VMware Workspace ONE Community
Ercole77
Contributor
Contributor
‎07-22-2020 04:16 AM

Containers and Apps

Hi all

Our headquarted created a policy for mobile access to O365 applications: each app (Teams, Outlook, Excel...) must be used inside a container.

All devices will be iOS

Very good but in real world i have no idea how to realize this.

Currently all devices are enrolled with Intelligent Hub and this config will be maintained. I cannot use Container App due to his expiration date and also because i dont search something for BYOD.

How can i do, please any suggestion.


Thanks!

Reply
0 Kudos
6 Replies
chengtmskcc
Expert
Expert
‎07-22-2020 05:50 AM

Hi there,

AirWatch Container will be depracated in about a month. Check out the link below for further details.

https://kb.vmware.com/s/article/2960072?lang=en_UShttps://kb.vmware.com/s/article/2960072?lang=en_US

Best,

Tom

Reply
0 Kudos
Ercole77
Contributor
Contributor
‎07-23-2020 02:30 AM

Hello

thank you very much, yes i have read

I would need a solution that has not anything to do with BYOD, i simply need to create containers for already enrolled device.

I wonder if it is possible or not

Reply
0 Kudos
chengtmskcc
Expert
Expert
‎07-23-2020 06:15 AM

Sounds like you are looking to group the icons inside a folder automatically for the O365 apps. Correct?

If so, the 'Home Screen Layout' profile can help but it does require devices to be supervised.

For BYOD, this option is not available.

Reply
0 Kudos
AntonThirifays
Enthusiast
Enthusiast
‎07-24-2020 12:40 AM

Hello Ercole77

What day you mean by:

Our headquarted created a policy for mobile access to O365 applications: each app (Teams, Outlook, Excel...) must be used inside a container.

Used inside a container meaning to isolate those apps from the others ?

Regarding all Office Apps, everything related to DLP management and app security (PIN, Biometric, restriction...) has to be set in..... Intune / Azure AD.

You will have to purchase the application security module. You can then link AAD to WS1 in order to pilot the DLP / Security settings from WS1 or you can just log on AAD and do your setup from there.

No limitations will be settable from WS1.

Also, some other tricky things with this is that, if you want to be able to move documents from WS1 Apps to O365 apps, you will need to use the "Send" app from WS1.

The whole process is not very straight forward and will put your nerves to the test.

Last tip : Bear in mind that any change done on MS Protection module can take up to 8hours before replicating on your devices. When testing, you can't just quickly modify the config and then check at once. Be careful on that, you can waste days of testing and be puzzled with the outcomes.

Anton

Reply
0 Kudos
Ercole77
Contributor
Contributor
‎07-24-2020 12:22 PM

HI Anton

yes i mean exactly this.

As reference, im finding a similar solution that a competitor provides (section DLP)

http://mi.extendedhelp.mobileiron.com/39/all/en/desktop/AppConnect_Device_Configuration.htm

Reply
0 Kudos
AntonThirifays
Enthusiast
Enthusiast
‎07-27-2020 12:27 AM

Hi Ercole77

Ok understood. I don't know very well Mobile Iron but if they managed to deport the security settings from AAD to their MDM, nicely done.

I still think that, given this is the license consumed from AAD which applies the protection / restriction module to the apps, you'll probably still need the AAD protection module to purchase.

Good luck,

Anton

Reply
0 Kudos