With organizations moving to an extensively mobile-only workforce, corporate apps now act as the nucleus to such organizations. It becomes the foremost task of the IT admins to ensure all the requisite corporate apps are present on the device and are running the latest version, by constantly updating them. MDM lets you take complete control of app management - installation, deletion, update and license management. You can manage both Store apps as well as Enterprise apps over-the-air(OTA), using MDM.
App Installation Workflow
The first step towards app management in MDM, is to build an App Repository. As the name suggests, App Repository contains both Store and enterprise app, to be distributed to the devices. Once done, the apps are ready for distribution. Once distributed, app installation is initiated through the Store, in case of Store app and in case of enterprise apps, the device contacts MDM to initiate installtion. Once the installation is initiated, the installation status is updated in near-real time on MDM. App updates is similar to app installation, while app deletion is even simpler. Know more app deletion from devices here and from groups here. Another easier alternative to removal of apps is moving apps to Trash. You can understand app installation in MDM using the flow diagram given below.
You can add Android apps in bulk to App Repository, as explained here and Apple apps in bulk, as explained here. You can also install Android apps silently without any user intervention as explained here. Silent installation of Apple apps can be done as explained here. In case you distribute Android apps to the App Catalog instead of silently installing them, the device user can uninstall the distributed apps, which is by default restricted in case of silent installation.
Installation-based App Management
Managing apps is more complex, since overwhelming number of apps are discovered in the enterprise everyday. You will have to manage all the apps, which is quite a challenging task. You can simplify app management by grouping apps based on installation type. You can choose the type of apps, which needs to be managed from here : Mobile Device Manager Console -> Inventory -> Apps -> Settings ->Type of Apps to be managed. You can choose to ignore the apps that are pre-installed in the device and the apps that are distributed through MDM. By ignoring these two types of apps, you will be able to focus on the apps that are installed by the users. Only the apps that you have chosen will be displayed on the views of the Mobile Device Manager console, expect for blocklisted views.
Even if you ignore to manage pre-installed apps, it will still be displayed, if any such app has been blocklisted. For example: You have blocklisted the app "twitter", this app has been discovered on few devices as pre-installed app, then this app will be listed on all blocklisted views.
Automating app updates
Managing apps not only involves distributing the apps to devices, it also includes ensuring the apps remain up to date with all the required updates installed. Mobile Device Manager Plus allows admin to automate app updates, thereby ensuring the devices are always running the latest app version.
Enabling automated app updates
- On the MDM server, navigate to Device Mgmt and click on Automate App Updates from the left pane.
- Click on the checkbox to enable automated app updates for all the Store apps.
To view the list of available app updates
- Under Device Mgmt, click on App Repository.
- All the apps that were added to the repository, will be listed in this view.
- When app updates are available, a banner will be displayed specifying the number of apps with updates available.
- Click on the number to view a list of all the apps with updates available.
NOTE: The app updates are synced from the respective store once every 24 hours or when the apps are synced manually from ABM, Managed Google Play or Windows Business Store. If you are unable to find the app update, manually sync the apps by clicking on Sync Apps and selecting the respective stores, from the App Repository.
Points to be noted:
- Only Store apps distributed by integrating Apple Business Manager, Manged Google Play or Windows Business Store are eligible for automated app updates. Admins must manually update enterprise apps and the Store apps added directly from the store.
- The updated version of the app will be silently installed on devices only if they meet the requirements mentioned for Apple and Android devices. Automated app updates in supported only when apps are purchased from Windows Business Store and distributed to Windows 10 devices.
- Even if automated app updates are enabled for apps installed on unsupervised devices, the user will be prompted to initiate the update on devices.
- The app updates are silently installed on apps already available on the devices. The app update process might fail due to some device or network related issues. Refer these document for troubleshooting steps for Apple, Android, and Windows devices.
- When apps provisioned in Single App Kiosk are updated, the Kiosk Mode will be temporarily disabled till the app update is completed. Upon successful update, Kiosk Mode will automatically resume on the devices.
In case you're silently updating an app that's currently being actively used on Apple devices, users will sometimes be allowed to skip the update. In such rare scenarios, you need to re-distribute the app updates. In case of silent Android app installation/update, it can take up to 24 hours for the app to be added to queue as stated here.
Distributing and updating apps for Unsupervised devices:
- Select the device that the app needs to be distributed to.
- Click Distribute to App Catalog and distribute the app.
- The user can install the app from the App Catalog.
- Select Auto app updates present on the App Repository.
- When the app has an update, the user gets a prompt to update it on the device.
- The user can then click on update to complete updating the application.
Updating apps on all groups and devices
Keeping the apps up to date can be a tedious task since the administrator needs to ensure that the available updates are compliant with the organization's policies and all the critical updates are completed on the devices.
MDM server contacts the store everyday to check if new updates for apps have been released. If a new update is available, it will be notified on the MDM server as well. In the case of enterprise apps, the apps have to be updated by the admin on the MDM server.
The admin can also prevent the users from manually updating the apps on devices by ensuring the following:
- The apps are purchased from the Apple Business Manager Portal.
- The apps should be distributed to the devices with the option 'without Apple ID' option enabled.
Follow the steps given below to distribute app updates to all devices which don't have the latest version of the app:
- Click the App name under the App Repository tab.
- Once an update is available for the app, an Update All button will appear below Yet to Update Apps.
- Click on the button to distribute the update to all the devices.
- Enable the checkbox Add to App Catalog if you want to user to install the update from the App Catalog.
- If you want to silently complete the app installation, enable Install Updates Immediately .
- Click on Update App to complete the app update.
Distributing updates to particular groups/devices
It is always recommended to test an app update on a test group in your organization before deploying it to your production environment. This helps reduce the changes of security issues in case the app update has any bugs. Follow the steps given below to distribute app updates to selected Groups/ Devices
- Under Device Mgmt, click on Groups & Devices.
- Click on the Groups or Devices tab.
- Select the required Group or Device name.
- It will list out all the apps which are available for the Group/Device.
- Select the app to be updated and click on Update App.
Moving apps to Trash
When you want to delete app(s) associated with devices/groups, you can simply move the apps to Trash. Moving apps to Trash, ensures the apps are automatically disassociated from the devices/groups, instead of doing it manually. These apps are automatically deleted after 90 days. The apps can also be deleted permanently or restored manually from Trash by the user. However, the restored apps don't get automatically distributed to the previously associated groups/devices and need to be distributed again.
Follow the steps given below to move apps to Trash:
- On the MDM server, navigate to Device Mgmt and select App Repository, from the left pane.
- You can view the list of apps added to the App Repository.
- Select the apps to be moved to Trash
- Click on the Move to Trash button and the apps are moved to Trash.
The apps can be viewed by clicking on . The profiles can be deleted or restored from there.
- Moving Kiosk-provisioned apps to Trash, results in the removal of the associated Kiosk profile from the devices. Assuming you move Zoho Mail to Trash, any Kiosk profile containing this app as a Kiosk-provisioned app, will have the Kiosk policy automatically disassociated from the devices.
- If you have moved bulk purchased apps to Trash, it is recommended to remove it from the account as well. This feature is not supported in Apple VPP but supported in Managed Google Play.
- Any apps moved to Trash, will not be automatically added back to the App Repository, on subsequent app syncing. App syncing is done only for those apps present in the App Repository.