The IBM MaaS360 Customer Success team recently hosted an Ask Me Anything about Single purpose device use cases. You can expect more Ask Me Anything's in the future, with our next one planned for May 15, 2024! Have an idea for a topic, comment below or send a suggestion to the IBM MaaS360 Customer Success team at csmaas@us.ibm.com
Topics in the March 20, 2024 Ask Me Anything included:
- Overview of single purpose device use cases
- Android COSU (Kiosk Mode)
- iOS App Lock/iOS app Compliance
- Windows Kiosk Mode
Link to Presentation and Replay
If you have any additional questions, post them as a reply to this blog or you can also reach out to your account representative or you can contact the IBM MaaS360 Customer Success team by emailing csmaas@us.ibm.com.
For reference here are the answers to your questions that you posed during the session and a link to the presentation and replay. Thanks to all who joined us, we had a great discussion!
Ask Me Anything Questions and Answers (the replay above also has demonstrations for each answer)
Q: What is the name of the Play store app that you can use to find the App ID for an Android App?
A: Search for App Extractor in the Play store and several will display. Choose the one that best meets your needs.
Q: An Android's Enterprise App APK is getting download from the App Catalog, but is not auto installing and device user is getting a message that says for your security, your phone isn't currently allowed to install unknown apps from the source. What could be the cause of this?
A: Make sure the install settings in the App catalog are set to install automatically. Also, go to the Android Security policy> Settings>App Security and make sure Allow installation of Non-Google Play Apps is set to Yes. This setting is retroactive.
Q: Is there a report to tell you how many devices are associated with a security policy?
A: There are two ways of doing this. Go to Security>Policies and hover over the informational i next to the policy name which shows you the number of devices that the policy is applied to, then you can click the hyperlink and the list of devices is displayed as an Advanced Search result. You then have the option of selecting Show criteria, and creating your own search. from this base search. You can also go to Devices>Inventory and go to Customize Columns in the lower right and add the MDM Policy column and either search on policy name there or export the list. Note that this is just the MDM policy. The Advanced Search as notes above gives you more flexibility.
Q: My VPP license for my iOS devices is expiring soon and I can't figure out how to update the license, it keeps telling me that it's invalid.
A: One of the common gotchas is if you've gone to the Apple Business Manager site and downloaded a fresh copy and you still had the old version of it in your downloads folder on your computer, it most likely downloaded it with a one in the parentheses at the end. So you would want to delete the old one or any copies of the VPP token you may have in your downloads folder, download a fresh one from your volume purchasing site on the Apple Business Manager and then try again and just make sure that there's not a one at the end of the token file name because the portal slash Apple, when we try to upload that doesn't always view it as the exact same file even if the contents are the same. If that continues to not work, then you can disable the old token as a whole and just upload the new token as new, that should work for you.
Q: How do you configure trust or credential certificates on the devices?
A: Your Security Policy will have a certificate section. For Apple, it's under Advanced Settings > Certificates. For Android Enterprise, it's under Certificates. Identity certificates are per user certificates and are delivered through the Cloud Extender and your CA, you can then configure them in the Security policy: https://www.ibm.com/docs/en/maas360?topic=modules-certificate-integration-module.
Q: Can you force locations settings on a device?
A: Android, within the policy settings under Restrictions> Location Sharing Settings. If you're running Android 11+, you can Enable Location on the device and Disallow Location Configuration.
A: Apple does not allow you to force location setting on, but you can create a compliance rule to monitor devices and take automated actions when location settings are disabled. https://community.ibm.com/community/user/security/blogs/todd-muller/2022/05/07/compliance-rules-in-maas360
Q: We want to know how to add BYOD devices. Does this require an additional license?
A: No additional licensing is required to do BYOD device management. Go to Settings>Basic Enrollment Settings> Self Enrollment, follow these instructions https://www.ibm.com/docs/en/maas360?topic=ueidim-setting-up-ios-devices-in-maas360-portal-user-enrollment