Overview
This section covers the deployment of mobile applications and provides guidance on using Workplace's Mobile Security capabilities can help protect your organisation's people and data.
Mobile Security on Workplace
Workplace's iOS and Android applications include security capabilities that give your organisation the option apply additional security checks as well as placing limits on copying or removing information from the apps. These restrictions can provide additonal guardrails that help keep sensitive company content isolated, especially when Workplace is accessed from a personal rather than a corporate device.
Workplace apps feature native capabilities including requiring biometric reauthentication (applock), restricting copy/paste, restricting downloads, and blocking screenshots and screen recordings.
Deployment Approaches
There are two separate ways to control these Workplace app restrictions.
Many organisations make uses of a security platform that manages some or all of their mobile devices. These are known under various names including Enterprise Mobility Management (EMM), Mobile Device Management (MDM) or Unified Endpoint Management (UEM). If staff devices are enrolled in one of these platforms then Workplace's apps support being deployed and configured by these platforms. The native Workplace protections can then complement device configuration restrictions that can also be activated by your EMM solution. You can find a guide for setup available in the Workplace and EMM documentation.
For devices that are not enrolled in one of the above platforms Workplace offers an integrated capability to allow you to configure and apply these these restrictions directly via the Admin panel. These restrictions can be targeted to to apply to either everyone or to select audiences of people in your Workplace and will be configured and activated by an integrated capability within the Workplace apps themselves. This approach is sometimes referred to as Mobile Application Management (MAM) and has no licensing requirement or dependency on any third party security platform. You can find a guide for setup available in the Workplace MAM documentation
You may choose to implement one or both models depending on your mobile device fleet. For enrolled devices - either corporately owned or personal devices registered under a bring your own device (BYOD) approach - use App Configuration via EMM. Complement this by setting a general policy using MAM that will apply to unenrolled devices. If you are using both solutions and you you can use the isManagedConfiguration key to ensure that your EMM settings will take precendence over the MAM ones.
Mobile Security Solution | App Configuration Support | Device Configuration Support | Requires Third-Party Solution |
|---|---|---|---|
MAM | YES | NO | NO |
EMM | YES | YES | YES |
