App Management is one of the complex task, in managing a mobile device. Every user brings in a lot of apps to the enterprise, which could cause a serious threat to data security. Mobile device management is always incomplete if administrators are unable to check the usage and authenticity of the apps that are used in the network. Using Mobile Device Manager Plus, system administrators can have a complete control over the apps that are installed in the managed mobile devices. This document will explain you on the following:
Mobile Device Manager Plus helps administrators to categorize apps as blocklisted and allowlisted, to manage them. If the usage of a specific app is supposed to be restricted in the corporate network, then that app can be marked as blocklisted. Every managed mobile device will be scanned periodically and all the apps that are detected will be classified into blocklisted and allowlisted apps. Administrator can Allowlist apps, which means these apps can be used in the enterprise.
Apps can be blocklisted automatically or manually. Administrators can mark all the newly detected apps as blocklisted, which means all the apps that are newly detected on the managed mobile device will automatically be marked as blocklisted, except for the allowlisted apps. So, every time a new app is discovered, it will be listed under blocklisted apps. Administrators choose to mark all newly detected apps as allowlisted, in that case, they can manually select the apps and Blocklist them.
Administrators can perform various actions on the blocklisted apps, which includes warning the end users through email, disabling the app, or uninstalling the app silently. These actions will differ based on the operating system. Actions performed on the blocklisted apps will be applicable for apps that are manually marked as blocklisted and all the apps that are newly discovered as blocklisted.
Blocklisted Apps on iOS, Android and Windows devices
When a blocklisted app is discovered on an iOS / Android /Windows device, then administrators can warn the end users through email to remove the blocklisted apps. Administrators can specify how many times, should the end user be warned. Warning emails will be sent once in every 24 hours. If the end user fails to remove the blocklisted app after the specified number of warnings, then Administrator will be notified by email everyday until the blocklisted app is removed from the managed mobile device. Administrator can then decide to revoke the corporate access for the specific user or force the user to remove the blocklisted apps.
Blocklisted Apps on SAFE and KNOX devices
Administrators have enhanced control over the SAFE and KNOX devices, which enables them to perform various operations like uninstalling or disabling the blocklisted apps. If a blocklisted app is discovered on a SAFE device or KNOX device/container, administrator can force uninstallation or disable the app without the user's intervention. Apps once uninstalled cannot be revoked or installed by the user until the app is marked as allowlisted by the administrator. If an app is disabled, then the app will become inactive for the end user, user will not be able to use the app. Administrator has to mark the app as allowlisted to enable the app. Follow the steps mentioned below to configure actions that need to be performed on blocklisted apps for SAFE and KNOX devices:
On the web console, under Inventory select Apps
Specify the number of days, for the end user to be warned. Emails with the warning message will be sent to the end users, once in a day.
Configure the mail that needs to be sent to the end user after performing the specified action.
Specify the administrator's email address to which the mail notifications need to be sent.
Click Save to save the changes.
If you have chosen to uninstall the blocklisted apps and the settings to manage apps is configured to mark all newly discovered apps as blocklisted, then all the apps that are newly discovered in the SAFE and KNOX devices will be uninstalled automatically. Uninstalled apps cannot be revoked. |
What will
happen if the action to be performed on blocklisted apps is changed
from uninstall to disable?
If the action to be performed on blocklisted apps is changed from uninstall
to disable, then all the subsequently discovered blocklisted apps
will be moved to a disable state. User will not be able to use the
blocklisted apps. If the user tries to install a new app which has
been blocklisted by the administrator, then the app installation will
be succeeded but the app will be in disabled state.
What will
happen if the action to be performed on blocklisted apps is changed
from disable to uninstall?
If the action to be performed on blocklisted apps is changed from disable
to uninstall, then all the apps that has been disabled will be uninstalled
from the mobile device. End user will be not allowed to install any
apps that are marked as blocklisted by administrators. Apps that are
uninstalled cannot be revoked or installed again until the administrators
mark the app as allowlisted.
What will
be the behavior, if you have set to mark all newly discovered apps
as blocklisted and the action on discovering a blocklisted app as
"Uninstall"?
If the default app management settings is configured to mark all the
newly discovered apps as blocklisted and the Action is set to uninstall
the blocklisted apps on SAFE and KNOX devices, then all the newly
discovered apps in the network, which are not allowlisted be uninstalled
automatically.
See Also: | Configure Mobile Device Manager Plus, Device Enrollment, Location Tracking,App Management, Profile Management, Asset Management, Security Management , Reports |