Kaspersky Secure Mobility Management
4.1
English

Contents

Configuring managed apps

Expand all | Collapse all

Before installing an app on an iOS MDM device, you must add that app to an iOS MDM Server. An app is considered managed if it has been installed on a device through Kaspersky Endpoint Security. A managed app can be managed remotely by means of Kaspersky Endpoint Security.

To add a managed app to an iOS MDM Server:

  1. In the console tree, open the Mobile Device Management folder.
  2. In the Mobile Device Management folder in the console tree, select the Mobile Device Servers subfolder.
  3. In the workspace of the Mobile Device Servers folder, select an iOS MDM Server.
  4. In the context menu of the iOS MDM Server, select Properties.

    This opens the properties window of the iOS MDM Server.

  5. In the properties window of the iOS MDM Server, select the Managed applications section.
  6. Click the Add button in the Managed applications section.

    The Add an application window opens.

  7. In the Add an application window, in the App name field, specify the name of the app to be added.
  8. In the Apple ID or link to manifest file field, specify the Apple ID of the application to be added, or specify a link to a manifest file that can be used to download the app.
  9. If you want a managed app to be removed from the user's mobile device along with the iOS MDM profile when removing the latter, select the Remove together with iOS MDM profile check box.
  10. If you want to block the app data backup through iTunes, select the Block data backup check box.
  11. If you want to configure settings of the managed app, click the App configuration button.

    The App configuration window opens.

  12. In the App configuration window, click the Browse button to select and upload a configuration file in PLIST format.

    To generate a configuration file, you may use a configuration generator (for example, https://appconfig.jamfresearch.com/generator) or refer to the official documentation on the app to be configured.

    An example of configured basic parameters for the Microsoft Outlook app.

    Microsoft Outlook app configuration

    Configuration key

    Description

    Type

    Value

    Default value

    com.microsoft.outlook.EmailProfile.EmailAccountName

    Username

    String

    The username that will be used to pull the username from Microsoft Active Directory. It might be different from the user's email address. For example, User.

     

    com.microsoft.outlook.EmailProfile.EmailAddress

    Email address

    String

    The email address that will be used to pull the user's email address from Microsoft Active Directory. For example, user@companyname.com.

     

    com.microsoft.outlook.EmailProfile.EmailUPN

    User Principal Name or username for the email profile that is used to authenticate the account

    String

    The name of the user in email address format. For example, userupn@companyname.com.

     

    com.microsoft.outlook.EmailProfile.ServerAuthentication

    Authentication method

    String

    Username and Password – Prompts the device user for their password.

    Certificates – Certificate-based authentication.

    Username and Password

    com.microsoft.outlook.EmailProfile.ServerHostName

    ActiveSync FQDN

    String

    The Exchange ActiveSync email server URL. You don't need to use HTTP:// or HTTPS:// in front of the URL. For example, mail.companyname.com.

     

    com.microsoft.outlook.EmailProfile.AccountDomain

    Email domain

    String

    The account domain of the user. For example, companyname.

     

    com.microsoft.outlook.EmailProfile.AccountType

    Authentication type

    String

    ModernAuth – Uses a token-based identity management method. Specify ModernAuth as the Account Type for Exchange Online.

    BasicAuth – Prompts the device user for their password. Specify BasicAuth as the Account Type for Exchange On-Premises.

    BasicAuth

    IntuneMAMRequireAccounts

    Is sign-in required

    String

    Specifies whether account sign-in is required. You can select one of the following values:

    Enabled - The app requires the user to sign-in to the managed user account defined by the IntuneMAMUPN key to receive Org data.

    Disabled - No account sign-in is required

     

    IntuneMAMUPN

    UPN Address

    String

    The User Principal Name of the account allowed to sign into the app. For example, userupn@companyname.com.

     

    An example of a configuration file for the Microsoft Outlook app.

    <?xml version="1.0" encoding="UTF-8"?>

    <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

    <plist version="1.0">

    <dict>

    <key>com.microsoft.outlook.EmailProfile.AccountType</key>

    <string>BasicAuth</string>

    <key>com.microsoft.outlook.EmailProfile.EmailAccountName</key>

    <string>My Work Email</string>

    <key>com.microsoft.outlook.EmailProfile.ServerHostName</key>

    <string>exchange.server.com</string>

    <key>com.microsoft.outlook.EmailProfile.EmailAddress</key>

    <string>%email%</string>

    <key>com.microsoft.outlook.EmailProfile.EmailUPN</key>

    <string>%full_name%</string>

    <key>com.microsoft.outlook.EmailProfile.AccountDomain</key>

    <string>my-domain</string>

    <key>com.microsoft.outlook.EmailProfile.ServerAuthentication</key>

    <string>Username and Password</string>

    <key>IntuneMAMAllowedAccountsOnly</key>

    <string>Enabled</string>

    <key>IntuneMAMUPN</key>

    <string>%full_name%</string>

    </dict>

    </plist>

  13. After the PLIST file is imported, the app configuration will be displayed in the App configuration window.

    You can change the configuration by editing the text of the PLIST file after its import.

  14. Click OK to apply the app configuration.
  15. Click OK once again to close the Add an application window.

The added app is displayed in the Managed applications section of the properties window of the iOS MDM Server.

It is also possible to change or delete the configuration of an already added app.

To change the configuration of a managed app:

  1. In the Managed applications section, select the managed app from the list, and then click the Modify button.

    The Changing mobile app settings window opens.

  2. In the Changing mobile app settings window, click the App configuration button.

    The App configuration window opens.

  3. Click the Browse button to select and upload a configuration file in PLIST format.
  4. If necessary, edit the text of the PLIST file after its import.
  5. Click OK to apply the app configuration.
  6. Click OK to close the Changing mobile app settings window.

Mobile device settings are configured after the next device synchronization with the Kaspersky Security Center.

To delete a managed app configuration:

  1. In the Managed applications section, select the managed app from the list, and then click the Modify button.

    The Changing mobile app settings window opens.

  2. In the Changing mobile app settings window, click the Delete configuration button.

The applied configuration of the managed app is deleted.

See also:

Scenario: Mobile Device Management deployment
Page top
[Topic 65163]