Apple Managed Open In: Everything you need to know

Brendon Baxter

Apr 28, 2022

6 min read

Every company, regardless of its size, has a lot of documents to handle and it is not easy to handle them manually. From accessibility to security, companies have to take care of different aspects of content management. And what’s more, things get dicier when employees’ personal devices are brought into the mix.

A lot of tools are available today, that help in the management of content. Apple came up with Managed Open In to help organizations specify the accessibility of corporate data on the personal devices of employees.

What is Apple’s Managed Open In and what does it do?

Managed Open In is a feature introduced by Apple for iOS devices. This feature lets IT admins prevent employees from opening organizational data on unmanaged apps and non-organizational data on managed apps.

What is a managed app?

When Apple devices like iPhones, iPad, and Macs are used in an office or an organization, they are managed by a UEM like Hexnode using which apps can be deployed and managed on these devices. These apps deployed using a UEM are called managed apps.

Apart from deployment and uninstallation, UEMs can help organizations control every aspect of managed apps. From configuring privacy settings for the app to preventing the auto-backup of app data, managed apps can be controlled according to company policies.

The following example will give more clarity on what Managed Open In does. If an organization turns an app like a browser into a managed app, then the IT team can specify whether documents downloaded using this browser can be accessed through an unmanaged app, say a PDF reader or an image viewer. Managed Open In comes in handy for organizations that allow employees to use personal devices for work or work devices for personal use.

What are BYOD and COPE devices?

BYOD – Bring your own device

As the name suggests, BYOD refers to the use of personal devices for work. In organizations that promote BYOD, employees are allowed to use personal devices to connect to organizational networks and access confidential data.

With the world shifting to a remote or a hybrid work mode, it might not be practical for every company to send a device to each and every employee. Also, employees might find working on their own devices much easier than a new device.

BYOD or CYOD – How to COPE with the dilemma?

COPE devices – Corporate-owned personally enabled devices

COPE devices refer to those devices that are issued to employees by the company but can be used for personal use as well. This type of device is perfect for companies adopting a hybrid work model.

Since the devices are owned by the organization, the level of control is more in the case of COPE devices when compared to BYODs. So, even if employees can use the device for personal use, IT can enforce corporate security policies on such devices.

There are primarily 3 settings possible using Managed Open In:

1. Allow documents from unmanaged sources in managed destinations.

This restriction helps IT prevent the user from opening corporate data or managed data using unmanaged apps or personal sources.

2. Allow documents from managed sources in unmanaged destinations.

This restriction helps IT prevent the user from opening personal documents and data using managed apps and other managed sources.

3. Managed Pasteboard

Here the user is not allowed to copy content between the managed and unmanaged destinations. Also, the pasteboard is restricted, meaning text and other characters copied to the pasteboard can’t be accessed across the managed-unmanaged boundary. This feature is available only for devices running iOS 15 or iPadOS 15 and above.

What is containerization and why is it a priority for organizations now?

Even though remote work was a familiar idea even before the pandemic, it gained a lot of popularity after the pandemic. With more and more companies shifting toward a remote work model or a hybrid work model, BYOD and COPE devices also rose to popularity.

A huge problem with remote work is data management and data security. Since BYOD and COPE devices allow users to access personal and organizational data from the same device, it was harder for the IT team to manage data in these devices.

Featured Resource

Hexnode iOS Management Solution

Hexnode’s MDM solution for Apple enables you to manage iOS devices in your enterprise by unifying all management features. Download the datasheet to know about Hexnode’s features tailored to simplify iOS device management.

Download Datasheet

This is where the idea of containerization comes in. Just like you put different items in a kitchen in different containers, data should also be stored in different containers, that is, personal data in one container and organizational container in another. This idea of separating data into different containers is known as containerization.

What is containerization and why is it important for your business?

This is very useful in managing data in BYOD and COPE devices. As mentioned earlier, both BYOD and COPE devices can be used for personal as well as work purposes. If there is no distinction between the two types of work, then it would be hard for IT admins to manage corporate data.

If data is containerized in these devices, the company would have control over the work container whereas the employee will have control over the personal container.

Another important aspect of containerization is that IT teams must be able to restrict data transfer and communication between the two containers. If this is not restricted, a breach of data in the personal container can affect the work container also.

How does Managed Open In help organizations containerize critical data?

Managed Open In for iOS devices are beneficial in separating personal data and corporate data. As mentioned earlier, Managed Open In allows IT admins to restrict managed data from being open in unmanaged apps and vice versa.

By using the Managed Open In feature, organizations can make sure that corporate sensitive data is opened only in trusted and managed apps. This is extremely useful because then companies can ensure that corporate data will remain safe even if some unmanaged apps or perhaps the entire personal container of the device is compromised.


Brendon Baxter

Product Evangelist@Hexnode. Read. Write. Sleep. Repeat.

Share your thoughts