Mobile apps and security are totally interdependent. Non-compliant apps or those apps that may violate an organization‘s policies based on the data it accesses or collects can pose a threat. When employees try to download unmanaged apps on Android devices, existing vulnerabilities within such apps can be exploited to collect business-critical data. Mobile device management becomes an essential tool to provide the workforce with necessary apps while keeping corporate data secure.
A valuable component of a mobile device management solution is distributing, installing, and maintaining applications as per company policies. This provides IT with the ability to discourage employees from installing unsupported apps. IT admins can use Scalefusion MDM to restrict apps and avoid Shadow IT, preventing the further installation of apps that aren’t essential or approved by the organization.
1. Block Unmanaged App Installation on Android Devices
Prerequisite: IT administrators can restrict unmanaged apps on EMM devices only
- Log in to the Scalefusion dashboard
- Select Device Profiles & Policies > Device Profiles
- Click Create New Profile in the upper right corner of the dashboard
Note – Creating a device profile will allow IT administrators to add and configure app settings, and then push these settings to all the devices in the organization |
4. Select the Android tab to create a device profile for Android OS
5. Select Kiosk/Agent profile mode and enter a suitable device profile name; click Submit
6. Under Select Apps choose the required apps for the device profile from the list; select Set Scalefusion as Agent
Note – If the required app isn’t available, navigate to Application Management > Play for Work Apps > Add from Playstore; search for the app and publish it |
7. Navigate to Restrictions > Device Management > App Management Setting
8. Disable Google Play for Work App Settings to ensure apps don’t install automatically to the device profile
9. Under Configure Application Visibility in Managed Google Play Store, select All Play for Work Apps
10. Click Create Profile in the upper right corner of the dashboard
2. Block Unmanaged App Installation on iOS Devices
- Log in to the Scalefusion dashboard
- Select Device Profiles & Policies > Device Profiles
- Click Create New Profile in the upper right corner of the dashboard
4. Select the iOS tab to create a device profile for Apple’s mobile operating system; enter a device profile name; click Submit
5. Under Select Apps, select Blocked App List, and use the toggle buttons to disable the usage of apps on supervised devices; click Next
Note: iOS devices are unsupervised by default. Devices need to be set up as supervised to unlock more control over corporate-owned devices. Unmanaged apps can be restricted on supervised devices. |
6. Under Select Browser Shortcuts, whitelist websites to run on iOS devices; click Next
Note: IT admins can organize applications icons on the home screen of devices. Select the Select Brand / App Order |
7. Under Restrictions, click App Settings
You can restrict access to different system (or pre-installed) apps on supervised devices, including:
App Settings | Description |
iMessage | Allow/Restrict use of Messages app |
App Installation | Allow/Restrict the installation of apps Enable App Store on devices |
Interactive Apps Installation | When disallowed, the App Store is disabled and its icon is removed from the Home screen. However, users may continue to use Host apps (iTunes, Configurator) to install or update their apps. |
App Removal | Allow/Restrict removal of applications |
iTunes | Allow/Restrict removal of system applications on iOS 11+ devices |
News | Allow/Restrict users to add the News widget |
Podcasts | Allow/Restrict use of Podcast app |
Music Service | When restricted, the app is disabled and reverts to classic mode |
iBooks | Allow/Restrict iBooks store app |
Airdrop | Allow/Restrict usage of AirDrop |
8. Click Create New Profile on the upper right corner of the dashboard
3. Block Unmanaged App Installation on Windows Devices
- Log in to the Scalefusion dashboard
- Select Device Profiles & Policies > Device Profiles
- Click Create New Profile in the upper right corner of the dashboard
- Select the Windows tab to create a device profile for Windows; Enter a device profile name; click Submit
5. Under Select Apps; select App Locker Policy to restrict apps
Note: Users can see all applications, but will be unable to use restricted apps |
6. Navigate to Configure Policy Mode under Step 1: Select Mode; choose the appropriate configuration to block selected apps
7. Step 2: Select Apps use the toggle switches against corresponding apps to restrict apps
Note: Click Add Win32 App to add more apps |
8. Click Create New Profile on the upper right corner of the dashboard
Wrapping Up
Managing apps using this approach will ensure that only those apps allowed via Scalefusion can be installed on Android, iOS, and Windows devices, restricting access to all unmanaged apps. Now, IT administrators can apply the profile to devices or groups. When users try to search for unmanaged apps, they won’t be visible. However, they will be able to download and install new managed apps enabled via Scalefusion.
Schedule a demo with our product expert today to learn how to restrict app installation on Android, iOS, and Windows devices. |