Features specific to Android Enterprise apps

Ivanti EPMM supports the following features for Android Enterprise apps, on all Android Enterprise modes. You set these features when you add the app to the Ivanti EPMM App Catalog, or later edit it.

• Install this app for Android enterprise: Selecting this check box is required for all Android Enterprise apps. For In-house apps, further options for configuring Android Enterprise display.
• Silent Install for work managed devices: (Applicable only to in-house apps) When you select this feature, the Android Enterprise app is silently installed on devices with a work profile. This is selected by default.
• Auto Update for this App: (Applicable only to public and private apps) When you select this feature, the app is automatically updated on users’ devices whenever a new version of the app is available on Google Play.

  If you select auto update, but the app fails to update on a user’s device (for example, if the device has an incompatible Android version), then the app may attempt to update repeatedly. The workaround is to deselect Auto Update this App for that app.

  If you do not select auto update, the Android Enterprise will still be updated if the app is updated on the personal side of the device.

• Silent install for Mandatory Apps: (Applicable only to public and private apps) Select this check box to silently install the app upon device check-in. De-selected means the device user will need to manually install the app.

• Block Widget on Home Screen: If selected, the app cannot place widgets on the home screen on work profile devices. For example, calendar apps are not permitted to place calendar widgets on the home screen.
• Block Uninstall: Select this feature to prevent the device user from uninstalling the app.
• Quarantine app when device is quarantined: Selected by default, this enables configured compliance actions to hide the app if a policy violation results in a quarantined device. This is a required selection for Work Profile mode, Work Managed Device mode and Managed Device with Work Profile mode.

  A second step is required to enable this feature: configure a corresponding compliance action and security policy with that compliance action selected. Once the device is no longer quarantined, the app can be used again. If this option is deselected, the app is available for usage, even when the device is quarantined.

• Configure third-party app runtime permissionsSelect this check box to modify runtime permissions for other apps.
  • Applicable to public / private apps on Work Managed Device mode on Android 8.0 or newer versions.
  • Applicable to in-house apps and public / private apps on Managed Device with Work Profile (COPE) on Android devices versions 8-10.
  • Applicable to only public / private apps on all managed Work Profiles, including Work Profiles on Company Owned Devices Android versions 11.0 or newer versions.
• Hide and suspend third-party apps: Select this check box to allow this app to hide / unhide, suspend, and remove suspension for other apps.
  • Applicable to in-house and public / private apps for managed devices and Managed Devices with Work Profile (COPE) starting from Android 8.
  • Applicable to public / private apps on managed profiles.
  • Applicable to public / private apps on Work profiles Company Owned Devices starting from Android 11.
• Manage certificates: Select this check box to allow this app to have access to certificate APIs on the device.
  • Applicable to in-house and public / private apps for managed devices and Managed Devices with Work Profile (COPE) starting from Android 8.
  • Applicable to public / private apps on managed profiles.
  • Applicable to public / private apps on Work Profile on Company Owned Device modes starting from Android 11.

Note the following:

• Run-time permission settings are supported only on Android 6.0 or newer versions.

• If an app version has new permissions that you have not yet accepted on behalf of users, an icon appears in the New Permissions column on the App Catalog page. Until you accept new app permissions on behalf of users, new app installs for newly registered devices and app updates for currently registered devices will not proceed.

• To assign an app as a device owner silent in-house app, you must select both the Install this app for Android enterprise and Silent install for Mandatory Apps check boxes. (The Ivanti Mobile@Work client does not consider "Mandatory" and "Silent install" options as selections for the device owner silent in-house app.)

• App configuration for Android Enterprise apps allows you to provide configurable options to apps. Details are in App configuration for Android Enterprise apps.

Related topics 

• “Enabling run-time permissions for Android Enterprise apps” in Ivanti EPMM Device Management Guide for Android and Android Enterprise devices.
• App configuration for Android Enterprise apps