Page tree
Skip to end of metadata
Go to start of metadata

Policies are business logic rules that you can apply to individual iOS and Android apps in your App Management organization. They provide added layers of security, management, and measurement capabilities to support corporate requirements and enhance your users' mobile experience. For example, the Jailbreak Protection policy protects enterprise data by blocking users from running apps on jailbroken devices and the App Usage policy tracks who uses an app and when. 

Policies are applied post-development, in the Admin Portal, without requiring any code changes or SDKs. When applying policies to an app, your choices are flexible; you can apply one or multiple policies at a time. App Management also offers a Policies API that allows you to manage and apply policies programmatically, without using the Admin Portal.

See Available Policies for a list of all policies. 

How Policies Work

When you first apply policies to an app, App Management modifies the app to apply a "policy layer" that defines the app's policies. Though we modify the app to apply the policy layer, there is no new version of the app (i.e. no new binary or incremented version number). Because the policy layer is applied around the app, it does not alter the functionality or performance of the app, nor does it compromise the user experience in any way. 

After the policy layer is applied to an app, you need to re-sign it; this is required for any new version of an app. Once the app is re-signed, it is then ready to deploy to your users—unless there are other functions you want to perform first, such as inspecting the application to screen for risky behavior and vulnerabilities.

Policy Status

On the Applications page in the Admin Portal, colored tags indicate the status of policies for the app.

Policy Evaluation App Management checks for most applied app policies whenever the user opens the app, brings it to the foreground, or returns to it from a locked screen. (With some policies, App Management does not count multiple launches within a minute. These exceptions are described in the policy descriptions under Available Policies.) During that evaluation, action is taken as necessary. For example, if an app uses the Self Updating App policy, App Management checks if there is a new version of the app available and prompts the user to install it if there is. 

User Experience

When evaluating policies, App Management blurs the app screen and displays a spinner. To the user, this looks like part of the process of starting the app, and it is typically quite fast—sometimes the user will not even notice the spinner. Depending on the types of policies you have applied, you may wish to evaluate policies less frequently to improve your users' experience with the app. For instructions, see Manage Policy Settings.

VPN Access

When evaluating some policies, App Management attempts to communicate with the server to fetch the latest settings. If you have an app with policies applied that connects to the network through a VPN, you should ensure that your VPN gateway can access the App Management server. To obtain the IP address(es) you need to whitelist for your gateway, contact Customer Support.

Dynamic vs Static

To adapt to changing business needs or to take advantage of new policies, you can modify the policies applied to an app—even after the app is already deployed to users. Most policy changes take effect immediately, but some require you to reapply policies to the app and deploy an update to your users. This depends on whether the policy you are adding or changing is a dynamic or static policy:

  • Dynamic policies are updated on the App Management server. Once you have applied policies to the app, you can add and modify those dynamic policies “on the fly”—without having to reapply, re-sign, or deploy an update. 
  • Static policies are embedded in the policy layer. If you add or change a static policy, you must reapply policies the app. Whenever policies are reapplied to an app, you need to re-sign it and then deploy the update. For instructions, see Reapply Policies to an App.

When you apply policies, you do not need to think about whether a policy is static or dynamic; the Admin Portal guides you through the process and prompts you to sign and deploy an update if needed.

Best Practice

As a best practice, recommends that you reapply policies to any apps that have not had policies reapplied in six months or longer. This will ensure that your apps take advantage of any recent enhancements, fixes, and optimizations to the policy layer.

Policies and Unregistered Users App Management supports a universal app distribution model that allows you to securely deploy and manage mobile apps through a variety of distribution methods. With some of these distribution methods, such as the App Catalog, App Management knows that the user is a registered, authenticated App Management user. With other methods, such as sending a Direct Install URL, mobile device users can download and install apps even if they are not registered and do not have the App Catalog installed.

If you want to apply policies to an app that you will distribute to unregistered users, you should enable the "No-Registration Policies" setting for your organization. For instructions, see Manage Policy Settings.

Back to Top

Application Policies Workflow

The following table describes the typical workflow for implementing policies within an App Management implementation.

StepFor instructions, see...

Define policies presets for your App Management organization. Policy presets represent your company's standard set of security and usage policies. You and other administrators can alter these settings, as necessary, when applying policies to a specific app.

Optionally, you can configure the frequency at which an application's policies will be evaluated. The default is Always, which evaluates policies whenever the user launches the app, brings it to the foreground, or returns to it from a locked screen.

Define Policy Presets

Manage Policy Settings


Apply policies to a specific app. You apply most policies from the Policies tab on the app's Details page.

Apply Policies to an App

Edit or Update an Application


Depending on which policies you applied, you may need to update the app in the Admin Portal to deploy the new version to your users. App Management provides a system message indicating whether an update is required.

When an update is required, you need to sign the updated app.

Sign an App (Admin Portal)

Sign an App (Signing Package)

Back to Top

Policies Page

Use the Policies page of the Admin Portal to perform the following tasks:

  • Modify the preset options that appear on the Policies tab for an app.
  • Configure policies to appear by default on the Policies tab for an app.

For instructions, see Define Policy Presets.

Back to Top