App Permissions and Configurations
Customizing an app to cater to the needs of your organization can now be done seamlessly using MDM. Android Enterprise supports modification of any permission or configuration, designated to an app.
Learn how to install Play Store and Enterprise apps silently on Android devices from here
App Permissions
Many apps request for different permissions to access various functionalities on the device, for example Contacts, Camera, Local Storage, etc. You can manage these permissions requested by an app, using MDM. The permissions(accessing Local Storage, Contacts etc.,) can be enabled/disabled or can be user-controlled. This ensures that confidential data stays protected. This is supported for Samsung devices running Android 6.0 and above, and for Non Samsung devices that are provisioned as Device Owner/Profile Owner.
Follow the steps below to modify app permissions.
- Click Device Management in MDM MSP Web Console.
- Click App Repository and select the app whose permissions are to be modified.
- Click the Permissions tab and modify the permissions.
- Click Save to finish.
App Permissions for Enterprise apps
For enterprise apps, on uploading the .apk file to the App Repository, if app permissions are supported for the app, 'Permissions' tab will be displayed. If this tab is not available, it indicates that app permissions are not supported for the selected enterprise app. Contact the app developer to provision app permissions.
If you cannot pre-configure the enterprise app permissions, check if the permissions required are provided in the .apk file. Manually install the .apk file on the device and then navigate to Settings -> Apps -> App name -> Permission and check if the permissions are listed. If they are not listed in the Settings app, the permissions tab will also not be displayed on MDM server.
App Configurations
You can configure the app to suit the needs of your organization and to ensure the apps are pre-configured before they get distributed to devices. This saves time as for both users who needn't configure the app after installation and the admins who can configure the app once and distribute it to multiple users.
Follow the steps below to modify app configurations.
- Click Device Management in MDM MSP Web Console.
- Click App Repository and select the app whose configurations are to be modified.
- Click the Configurations tab and modify the configurations.
- Click Save to finish.
NOTE: Only if the app is provisioned with configurations by the app developer(s), can the configurations be modified using MDM.
To meet the needs of your organization, you can create app configurations for applications. A few examples of apps that support app configurations are:
- Microsoft Outlook
- IBM Verse
- Imprivata Cortext
- Mattermost
The app whose configurations can be modified can be identified by the text This app offers managed configuration, present below the app on the approval screen.
App Configurations for Enterprise apps
For enterprise apps, on uploading the .apk file to the App Repository, if app configurations are supported for the app, 'Confiurations' tab will be displayed. If this tab is not available, it indicates that app configurations are not supported for the selected enterprise app. Contact the app developer to provision app configurations.
NOTE: Regular permissions provisioned in the app can be availed by managing app permissions from the MDM server. Certain permissions have to be enabled/disabled by the user on the device. The user can select the app, and enable or disable the required permissions. For example, optimizing the battery usage or managing local storage in Samsung devices.
Dynamic Variables
You can use dynamic variables to ease the process setting up App Configurations. You can use dynamic variables to set up App Configurations for the first time before distributing it to devices/groups. Dynamic variables automatically prefetch the required data from enrollment information, thus easing the process for IT admins. The following dynamic variables are supported in MDM:
- %username% - Fetches the user name of the device user.
- %upn% - Fetches User Principal Name(UPN) associated to the user.
- %email% - Fetches the e-mail address of the user.
- %udid% - Fetches the UDID associated with the device
- %imei% - Fetches the IMEI number associated with the device
- %serialnumber% - Fetches the serial number associated with the device
- %devicename% - Fetches the name associated with the device
- %domainname% - Fetches the org domain, of which the user is a part of.
- %apn_username% - Fetches the APN user name of the user.
- %apn_password% - Fetches the APN password of the user.
- %easid% - Fetches the EAS ID associated with the user.