How to manage containerized corporate data in managed devices? 

Description:

The foremost priority of any organization is to keep the corporate data in the mobile devices secure. To keep the corporate data safe in devices, a logical container segregating the personal and the corporate space can be created. This helps in ensuring that the data cannot be accessed by untrusted apps, which generally leads to data breach.

Steps:

Follow the steps given below to achieve containerization of devices:

Android Devices

In case of Android devices which are provisioned as Profile Owner, a Work Profile is automatically created. This Work Profile logically containerizes the device without any manual steps.

This container ensures that the admin has complete control of the Work Profile which contains all the corporate data and apps. These apps in the Work Profile do not interfere or communicate with the apps in the personal space. Additionally, it also ensures that the corporate data cannot be transferred from the corporate space to the personal space or to other devices using USB,  thus ensuring complete data security. 

Containerization also ensures that the user will not be able to make any modifications to the corporate e-mail account that has been configured by the organization. This means that the user will not be able to add any personal account to the corporate e-mail app. For the personal accocunt, an additional app can be downloaded in the personal device space.

 

iOS Devices

In case of iOS devices, the containerization does not happen automatically. Certain restrictions need to be applied to the devices to ensure that the data remains completely secure on the devices. Here is a list of suggested restrictions that can be applied to the devices to create a virtual container-

  • Share data from managed apps to unmanaged apps
  • Share data from unmanaged apps to managed apps
  • AirDrop
  • Bluetooth
  • Screen capture
  • Allow USB connections and pairing with iTunes
  • Sync data and documents of managed apps to iCloud
  • Modify account settings

These are the major settings that need to be restricted to ensure containerization, you can also restrict the other settings by navigating to Device Management -> Profiles -> Restrictions, based on your organizations requirements.

Document Viewer 

Document Viewer is available in the ME MDM app present in the devices. It allows the user to view and save documents securely in the ME MDM app. The documents will also not be saved on any cloud service.

Managed Web Domain

Managed Web Domain can be configured to ensure that any document downloaded from specific website can be viewed or stored only in the ME MDM app in the devices.