Kaspersky Secure Mobility Management
5.0
English

Contents

Configuring managed apps

Expand all | Collapse all

Before installing an app on an iOS MDM device, you must add that app to the Administration Server. An app is considered managed if it has been installed on a device through Kaspersky Mobile Devices Protection and Management. A managed app can be managed remotely by means of Kaspersky Mobile Devices Protection and Management.

To add a managed app to an iOS MDM Server:

  1. In the main window of Kaspersky Security Center Web Console, select Assets (Devices)MobileApps.
  2. Click iOS apps, and then click Add.

    The Add app window opens.

  3. Specify the app name in the App name field. This name will be used to identify the app in policy settings.
  4. In the Installation method field, select one of the following methods to add the app:
    • Installation package
    • Link to manifest file

      A manifest file is a PLIST file, which is required to install an app on an iOS device. These files are dictionaries containing app installation settings (for example, the location of the installation package). When you use a manifest file to add an app, you have to fill in these settings manually. When you add an app from the App Store or an IPA file, the manifest file is generated automatically.

      To get a manifest file for an app, we recommend first adding the app to the iOS MDM Server using an IPA file. In this case, the iOS MDM Server automatically generates a manifest file, which you can download and modify later.

    • App Store
  5. Do one of the following:
    • If you selected Installation package, click Select, and upload an IPA file from your computer.
    • If you selected Link to manifest file, specify a link to a manifest file that can be used to download the app.
    • If you selected App Store, specify a link or ID of the app to be added from the App Store.
  6. If necessary, configure the following settings:
    • Select the Remove when device management profile is deleted check box if you want the app to be removed from the user's mobile device along with the device management profile. By default, this check box is selected.
    • Select the Block backup of app data to iCloud check box if you want to block backup of the app data to iCloud.
  7. If you want to add a custom configuration for the app, in the App configuration section, click Select and select a configuration file in PLIST format on your computer.

    To generate a configuration file, you can use a configuration generator (for example, https://appconfig.jamfresearch.com/generator) or refer to the official documentation on the app to be configured.

    Example of a basic configuration for the Microsoft Outlook app

    Microsoft Outlook app configuration

    Configuration key

    Description

    Type

    Value

    Default value

    com.microsoft.outlook.EmailProfile.EmailAccountName

    Username

    String

    The username that will be used to pull the username from Microsoft Active Directory. It might be different from the user's email address. For example, User.

     

    com.microsoft.outlook.EmailProfile.EmailAddress

    Email address

    String

    The email address that will be used to pull the user's email address from Microsoft Active Directory. For example, user@companyname.com.

     

    com.microsoft.outlook.EmailProfile.EmailUPN

    User Principal Name or username for the email profile that is used to authenticate the account

    String

    The name of the user in email address format. For example, userupn@companyname.com.

     

    com.microsoft.outlook.EmailProfile.ServerAuthentication

    Authentication method

    String

    Username and Password – Prompts the device user for their password.

    Certificates – Certificate-based authentication.

    Username and Password

    com.microsoft.outlook.EmailProfile.ServerHostName

    ActiveSync FQDN

    String

    The Exchange ActiveSync email server URL. You don't need to use HTTP:// or HTTPS:// in front of the URL. For example, mail.companyname.com.

     

    com.microsoft.outlook.EmailProfile.AccountDomain

    Email domain

    String

    The account domain of the user. For example, companyname.

     

    com.microsoft.outlook.EmailProfile.AccountType

    Authentication type

    String

    ModernAuth – Uses a token-based identity management method. Specify ModernAuth as the Account Type for Exchange Online.

    BasicAuth – Prompts the device user for their password. Specify BasicAuth as the Account Type for Exchange On-Premises.

    BasicAuth

    IntuneMAMRequireAccounts

    Is sign-in required

    String

    Specifies whether account sign-in is required. You can select one of the following values:

    Enabled - The app requires the user to sign-in to the managed user account defined by the IntuneMAMUPN key to receive Org data.

    Disabled - No account sign-in is required

     

    IntuneMAMUPN

    UPN Address

    String

    The User Principal Name of the account allowed to sign into the app. For example, userupn@companyname.com.

     

    Example of a configuration file for the Microsoft Outlook app

    <?xml version="1.0" encoding="UTF-8"?>

    <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

    <plist version="1.0">

    <dict>

    <key>com.microsoft.outlook.EmailProfile.AccountType</key>

    <string>BasicAuth</string>

    <key>com.microsoft.outlook.EmailProfile.EmailAccountName</key>

    <string>My Work Email</string>

    <key>com.microsoft.outlook.EmailProfile.ServerHostName</key>

    <string>exchange.server.com</string>

    <key>com.microsoft.outlook.EmailProfile.EmailAddress</key>

    <string>%email%</string>

    <key>com.microsoft.outlook.EmailProfile.EmailUPN</key>

    <string>%full_name%</string>

    <key>com.microsoft.outlook.EmailProfile.AccountDomain</key>

    <string>my-domain</string>

    <key>com.microsoft.outlook.EmailProfile.ServerAuthentication</key>

    <string>Username and Password</string>

    <key>IntuneMAMAllowedAccountsOnly</key>

    <string>Enabled</string>

    <key>IntuneMAMUPN</key>

    <string>%full_name%</string>

    </dict>

    </plist>

    You can use macros in the corresponding fields of the configuration file to replace values. Available macros

    Macros which can be used in configuration files

    Macro

    Description

    %full_name%

    Full user name

    %email%

    User's main email address

    %email1%

    User's first backup email address

    %email2%

    User's second backup email address

    %mobile_phone%

    User's mobile phone number

    %phone_number%

    User's main phone number

    %phone_number1%

    User's first backup phone number

    %phone_number2%

    User's second backup phone number

    %short_name%

    User name

    %domain_name%

    Name of user's domain

    %job_title%

    User's job title

    %department%

    Department name

    %company%

    Company name

  8. Click Save to save the changes you have made.

The newly created app is displayed in the table of apps on the iOS apps tab.

If you select a large IPA file, the app may take some time to upload. Do not close the Apps section until the app is uploaded.

You can view and edit app properties by clicking the app in the list or remove the app using the Delete button.

See also:

Creating a mobile application package for Android devices
Page top
[Topic 274885]