Assume Management

Apple iOS enables AirWatch to assume management of user-installed applications without requiring the deletion of the previously installed application from the device. In this section, we are going to install a public app from App Store and assume the management for it. This will enable us to perform all the mobile application management policies on this user-installed app, including removal upon un-enrollment. We will validate this in the next article.

Consider the scenario where your employee has installed the app from App Store directly (very common in BYOD). In that case this app is unmanaged since it is not pushed down via AirWatch console. As a result, this app can not have MAM enhancements like per-app VPN (to connect to a backend resource), App Config (to auto-configure the app over-the-air), or Data Loss Prevention (removal of the app in case the device is stolen or compromised).

In this section, we will see how to convert such apps as managed apps so that they can leverage the above AirWatch Mobile Application Management (MAM) enhancements and much more.

1. Install an unmanaged app from App Store

Let's begin by downloading and installing an unmanaged app from the App Store on our device.  We will assume management of this app later.

1.1. Launch App Store

Tap on App Store to launch.

1.2. Search Salesforce

  1. Search Salesforce in the search box.
  2. Tap on GET to initiate the install.

1.3. Install Salesforce

Tap on Install

1.4. Open Salesforce

Once the download is completed, tap OPEN to launch the app.

1.5. Accept Salesforce EULA

Tap I Accept to accept Salesforce EULA.

1.6. Accept the notification prompt for Salesforce

Tap OK to accept the notification prompt for Salesforce.

1.7. Validate Connection options

Tap on the gear icon to validate the available connections. Notice that you are seeing just the default connections, Production and Sandbox.

2. Add the same application as a public app from AirWatch console

Now that we've downloaded an unmanaged app, we will publish the same app from the AirWatch Console as part of the process of assuming management.

2.1. Add Salesforce as a public app

  1. Click Add
  2. Click Public Application

2.2. Search for Salesforce

  1. Select Platform as Apple iOS
  2. Select Source as Search App Store
  3. Select Name as Salesforce
  4. Click Next

2.3. Select the Salesforce Result

Select Salesforce from the search results.

2.4. Save & Assign

Click Save & Assign

2.5. Add Assignment

Click on Add Assignment

2.6. Select Group and Delivery Method

  1. Select Assignment Group as All Devices
  2. Select App Delivery Method as Automatic: system push

TIP - Automatic App Delivery ensures that the app is installed on the device automatically, without relying on end users to download it from the catalog. Use this setting for the apps that you want to make mandatory for your end users.

2.7. Add App Config for Salesforce

2.8. Enable Flags

  1. Select Enabled for Remove on Unenroll
  2. Select Enabled for Make App MDM Managed if User Installed.

2.9. Add App Config

NOTE - Now, we will configure Salesforce app to have a connection to a custom domain using App Config. We will validate this new connection on the device at a later step.

  1. Scroll down until you see the Application Configuration section.
  2. Select Enabled for Application Configuration.
  3. Enter Configuration Key as "AppServiceHosts"
  4. Enter Configuration Value as "holmam-dev-ed.my.salesforce.com"
  5. Click Add

2.10. Save & Publish

Click Save & Publish

2.11. Publish the app

Click Publish

3. Salesforce as managed app

We will now see how the Salesforce app becomes managed by AirWatch on our device.

3.1. Close Salesforce app

Double press the Home button to launch app switcher. Swipe up the salesforce app to close Salesforce app.

3.2. Relaunch Salesforce app

Tap on the icon to relaunch Salesforce app.

3.3. Accept App Management Change prompt

Review the App Management Change prompt confirming the EMM is managing this app now. Tap Close to continue.

Review the Connection List

  1. Click on the Gear Icon to view the connections that are available.
  2. Validate that you are seeing the new connection holmam-dev-ed.my.salesforce.com which we add via App Config.

NOTE - Since we assumed the management of the Salesforce app, we could update the app over-the-air with Application Configuration. This app will also get removed automatically when we un-enroll the device preventing any data loss from an user-installed app.

Conclusion

This is how easy it is to manage a user installed device via AirWatch. This feature is very powerful in a BYOD scenario to enhance functionality and ensure proper security of the user installed apps.