Category filter
Getting Started with iOS App Management
Mobile App Management (MAM) provides administrators with granular control at the application level. It allows organizations to secure app data, enforce corporate policies, and limit data sharing between managed and unmanaged applications.
To get started with iOS app management in Hexnode UEM, follow this structured workflow to enroll, deploy, configure, and maintain applications across your fleet.
1. Technical Prerequisites
Before initiating app management, ensure the following foundational configurations are active:
- APNs Certificate: A valid Apple Push Notification service certificate is mandatory for all over-the-air commands.
- Device Enrollment: Devices must be enrolled in the Hexnode portal. For advanced controls like Silent Installation, devices must be in Supervised Mode.
- VPP Integration (Optional but Recommended): Link your Apple Business Manager (ABM) account with Hexnode to manage licenses for bulk app distribution.
2. Populating the App Inventory
Hexnode acts as a centralized repository for all corporate software. You can add four primary types of applications:
| App Type | Distribution Method | Key Benefit |
|---|---|---|
| Public Store Apps | App Store Search | Standard apps for broad use. |
| VPP Apps | Volume Purchase Program | Bulk licensing and silent installation without Apple IDs. |
| Enterprise Apps | .ipa File Upload | Custom, in-house built proprietary software. |
| Web Apps/Clips | URL Configuration | Shortcuts to critical web portals that behave like native apps. |
Organization Tools:
- App Groups: Bundle multiple related apps together for easier policy application.
- App Catalog: Create a customized store-front for users to browse and install approved apps on demand.
3. Deploying and Installing Apps
Hexnode offers multiple methods to get apps onto user devices, ranging from manual to fully automated processes.
Silent App Installation
This feature allows administrators to push apps to devices without user intervention. The app appears on the device without prompts or Apple ID requirements.
- Prerequisite: The iOS device must be Supervised.
- VPP Support: Volume Purchase Program (VPP) apps can be installed silently on supervised devices, bypassing the need for personal Apple IDs.
- Blocklist: Define a list of unauthorized apps (e.g., social media or games) to prevent them from opening or hiding their icons.
- Allowlist: Restrict the device to run only the specific apps listed by the administrator, effectively blocking all others.
- Standard Updates: Manually or automatically update Store and Enterprise apps to the latest versions.
- Kiosk Mode Updates: Hexnode allows you to update apps even while the device is locked in Kiosk Mode (Single App Mode) without disrupting the device state or requiring a reboot.
- On-Demand Removal: Administrators can manually remove apps via the portal.
- Policy Removal: Set apps to uninstall automatically if the associated policy is removed.
- Disenrollment: Configure apps to be removed automatically when the MDM profile is removed from the device, ensuring corporate data does not remain on personal or retired devices.
Enforce App Installation (Required Apps)
Ensure compliance by designating specific applications as “Required.”
-
Mandatory Install: This feature pushes essential apps to the device immediately. If a user deletes a required app, Hexnode will detect it and reinstall the app automatically.
4. Security and Access Control
Control which applications are permitted to run to maintain productivity and security.
Blocklisting and Allowlisting
App Configurations
Go beyond simple installation by pre-configuring app settings remotely.
-
XML Configurations: Administrators can push specific settings (such as server URLs or user account details) to managed apps using XML key-value pairs.
5. Maintenance and Updates
Keeping apps up to date is vital for security and feature access.
6. App Uninstallation and Lifecycle
Manage the removal of applications when they are no longer needed or when a device leaves the organization.
Troubleshooting iOS App Management
If you encounter issues while you get started with iOS app management, check these common troubleshooting scenarios:
Issue 1: Apps are not installing silently
Cause: The device is likely Unsupervised, or the app is a Store app being pushed without VPP.
Solution: ensure the device is in Supervised Mode. For Store apps, integrate Apple VPP (Volume Purchase Program) to assign licenses to the device rather than the user.
Issue 2: “App installation invalid” Error
Cause: Often caused by incompatibility between the app’s minimum OS requirement and the device’s current iOS version.
Solution: Check the app’s requirements in the App Store or the Info.plist of the Enterprise app and ensure the target device is running a compatible iOS version.
Frequently Asked Questions (FAQs)
Q1: How do I get started with iOS app management in Hexnode for BYOD devices?
A: To get started with iOS app management for BYOD (Bring Your Own Device), enroll the device using User Enrollment. This creates a separate encrypted volume for managed apps and data, ensuring personal data remains private while corporate apps are secured.
Q2: Can I downgrade an app to a previous version using Hexnode?
A: Generally, iOS does not support downgrading apps via MDM. You can only push updates (newer versions). To “downgrade,” you would typically need to uninstall the current version and install an older Enterprise version (if available), but the App Store always serves the latest version.
Q3: Can I configure app settings for any iOS app?
A: No. You can only push App Configurations to apps that have been designed by their developers to support the Managed App Configuration framework.
