Apps that are considered security risks on mobile devices continue to be a problem across many sectors. State and federal governments have garnered the most headlines for their stance on unwanted apps, but malicious apps can pose a threat to many organizations with employees who use mobile devices for their work. Because this is a growing concern for businesses and organizations, IT teams are being called upon to address these potential vulnerabilities. Businesses that want to strengthen their security postures need an effective way to block or remove unwanted mobile apps from devices. Although this may seem a daunting task to some people, blocking risky apps while protecting and governing Apple iOS and Android devices is a simple task for Workspace ONE UEM administrators.
How to block unwanted apps on managed devices
If you are a Workspace ONE admin, you have two primary options for blocking unwanted apps.
If you are notyet using Workspace ONE MTD, Workspace ONE UEM can assist you in your efforts to approve or deny apps on your mobile devices with application groups, compliance policies, and device management.
Using Workspace ONE UEM to manage apps and devices
The following links to VMware documents and other related resources will help you ensure compliance with any mandates related to application restrictions.
Workspace ONE UEM allows you to manage application groups and compliance. This allows you to create collections of allowed, denied, or required applications for the various personas of users within your organization. Then, you can also create compliance policies to identify any drift from baselines and to take automated action. Documentation on this can be found here.
Next, blocking or restricting the app store for your device platform can prevent users from downloading unwanted apps.
For iOS devices
For iOS, you can block the Apple App Store with a restrictions profile. Documentation for doing this can be found here.
You can also use restricted mode to allow installing free, public apps from the Workspace ONE Intelligent Hub but not from the Apple App Store. Learn how here.
For Android devices
When managing Android devices, it is essential to understand the different device management modes. A work profile is primarily tailored to a bring-your-own-device (BYOD) use case and allows the organization to assign apps within a work profile on the device. Workspace ONE UEM, in this case, only has access to the work profile on the device, and it does not allow the organization to control access to the Google Play Store on the device’s personal profile.
Work managed devices, in contrast, are enrolled from an unprovisioned state (factory reset) recommended for corporate-owned devices. In this case, Workspace ONE UEM has complete control over the apps shown in the Google Play Store on the device.
More on device management modes
To learn more about device management modes, please click the respective “work profile” and “work managed devices” links embedded in the paragraphs above. For an overview, read this blog.
Along with controlling allowed apps through the management mode of the Android device, configuration profiles in Workspace ONE UEM can help you manage applications on your devices.
The application control profile allows you to control approved applications and prevent uninstalling important apps. To learn more about or to configure an application control profile, read this document.
Like iOS, an Android restrictions profile locks down the native functionality of Android devices. This includes removing access to the native app store for the platform. To create a restrictions profile that removes access to the Google Play Store, read this document.
Summary
Organizations may want to block specific applications on their end users’ devices for many reasons. Although the reasons may vary by industry, VMware Workspace ONE UEM has the tools to help you manage access to apps for your business.
Contact your VMware account team today to unlock the power of application management with Workspace ONE UEM.
