MAM Guide v7 0
MAM Guide v7 0
MAM Guide v7 0
Guide
Enable access to public and enterprise apps with AirWatch v7.0
Table of Contents
Introduction to the Mobile Application Management (MAM) Guide
Supported Browsers
Supported Devices
In This Guide
11
12
14
14
Configuring Settings
15
19
19
19
19
21
Notifying End-Users
23
23
25
25
Configuring Settings
25
29
Managing Applications
32
32
32
38
38
40
41
41
42
Mobile Application Management (MAM) Guide | v.2014.01 | January 2014
Copyright 2014 AirWatch, LLC All rights reserved. Proprietary & Confidential.
Page 2
43
43
44
45
46
48
Overview
48
48
49
53
Page 3
Deploying on-the-fly updates that are applied asynchronously and without testing.
Enforcing data-loss prevention to keep your mobile application investments protected and secure.
Distribute, secure and track mobile applications across your mobile fleet with the AirWatchs Mobile Application
Management capabilities directly from the AirWatch Admin Console.
Distribute Applications
l
Secure Applications
l
Track Applications
l
Page 4
Internet Explorer 8+
Firefox 3.x+
Safari 5.x
Comprehensive platform testing has been performed to ensure functionality while using these web browsers. The
AirWatch Admin Console may still function in non-certified browsers with minor performance issues.
Supported Devices
AirWatch supports the following devices and operating systems:
Symbian
Android v2.3+
iOS v3.0+
Windows
Phone
Windows
Phone 8
Windows
8/RT
Deploy Public
Applications
Deploy Internal
Applications
Deploy
Purchased
Applications
Enforce
Application
Compliance
Use the
AirWatch SDK
Use AirWatch
App Wrapping
Reputation
Analysis
*AirWatch supports only unmanaged public applications for Windows 8/RT. The AirWatch Admin Console cannot push
unmanaged applications to devices and it directs end-users to the Windows Store, using the App Catalog, to download
these applications. AirWatch cannot remove unmanaged applications from devices.
Page 5
In This Guide
This document discusses the process of deploying applications to your end-users using the AirWatch Admin Console
from beginning to end. It is divided into the following sections where you will learn about the following processes:
l
Before You Begin Recommended Considerations Details actions and considerations to evaluate prior to
beginning your application management deployment. These actions are not prerequisites, but they can help the
process of uploading and deploying applications smoothly.
For example, register for Apple's Volume Purchasing Program (VPP), create application categories, configure Smart
Groups, and set the AirWatch Application Reputation service.
Deploying Public Applications Recommend public applications to your end-users for work and related use.
Deploying Purchased Applications Manage your purchased applications for Apple VPP to disseminate them to
end-users from the AirWatch Admin Console.
Deploying Internal Applications Upload your own enterprise applications to the AirWatch Admin Console and
provide them to your end-users.
Managing Applications Manage all your applications with actions for feedback, notifications, feedback, version
control, retirement and other management functions.
Enforcing Application Security and Compliance Configure compliance policies for your applications to require
access to mandatory applications and to restrict the use of unauthorized applications.
Deploying an Enterprise App Catalog Deploy an Enterprise App Catalog so your end-users can easily access all of
your deployed applications.
Advanced Application Management Use advanced application management settings to tailor AirWatch
applications for your mobile environment using the AirWatch SDK, injects AirWatch functionality into your
applications without changing code with AirWatch App Wrapping or fine tune all your managed applications with
SDK profiles.
Appendix SDK Profiles, Policies and Settings Compatibility See which advanced application management
settings apply to the various types of applications AirWatch supports.
Page 6
Page 7
3. Select Save.
Page 8
In the Criteria section, select the users and devices or select parameters to add in the Smart Group. Parameters
includeOrganization Group, User Group, Ownership, Platform, Model and Operating System.
You can add and exclude devices and users in the Additions and Exclusions sections.
In the Specific Devices and Users section, search for the device or user. You must add one device or user or you
cannot save the Smart Group.
Page 9
Scanning an Application
You can run a scan when adding a new internal or public application or on an existing one.
Scan a new application
Run a scan on the Reputation tab when adding new public or internal applications. This process is outlined in Managing
Public Applications and Managing Internal Applications.
Scan an existing application
Use the Run Reputation Analysis action from the Applications List View page to scan public and internal applications
already in the AirWatch Admin Console. This process is outlined in Managing Risk with Reputation Analysis.
Page 10
2. Complete the form for a Phone or Tablet with the following information:
l
The Device IDfrom a phone or a tablet is used accordingly to provide the system with access to all apps in
the Google Play Store.
Click Test Connection after filling out the form to see if the system can connect to the Google Play Store
using the supplied credentials.
Page 11
Note: To find the Device ID of your Android device, download the Device ID application from the Google
Play Store.
Basic contact information, such as your business phone number and email address, to verify your business.
Note: Once your enrollment information has been verified, you will create a new Apple IDspecifically for the VPP. This
Apple IDshould not be used for other Apple services, such as the iTunes Store.
Supported
Platform
Public
Purchased
Internal
Asset Tracking
All supported
platforms
Ratings Management
All supported
platforms
Android
Android
Silent Activity
Android
Page 12
Feature
Supported
Platform
Public
Purchased
Internal
Application Compliance
Android, iOS
iOS
Feedback Management
iOS
Application Configurations
iOS
Page 13
Page 14
Install the application using the AirWatch Agent without users having to retrieve the application from the App
Catalog manually.
Configuring Settings
After selecting an application, complete the Add Application page to configure assignment and deployment options.
Most of the application information automatically populates for Apple iOS, Android, Windows Phone 8 and Windows
8/RT devices. Fill in the remaining fields in all four tabs.
Configuring Info
1. Provide the Comments for the application to appear in the Additional Comments tab in the App Catalog.
2. Select as Reimbursable, Not Reimbursable or Undefined to designate whether or not your organization reimburses
end-users for the application, if purchased. A small icon in the AirWatch App Catalog indicates if an application is
reimbursable.
3. Provide a Rating of 1-5 stars for the application.
4. Provide a Category type in the Categories field to help identify how the application can help users. For more
information see Categories.
5. Provide the Default Scheme (iOS only) to indicate the URL scheme for iOS applications.
Page 15
Other iOS applications and web applications can integrate with this application using this scheme. The application
also uses this scheme to receive messaged from other applications and to initiate specific request. The AirWatch
Workspace uses this scheme to launch the application in the Workspace.
Configuring Assignment
1. Select Assigned Smart Groups to deploy the application using Smart Groups or the legacy assignment. Additionally,
create a new Smart Group by selecting Create New Smart Group. For more information about Smart Groups, see
Assigning by Smart Groups.
2. Enable Restrict to Devices Supporting Silent Activity (Android only) to assign this application to those Android
devices that support the Android silent uninstallation feature. The end-user does not have to confirm an
uninstallation when you enable silent activity for a device. This feature makes it easier to uninstall many applications
simultaneously.
Only Android devices in the Smart Group that support silent uninstallation get this application.
3. Select View Device Assignment to see the list of devices available under assigned Smart Groups.
Using Legacy Assignments
You do encounter some instances where you cannot use Smart Groups for your public applications and you must use
your legacy assignment settings. This feature ensures that your public applications do not loose their override settings.
For example, a public application has legacy assignments that are configured at a child Organization Group (OG) and are
set to override the parent OG settings. You cannot assign these applications to Smart Groups unless you change these
override settings at the child level. To change the override settings, click the Edit Legacy Assignment link and change
Override to Inherit.
Important: Before you change override settings, ensure other groups are not affected by these configuration
changes.
Configuring Deployment
Note: AirWatch supports only unmanaged public applications for Windows 8/RT. The AirWatch Admin Console
cannot push unmanaged applications to devices and it directs end-users to the Windows Store, using the App
Catalog, to download these applications. AirWatch cannot remove unmanaged applications from devices.
1. Select Push Mode to determine if the application is installed automatically (auto) or manually (on demand) by the
user when needed.
l
Automatically deploying an application immediately prompts users to install the application on their devices.
Auto is the best choice for applications critical to your organization and its mobile users.
Manually deploying an application allows access and downloads this application, if selected, from an enterprise
application catalog. On Demand is the best choice for applications that are not critical to the organization.
Allowing users to download these applications when they want helps conserve bandwidth and limits
unnecessary traffic.
2. Enable Remove On Unenroll (iOS only) to determine whether the application gets removed when a device is
Page 16
unenrolled.
3. Enable Prevent Application Backup (iOS only) to disallow backing up the application to iCloud. This option stops
end-users from saving different versions of a public application in the iCloud. It helps to keep your organization's
collection of public iOS applications clean and properly versioned.
Note: Although this helps with keeping application versions clean, it can also hinder saving important updates
and data. Ensure you manage these applications so that you do not loose vital data or features.
4. Enable Use VPN (iOS 7+ only) to configure a VPNat the application level. This configures end-users to access the
application using a VPN, which helps ensure application access and use is trusted and secure.
Enable Send Application Configuration(iOS 7+ only) to send application configurations to iOS devices. This feature
allows you to automatically configure managed applications. Users do not have to manually configure these specified
values in the application.
Enter the configuration values as unique keys into the appropriate fields. Supported entries for key/value pairs are
String, Number, Boolean and Date. You can also use Lookup Values when entering the application configurations.
Note: If you make any changes to application configurations, you must re-publish the application to apply the
changes.
5. Example: ABC map application needs to have the DNS server configured in its settings for it to work. You can set
these configurations and send them down to the application so that end-users do not have to enter the DNS server
details in the application.
6. Set if the application was created using the SDK and needs a profile to integrate with AirWatch.
Select the shared or custom SDK profile from the SDK Profile drop-down menu.
Select the certificate profile from the Application Profile drop-down menu so that the application and AirWatch
communicate securely.
7. Click Add Exceptions to quickly deploy public applications to those unusual use cases that can develop within an
organization.
l
Add Criteria for ownership and user groups towhich to apply the specific exceptions.
Enable an Override Value to create specific exceptions to the options located under the Deployment view.
Override Value options vary depending on the platform.
Page 17
Page 18
Page 19
from the Actions menu and then select the Assignment tab.
4. Enter the number of redemption codes that you want to place on hold in the Redemption Codes On Hold field. Use
this field to save the redemption codes for later use.
5. Select Add Assignment By to assign redemption codes to Organization Groups or Smart Groups:
l
Organization Group Allocate redemption codes to an Organization Group and either select All Users to include
all users in that Organization Group or select Selected Users to display a list of users in the Organization Group.
Use the Add and Remove buttons to choose the specific users to receive the application.
Smart Group - Allocate redemption codes to a Smart Group. You can create a new Smart Group, if necessary.
Note: You can apply redemption codes to Organization Groups and to Smart Groups simultaneously.
However, you can only specify the users for Organization Groups of the Customer type. You cannot specify
users for Smart Groups. However, you can edit the Smart Group so that it contains the necessary users.
Verify the information in the following columns for each Organization Group or Smart Group row:
o
Allocated Enter the number of licenses to allocate to the selected users. This entry should not exceed the
Page 20
Redeemed View the number of licenses that have already been redeemed, if any.
6. Select the Assignment Type in the Deployment section. Set it as Auto to push the purchased application to the end
user device automatically or select On-Demand to let the end user install the application on the device. Complete the
following options.
Note: When Assignment Type is Auto, only eligible iOS 5+ devices receive the application automatically.
l
Remove On Unenroll Wipes the application from the device when the device is unrolled from AirWatch Admin
Console.
Note: Removing an application when a device is unenrolled does not recover the redeemed license. When
installed, the application is associated to the user's App Store account.
Prevent Application Backup Prevents backup of application data when an end-user does either a local backup
with iTunes or backs up to iCloud.
Use VPN Configures a VPNat the application level.
Page 21
You can apply an authentication token to only one Organization Group instance. You cannot apply the same
authentication token to another group.
1. Navigate to Groups & Settings All Settings Apps Catalog License Based VPP.
2. Enter a description for the token for your VPP license codes in the Description field.
3. Select Upload to navigate to the SToken on your network.
4. Enable Automatically Send Invite to send invitations to users immediately after you save the token.
You do not have to enable this immediately. You can leave it disabled and still upload your token and then return
when you are ready to send invitations by selecting the (Re)Invite Users option.
5. Save the token and confirm the addition of the token.
The AirWatch Admin Console sends an invitation to join Apple's License Program for VPP applications to all iOS 7+
devices enrolled at the configured Organization Group level and below.
6. Select ReInvite Users to resend invites to iOS 7+ users who did not accept the initial invitation.
7. Select Delete SToken to remove the token from the AirWatch Admin Console.
Syncing Licenses
Add new purchased applications for the VPP account and update licenses for applications already added to the AirWatch
Admin Console under the same VPP account. This procedure makes the VPPapplications available to your iOS 7+
devices. Previous functionality still remains on the Purchased page so you can still access VPPapplications bought using
the order based method from this page.
1. Navigate to Apps & Books Applications List View Purchased.
2. Select Sync Licenses. This adds VPP applications bought using license codes and those applications that were
originally bought using the redemption codes but were re-bought under the license based method.
from the Actions menu and then choose the Assignment tab.
4. Enter the number of license codes that you want to place on hold. Use this field to save the license codes for later
use.
5. Select Add to assign license codes to Smart Groups. You can create a new Smart Group, if necessary.
l
Redeemed View the number of licenses that have already been redeemed, if any.
Page 22
6. Deployment Select the Assignment Type as Auto to push the purchased application to the end user device
automatically or select On-Demand to let the end user install the application on the device. Complete the following
options.
Note: When Assignment Type is Auto, only eligible iOS 5+ devices receive the application automatically.
l
Select the Remove On Unenroll check box to wipe the application from the device when the device is unrolled
from Admin Console.
Select Prevent Application Backup to prevent backup of application data when an end-user does either a local
backup with iTunes or backs up to iCloud.
Select Use VPN to allow deployment over virtual private networks.
Notifying End-Users
After you allocate VPP application licenses, you can notify end-users that the application is available to download. By
default, AirWatch is configured to send an email to end-users. However, you can create custom Purchased Application
Messages or enable SMS and push-based Purchased Application Messages.
1. Create a Message Template. For instructions on how to do this, see Creating Custom Notifications for Applications.
2. Navigate to Apps & Books Applications List View Purchased. Locate the specific application about which you
want to notify end-users.
3. Use the Actions menu
Page 23
Edit an assignment.
Delete an order
Navigate to Apps & Books Orders Products. From the Products view you can:
l
Edit an assignment.
Publish an application.
Delete an application.
Navigate to Apps & Books Orders Redemption Codes. From the Redemption Codes view of the AirWatch Admin
Console you can access the following order based method information:
l
Identify and send a message to users who have installed or not yet installed the application from the AirWatch Hub.
Page 24
You can also provide an external application repository link hosting the application file. For iOS applications, you may
have to provide a Provisioning Profile, which can be obtained from your developers.
If you opt to use an external application repository link, then you can set the credentials used to authenticate with
the repository by navigating to Groups &Settings All Settings Apps Catalog External App Repository and
entering the credentials. Your AirWatch environment must be integrated with the Mobile Access Gateway (MAG).
Note: Files for Windows 8/RT must work for all three processors, ARM, x64 and x86.
3. Select Continue and configure options for the internal application.
Configuring Settings
From the Add or Edit Application page, configure assignment and deployment options for the internal application.
Most of the application information automatically populates for Apple iOS, Android, Windows Phone 8 and Windows
8/RT devices. Fill in the remaining fields in all the tabs.
Page 25
Configuring Info
1. Enter version information to help organize versions so the mobile fleet uses the applicable one to perform tasks.
2. Enable if the application is a beta version using the Is Beta option.
3. Add comments to the Change Log field to keep notes on changes between versions.
4. Provide a Category type in the Categories field to help identify how the application can help users. For more
information see Categories.
5. Provide the Default Scheme (iOS only) to indicate the URL scheme for iOS applications.
Other iOS applications and web applications can integrate with this application using this scheme. The application
also uses this scheme to receive messaged from other applications and to initiate specific request. The AirWatch
Workspace uses this scheme to launch the application in the Workspace.
Uploading Images
Upload images of the application that end-users view in the App Catalog before installing the application to their device.
Page 26
Uploading Files
Automatically populates Application file/Provisioning profile information required for messaging functionality and
access control. You need to enable/disable other options accordingly. For example, if the application supports Apple
Push Notifications Services (APNs), you must upload either the Development or Production APNs Certificate.
A provisioning profile for iOS authorizes developers and devices to create and run applications built for iOS devices. For
an internal iOS application to work in AirWatch, every device that runs the application must also have the provisioning
profile installed on it. When using provisioning profiles, ensure you upload the profile that was generated for the
application you are uploading and that the profile is not expired.
Note: You can use the default developer certificate for Windows 8/RT applications or you can override this option and
upload a custom developer certificate.
Configuring Wrapping
Enable App Wrapping to associate extra security and management features to an existing application and then to redeploy it to an application store.
You must assign an App Wrapping profile in the App Wrapping Profile option to the application in order for your
application to use the extra features. For more information about the AirWatch App Wrapping feature, see the
AirWatchAppWrapping Guide.
Note: For iOS applications, you also need to upload a Provisioning Profile and a Code Signing Certificate. Get both of
these from Apple.
Configuring Assignment
1. Assign the application to a group of devices by selecting an existing Smart Group or by creating a new Smart Group.
Add multiple Smart Groups at a time to tailor the application's deployment.
2. Enable Restrict to Devices Supporting Silent Activity (Android only) to assign this application to those Android
devices that support the Android silent uninstallation feature. The end-user does not have to confirm an
uninstallation when you enable silent activity for a device. This feature makes it easier to uninstall many applications
simultaneously.
Only Android devices in the Smart Group that support silent uninstallation get this application.
3. Select View Device Assignment to see the list of devices available under assigned Smart Groups.
Configuring Deployment
Configure the deployment details of the application in terms of how the application is made available, during which times
and if the application will be removed if the device is unenrolled. If the application uses the AirWatch SDK then enable this
Page 27
option and provide the SDK Profile and Application Profile. You can also create exceptions based on User Groups and
Device Ownership types.
1. Select Push Mode to determine if the application is installed automatically (auto) or manually (on demand) by the
user when needed.
l
Automatically deploying an application immediately prompts users to install the application on their devices.
Auto is the best choice for applications critical to your organization and its mobile users.
Manually deploying an application allows access and downloads this application, if selected, from an enterprise
application catalog. On Demand is the best choice for applications that are not critical to the organization.
Allowing users to download these applications when they want helps conserve bandwidth and limits
unnecessary traffic.
2. Enter a date and time for the Effective Date option to configure when the App Catalog makes this application
accessible.
3. Enter a date and time in the Expiration Date option to configure when the App Catalog removes the availability of
this application.
4. Set if the application was created using the AirWatch SDK and needs a profile to integrate with AirWatch.
Select the shared or custom SDK profile from the SDK Profile drop-down menu.
Select the certificate profile from the Application Profile drop-down menu so that the application and AirWatch
communicate securely.
5. Enable Remove On Unenroll (iOS only) to determine whether the application gets removed when a device is
unenrolled.
6. Enable Prevent Application Backup (iOS only) to disallow backing up the application to iCloud. This option stops
end-users from saving different versions of a public application in the iCloud. It helps to keep your organization's
collection of public iOS applications clean and properly versioned.
7. Enable Use VPN (iOS 7+ only) to configure a VPNat the application level. This configures end-users to access the
application using a VPN, which helps ensure application access and use is trusted and secure.
8. Enable Send Application Configuration(iOS 7+ only) to send application configurations to iOS devices. This feature
allows you to automatically configure managed applications. Users do not have to manually configure these specified
values in the application.
Enter the configuration values as unique keys into the appropriate fields. Supported entries for key/value pairs are
String, Number, Boolean and Date. You can also use Lookup Values when entering the application configurations.
Note: If you make any changes to application configurations, you must re-publish the application to apply the
changes.
9. Click Add Exceptions to quickly deploy public applications to those unusual use cases that can develop within an
organization.
l
Add Criteria for ownership and user groups to which to apply the specific exceptions.
Page 28
Enable an Override Value to create specific exceptions to the options located under the Deployment view.
Override Value options vary depending on the platform.
Description of Responsibility
Developer
Is responsible for developing internal applications and revising them based on the analysis of
performance and feedback provided by reviewer, publisher or sponsor. Once the application is ready
to go out to end-users, an administrator uploads the application to the AirWatch Admin Console.
Reviewer
Is responsible for reviewing a new application created by developer, and assigning it an appropriate
description, screen shots, and Terms of Use. Reviewer also looks at the change log provided by the
developer for the application to determine if the application is eligible for promoting to assignment or
needs rework. From the Edit Application area of the Application page, the Reviewer can review the
application's description and change log, reject the application back to the developer and submit the
application for assignment. Submitting the application pushes the status to To Be Assigned status.
Assigner
Is responsible for assigning the application to Smart Groups and promoting it to a full rollout based on
whether the application meets the required criteria. The assigner makes recommendations to the
publisher accordingly. From the Edit Application area of the Application page, the Assigner can
review application settings and descriptions, configure Smart Group and device assignment settings
Page 29
Admin Role
Description of Responsibility
and submit the application for publishing. Submitting the application pushes the status to Ready for
Publishing status.
Publisher
Is responsible for reviewing the assignment criteria for application configured by the assigner and
determines whether the right set of devices is receiving the application. The publisher can also
republish the application to devices that were assigned but have not installed the application. From
the Publish area of the Application page, the Publisher can review application settings and
descriptions, review or alter assignment configuration and publish the application to all assigned
users.
Page 30
Add Application
Review Application
Assign Application
Publish Application
3. Select the Role to define the admin role to perform the workflow action.
4. Select a message template to notify users within the role when an application becomes available for performing the
workflow action.
Page 31
Managing Applications
Managing Applications
From the Applications List View page, you can view all the applications that you manage in the AirWatch Admin Console
and push applications to devices over-the-air. This page provides you with a detailed list of all the internal, public, and
purchased applications for the specified Organization Groups or Child Organization Groups.
App Type Filter based on whether a purchased app is a public or custom B2Bapp.
Page 32
Managing Applications
file.
Delete (Jump to) Removes the application from devices and from the AirWatch Admin Console.
View Provides detailed information about a public or internal application.
Edit Assignment (Jump to)Edits settings of an application to exclude or include specific devices via Smart
Groups. For purchased applications, this action's icon is
which lets you allocate available redemption codes.
See Assigning and Publishing Redemption Codes for more information.
Add Version (Jump to) Updates your internal application with a new version.
Retire Removes an internal application from all managed devices. If an older version of the application exists in
the AirWatch solution, then this older version is pushed to devices.
View Analytics Exports the analytics for internal applications that use the AirWatch Software Developers Kit
(SDK).
View Logs (Jump to) Downloads or deletes log files for an internal SDK application.
View Other Versions Shows previous versions of an internal application that were added to the AirWatch Admin
Console.
Run Reputation Analysis (Jump to) Requests the AirWatch App Reputation cloud service to run a Reputation
Analysis scan on an application.
Notify Devices Sends a notification to devices with information about a purchased application. For more
information, see Creating Custom Notifications for Applications.
Managing Devices
Use the Manage Devices option to control devices assigned to public and internal applications, either assigned
individually or as members of a Smart Group. From this screen, you can install, remove and notify end-users about
applications.
1. Navigate to Apps &Books Applications List View and select either the Public or Internal tab. Select the Manage
Devices icon ( )from the actions menu for the application row you want to manage devices for.
Alternatively, you can select one of the links (represented as #/#/#) for the row in the Not Installed / Installed /
Assigned column (
).
The Manage Devices page displays. From here, you can perform three actions:
Install Installs the application to devices.
Remove Removes the application from devices.
Notify Notifies devices about the application. Settings include email, SMS, push and message template options for
sending messages to devices.
2. Perform these actions using one of these two methods:
l
Select the check boxes for the devices you want to manage and then select either Install On Selected, Remove
From Selected or Notify Selected.
Note: If the list is long and continues to another page, ensure to perform the action for the current page.
Settings are not saved when you move to another page.
Page 33
Managing Applications
Select Install On Listed , Remove From Listed or Notify Listed to perform the action for every device listed. You
can filter the list of devices using the Status drop-down menu. Enabled check boxes have no affect with this
method.
Request Feedback Initiates a command to the device to retrieve the feedback from its location in the application on
the device.
Clear Feedback Initiates a command to clear data in the directory where the feedback is stored in the application
on the device.
View Feedback Displays the View Feedback page. Use the View Feedback page to download and delete feedback.
Download the file as a .zip file. Deleting the feedback from this page, deletes it from the AirWatch Admin Console.
Managing Ratings
AirWatch lets you view feedback in the form of user ratings and comments for individual applications from users on the
internal, public and purchased applications published to their devices. This also allows you to make future decisions
related to the specific application. For example, redeploying the application with better capabilities, rolling out the
application to more users, or scrapping specific features because the users did not find any value in them.
Viewing User Ratings and Comments
1. Navigate to Apps & Books Applications List View Public, Internal or Purchased.
2. To access the rating comments, select User Ratings from the Actions menu. The number of ratings (star icons)
indicates the average/effective rating. The User Rating indicates the number of users who provided the ratings for
the application and is used to calculate the effective rating.
l
Individual Entries Entries include the individual rating, any comments, when the rating was created and the
user who created the entry.
Note: You can edit Ratings for Public applications. To edit, select Edit from the Action menu on the Public
application page and enter the number of stars (none through five) in the Rating field.
Page 34
Managing Applications
Managing Deletions
Deleting applications can take two steps depending on if the application is assigned to devices and the type of application
it is.
Deleting Public and Internal Applications
1. Select the application you want to delete.
2. Click the Delete option from the Actions Menu to uninstall the application from devices to which you assigned it. The
application is still part of your application repository in the AirWatch Admin Console.
Note: If the application is not assigned to devices, then clicking the Delete option one time removes the
application from the AirWatch Admin Console. You do not have to use Delete twice.
3. Select the application and click the Delete option from the Actions Menus again. This action completely removes the
application from AirWatch Admin Console.
Deleting Purchased Applications
1. Select the application you want to delete.
2. Click the Delete option from the Actions Menu. This action removes the purchased application off of devices to which
it has been assigned and it removes it from the AirWatch Admin Console.
Note: Unlike Public and Internal applications, clicking Delete once removes the application from devices and the
AirWatch Admin Console.
Deleting, Deactivating and Retiring
The options to deactivate, delete and retire might seem similar but they have different capabilities that help you to
manage your applications in certain situations.
Deactivate Deactivating an application removes the application and all versions of the application from devices it is
assigned to but it does not delete it from your application repository in the AirWatch Admin Console.
l
When to use Your organization does not want end-users accessing an application during a certain time but
otherwise, the application is useful. You can deactivate the application and all versions during the specific time and
easily reactivate it when appropriate.
Delete Deleting an application erases the application from devices and from the AirWatch Admin Console.
l
When to use Your organization no longer wants an application in its repository and it does not want end-users
accessing it for work purposes. Delete the application from devices and from the AirWatch Admin Console.
Retire Retiring an application removes the application from the devices it is assigned to; however, if there is an earlier
version of the application, then that earlier version is pushed to devices.
Page 35
Managing Applications
When to use A new version of an application has several bugs and is causing end-users productivity. The previous
version worked fine for your organization. You can retire the current version of the application and the AirWatch
Admin Console pushes the previous version to devices.
You can leverage the application management tools in AirWatch to manage different versions of the same Internal
application. This feature is especially useful for application testing as you may wish to upload a beta version of an
application update to deploy to specific users for testing purposes while still deploying the current version of the
application to all other users. Once the testing is complete, you can replace the existing version of all devices with the
newest version of the application.
To add a version of an internal application:
1. Select Add Version for the application from Actions menu.
2. Upload the updated application file.
3. Retire the older version if you want to at this time using the Actions menu.
Note: If you do not want to immediately retire the previous version of the application you have the option to do
so at a later time.
4. Review version information and specify application settings, if they differ.
5. Click Save to save the application.
Download/ Delete Selected Downloads or deletes the logs selected using individual check boxes or the main check
box .
Note: If the list is long and continues to another page, perform the action for the current page. Settings are not
saved when you move to another page.
Page 36
Managing Applications
Download/ Delete Listed Downloads or deletes the logs in the list. You can filter the list using the Log Type and
Level drop-down menus. Enabled check boxes have no affect on this function.
Page 37
Blacklisted applications such as common games and other bandwidth intensive applications.
Required applications such as the AirWatch Agent, Secure Browser and Secure Content Locker.
Page 38
List tab:
o
Select Type as Whitelist, Blacklist, Required or MDM Application. On selecting the Type, the Name field gets
automatically populated.
Note: Select MDM Application for custom MDM applications.
Enter the Application Name and the Application ID. The Application ID automatically completes when you use
the search function to search for the app from an app store.
Select Add Application to add multiple applications and then click Next to navigate to the Assignment tab.
Assignment tab:
o
Select the Organization Group and User Group for the Application Group to be assigned to and then click Finish
to complete the process.
Page 39
Note: AirWatch does not remove custom MDM applications when the Compliance Engine detects a non-compliance
status on the device.
To enable this feature, perform the following steps at the applicable Organization Group:
1. Navigate to Groups & Settings All Settings Devices & Users General Enrollment.
2. Select Customization.
3. Enable Use Custom MDM Applications.
Send a push notification to the user prompting them to remove the application.
Remove certain features such as Wi-Fi, VPN or Email profiles from a device.
Send a final email notification to the user copying IT Security and HR.
Follow the steps below to build an application compliance policy to perform an action on the device:
1. Navigate to Devices Compliance Policies List View. Select Add.
2. Select Application List on the Rules tab. For the Contains drop-down, select whether this rule will be for detecting a
whitelisted or blacklisted application, or the absence of a required application or app version. Define the other
conditions to complete the rule:
l
Actions Set escalating actions to perform if a user is not in compliance with an application-based rule. For
example, you could send a message to users with blacklisted applications informing them to uninstall the
application or else risk losing access to corporate applications.
Page 40
Assignment Set the assignment criteria for this rule. For example, you can specify particular platforms and
models, or you can apply the rule to certain Organization Groups.
Summary Name the rule and give it a brief description.
Page 41
deployed down to them, but are unable to download any other applications from iTunes. For example, end-users are
able to install and uninstall business-related applications made available in the App Catalog, but won't be able to install
games, social media applications or previous versions of applications from the AppStore.
To enable Restricted Mode for iOS Applications:
1. Navigate to Groups & Settings All Settings Apps Catalog App Restrictions.
2. Enable Restricted Mode for Public iOS Applications.
Note: This option restricts the device by allowing you to install only the assigned applications from the iTunes App
Store. Enabling the above setting automatically sends a restricted profile to the iOS devices. The presence of this
restricted profile does not require configuring any additional restriction profiles to block the App Store.
The AirWatch Hub Use the Compliance and Apps sections for tracking. The Hub is found at the top of the Main
Menu.
o
Compliance section The Compliance section provides a condensed summary on devices with blacklisted apps
and devices without required apps.
Apps section The Apps section provides a condensed summary of devices without the latest application
version. It also provides a list of most generally installed applications. In addition, the App view also provides
information on compliant applications, top installed/least installed, top rated/bottom rated and their
installation percentage, health (the most crashed and those with the most errors), and size.
Devices Details View Shows the list of installed applications along with the status, name, type, version, identifier
and size. To find the Devices Details View, select Devices from the Main Menu, choose the List View, click on the
device for which you want the details and finally select the Apps tab for that device.
Reports And Analytics The All Reports tab provides you with actionable, result-driven statistics.The Application
Compliance report provides a way for tracking the devices that do not have the latest version of applications. To find
Reports and Analytics, navigate to Hub Reports And Analytics Reports List View All Reports.
Page 42
Receive notifications on application updates for both managed and unmanaged applications.
View overall rating for the applications based on ratings provided by other users and view specific comments
provided by other users.
View application status whether an application is Not Installed, Installed, Needs Update or is Blocked.
Require Encrypted Uid Requires the encryption of communications with the App Catalog through the URL
when using a devices profile to configure and push your App Catalog. If devices do not use an encrypted URL link
to access your App Catalog when this is enabled, then devices cannot access your App Catalog.
Note: This option only affects App Catalogs that you push using a separate devices profile. If you are pushing
your App Catalog automatically using the Publish App Catalog option on the Publishing tab, then the App
Catalog UID is always encrypted and you do not need to set this option.
Page 43
Require Authentication for App Catalog Requires users to log in with their username and password before
they can access the App Catalog.
Keep User Signed In Keeps users signed in and does not require them to log in each time.
Reauthenticate After (Days) Requires users to authenticate (log in) after a set number of days.
Default Tab Sets the default tab that displays when the App Catalog launches.
Publish App Catalog Publishes the App Catalog for iOS, Android and Windows 8/RT devices in the currently
selected Organization Group.
Note: This option automatically pushes the App Catalog to devices upon enrollment.
Page 44
Page 45
To activate the public or internal application, access the SDK-created application in the App Catalog. Before the
application opens, it prompts you to activate it. By clicking the activation button, the application opens on the device
and begins communication with AirWatch.
Featured Displays applications and categories you set as featured. This tab, with the help of your application
categories, gives special applications up front real estate and helps draw your mobile fleet's attention to these
applications.
Public Displays the public applications available for download to the device. Users can also update their public
applications from this tab. Prices display on this tab for those public applications that are not free.
Purchased Displays the purchased applications your organization buys through the Apple VPP. Users can
download these applications and they can also update their existing versions. If you do not use the Apple VPP, then
this tab does not display.
Web Displays those applications you pushed to devices using a device profile, either a Bookmark (Android) payload
or a Web Clip (iOS) payload.
o
Bookmarks Enable the Show in App Catalog / Workspace check box in an Android Bookmarks device profile.
Web Clips Enable the Show in App Catalog / Workspace check box in an iOS Web Clips device profile.
Internal Displays internal applications your organization created for use. Applications you created using the
AirWatch SDK or that you have wrapped with the AirWatch App Wrapping feature can display on this tab.
Description Displays a brief explanation concerning the application and can link the user to more information
about the application. It displays new versioning details, contains screenshots and can lists prices, if applicable. All
this information you can configure in the AirWatch Admin Console when you upload and push applications.
Ratings Displays reviews for the application from other users and lets users write and add their own views about
the application. You can manage ratings in the AirWatch Admin Console for all three types of applications, public,
purchased and internal.
Available Actions
Use the action icons in the App Catalog to view the following information:
Page 46
Takes you to the homepage to view the default tab and other available application tabs.
Displays the blacklisted applications detected on the device.
Displays available updates for installed applications.
Displays featured and available categories and lets you filter applications to display applications in a specific
category.
Other actions you can perform from the App Catalog include installing and uninstalling applications from devices using
the applicable buttons. You can also search for applications in the App Catalog using the Search field.
Page 47
App Wrapping
l
User Authentication
Compromised Status
User authentication
Certificates
Compromised status
Geofencing
App Restrictions
Branding
Analytics
Logging
Reporting
Custom Settings
For more information on these advanced security and configuration features, see:
l
AirWatch SDKGuides
Page 48
For Android applications, select the Android Default Settings @ [Organization Group].
For iOS applications, select the iOS Default Settings @ [Organization Group].
Custom SDK Profile For Android and iOS applications, select the applicable legacy or custom profile.
Page 49
Note: For information about Single Sign On for iOS 7 using Kerberos authentication, refer to the AirWatch iOS
Platform Guide.
4. Enable Integrated Authentication to allow access to corporate resources, such as content repositories, through the
AirWatch Workspace using corporate credentials. These credentials are not the same as the AirWatch SSO
credentials.
Enter systems in the Allowed Sites field if you want to restrict AirWatch Workspace access to a specific set of sites.
This feature ensures that AirWatch does not expose credentials to non-trusted resources.
Note: Integrated Authentication works only in the AirWatch Browser at this time.
Page 50
5. Select Offline Access to allow access using the SSO identity to applications when the device is offline. Choose an
acceptable timeframe for offline access before the device re-authenticates to the network and applications. Devices
should return online periodically so the system can check device compliance and security status.
6. Enable Compromised Protection so that the AirWatch Admin Console blocks access if the device is compromised.
7. Enable App Tunnel to allow an application to travel through a VPN or reverse proxy to access internal resources,
such as a SharePoint or intranet site. Select the App Tunnel Mode.
Enter domains in the App Tunnel Domains field.
Note: Enter domains to route through the App Tunnel. All traffic not listed here, goes directly to the Internet. If
nothing is listed here, all traffic directs through the App Tunnel.
8. Enable Geofencing to restrict access to applications depending distances set in Geofencing settings in the AirWatch
Admin Console. Set Geofencing in Device Profiles Settings Geofencing.
9. Enable Data Loss Prevention to protect sensitive data in applications. This setting controls copying and pasting,
printing, taking pictures and screen captures, using Bluetooth and adding watermarks to documents in the Secure
Content Locker (SCL).
When you enable the use of a watermark, enter the text in the Overlay Text field that displays after you select to
Enable Watermark.
Note: The SCL has a preconfigured way of applying the watermark and you cannot change the appearance of the
watermark from the AirWatch Admin Console at this time.
Limit Documents to Open Only in Approved Apps Controls the applications used to open resources on devices.
Enter the allowed applications in the Allowed Applications List field.
10. Enable Network Access to allow applications to access the mobile network. Control the type of network, cellular or
Wi-Fi, and control the Service Set Identifiers (SSIDs) in the Allowed SSIDs field.
Configuring Settings
Configure Settings to set options for behaviors and customization of AirWatch applications.
1. Navigate to Groups & Settings All Settings Apps Settings and Policies Settings.
2. Enable Branding to apply branding configurations in the AirWatch Admin Console to applications.
3. Enable Logging to record log files concerning application processes and set the Logging Level. Logging level severity
from least to wors are ordered as Debug, Information, Warning and Error. Also choose to enable Send Logs Over
WiFi Only to help control traffic when devices connect to WiFi networks.
The AirWatch Admin Console reports the messages that match the configured logging level plus any logs with a
higher critical status. For example, if you set the logging level to Warning, messages with a Warning and Error level
display in the AirWatch Admin Console.
4. Enable Analytics to capture application data for use in business intelligence systems and data marts.
5. Enable Custom Settings to add XML code for custom processes and apply them to applications.
Page 51
Configuring Profiles
Use these options to create and apply custom controls to SDK and App Wrapped applications. Most of the settings in the
Profiles section mirror the options in Security Policies and Settings. These settings are also explained in the applicable
SDK and App Wrapping Guides.
Page 52
Note: You can continue to use legacy profiles to control the behaviors of your AirWatch applications. You are not
restricted to using shared SDK and custom SDK profiles at this time.
View the available shared SDK configurations with secondary options in the table and see if they are applicable to the
platform-specific AirWatch application.
Page 53
App Wrapping
UI Label
Workspace
AirWatch
Browser
iOS
Android
iOS
Android
iOS
Android
iOS
Android
iOS
Android
Enable
Toolbar Color
Primary Color
Secondary Color
Background Image
(iPhone)
Background Image
(iPhone High Res)
Background Image
(iPad)
Background Image
(iPad High Res)
Background Image
(iPhone 5 High Res)
Background Small
Background Medium
Background Large
Background XLarge
Organization Name
Enable
Logging Level
Enable
Authentication: Single
Enable
Sign-On
Branding
Logging
Analytics
Page 54
SDK
Authentication:
Passcode
Compromised
Protection
Offline Access
App Tunnel
App Wrapping
UI Label
Workspace
AirWatch
Browser
iOS
Android
iOS
Android
iOS
Android
iOS
Android
iOS
Android
Enable
Allowed sites
Passcode Mode
Minimum Passcode
Length
Minimum Number
Complex
Characters
Maximum
Passcode Age
Passcode History
Maximum Failed
Attempts
Passcode Timeout
Replaces
Replaces
application application
settings
settings
Enable
Enable
Maximum Period
Allowed Offline
Enable
App Tunnel
Domains
Enable
Replaces
Replaces
application application
settings
settings
Replaces
Replaces
application application
settings
settings
Replaces
Replaces
application application
settings
settings
Data Loss
Prevention
Printing
Page 55
SDK
AirWatch
Browser
Android
iOS
Android
iOS
Android
iOS
Android
iOS
Android
Open Documents
in Approved
Applications
Allowed
Applications
Enable
Cellular Connection
Wi-Fi Connection
Allowed SSIDs
Enable
Areas
Enable
Custom Settings
XML entries
Geofencing
Custom Settings
Workspace
iOS
Watermark
Network Access
Control
App Wrapping
UI Label
* This option is supported but is not configured using Settings and Policies.
Page 56