Privacy policies

Note The Following:  

  • Privacy policies are supported on Windows 10 devices.
  • Privacy policies are not supported on macOS devices.
  • Location and Apps privacy settings currently apply only to iOS and Android devices.

Privacy policies specify which files to synchronize with MobileIron Core and whether activity or content should be synchronized for each type of data. Privacy policies also specify which information the Mobile@Work app should include in its log.

To create a privacy policy, go to Policies & Configs > Policies. Click Add New > Privacy. Use the following guidelines to create or edit privacy policies:

The following table summarizes fields and descriptions in the Privacy Policy window.

Table 1. Privacy policy fields

Item

Description

Default Policy Setting

Name

Required. Enter a descriptive name for this policy. This is the text that will be displayed to identify this policy throughout the Admin Portal. This name must be unique within this policy type.

Tip: Though using the same name for different policy types is allowed (e.g., Executive), consider keeping the names unique to ensure clearer log entries.

Default Privacy Policy

Status

Select Active to turn on this policy. Select Inactive to turn off this policy.

Active

Priority

Specifies the priority of this custom policy relative to the other custom policies of the same type. This priority determines which policy is applied if more than one policy is associated with a specific device. Select Higher than or Lower than, then select an existing policy from the drop-down list. For example, to give Policy A a higher priority than Policy B, you would select “Higher than” and “Policy B”.

Because this priority applies only to custom policies, this field is not enabled when you create the first custom policy of a given type.

 

Description

Enter an explanation of the purpose of this policy.

Default Privacy Policy

Apps

All Apps: Instructs the device to return to the status of all the installed apps on devices with this policy.

App Catalog apps: Instructs the device to return the installed status of only the apps in Apps@Work on devices with this policy. App Control rules are not applied.

A pp Catalog Apps

SMS Log

For Android devices only:

Specify synchronization for SMS:

Sync Content - Clear Text: Select to archive mobile data in Core.

Sync Content - Encrypted: Select to archive the mobile data in encrypted format.

None: Select to collect no SMS data.

None

Call Log

For Android devices only:

Specify synchronization for Call:

Sync - Clear Text: Archive mobile data.

Sync - Encrypted: Archive the same data in encrypted format.

None: Do not collect Call statistics or store Call data.

None

iOS Location-Based Wakeups

For iOS devices only:

iOS 6 and earlier devices use Significant Location Change for background wakeups. These wakeups impact jailbreak detection and updates to certain policies.

The significant location change service provides a low-power way to get the current location of an iOS device and be notified when significant changes occur. This feature governs whether the OS can periodically bring Mobile@Work into memory.

The following options are available:

Enabled on iOS 6 and earlier: Recommended if you want to support devices running iOS 6 and earler.

Enabled: Select this only if you want to continue using SLC.

Disabled: Select this only if you want to discontinue use of SLC, regardless of the device version. Selecting this option greatly reduces the likelihood that jailbreaks will be detected on devices that do not support silent APNS or are running the MobileIron Mobile@Work 6.0 and earlier.

NOTE: On iOS 8, 8.1, and 8.1.1, disabling Location Services in the OS or in Mobile@Work may result in device users receiving a notification indicating that the current configuration requires enabling access to Location Services.

In MobileIron Core, a setting in the Default Privacy Policy allows toggling location based wakeups on or off. If this setting is enabled, and a user disables Location Services or disallows Location Services for Mobile@Work, they will receive the notification. This notification does not mean that the device is out of compliance, rather, it indicates that MobileIron Core has enabled location-based wake ups, which the device will be unable to perform.

Disabled

Location

Specify which location data, if any, is stored on MobileIron Core.

NOTE: The Sync Cell Tower option is only available to Android devices.

None: No location data is stored.

Sync Cell Tower: Cell tower data is stored.

Sync GPS if available: GPS data is stored.

None

Collect Roaming Status

When enabled, roaming information is collected from the device and roaming status displays in Device & Users > Devices on the Device Details panel.

When disabled, Mobile@Work for Android does not report any roaming status to Core. Available in Mobile@Work for Android version 7.0 or later.

Disabled

Enable Configuration Profiles

Clear this setting if you do not want MobileIron Core to send non-AppConnect-related configurations and certificates to MAM-only iOS devices, including the Apps@Work web clip and certificate.

For more information, see “Configurations and certificates for MAM-only devices” in the MobileIron Core Apps@Work Guide.

Enabled

App Filters

For iOS apps only

 

iOS Installed App Inventory

All Apps: Instructs devices to report to Core the apps installed to devices.

NOTE: Select All Apps: if you are converting unmanaged apps to managed apps. See MobileIron Core Apps@Work Guide.

Managed Apps Only (iOS 7 and later): Instructs devices to report to Core the managed apps installed to devices. For devices running iOS 7 through the most recently released version of iOS as supported by MobileIron.

Specified Apps Only (iOS 7 and later): Instructs devices to report to Core the status of installed apps and managed apps whose bundle identifiers you specify here. For devices running iOS 7 through the most recently released version of iOS as supported by MobileIron.

See the Apps@Work Guide for information about managed apps.

Managed Apps Only (iOS 7 and later)

Windows 10 Inventory

This feature is supported by Windows 10 devices only.

 

App Store Inventory

Displays all the App Store apps installed on the device. The options are Enable and Disable

Disable

Non Store Inventory

Displays all the Non Store apps installed on the device. The options are Enable and Disable

Disable

System Inventory

Displays all the System Inventory apps installed on the device. The options are Enable and Disable

Disable

Win 32 Inventory

Displays all the Win 32 Inventory apps installed on the device. The options are Enable and Disable

Disable

Android Warning Banner on the Device Reboot

Enable Warning Banner

For Android devices only:

Check this box to add custom text that will appear on devices with Samsung Knox API 2.2 when the user reboots the device. Users must acknowledge the text before they can continue using their device.

Unchecked