About Ivanti Docs@Work

The Ivanti Docs@Work app gives device users an intuitive and secure way to access, store, view, edit, and annotate documents from content repositories, such as Microsoft SharePoint, and cloud services such as Box and Dropbox. It allows administrators to configure content repositories, which are then automatically available to device users. It also lets administrators establish data loss prevention controls to protect documents from unauthorized distribution.

Docs@Work for Android is available in three flavors, Android AppConnect and Android Enterprise, and Android AppStation.

Ivanti Docs@Work Android AppConnect

Docs@Work is available as an Android AppConnect app.

AppConnect feature containerizes apps to protect data on iOS and Android devices. Each AppConnect-wrapped app becomes a secure container whose data is encrypted, and protected from unauthorized access. Because each user has multiple business apps, each app container is also connected to other secure app containers. This connection allows the AppConnect apps to share data, such as documents. AppConnect apps are managed using policies configured in a unified endpoint management (UEM) platform. The UEM platform is either Ivanti EPMM or Ivanti Neurons for MDM.

As an AppConnect app, all Docs@Work data is secured. The app interacts with other apps according to the data loss prevention policies that you specify. You can also take advantage of AppConnect features such as app authorization and app configuration.

Docs@Work for Android AppConnect has the following secure features:

  • Secure apps passcode: A secure apps passcode, if you require one, gives device users access to all secure apps. This is the AppConnect passcode, which you define in the UEM platform. The AppConnect passcode provides an additional layer of security for secure apps, beyond the device passcode.
  • Data encryption: AppConnect encrypts all AppConnect-related data on the device, such as Email+ app data, app configurations, and policies. This means app data is secure even if a device is compromised. App data on the device is encrypted using AES-256 encryption. The encryption key is not stored on the device. It is programmatically derived, in part from the device user’s AppConnect passcode, if you require an Appconnect passcode.
  • Data loss prevention: You determine whether device users can take screen captures of protected data. You also determine whether AppConnect apps can access camera photos or gallery images, and whether they can stream media to media players. You can also specify copy/paste restrictions and a web browser policy.
  • Secure apps data deletion: If a device is retired, or a secure app is retired, the secure app’s data is deleted.

For information about AppConnect features and configuration beyond Docs@Work for Android, see AppConnect Guide for Core and Tunnel for Android Guide.

Ivanti Docs@Work for Android Enterprise

Docs@Work is available as an Android Enterprise app. Email+ for Android Enterprise has the following secure features:

Data loss prevention: You determine whether device users can take screen captures of protected data as well as specify if users can copy/paste protected data.

Data deletion: App data is removed from a device for any of the following:

The device is retired

The app is removed from the label or the app catalog (Ivanti EPMM)

Users are removed from app distribution (Ivanti Neurons for MDM)

The app is uninstalled from the device

Ivanti Docs@Work for Android AppStation

Docs@Work is available as an Android AppStation app for Ivanti Neurons for MDM only. AppStation is specifically designed as the UEM client for a MAM-only deployment with Ivanti Neurons for MDM. In a AppStation MAM-only deployment, only apps available through AppStation are managed. The following types of apps are supported:

AppConnect apps (wrapped with Secure Apps Manager for AppStation)

Non-AppConnect apps (in-house or from the Google Play Store)

Device users must have a valid user ID and password to access content sites.

Device users can:

Log in to content repositories and navigate through folders.

Download documents from content repositories.

View documents.

Edit and annotate local files.

Upload documents to content repositories.

Download, view, and email encrypted attachments.

Add content repositories to Docs@Work.

Ivanti, Inc license is required for Docs@Work. Docs@Work uses certain aspects of AppConnect, including passcode access and app tunneling. However, an AppConnect license is not required for Docs@Work. The Docs@Work app for Android is an AppConnect wrapped app.

Throughout this document, Ivanti Docs@Work for Android refers to Docs@Work for Android AppConnect, while Android Enterprise refers to Android for Work (as it was named previously).

Permissions acquired by Ivanti Docs@Work

Docs@Work for Android needs the following permissions:

Permission

Description

Docs@Work runtime permissions

Modify Or Delete The Contents Of Your USB Storage

To save and create enterprise documents.

Read The Contents Of Your USB Storage

To read enterprise documents.

Docs@Work other permission

Full network access Internet access for syncing data.

View Network Connections

To determine network connectivity.

View Wi-Fi Connections

To determine if user is on Wi-Fi or not.

Connect and disconnect from Wi-Fi

Used by test suite to modify Wi-Fi connectivity.

Receive Data from Internet

Required to sync files.