VMware Communities
admin
Immortal
Immortal

Silently App Push, Force Newest App Version, Renew APNs Cert, Detect and Schedule iOS Updates (iOS 9+) & Getting Ready for iOS 10

Users with iOS devices are required to enter their Apple ID passwords when installing applications.  How do you silently push public applications to iOS devices?

The following steps are required to silently push an application:

  • The application must be an internal, public or a VPP app that is managed by AirWatch.
  • The device needs to be supervised by Apple Configurator or via DEP.
  • User Based VPP - there must be a registered Apple ID on each device.
  • Device Based VPP -  business can use VPP and MDM to distribute and assign apps directly to a device and no Apple ID is required.
  • You cannot have restrictions on public application access. This includes the Restricted Mode for iOSapplications that hides the App Store.
  • If you have a restrictions profile, have Allow installing apps enabled, Force iTunes password entry disabled, and Allow All Apps in the ratings section.

For additional information, please refer to the following guides:

Can you require that public apps are updated as new versions are released?

AirWatch can only force app updates for public apps by fully reinstalling the latest version on each device's native app store. To force an app update in this way, perform the following steps:

  • Remove the assignment from the app in the AirWatch Console and save.  Then, re-add the proper assignment and save again.
  • The version of the app already installed on managed devices will be removed, and then the latest version will be prompted to reinstall.

If the App Catalog is available to users, they can update the app at any time by choosing to re-download from the App Catalog.

If the device's native app store is active on managed devices, each device will be prompted to update to the latest version of public apps as they are made available.  Automatic updates can be enabled on iOS devices by navigating to and enabling Settings > iTunes & App Store > Updates.

How can you renew the APNs for MDM certificate in the AIrWatch Console?

The APNs Certificate for MDM allows for iOS devices to communicate with the Air-Watch Console. iOS devices cannot be managed without a valid APNs Certificate.

After a life-cycle of one-year, the APNs for MDM will have to be renewed. The below resolution details this process. This process has two requirements:

  1. AirWatch recommends using the Google Chrome or Mozilla Firefox browsers. Internet Explorer can download the required files into the wrong format (JSON in this case).
  2. Once the 'Renew' button has been clicked in the APNs for MDM window, do not navigate away from the renewal window or close it. Each .plist file is unique when 'Renew' is clicked and this sometimes generates a mismatch error when uploading the .pem file from Apple's end.

Steps to renew the APNs certificate:

Open the Air-Watch Console and navigate to Config & Settings > All Settings > Devices & Users > Apple > APNs for MDM.

  1. Look at the value for 'Issued To'. After the portion labeled External, there will be a unique value. Take note of the first four characters.
  2. In a different browser tab, navigate to https://identity.apple.com, and log in with the same Apple ID credentials used to create the APNs Certificate.
  3. In the AirWatch Console, click 'Renew'. You will be navigated to a window with a .plist file to download. Download the file and return to the Apple Portal tab.
  4. Find the correct Certificate to renew. You can do this by clicking on the 'i' next to each Certificate and matching the portion following 'External' with the four characters noted in Step 2. Once found, click 'Renew'.
  5. You will be directed to a page where you will be able to upload the .plist file previously downloaded. Upload and click 'Next'.
  6. The Apple Portal will then provide a .pem file. Download this file and navigate to the Air-Watch tab.
  7. Within the Air-Watch tab, click 'Next' and upload .pem file where specified. Also enter the Apple ID used to renew the Certificate within the Apple Portal.
  8. Click 'Save'. You will be directed back to the main page of the APNs for MDM section.
  9. Confirm the Certificate has been renewed on the Air-Watch tab with no error and click 'Save' once more.
  10. For more information on APNs renewal, please refer to Generating and Renewing an APNs Certificate for AirWatch.

Configure detection of OS updates on devices using iOS 9+.

Administrators can query for available updates on iOS 9 devices and force updates on iOS 9+ DEP Supervised devices.

To query for OS updates (iOS 9 devices):

  • Navigate to Devices > List View > Select Device > More > Query > OS Update
  • On the Details View page, select the Summary tab and find the Device Info box to determine if an update is available for the selected device. Available OS Updates appears in the box if an update is available. If not, None indicates that there are no updates.

To schedule an OS Update (iOS 9 + DEP devices):

  • Navigate to Devices > List View > Select Device > More > Schedule OS Update. A message box appears.
  • Select OK to send the command to push the OS update on the device.
  • View the OS Update Status on the Details View page. Select Refresh as needed to update the OS Update Status and Download Percentage of the update. When the update is complete, None will appear in the Device Info box.

Getting Ready for iOS 10

Alert: Action required for customers using AirWatch applications, SDK or App Wrapping

If you are managing iOS devices through AirWatch and leverage AirWatch applications, SDK, or App Wrapping, it is critical that you make updates to prepare for iOS 10.  If you do not make updates you risk devices being incorrectly flagged as compromised and unintentionally wiped or unenrolled when they upgrade to iOS 10.  If a device updates to iOS 10 before updating all affected applications and is marked as compromised, then that device must update all affected applications and send a beacon back to the console in order to revert the status back to uncompromised.  A beacon can be manually sent to the console by opening any application that contains the AirWatch SDK.

If you are unable to make these updates in advance of iOS 10 we recommend that you temporarily disable Compromised Protection or any compliance policies related to Compromised Detection.  To learn more about disabling Compromise Protection click here

Details can be found in the articles below:

It is important to note that AirWatch Teacher Tools will not support iOS 10.  If you use Teacher Tools and have devices that will be upgrading to iOS 10, you should disable Compromise Protection or any compliance policies related to Compromise Detection.   

End user communication

We have prepared email templates that can be sent from your executives and help desk team to ensure that users keep their applications up-to-date.  These templates are available here.

AirWatch Console support for iOS 10

Features new to iOS 10 will be available as part of AirWatch 8.4.5. A database seed script will be made available on myAirWatch for on-premise customers running AirWatch 8.4.5 to activate the new iOS 10 functionality upon its release.  These features will automatically be activated for SaaS environments.Addtionally, a database seed script will be made available for earlier AirWatch Console versions to allow for basic MDM support of iOS 10 devices.

iOS 10 Beta

Apple has made a public beta of iOS 10 available for download.  As a reminder, AirWatch cannot guarantee support for beta versions of software.  End users who upgrade their devices to iOS 10 Beta may run into issues if they are enrolled in AirWatch and/or using AirWatch productivity apps.  For this reason, we recommend users who wish to participate in the beta program not upgrade their primary work device.    In the event that we identify a critical compatibility issue between one of our applications and iOS 10 Beta, we will post a Known Issue on myAirWatch.  If your team identifies a potential issue and you do not see a Known Issue posted, we encourage you to submit a Support Request through the myAirWatch Support portal.  Our Technical Support Engineers will not be able to engage with you to resolve the issue, but we will pass along the information to our product teams for further investigation and testing.

Known Issues related to iOS 10

We will continue to update this section as new compatibility issues are identified.

Updated iOS version support following the release of iOS 10

Following the release of iOS 10, AirWatch will guarantee support for the following iOS versions for new AirWatch product releases:

AirWatch ProductSupported iOS Version

AirWatch Productivity Apps

iOS 9+

AirWatch Agent/Container

iOS 8+

AirWatch MDM platform support

iOS 7+

Devices that do not meet these requirements and have not yet enrolled or installed the specific app will not be able to do so following these releases.  Devices that are currently enrolled and that currently have the specified apps installed will continue to function, but AirWatch cannot guarantee full support of all functionality for these devices in future versions.

Minimum supported version information is available in the Product Announcement for each release application version.

Reply
0 Kudos
0 Replies