The App Store provides a wide range of apps for iOS users to install on their devices. However, corporate networks may not approve their employees installing many of these apps on their devices.
With new iOS capabilities, we recommend using Allow App Store icon on Home screen restrictions profile for iOS 9 + Supervised devices to achieve this use case.
For those who do not use supervised devices, VMware Workspace ONE helps corporate to prevent their employees from downloading and installing social apps or games from the App Store which are not approved by the administrator. This is done by restricting the presence of the App Store on the employees' devices and is known as Dynamic App Store Restriction. The App Store is removed from the employees' devices to ensure no unwanted applications are installed on the devices that can pose a threat to the company's security and disturb the productive effort of the employees. The employees will be able to install only those apps that are made available in the App Catalog.
Note: This function is not 100% compatible with VPP application installation. If this option is enabled, you may experience delays or failures when pushing VPP apps
How to restrict the App Store?
The App Store is restricted by imposing a restriction profile on the user's device.
To restrict the App Store:
- Navigate to Groups & Settings > All Settings > Apps > Catalog > App Restrictions.
- Enable Restricted Mode for Public iOS Applications.
Upon enabling the restricted mode, a restriction profile is installed on the user's device that removes the App Store from the device. This prevents users from installing applications that are not approved by the admins. If the admin pushes an application through Workspace ONE UEM Console, or if user request install from App Catalog, the restriction profile will be removed. Once profile is removed Workspace ONE will queue an install command and the user is prompted to install the application. After the application is confirmed to install, app store restriction profile will be pushed back down to the device. This feature applies for both auto and on-demand public applications and not private or VPP applications. This setting is inherited by default by child OGs but can be overridden if desired.
Every application that is to be installed on the device has a workflow. Apps are installed one after the other based on these workflows. If there are 10 apps to be installed on a device, the second app's workflow will begin only after the completion of the first app's workflow.
The process flow for deploying each application when utilizing the Dynamic App Store Restriction is as follows: