Upcoming Enhancements to Managing User Installed iOS Apps

Overview

Currently, Workspace ONE UEM admins have the option to set an iOS app to Make MDM Managed if User Installed. This option means that when an install command is sent for that app, it will convert the app to managed if a user has previously installed the app through the App Store or other means. The current behavior in the Workspace ONE UEM console is to require user action instead of occurring automatically if the App Delivery Method is on-demand. Alternatively, the UEM console will convert the app to managed automatically if the App Delivery Method is automatic, but the console will also attempt to install the app on devices that have not downloaded the app through the App Store which is not always desired.

This current process creates additional risk because users can download an app like Microsoft Word from the App Store, but since it will not automatically be managed, restrictions like DLP controls will not take effect.

To improve the administrator experience, a new enhancement is being added to which will automatically convert apps already installed by the users to managed, but not automatically installing them if they were not previously installed by the user.

In the next release of Workspace ONE UEM, this enhancement will be added without any administrator intervention. If a user has installed an app as unmanaged (e.g. through the App Store), the console will automatically convert the app to managed when the Make MDM Managed if User Installed setting is enabled regardless if the App Delivery Method is automatic or on demand. This is the case for public apps or apps imported from Apple Business Manager.

 

Customer Impact

While this change requires no new admin interaction to enable, admins should be aware that there are minor impacts to users of unsupervised devices. After upgrading to the new UEM version, iOS devices that have assigned apps with the App Delivery Method as on-demand and Make MDM Managed if User Installed as enabled, will automatically have their apps converted to managed.

For unsupervised devices, this change will trigger a prompt for each app that was user installed (i.e. unmanaged) which may not be desired. For supervised devices, this change will be silent to the user.

We recommended taking steps to alert users that these prompts may occur or update the app settings (i.e. disable the “Make MDM Managed if User Installed” setting) in the environment to avoid these prompts.

 

App Delivery Method

App Behavior

Pre-Update

Post-Update

Automatic

Auto install and convert to managed

Auto install and convert to managed

On-Demand

On demand install and convert to managed

On demand install and automatic convert to managed

 

Have more questions? Submit a request

0 Comments

Article is closed for comments.