- Kaspersky Secure Mobility Management help
- What's new
- Working in Kaspersky Security Center Web Console
- About Kaspersky Secure Mobility Management
- Getting started
- Solution architecture
- Deployment scenarios
- Deploying a mobile device management solution in Kaspersky Security Center Web Console
- Deploying Kaspersky Security Center Linux and Kaspersky Security Center Web Console
- Deploying mobile management plug-ins
- Configuring Administration Server settings for connecting mobile devices
- Scenario: Configuring a connection gateway to connect mobile devices to Kaspersky Security Center Web Console
- Adding installation packages to Administration Server repository
- Adding a license key to the Administration Server repository
- Installing Network Agent Linux
- Configuring Kaspersky Security Center Linux Web Server settings
- Deploying an iOS device management system
- About iOS device operating modes
- About device management profiles
- Deploying Kaspersky Protection for iOS
- Deploying a management system using the iOS MDM protocol
- Deploying iOS MDM Server
- Configuring an iOS MDM Server installation package
- Installing iOS MDM Server using a remote installation task
- Local installation of iOS MDM Server on a device via an installation package
- Updating iOS MDM Server using a remote installation task or locally
- Deleting iOS MDM Server using a remote uninstallation task
- Viewing the list of installed iOS MDM Servers and configuring their settings
- Configuring an iOS MDM Server certificate
- Configuring a reserve iOS MDM Server certificate
- Receiving or renewing an APNs certificate
- Installing an APNs certificate on iOS MDM Server
- Configuring access to Apple Push Notification service
- iOS MDM Server events
- Obtaining iOS MDM Server diagnostic data
- Deploying iOS MDM Server
- Deploying an Android device management system
- About Android device operating modes
- Using Firebase Cloud Messaging
- Deploying Kaspersky Endpoint Security for Android
- Permissions for Kaspersky Endpoint Security for Android
- Starting and stopping Kaspersky Endpoint Security for Android
- Activating Kaspersky Endpoint Security for Android
- Updating Kaspersky Endpoint Security for Android
- Removing Kaspersky Endpoint Security for Android
- Managing mobile devices in Kaspersky Security Center Web Console
- Creating administration groups
- Configuring policies
- Creating a policy
- Modifying a policy
- Copying a policy
- Moving a policy to another administration group
- Viewing the list of policies
- Viewing the policy distribution results
- Managing revisions to policies
- Restricting permissions to configure policies
- Configuring role-based access control
- Configuring policy profiles
- Deleting a policy
- Connecting mobile devices to Kaspersky Security Center Web Console
- Configuring synchronization settings
- Managing certificates of mobile devices
- Configuration and management
- Control
- Protection
- Configuring anti-malware protection on Android devices
- Protecting Android devices on the internet
- Protection of data on a stolen or lost device
- Configuring the device unlock password strength
- Configuring a virtual private network (VPN)
- Configuring Firewall on Android devices (only Samsung)
- Protecting Kaspersky Endpoint Security for Android against removal
- Detecting hacked devices
- Configuring a global HTTP proxy on iOS MDM devices
- Adding security certificates to iOS MDM devices
- Adding a SCEP profile to iOS MDM devices
- Restricting SD card usage (only Samsung)
- Management of mobile devices
- Managing Android devices
- Managing iOS MDM devices
- Signing device management profiles with a certificate
- Adding a configuration profile
- Installing a configuration profile on a device
- Removing a configuration profile from a device
- Configuring managed apps
- Installing an app on a mobile device
- Updating an app installed on a device
- Removing an app from a device
- Configuring roaming on an iOS MDM mobile device
- Viewing information about an iOS MDM device
- Disconnecting an iOS MDM device from management
- Configuring kiosk mode for iOS MDM devices
- Management of mobile device settings
- Configuring connection to a Wi-Fi network
- Configuring email
- Configuring protection levels in Kaspersky Security Center
- Managing app configurations
- Managing app permissions
- Creating a report on installed mobile apps
- Installing root certificates on Android devices
- Configuring notifications for Kaspersky Endpoint Security for Android
- Selecting the download manager for Android devices
- Connecting iOS MDM devices to AirPlay
- Connecting iOS MDM devices to AirPrint
- Configuring the Access Point Name (APN)
- Corporate container
- Adding an LDAP account
- Adding a contacts account
- Adding a calendar account
- Configuring a calendar subscription
- Configuring SSO
- Managing Web Clips
- Setting a wallpaper
- Adding fonts
- Working with commands for mobile devices
- Managing the app by using third-party EMM systems (Android only)
- Participating in Kaspersky Security Network
- Samsung Knox
- Using the Kaspersky Endpoint Security for Android app
- App features
- Main window at a glance
- Status bar icon
- Device scan
- Running a scheduled scan
- Changing the Protection mode
- Anti-malware database updates
- Scheduled database update
- Things to do if your device gets lost or stolen
- Web Protection
- Get Certificate
- Synchronizing with Kaspersky Security Center
- Activating the Kaspersky Endpoint Security for Android app without Kaspersky Security Center
- Installing the app on corporate devices
- Installing root certificates on the device
- Installing and using mail and VPN certificates on the device
- Enabling accessibility on Android 13 or later
- Updating the app
- Removing the app
- Applications with a briefcase icon
- Knox app
- Using the Kaspersky Protection for iOS app
- Application licensing
- Comparison of solution features by management tool
- Contact Technical Support
- Sources of information about the application
- Glossary
- Activating the application
- Activation code
- Administration group
- Administration Server
- Administrator's workstation
- Anti-malware databases
- Apple Push Notification service (APNs) certificate
- Application management plug-in
- Basic control
- Basic protection
- Certificate Signing Request
- Compliance Control
- Corporate container
- Corporate device
- Device administrator
- Device management profile
- End User License Agreement
- Group task
- IMAP
- Installation package
- iOS MDM device
- iOS MDM profile
- iOS MDM Server
- Kaspersky categories
- Kaspersky Private Security Network (KPSN)
- Kaspersky Security Center Administrator
- Kaspersky Security Center Web Server
- Kaspersky Security Network (KSN)
- Kaspersky update servers
- Key file
- License
- License term
- Malware
- Manifest file
- Network Agent
- Personal device
- Phishing
- Policy
- POP3
- Proxy server
- Quarantine
- SSL
- Standalone installation package
- Subscription
- Supervised device
- Unlock code
- Virtual Administration Server
- Information about third-party code
- Trademark notices
Configuring managed apps
Before installing an app on an iOS MDM device, you must add that app to the Administration Server. An app is considered managed if it has been installed on a device through Kaspersky Mobile Devices Protection and Management. A managed app can be managed remotely by means of Kaspersky Mobile Devices Protection and Management.
To add a managed app to an iOS MDM Server:
- In the main window of Kaspersky Security Center Web Console, select Assets (Devices) → Mobile → Apps & files.
- Click iOS, and then click Add.
The Add app window opens.
- Specify the app name in the App name field. This name will be used to identify the app in policy settings.
- In the Installation method field, select one of the following methods to add the app:
- Installation package
- Link to manifest file
A manifest file is a PLIST file, which is required to install an app on an iOS device. These files are dictionaries containing app installation settings (for example, the location of the installation package). When you use a manifest file to add an app, you have to fill in these settings manually. When you add an app from the App Store or an IPA file, the manifest file is generated automatically.
To get a manifest file for an app, we recommend first adding the app to the iOS MDM Server using an IPA file. In this case, the iOS MDM Server automatically generates a manifest file, which you can download and modify later.
- App Store
- Do one of the following:
- If you selected Installation package, click Select, and upload an IPA file from your computer.
- If you selected Link to manifest file, specify a link to a manifest file that can be used to download the app.
- If you selected App Store, specify a link or ID of the app to be added from the App Store.
- If necessary, configure the following settings:
- Select the Remove when device management profile is deleted check box if you want the app to be removed from the user's mobile device along with the device management profile. This check box is selected by default.
- Select the Block backup of app data to iCloud check box if you want to block backup of the app data to iCloud.
- If you want to add a custom configuration for the app, in the App configuration section, click Select and select a configuration file in PLIST format on your computer.
To generate a configuration file, you can use a configuration generator (for example, https://appconfig.jamfresearch.com/generator) or refer to the official documentation on the app to be configured.
Example of a basic configuration for the Microsoft Outlook app
Microsoft Outlook app configuration
Configuration key
Description
Type
Value
Default value
com.microsoft.outlook.EmailProfile.EmailAccountNameUsername
String
The username that will be used to pull the username from Microsoft Active Directory. It might be different from the user's email address. For example,
User.com.microsoft.outlook.EmailProfile.EmailAddressEmail address
String
The email address that will be used to pull the user's email address from Microsoft Active Directory. For example,
user@companyname.com.com.microsoft.outlook.EmailProfile.EmailUPNUser Principal Name or username for the email profile that is used to authenticate the account
String
The name of the user in email address format. For example,
userupn@companyname.com.com.microsoft.outlook.EmailProfile.ServerAuthenticationAuthentication method
String
Username and Password– Prompts the device user for their password.Certificates– Certificate-based authentication.Username and Passwordcom.microsoft.outlook.EmailProfile.ServerHostNameActiveSync FQDN
String
The Exchange ActiveSync email server URL. You don't need to use HTTP:// or HTTPS:// in front of the URL. For example,
mail.companyname.com.com.microsoft.outlook.EmailProfile.AccountDomainEmail domain
String
The account domain of the user. For example,
companyname.com.microsoft.outlook.EmailProfile.AccountTypeAuthentication type
String
ModernAuth– Uses a token-based identity management method. Specify ModernAuth as the Account Type for Exchange Online.BasicAuth– Prompts the device user for their password. Specify BasicAuth as the Account Type for Exchange On-Premises.BasicAuthIntuneMAMRequireAccountsIs sign-in required
String
Specifies whether account sign-in is required. You can select one of the following values:
Enabled- The app requires the user to sign-in to the managed user account defined by theIntuneMAMUPNkey to receive Org data.Disabled- No account sign-in is requiredIntuneMAMUPNUPN Address
String
The User Principal Name of the account allowed to sign into the app. For example,
userupn@companyname.com.Example of a configuration file for the Microsoft Outlook app
<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"><plist version="1.0"><dict><key>com.microsoft.outlook.EmailProfile.AccountType</key><string>BasicAuth</string><key>com.microsoft.outlook.EmailProfile.EmailAccountName</key><string>My Work Email</string><key>com.microsoft.outlook.EmailProfile.ServerHostName</key><string>exchange.server.com</string><key>com.microsoft.outlook.EmailProfile.EmailAddress</key><string>%email%</string><key>com.microsoft.outlook.EmailProfile.EmailUPN</key><string>%full_name%</string><key>com.microsoft.outlook.EmailProfile.AccountDomain</key><string>my-domain</string><key>com.microsoft.outlook.EmailProfile.ServerAuthentication</key><string>Username and Password</string><key>IntuneMAMAllowedAccountsOnly</key><string>Enabled</string><key>IntuneMAMUPN</key><string>%full_name%</string></dict></plist>You can use macros in the corresponding fields of the configuration file to replace values. Available macros
Macros which can be used in configuration files
Macro
Description
%full_name%Full user name
%email%User's main email address
%email1%User's first backup email address
%email2%User's second backup email address
%mobile_phone%User's mobile phone number
%phone_number%User's main phone number
%phone_number1%User's first backup phone number
%phone_number2%User's second backup phone number
%short_name%User name
%domain_name%Name of user's domain
%job_title%User's job title
%department%Department name
%company%Company name
- Click Save to save the changes you have made.
The newly created app is displayed in the table of apps on the iOS tab.
If you select a large IPA file, the app may take some time to upload. Do not close the Apps & files section until the app is uploaded.
You can view and edit app properties by clicking the app in the list or remove the app using the Delete button.
|
See also: |