Chapter 7 Conguration and management 62
Managed apps
Distributing apps to your users can help them be more productive at work or in the classroom.
However, depending on your organization’s requirements, you may need to control how those
apps connect to internal resources, and how data security is handled when a user transitions out
of the organization–all while coexisting alongside the user’s personal apps and data. Managed
apps in iOS 7 or later and OS X Yosemite or later let your organization distribute free, paid, and
in-house enterprise apps wirelessly via MDM, providing the right balance between institutional
security and user personalization.
MDM servers can deploy apps from the App Store and apps developed in-house to Apple
devices over the air. Both paid and free App Store apps can be managed by an MDM server using
Volume Purchase Program (VPP) managed distribution. For more information about managed
distribution with MDM, see the Volume Purchase Program Overview.
Installing VPP apps can occur in the following ways:
•
Users with a personal Apple device are prompted by MDM to install the app from the
App Store using their Apple ID.
•
On organizationally-owned supervised iOS devices enrolled with MDM, app installation
occurs silently.
Managed apps can be removed remotely by the MDM server, or when the user removes their
own Apple device from MDM. Removing the app also removes the data associated with the
removed app. If the VPP app is still assigned to the user, or if the user redeemed an app code
using a personal Apple ID, the app can be downloaded again from the App Store but won’t be
managed. If an app is revoked, it will continue to function for a limited time. Eventually the app
is disabled and the user is informed that they need to purchase their own copy to continue
using it.
iOS 7 added a suite of restrictions and capabilities to managed apps, providing improved security
and a better user experience:
•
Managed Open In: Provides two useful functions for protecting your organization’s app data:
•
Allow documents from unmanaged sources in managed destinations. Enforcing this
restriction prevents a user’s personal sources and accounts from opening documents in the
organization’s managed destinations. For example, this restriction could prevent a user’s
copy of Keynote from opening a presentation PDF in an organization’s PDF viewing app.
This restriction could also prevent a user’s personal iCloud account from opening an
attachment in an organization’s copy of Pages.
•
Allow documents from managed sources in unmanaged destinations. Enforcing this restriction
prevents an organization’s managed sources and accounts from opening documents in a
user’s personal destinations. This restriction could prevent a condential email attachment
in the organization’s managed mail account from being opened in any of the user’s
personal apps.
•
App Conguration: App developers can identify app settings that can be set when installed as
a managed app. These conguration settings can be installed before or after the managed app
is installed.
•
App Feedback: App developers building apps can identify app settings that can be read from a
managed app using MDM. For example, a developer could specify a “DidFinishSetup” key that
an MDM server could query to determine if the app had been launched and set up.
100% resize factor
