IBM MaaS360

In a world where the majority of enterprise devices happen to run on Windows operating systems, IBM Security MaaS360 looks to provide extensive support for Windows application-related policies. A few examples of the capabilities contributing to this support are: advanced app compliance, the configuration of Windows Information Protection, privacy restrictions allowing admins to toggle app permissions, and the configuration of Universal Apps under the Kiosk Mode restrictions section.

Simultaneously, MaaS360 provides extensive support for distribution of enterprise and public applications like Store apps / Web apps/ UWP apps (.appx and .appxbundle)/ .msi apps/ .exe apps/ Scripts (.bat, .ps1, .py etc.) along with any type of file downloads.

It is important to have of information for such applications handy with you before you configure the above policies and app catalog. The goal of this blog is to help you fetch those necessary details for any application with a utility called Windows App Management Admin Utility and make it easy for you to distribute applications to your enterprise.

I hope the question and answer format of this blog keeps it simple. Let’s get started.

 
1. What is this Windows App Management Admin Utility and why is it there?

Firstly, let’s call it WAMAU for short, it is an application details extractor which is required to configure Windows applications -related MDM policies and to upload Windows applications to app catalog.

Secondly, WAMAU also has a capability to sign your enterprise applications using a code signing certificate (in .pfx format) issued to your organization. This operation ensures there is a trusted source for applications running on the managed devices.

2. What are pre-requisites to run this utility?

WAMAU can be run on any Windows machine running PowerShell 2.0+. If the application type is UWP, then a Windows 10 machine running PowerShell 2.0+ will be required.

3. Where can I find this utility?

Here are the steps to download WAMAU:

Navigate to [ Apps > Catalog ] page from IBM MaaS360 Administrator portal.

Click [ Add > Windows > Enterprise App for Windows ]

Click [ Windows Universal app package OR Windows Installers (.msi) ] section

Click on the link [ Windows App Management Admin Utility ] to download the Utility.

The downloaded file is in .zip format which needs to be extracted to a directory and then the executable program ‘Windows App Management Admin Utility.exe’ can be run to fetch application details and signing.

4. What details can I fetch using this utility?

Launch WAMAU. If Windows Store application required to be distributed via app catalog or required to be managed via MDM policy (Allowing/ Blocking the app via AppLocker policy etc.) - Provide the Windows Store app URL till app GUID for the target application and the click ‘Get App Properties’ button.

Example: https://www.microsoft.com/en-in/p/skype/9wzdncrfj364

The App ID and Publisher details can be used from the output while application upload / MDM policy configuration.

If .msi / UWP (.appx and .appxbundle) / .exe applications required to be distributed via app catalog or required to be managed via MDM policy (Allowing/ Blocking the app via AppLocker policy etc.)– provide the application file path and the click ‘Get App Properties’ button.

The Product Code, Upgrade Code, App Name and Version can be used from the output while application upload / MDM policy configuration.

5. How can I find out if an application is signed or not, if signed – how can I know the signing details?

Run WAMAU and provide the application path / Browse through and select the application file from the drive location and the click ‘ Get Signing Properties’ button.

 

It will give the file hash along with the complete chain of certificates if it is signed. If not, it will show: No digital signature found for the application message.

6. How can I sign the applications and which kind of applications can WAMAU sign?

The code signing certificate (with .pfx format) is required to sign the applications.

Run this Utility and provide the application path / Browse through and select the application file from the drive location and the click ‘Sign App’ button. Provide the certificate file path, password and click ‘Sign’ button.

Congrats! You made it to the end of the blog... but I want to leave you with a few final thoughts. Anyone who needs to configure the App catalog for Windows and Windows Application related MDM policies should absolutely be using WAMAU. I encourage you to go ahead and download it, try it out with the language of your choice (from 15 supported languages), and feel free to reach out to me or your IBM account representative with any questions.