With organizations moving to an extensively mobile-only workforce, corporate apps now act as the nucleus to such organizations. It becomes the foremost task of the IT admins to ensure all the requisite corporate apps are present on the device and are running the latest version, by constantly updating them. MDM lets you take complete control of app management - installation, deletion, update and license management. You can manage both Store apps as well as Enterprise apps over-the-air(OTA), using MDM.
App Installation Workflow
The first step towards app management in MDM, is to build an App Repository. As the name suggests, App Repository contains both Store and enterprise app, to be distributed to the devices. Once done, the apps are ready for distribution. Once distributed, app installation is initiated through the Store, in case of Store app and in case of enterprise apps, the device contacts MDM to initiate installtion. Once the installation is initiated, the installation status is updated in near-real time on MDM. App updates is similar to app installation, while app deletion is even simpler. Know more app deletion from devices here and from groups here. Another easier alternative to removal of apps is moving apps to Trash. You can understand app installation in MDM using the flow diagram given below.
You can add Android apps in bulk to App Repository, as explained here and iOS apps in bulk, as explained here. You can also install Android apps silently without any user intervention as explained here. Silent installation of iOS apps can be done as explained here. In case you distribute Android apps to the App Catalog instead of silently installing them, the device user can uninstall the distributed apps, which is by default restricted in case of silent installation.
Installation-based App Management
Managing apps is more complex, since overwhelming number of apps are discovered in the enterprise everyday. You will have to manage all the apps, which is quite a challenging task. You can simplify app management by grouping apps based on installation type. You can choose the type of apps, which needs to be managed from here : Mobile Device Manager Console -> Inventory -> Apps -> Settings ->Type of Apps to be managed. You can choose to ignore the apps that are pre-installed in the device and the apps that are distributed through MDM. By ignoring these two types of apps, you will be able to focus on the apps that are installed by the users. Only the apps that you have chosen will be displayed on the views of the Mobile Device Manager console, expect for blocklisted views.
Even if you ignore to manage pre-installed apps, it will still be displayed, if any such app has been blocklisted. For example: You have blocklisted the app "twitter", this app has been discovered on few devices as pre-installed app, then this app will be listed on all blocklisted views.
Automating app updates
Managing apps not only involves distributing the apps to devices, it also includes ensuring the apps remain up to date with all the required updates installed. Mobile Device Manager Plus allows admin to automate app updates, thereby ensuring the devices are always running the latest app version.
Enabling automated app updates
- On the MDM server, navigate to Device Mgmt and click on Automate App Updates from the left pane.
- Click on the checkbox to enable automated app updates for all the Store apps.
To view the list of available app updates
- Under Device Mgmt, click on App Repository.
- All the apps that were added to the repository, will be listed in this view.
- When app updates are available, a banner will be displayed specifying the number of apps with updates available.
- Click on the number to view a list of all the apps with updates available.
NOTE: The app updates are synced from the respective store once every 24 hours or when the apps are synced manually from ABM, Managed Google Play or Windows Business Store. If you are unable to find the app update, manually sync the apps by clicking on Sync Apps and selecting the respective stores, from the App Repository.
Points to be noted:
- Only Store apps distributed by integrating Apple Business Manager, Manged Google Play or Windows Business Store are eligible for automated app updates. Admins must manually update enterprise apps and the Store apps added directly from the store.
- The updated version of the app will be silently installed on devices only if they meet the requirements mentioned for iOS and Android devices. Automated app updates in supported only when apps are purchased from Windows Business Store and distributed to Windows 10 devices.
- Even if automated app updates are enabled for apps installed on unsupervised devices, the user will be prompted to initiate the update on devices.
- The app updates are silently installed on apps already available on the devices. The app update process might fail due to some device or network related issues. Refer these document for troubleshooting steps for iOS, Android, and Windows devices.
- When apps provisioned in Single App Kiosk are updated, the Kiosk Mode will be temporarily disabled till the app update is completed. Upon successful update, Kiosk Mode will automatically resume on the devices.
In case you're silently updating an app that's currently being actively used on iOS devices, users will sometimes be allowed to skip the update. In such rare scenarios, you need to re-distribute the app updates. In case of silent Android app installation/update, it can take up to 24 hours for the app to be added to queue as stated here.
Distributing and updating apps for Unsupervised devices:
- Select the device that the app needs to be distributed to.
- Click Distribute to App Catalog and distribute the app.
- The user can install the app from the App Catalog.
- Select Auto app updates present on the App Repository.
- When the app has an update, the user gets a prompt to update it on the device.
- The user can then click on update to complete updating the application.
Keeping the apps up to date can be a tedious task since the administrator needs to ensure that the available updates are compliant with the organization's policies and all the critical updates are completed on the devices.
MDM server contacts the store everyday to check if new updates for apps have been released. If a new update is available, it will be notified on the MDM server as well. In the case of enterprise apps, the apps have to be updated by the admin on the MDM server.
The admin can also prevent the users from manually updating the apps on devices by ensuring the following:
- The apps are purchased from the Apple Business Manager Portal.
- The apps should be distributed to the devices with the option 'without Apple ID' option enabled.
Follow the steps given below to distribute app updates to all devices which don't have the latest version of the app:
- Click the App name under the App Repository tab.
- Once an update is available for the app, an Update All button will appear below Yet to Update Apps.
- Click on the button to distribute the update to all the devices.
- Enable the checkbox Add to App Catalog if you want to user to install the update from the App Catalog.
- If you want to silently complete the app installation, enable Install Updates Immediately .
- Click on Update App to complete the app update.
Distributing updates to particular groups/devices
It is always recommended to test an app update on a test group in your organization before deploying it to your production environment. This helps reduce the changes of security issues in case the app update has any bugs. Follow the steps given below to distribute app updates to selected Groups/ Devices
- Under Device Mgmt, click on Groups & Devices.
- Click on the Groups or Devices tab.
- Select the required Group or Device name.
- It will list out all the apps which are available for the Group/Device.
- Select the app to be updated and click on Update App.
Test and deploy enterprise apps
One of the most common issues with enterprise apps is the deployment of newer versions. In most cases, multiple issues crop up when an app is deployed in production environment and these issues get further amplified in case of critical enterprise apps. The ideal solution is to test it on a smaller subset of devices (which will act as the testbed) before deploying it in the production environment.
MDM helps you with this by letting you add the beta version of a stable app and deploy it to a testbed before deploying it in the production environment.
To test and deploy the update, follow the steps given below:
- Firstly, create a group containing a few test devices. This group is the testbed for deploying the beta version of the app.
- After you’ve created the group, go to App Repository and click on the app whose beta version is to be distributed.
- Now click on the option Upload New Version, present under App Version. Follow the on-screen instructions and provide the app source file of the beta version when prompted. This beta version needs to be higher than the stable version already available in the App Repository.
- Click on Update and then you can edit app-related parameters such as app icon, permissions etc, if need be. Once done, click on Save.
- After you’ve added the beta version, you can deploy it to the test group by clicking on the Distribute App button present under Distribution details & status.
- Select the test group and click on Distribute App. Once distributed, you can view the distribution status of the beta version. In case you want to view the distribution status of the stable version of the app, click on the dropdown present under App Version and select Stable.
- Once you’re done with the testing and plan on deploying it to the production environment, click on the app from the App Repository and click on the dropdown available under App Version. Now, select Beta from the dropdown.
- After selecting it, click on Mark as stable. Once you’ve done this the beta version gets marked as stable and this is ready for distribution. After marking as stable, the new app version gets distributed to the devices to which the previous version was distributed. You can update it either silently or add it to the App Catalog and have the users update the app.
Test and deploy FAQs
- What are the ideal recommendations for the testbed?
- How many testbed groups can I create?
You can create any number of testbed groups as you want.
- How do I know if an app has a beta version or not?
On the App Repository, apps which have a beta version added are indicated by a blue icon next to it.
- How do I distribute the beta version to devices/groups?
To avoid distribution of beta versions to devices in production environment prior to testing, MDM allows beta version distribution only from the app details view. Once you add the beta version, you are shown the app details view from where you can distribute the beta version by clicking on the button Distribute App. For subsequent distribution, you need to select Beta from the dropdown before you can distribute the beta version to devices.
- I’m able to see the app distribution status of the stable version I distributed some time back. How do I check the distribution status of the beta version?
You need to select the Beta from the dropdown present under App Version to view the distribution status of the beta version.
- What happens if the devices in testbed already have the stable version of the app installed?
The stable version gets replaced by the beta version similar to a normal app update.
- What happens if the devices in testbed do not have the stable version of the app installed?
The beta version gets installed on the device similar to a normal app installation.
- Can I have both the beta and stable versions of an enterprise app in a device?
No, MDM will not allow you to distribute the stable and beta version of the same app since they have the same bundle identifier. Hence it is recommended that you first test the beta version of the enterprise app on the testbed and then distribute it to all devices.
- I’ve already associated the beta version to a group of devices, can I now distribute the existing stable version to the same group?
No, if the devices already have the beta version on it, you cannot distribute the existing stable version to these devices.
- What happens if I need to add a new beta version instead of the one that I previously added to the App Repository?
You need to go the App Repository and click on the app. Now click on the Upload New Version link present under App Version and upload the new beta version. Once the upload is done, it automatically replaces the older beta with the newer beta version.
- I’m not able to find the Upload New Version link which I clicked to upload the previous beta?
On the app details page, click on the dropdown available under App Version and select Beta from the list. Once selected, you’ll have the option Upload New Version.
- I’ve replaced the existing beta version with a newer beta version, what happens to the devices/groups to which the old beta version was distributed?
The newer beta version is not automatically distributed to the devices which were distributed the previous beta version. To distribute the newer beta version, you need to follow the usual app update process. Once you mark the new beta version as stable, it’ll get automatically distributed.
- How many beta versions can I replace?
You can replace the existing beta version on the App Repository any number of times you want.
- The new beta version has additional permissions added. Can this be pre-configured?
When you add the beta version to the App Repository, all the parameters related to the beta version gets listed. You can change everything from the app logo to the app category to supported devices. Further, if new permissions have been added in the beta version, you can view the same when you add the beta version, Similarly, if support for app configurations is supported only from the beta version, a new section named Configurations is listed, where you can add the app configurations file.
- I forgot to modify certain parameters of the beta version and have uploaded the beta version. Is there any way to modify it post upload?
Navigate to the App Repository. There is an ellipsis icon available under Action for all the apps. Select the ellipsis present against the app whose beta version parameters are to be modified. From the list of options, select Modify and select Beta from the list shown. Now you can modify the parameters for the beta version.
- To distribute the beta version in the production environment, I need to mark the version as stable. But the option to do it is unavailable. How to mark it as stable?
For any option pertaining to beta version, you need to select Beta from the App Version dropdown. Once you do so, you’ll be shown the option Mark as stable.
- The app version I’m adding is already tested and I want to deploy it to the production environment immediately. What must I do?
Add the latest version of the enterprise app and follow the on-screen instructions. Once it’s been added click on Mark as stable option present below App Version. On doing so, the latest version of the app is automatically distributed to the devices that were distributed the previous version. You can choose to update the app silently or have it added to the App Catalog and let the users update manually.
- What happens if I upload a lower beta version to the App Repository when it already has a higher beta version?
You can add a beta version only if the version is higher the stable version already present on the App Repository. Similarly, when you try to add a lower version (or the same version) as beta, MDM will show an error and prevent it from being added.
Devices in the testbed must be those that aren’t ideally deployed in the production environment. Further, it is ideal the testbed contains devices catering to all devices types and OS versions in your enterprise. This ensures the beta version is tested in all possible device type/OS version combination.
Moving apps to Trash
When you want to delete app(s) associated with devices/groups, you can simply move the apps to Trash. Moving apps to Trash, ensures the apps are automatically disassociated from the devices/groups, instead of doing it manually. These apps are automatically deleted after 90 days. The apps can also be deleted permanently or restored manually from Trash by the user. However, the restored apps don't get automatically distributed to the previously associated groups/devices and need to be distributed again.
Follow the steps given below to move apps to Trash:
- On the MDM server, navigate to Device Mgmt and select App Repository, from the left pane.
- You can view the list of apps added to the App Repository.
- Select the apps to be moved to Trash
- Click on the Move to Trash button and the apps are moved to Trash.
The apps can be viewed by clicking on . The profiles can be deleted or restored from there.
- Moving Kiosk-provisioned apps to Trash, results in the removal of the associated Kiosk profile from the devices. Assuming you move Zoho Mail to Trash, any Kiosk profile containing this app as a Kiosk-provisioned app, will have the Kiosk policy automatically disassociated from the devices.
- If you have moved bulk purchased apps to Trash, it is recommended to remove it from the account as well. This feature is not supported in Apple VPP but supported in Managed Google Play.
- Any apps moved to Trash, will not be automatically added back to the App Repository, on subsequent app syncing. App syncing is done only for those apps present in the App Repository.