notification. The types include Purchased Application, Application Notification, and Application EULA Final Notification.

• Message Type – Enable the type of message that admin wants to send. The options are Email, SMS, and Push.

4. In the Email template, select the Email format and enter the subject and message body for the template.

5. Enter the lookup values in the message body.

The lookup values that are available are shown in the below image.

NOTE: If the lookup value is used in the Application Notification template type, while delivering the

(27)

NOTIFYING DEVICES

The administrator can select Notify Devices from the Action menu on the Application page to notify devices that have the application assigned to them.

The Send Message form displays.

1. Enter in all the mandatory fields.

• Message Type – Select the type of the notification that is to be sent to the devices. • Message Template – Select the template for sending the message

• Status – Select the status of the device. This includes All, Installed, and Not Installed. By default, the Status filter on the device list is in Not Installed status.

2. Click [Send].

NOTE: Based on the Status selected, the device list indicates whether or not the notification message is

(28)

TERMS OF USE (EULA) NOTIFICATIONS FOR APPS

MDM allows the administrator to notify end-‐users about the availability of updated App Terms of Use. The administrator should send the Terms of Use notifications in the following cases:

• Notifying end-‐users when the latest Terms of Use for an installed application has not been accepted.

• Distributing updated Terms of Use with newer version and prompting the user to accept the Terms of Use from App Catalog each time while logging into App Catalog.

• Removing the apps when the Terms of Use is not accepted within the given grace period and when the Terms of Use is rejected.

To send or edit Terms of Use 1. Navigate to Catalog ► Application.

2. Select Internal from the Applications menu on the left (this is selected by default). 3. Click Add Application and select Terms of Use tab.

• When no Terms of Use are selected, a Terms of Use are not defined for this application message is displayed.

• If no Terms of Use exist, the admin can create a new Terms of Use by clicking Manage Terms. The Admin then navigates to System settings ► Terms of Use page where a new one can be created.

(29)

• When the admin wants to edit the selected Terms of Use: click the Edit icon next to Manage Terms. This navigates to the Terms of Use page and the Admin can edit the Terms of Use.

4. Click [Save].

MANAGING USER FEEDBACK AND RATINGS

MDM aids the administrators to view feedbacks from the users on internal, public, and purchased applications published to them. This allows the administrators to make future decisions related to the specific application. For example, redeployment of the application with better capabilities, rolling out the application to more users, or scrapping specific features because the users did not find any value in them, etc. These feedbacks are in the form of user ratings and comments for individual applications. To view user ratings and comments

1. Navigate to Catalog ► Applications.

2. Click the Internal, Public, or Purchased Application link on the left side of the page.

NOTE: The count of number of ratings (star icons) indicates the average/effective rating. The User Rating indicates the number of users who provided the ratings for the app and is used to calculate the effective rating.

(30)

3. To access the rating comments, administrators can either click the User Rating or select the User Rating option on the Action menu on the right side of the page.

The User Ratings page displays.

• Effective Rating – The average of the total number of user ratings.

• User Group – Filters the comments based on a specific User Group.

NOTE: Only for the internal apps, the administrator can filter the comments based on the Version of the application on the User Ratings page.

To delete the user comments

On the User Ratings page, click the Management ► Delete option provided at the top-‐left corner of the page to delete a specific rating. Once deleted from the console, the change gets reflected on the App Catalog.

NOTE: Only for the public apps, the administrator can edit Ratings for the app. To edit, click the Edit

(31)

GOOGLE PLAY (ANDROID MARKET) INTEGRATION

You must configure a connection between the MDM environment and the Google Play Store before they can use the Search App Store feature for Android apps.

1. To add a Google Account, navigate to Configuration ► System Settings ► Device ► Android ► Android Market Integration and complete the form provided:

• Username – Google Account username. • Password – Google Account password.

• Android Device ID – Enter in a valid Android Device ID.

o It is highly recommended that a device ID from a tablet is used (as opposed to a device ID from a smart phone) as this provides the system with access to all apps in the Google Play Store and not just those available for smart phones.

2. Click [Test] after filling out the form to see if the system can connect to the Google Play Store using the supplied credentials.

NOTE: To find the DeviceID of your Android device, download the Device ID application from

the Google Play Store.

3. When complete, click [Save] to proceed.

(32)

CUSTOMIZING APPLICATION PROFILES

MDM enables you to customize internal enterprise applications for iOS devices developed with the SDK in addition to MDM applications such as the Secure Content Locker or the Browser. Using these advanced customization tools available in the Admin Console, you can further enforce corporate branding, compliance policies and actions, and other application settings to create a truly unique and secure corporate application experience.

To access the Application Profile settings: 1. Navigate to Apps ► Applications.

2. Locate the Application Settings menu on the left-‐hand side of the screen. 3. Select Profiles ► Application/SDK Profiles.

4. Click Add Application Profile to open the application profile creation window (or, to edit an existing application profile, click the Actions menu next to the profile and select [Edit]). 5. Select from the views on the left to edit the associated application area.

General

Fill in the general application settings, including the Name and Description of the profile for reference in the Admin Console.

• Configuration Type – For application profiles, the configuration type by default is set to Application Profile and for the SDK profile it set to SDK Profile.

• Platform – Select the platform to which the custom application settings are to be deployed. • Root Location Group – Select the root location group from which the application profile is

to be managed. Credentials

• Credential Source – Select None, Upload, or Define Certificate Authority. Authentication

Authentication settings enable you to establish authentication requirements for the application to further secure internal applications that may contain proprietary corporate data. The three authentication options are None, Passcode, and Username and Password.

• None – Select None if no authentication is required to access the application.

• Passcode – Select Passcode to you require a user-‐created passcode to be present on the application in order to open the app.

• Fill in the Passcode requirement fields to establish complexity, length, character, age in days, auto-‐ lock, grace period, and history requirements. All of these additional custom fields are optional.

o Check the boxes to allow or disallow Single Sign-‐On and the use of the same passcode for all applications.

o Maximum number of failed attempts and action of exceeded: Select the maximum failed attempts allowed and then proceed to customize the action taken if the failed

(33)

o Actions if maximum number of failed attempts exceeded. Click Add Action to create custom actions to take place if the number of failed attempts exceeds the specified limit. The options are to Display Message (you can specify a custom message), Lock User, Wipe Application (removes the application from the device), or Restrict Access. o Add as many additional actions as necessary. For example, you may want to both lock

out a user who has exceeded the maximum allowable attempts and display a message to inform the user that the user must contact you for further assistance.

• Username and Password – Select Username and Password from the drop-‐down menu if you require the username and password authentication in order to access the application.

o Specify the grace period (in minutes) until the device locks. o Check the box to allow or deny Single Sign-‐On.

o Select the maximum number of failed attempts and the custom actions to perform if this number is exceeded.

Access Control

Check the boxes to allow or disallow Offline Mode (prohibiting offline access allows for more

continuous compliance checking when the application is active) and specify whether or not to Require MDM Enrollment in order to access the application.

• You can further restrict offline access by entering the maximum number offline uses (when Allow Offline Mode is enabled).

• If Require MDM Enrollment is enabled, you can specify custom actions to be performed in order to notify the user or perform actions if the device is not enrolled.

Compliance

Check the boxes to allow or disallow Compromised devices from accessing the application, and to Prevent restoring backup to another device.

• If either of these compliance options is enabled, you can specify custom actions to be performed in order to notify the user or perform actions regarding the device compliance status.

Branding

Customize the application with corporate or other unique color identifiers.

• Enter the correlating Hex codes in the labeled fields to customize application background colors and text.

Custom

Enter (or paste) XML into the box to further customize the application settings. • When you are finished filling out the application profile fields, click [Save].

(34)

MANAGING APPLE VPP APPLICATIONS

MDM offers a robust solution to Apple Volume Purchase Program (VPP) application management and distribution. The sections below outline how you can leverage this new feature with the capabilities of MDM to easily manage and distribute iOS application orders to the smart device fleet.

The Apple Volume Purchase Program allows businesses and educational institutions to purchase publicly available applications or specifically developed third-‐party applications in volume for distribution to corporate devices.

NOTE: The Apple Volume Purchase Program is currently only available in Australia, Canada, France, Germany, Italy, Japan, New Zealand, Spain, the United Kingdom, and the United States.

The process of deploying applications in volume throughout a business or educational institution with the Volume Purchase Program can be separated into three main components:

• VPP Enrollment – First, businesses and education institutions must enroll in the program and verify with Apple that they are a valid business or institution.

o To register for the VPP, navigate to http://www.apple.com/business/vpp for businesses, or to http://www.apple.com/itunes/education for education institutions.

o More information regarding the Apple Volume Purchase Program, how it works, and program prerequisites can be found at the links above.

• App Purchasing – Once enrolled in the Volume Purchase Program, businesses and educational institutions can purchase applications in bulk through the Volume Purchase Program Website at https://vpp.itunes.apple.com/us/store.

o Log in with the VPP Apple ID created during the enrollment process.

o Find applications, define the quantity and purchase with a corporate credit card. • App Deployment – Once applications have been purchased, they can be distributed throughout

a smart device fleet through the use of redemption codes. For each application purchase, there is an associated redemption code for end-‐users to redeem a single copy of the application.

o These redemption codes are managed through a Redemption Code Spreadsheet available at the Volume Purchase Program Website. This spreadsheet contains details such as the redemption code, redemption status and most importantly, a redemption URL that an end-‐user could use to automatically validate the code and install the program through the App Store.

It is during this final step, App Deployment, that Mobile Device Management can be leveraged to enhance management and distribution to a corporate smart device fleet. For businesses and

educational institutions that do not have any Mobile Device Management capabilities, Apple provides two solutions to deploying redemption URL’s to end-‐users:

• Emailing the redemption URL directly to end-‐users.

(35)

The section below describes how MDM can be leveraged to automate and simplify this application distribution process.

Upload the Apple VPP Redemption Code Spreadsheet to MDM

The first step to manage and deploy VPP Application Orders through MDM is by uploading the Apple VPP Redemption Code Spreadsheet to the Admin Console. The steps listed below outline this process:

1. Navigate to Apps ► Orders to open the Orders page.