Product Documentation

Directivas de dispositivo

Feb 16, 2017

You can configure how XenMobile works with your devices by creating policies. Although many policies are common to all devices, each device has a set of policies specific to its operating system. As a result, you may find differences between platforms, and even between different manufacturers' devices running Android. For the policies per platform matrix, download the Device Policies by Platform Matrix PDF.

Before you create a new policy, be sure you complete these steps:

  • Create any delivery groups you plan to use.
  • Install any necessary CA certificates.

The basic steps to create a device policy are as follows:

  1. Name and describe the policy.
  2. Configure one or more platforms.
  3. Create deployment rules (optional).
  4. Assign the policy to delivery groups.
  5. Configure the deployment schedule (optional).

You can configure the following device policies in XenMobile. 

Device Policy Name

Device Policy Description

AirPlay Mirroring

You can add a device policy in XenMobile to add specific AirPlay devices (such as Apple TV or another Mac computer) to users' iOS devices. You also have the option of adding devices to a whitelist for supervised devices, which limits users to only the AirPlay devices on the whitelist.

AirPrint

An AirPrint device policy allows you to add AirPrint printers to the AirPrint printer list on users' iOS devices. This policy makes it easier to support environments where the printers and the devices are on different subnets.

Note:

  • This policy applies to iOS 7.0 and later.
  • Be sure to have the IP address and resource path for each printer.

Android for Work App Restrictions

This policy allows you to modify the restrictions associated with Android for Work apps, but before you can do so, you must meet the following prerequisites:

APN

You use this policy if your organization does not use a consumer APN to connect to the Internet from a mobile device. An APN policy determines the settings used to connect your devices to a specific phone carrier's General Packet Radio Service (GPRS). This setting is already defined in most newer phones.

App Access

An App Access device policy in XenMobile allows you to define a list of apps that are either required to be installed on the device, can be installed on the device, or must not be installed on the device. You can then create an automated action to react to the device compliance with that list of apps.

App Attributes

The App attributes device policy lets you specify attributes, such as a managed app bundle ID or per-app VPN identifier, for iOS devices. 

App Configuration

With this policy, you can remotely configure various settings and behaviors of apps that support managed configuration by deploying an XML configuration file (called a property list, or plist) to users' iOS devices or by deploying key/value pairs to users' Windows 10 phone or table/desktop devices.

App Inventory

An App Inventory policy lets you collect an inventory of the apps on managed devices, and then the inventory is compared to any app access policies deployed to those devices. In this way, you can detect apps that appear on an app blacklist (forbidden in an app access policy) or whitelist (required in an app access policy) and take action accordingly. 

App Lock

You can create a policy in XenMobile to define a list of apps that are allowed to run on a device, or a list of apps that are blocked from running on a device.

You can configure this policy for both iOS and Android devices, but the exact way the policy works differs for each platform. For example, you cannot block multiple apps on an iOS device

Note: Although the device policy works on most Android L and M devices, app lock does not function on Android N or later devices due to the deprecation of the required API by Google.

For iOS devices, you can select only one iOS app per policy. This means that users are only able to use their device to run a single app. Users cannot do any other activities on the device except for the options you specifically allow when the app lock policy is enforced.

App Network Usage

You can set network usage rules to specify how managed apps use networks, such as cellular data networks, on iOS devices. The rules only apply to managed apps. Managed apps are apps that you deploy to users' devices through XenMobile. They do not include apps that users have downloaded directly to their devices without being deployed through XenMobile or apps already installed on the devices when the devices were enrolled in XenMobile.

App Restrictions

With this policy, you can create blacklists for apps you want to prevent users from installing on Samsung KNOX devices, as well as whitelists for apps you want to allow users to install.

App Tunneling

You can configure the App Tunneling policy to increase service continuity and data transfer reliability for your mobile apps. App tunnels define proxy parameters between the client component of any mobile device app and the app server component. You can also use app tunnels to create remote support tunnels to a device for management support.

Note: Any app traffic sent through a tunnel that you define in this policy goes through XenMobile before being redirected to the server running the app.

App Uninstall

An App Uninstall policy lets you remove apps from users' devices for a number of reasons. It may be that you no longer want to support certain apps, your company may want to replace existing apps with similar apps from different vendors, and so on. The apps are removed when this policy is deployed to your users' devices. With the exception of Samsung KNOX devices, users receive a prompt to uninstall the app; Samsung KNOX device users do not receive a prompt to uninstall the app.

App Uninstall Restrictions

With this policy, you can specify the apps that users can or cannot uninstall.

Browser

You can create browser device polices to define whether users' devices can use the browser or to limit which browser functions users' devices can use. On Samsung devices, you can completely disable the browser, or you can enable or disable pop-ups, JavaScript, cookies, autofill, and whether to force fraud warnings.

Calendar (CalDav)

You can add a device policy in XenMobile to add a calendar (CalDAV) account to users' iOS or Mac OS X devices to enable them to synchronize scheduling data with any server that supports CalDAV.

Cellular

This policy allows you to configure cellular network settings.

Connection Manager

In XenMobile, you can specify the connection settings for apps that connect automatically to the Internet and to private networks. This policy is only available on Windows Pocket PCs.

Contacts (CardDAV)

You can add a device policy in XenMobile to add an iOS contacts (CardDAV) account to users' iOS or Mac OS X devices to enable them to synchronize contact data with any server that supports CardDAV.

Copy apps to Samsung Container

You can specify apps that are already installed on a device be copied to a SEAMS container or to a KNOX container on supported Samsung devices. Apps copied to the SEAMS container are available on users' home screens; apps copied to the KNOX container are only available when users sign in to the KNOX container.

Credentials

You can create credentials device policies in XenMobile to enable integrated authentication with your PKI configuration in XenMobile, such as a PKI entity, a keystore, a credential provider, or a server certificate. For more information about credentials, see Certificates in XenMobile.

Each device platform requires a different set of values, which are described in the Credentials policy article.  

Note: Before you can create this policy, you need the credential information you plan to use for each platform, plus any certificates and passwords.

Copy apps to Samsung Container

You can specify apps that are already installed on a device be copied to a SEAMS container or to a KNOX container on supported Samsung devices. For information about supported devices, see Samsung Samsung KNOX Supported Devices. Apps copied to the SEAMS container are available on users' home screens; apps copied to the KNOX container are only available when users sign in to the KNOX container.

Credentials

Often used in conjunction with a WiFi policy, this policy allows companies to deploy certificates for authentication to internal resources that require certificate authentication.

Custom XML

You can create custom XML policies in XenMobile when you want to customize the following features:

  • Provisioning, which includes configuring the device, and enabling or disabling features
  • Device configuration, which includes allowing users to change settings and device parameters
  • Software upgrades, which includes providing new software or bug fixes to be loaded onto the device, including apps and system software
  • Fault management, which includes receiving error and status reports from the device

You create your custom XML configuration by using the Open Mobile Alliance Device Management (OMA DM) API in Windows. Creating custom XML with the OMA DM API is beyond the scope of this topic. For more information about using the OMA DM API, see OMA Device Management on the Microsoft Developer Network site.

Delete Files and Folders

You can create a policy in XenMobile to delete specific files or folders from Windows Mobile/CE devices.

Delete Registry Keys and Values

You can create a policy in XenMobile to delete specific registry keys and values from Windows Mobile/CE devices.

Device Health Attestation

In XenMobile, you can create a policy that requires Windows 10 devices to report the state of their health by having those devices send specific data and runtime information to the Health Attestation Service (HAS) for analysis. The HAS creates and returns a Health Attestation Certificate that the device then sends to XenMobile. When XenMobile receives the Health Attestation Certificate, based on the contents of the Health Attestation Certificate, it can deploy automatic actions that you have set up previously.

The data verified by the HAS are:

  • AIK Present
  • Bit Locker Status
  • Boot Debugging Enabled
  • Boot Manager Rev List Version
  • Code Integrity Enabled
  • Code Integrity Rev List Version
  • DEP Policy
  • ELAM Driver Loaded
  • Issued At
  • Kernel Debugging Enabled
  • PCR
  • Reset Count
  • Restart Count
  • Safe Mode Enabled
  • SBCP Hash
  • Secure Boot Enabled
  • Test Signing Enabled
  • VSM Enabled
  • WinPE Enabled

For more information, refer to the Microsoft HealthAttestation CSP page.

Device Name

With a Device Name policy, you can set the names on iOS and Mac OS X devices so that you can easily identify the devices. You can use macros, text, or a combination of both to define the device's name. For more information about macros, see Macros in XenMobile.

Enterprise Hub

An Enterprise Hub device policy for Windows Phone lets you distribute apps through the Enterprise Hub Company store.

Before you can create the policy, you need the following:

  • An AET (.aetx) signing certificate from Symantec
  • The Citrix Company Hub app signed by using the Microsoft app signing tool (XapSignTool.exe)

Note: XenMobile supports only one Enterprise Hub policy for one mode of Windows Phone Secure Hub. For example, to upload Windows Phone Secure Hub for XenMobile Enterprise Edition, you should not create multiple Enterprise Hub policies with different versions of Work Home for XenMobile Enterprise Edition. You can only deploy the initial Enterprise Hub policy during device enrollment.

Exchange

With XenMobile you have two options to deliver email. You can either deliver ActiveSync email using the containerized Secure Mail app, or you can use this MDM Exchange policy to enable ActiveSync email for the native email client on the device.

Files

With this policy, you can add script files to XenMobile that perform certain functions for users, or you can add document files that you want Android device users to be able to access on their devices. When you add the file, you can also specify the directory in which you want the file to be stored on the device. For example, if you want Android users to receive a company document or .pdf file, you can deploy the file to the device and let users know where the file is located.

You can add the following file types with this policy:

  • Text-based files (.xml, .html, .py, and so on)
  • Other files, such as documents, pictures, spreadsheets, or presentations
  • For Windows Mobile and Windows CE only: Script files created with MortScript

Font

You can add this device policy in XenMobile to add additional fonts to users' iOS and Mac OS X devices. Fonts must be TrueType (.ttf) or OpenType (.oft) fonts. Font collections (.ttc or .otc) are not supported.

Note:  For iOS, this policy applies only to iOS 7.0 and later.

Import iOS and Mac OSx Profile

You can import device configuration XML files for iOS and OS X devices into XenMobile. The file contains device security policies and restrictions that you prepare with the Apple Configurator. For more information about using the Apple Configurator to create a configuration file, see the Apple Configurator Help page.

Kiosk

You create a Kiosk policy in XenMobile to let you to specify that only a specific app or apps can be used on Samsung SAFE devices. This policy is useful for corporate devices that are designed to run only a specific type or class of apps. This policy also lets you choose custom images for the device home screen and lock screen wallpapers for when the device is in Kiosk mode.

Note:

  • All apps that you specify for Kiosk mode must already be installed on the users' devices.
  • Some options apply only to the Samsung Mobile Device Management (MDM) API 4.0 and later.

Launcher Configuration

With this policy for Android devices, you can specify the apps allowed by Citrix Launcher, a custom logo image for the Citrix Launcher icon, a custom background image for Citrix Launcher, and password requirements to exit the launcher.

LDAP

You create an LDAP policy for iOS devices in XenMobile to provide information about an LDAP server to use, including any necessary account information. The policy also provides a set of LDAP search policies to use when querying the LDAP server.

You need the LDAP host name before configuring this policy.

Location

The location policy can be used to geo-locate devices on a map assuming the device has GPS enabled for Secure Hub. Once this policy is pushed down to the device, administrators can send a locate command from the XenMobile server and the device will respond back with its location coordinates. Geofencing and tracking policies are also supported.

Mail

You can add a mail device policy in XenMobile to configure an email account on users' iOS or Mac OX X devices.

Managed Domains

You can define managed domains via this policy that apply to email and the Safari browser. Managed domains help you protect corporate data by controlling which apps can open documents downloaded from domains using Safari. You specify URLs or subdomains to control how users can open documents, attachments, and downloads from the browser. This policy is supported only on iOS 8 and later supervised devices. For the steps on setting an iOS device to supervised mode, see To place an iOS device in Supervised mode by using the Apple Configurator.

When a user sends email to a recipient whose domain is not on the managed email domains list, the message is flagged on the user's device to warn them that they are sending a message to someone outside your corporate domain.

When a user attempts to open an item (document, attachment, or download) using Safari from a web domain that is on the managed web domains list, the appropriate corporate app opens the item. If the item is not from a web domain on the managed web domains list, the user cannot open the item with a corporate app; they must use a personal, unmanaged app.

MDM Options

You can create a device policy in XenMobile to manage Find My Phone/iPad Activation Lock on supervised iOS 7.0 and later phone devices. For the steps on setting an iOS device to supervised mode, see To place an iOS device in Supervised mode by using the Apple Configurator or iOS Bulk Enrollment.  

Activation Lock is a feature of Find My iPhone/iPad that is designed to prevent reactivation of lost or stolen devices by requiring the user's Apple ID and password before anyone can turn off Find My iPhone, erase the device, or reactivate and use the device. In XenMobile, you can bypass the Apple ID and password requirement by enabling Activation Lock in the MDM Options device policy. When a user returns a device with Find My iPhone enabled, you can manage the device from the XenMobile console without their Apple credentials.

Organization Info

You can add a device policy in XenMobile to specify your organization's information for alert messages that are pushed from XenMobile to iOS devices. The policy is available for iOS 7 and later devices.

Passcode

A passcode policy allows you to enforce a PIN code or password on a managed device. This passcode policy allows you to set the complexity and timeouts for the passcode on the device.

Personal Hotspot

With this policy, you can allow users to connect to the Internet when they are not in range of a WiFi network by using the cellular data connection through their iOS devices' personal hotspot functionality. Available on iOS 7.0 and later.

Profile Removal

You can create an app profile removal device policy in XenMobile. The policy, when deployed, removes the app profile from users' iOS or Mac OS X devices.

Provisioning Profile

When you develop and code sign an iOS enterprise app, you usually include an enterprise distribution provisioning profile, which Apple requires for the app to run on an iOS device. If a provisioning profile is missing--or has expired--the app crashes when a user taps to open it.

The primary problem with provisioning profiles is that they expire one year after they are generated on the Apple Developer Portal and you must keep track of the expiration dates for all your provisioning profiles on all iOS devices enrolled by your users. Tracking the expiration dates not only involves keeping track of the actual expiration dates, but also which users are using which version of the app. Two solutions are to email provisioning profiles to users or to put them on a web portal for download and installation. These solutions work, but they are prone to error because they require users to react to instructions in an email or to go to the web portal and download the correct profile and then install it.

To make this process transparent to users, in XenMobile you can install and remove provisioning profiles with device policies. Missing or expired profiles are removed as necessary and the up-to-date profiles are installed on users' devices, so that tapping an app simply opens it for use.

Provisioning Profile Removal

You can remove iOS provisioning profiles with device policies. For more information on provisioning profiles, see adding a provisioning profile.

Proxy

You can add a device policy in XenMobile to specify global HTTP proxy settings for devices running Windows Mobile/CE and iOS 6.0 or later. You can deploy only one global HTTP proxy policy per device.

Note: Before deploying this policy, be sure to set all iOS devices for which you want to set a global HTTP proxy into Supervised mode. For details, see To place an iOS device in Supervised mode by using the Apple Configurator.

Registry

The Windows Mobile/CE registry stores data about apps, drivers, user preferences, and configuration settings. In XenMobile, you can define the registry keys and values that let you administer Windows Mobile/CE devices.

Remote Support

You create a remote support policy in XenMobile to give you remote access to users' Samsung KNOX devices. You can configure two types of support:

  • Basic, which lets you view diagnostic information about the device, such as system information, processes that are running, task manager (memory and CPU usage), installed software folder contents, and so on.
  • Premium, which lets you remotely control the device screen, including control over colors (in either the main window, or in a separate, floating window), the ability to establish a Voice-over-IP session (VoIP) between the help desk and the user, to configure settings, and to establish a chat session between the help desk and the user.

Restrictions

The restriction policy gives an administrator lots of options to lock down and control features and functionality on the managed device. There are literally hundreds of restriction options for support devices from disabling the camera or microphone on a device to enforcing roaming rules and access to third-party services like app stores

You can add a device policy in XenMobile to restrict certain features or functionality on users' devices, phones, tablets, and so on. Each platform requires a different set of values, which are described in this article.

This device policy allows or restricts users from using certain features on their devices, such as the camera. You can also set security restrictions, as well as restrictions on media content and restrictions on the types of apps users can and cannot install. Most of the restriction settings default to ON, or allows. The main exceptions are the iOS Security - Force feature and all Windows Tablet features, which default to OFF, or restricts.

Tip: Any option for which you select ON means that the user can perform the operation or use the feature. For example:

  • Camera. If ON, the user can use the camera on their device. If OFF, the user cannot use the camera on their device.
  • Screen shots. If ON, the user can take screen shots on their device. If OFF, the user cannot take screen shots on their device.

Roaming

You can add a device policy in XenMobile to configure whether to allow voice and data roaming on users' iOS and Windows Mobile/CE devices. When voice roaming is disabled, data roaming is automatically disabled. For iOS, this policy is available only on iOS 5.0 and later devices.

Samsung SAFE Firewall

This policy lets you configure the firewall settings for Samsung devices. You enter IP addresses, ports, and host names that you want to allow devices to access or that you want to block devices from accessing. You can also configure proxy and proxy reroute settings.

Samsung MDM License Key

XenMobile supports and extends both Samsung for Enterprise (SAFE) and Samsung KNOX policies. SAFE is a family of solutions that provides security and feature enhancements for business use through integration with mobile device management solutions. Samsung KNOX is a solution within the SAFE program that provides a more secure Android platform for enterprise use.

You must enable the SAFE APIs by deploying the built-in Samsung Enterprise License Management (ELM) key to a device before you can deploy SAFE policies and restrictions. To enable the Samsung KNOX API, you also need to purchase a Samsung KNOX license using the Samsung KNOX License Management System (KLMS) in addition to deploying the Samsung ELM key. The Samsung KLMS provisions valid licenses to mobile device management solutions to enable them to activate Samsung KNOX APIS on mobile devices. These licenses must be obtained from Samsung and are not provided by Citrix.

You must deploy Secure Hub along with the Samsung ELM key to enable the SAFE and Samsung KNOX APIs. You can verify that the SAFE APIs are enabled by checking the device properties. When the Samsung ELM key is deployed, the Samsung MDM API available setting is set to True.

Scheduling This policy is required for Android and Windows Mobile devices to connect back into the XenMobile Server for MDM management, app push, and policy deployment. If you don't send this policy down and have not enabled Google FCM, a device will not connect back into the server. Therefore, it is important to push this policy down in the base package for enrolling devices.

SCEP

This policy allows you to configure iOS and Mac OS X devices to retrieve a certificate using Simple Certificate Enrollment Protocol (SCEP) from an external SCEP server. If you want to deliver a certificate to the device using SCEP from a PKI that is connected to XenMobile, you should create a PKI entity and a PKI provider in distributed mode. For details, see PKI Entities.

Sideloading Key

Sideloading in XenMobile lets you deploy apps that have not been purchased from the Windows Store to Windows 8.1 devices. Most frequently you sideload apps that you develop for corporate use that you do not want to be made public in the Windows Store. To sideload apps, you configure the sideloading key and key activations and then deploy the apps to users' devices.

You need the following information before you can create this policy:

  • The sideloading product key, which you obtain by signing in to the Microsoft Volume Licensing Service Center
  • The key activation, which you create through the command line after obtaining the sideloading product key.

Signing Certificate

 

You can add a device policy in XenMobile to configure signing certificates that are used to sign APPX files. You need the signing certificates if you want to distribute APPX files to users to allow them to install apps on their Windows tablets.

Single Sign On (SSO) Account

You create single sign-on (SSO) accounts in XenMobile to let users sign on one-time only to access XenMobile and your internal company resources from various apps. Users do not need to store any credentials on the device. The SSO account enterprise user credentials are used across apps, including apps from the App Store. This policy is designed to work with a Kerberos authentication backend.

Note: This policy applies only to iOS 7.0 and later.

Storage Encryption

You create storage encryption device policies in XenMobile to encrypt internal and external storage, and, depending on the device, to prevent users from using a storage card on their devices.

You can create policies for Samsung SAFE, Windows Phone, and Android Sony devices. Each platform requires a different set of values, which are described in the Storage Encryption policy article in this section.

Store You can create a policy in XenMobile to specify whether iOS, Android, or Windows Tablet devices display a XenMobile Store webclip on the devices' home screen.

Subscribed Calendars

You can add a device policy in XenMobile to add a subscribed calendar to the calendars list on users' iOS devices. The list of public calendars to which you can subscribe is available at www.apple.com/downloads/macosx/calendars.

Note: You must have subscribed to a calendar before you can add it to the subscribed calendars list on users' devices.

Terms and Conditions

You create Terms and Conditions device policies in XenMobile when you want users to accept your company's specific policies governing connections to the corporate network. When users enroll their devices with XenMobile, they are presented with the terms and conditions and must accept them to enroll their devices. Declining the terms and conditions cancels the enrollment process.

You can create different policies for terms and conditions in different languages if your company has international users and you want them to accept terms and conditions in their native languages. You must provide a file for each platform and language combination you plan to deploy. For Android and iOS devices, you must supply PDF files. For Windows devices, you must supply text (.txt) files and accompanying image files.

VPN

For customers wanting to provide access to backend systems using legacy VPN Gateway technology, this VPN policy can be used to push down the VPN gateway connection details to the device. A number of VPN providers are supported via the policy including Cisco AnyConnect, Juniper as well as Citrix VPN. It is also possible to link this policy to a CA and enabled VPN on-demand (assuming the VPN gateway supports this option).

You can add a device policy in XenMobile to configure virtual private network (VPN) settings that enable users' devices to connect securely to corporate resources. Each platform requires a different set of values, which are described in the VPN article in this section.

Wallpaper

You can add a .png or .jpg file to set wallpaper on an iOS device lock screen, home screen, or both. Available in iOS 7.1.2 and later. To use different wallpaper on iPads and iPhones, you need to create different wallpaper policies and deploy them to the appropriate users.

Web Content Filter

You can add a device policy in XenMobile to filter web content on iOS devices by using Apple's auto-filter function in conjunction with specific sites that you add to whitelists and blacklists. This policy is available only on iOS 7.0 and later devices in Supervised mode. For information about placing an iOS device into Supervised mode, see To place an iOS device in Supervised mode by using the Apple Configurator.

Webclip

With this policy, you can place shortcuts, or webclips, to websites so that they appear alongside apps on users' devices. You can specify your own icons to represent the webclips for iOS, Mac OS X, and Android devices; Windows tablet only requires a label and a URL.

WiFi

The WiFi Policy allows administrators to easily push WiFi router details - SSID, authentication and configuration data - down to a managed device.

WiFi policies let you manage how users connect their devices to WiFi networks by defining network names and types, authentication and security policies, whether to use proxy servers, and other WiFi-related details consistently for all users on device platforms you select.

Windows CE Certificate

Add this device policy to create and deliver Windows Mobile/CE certificates from an external PKI to users' devices. For more information about certificates and PKI entities, see Certificates.

XenMobile Options

You add a XenMobile options policy to configure Secure Hub behavior when connecting to XenMobile from Android and Windows Mobile/CE devices.

XenMobile Uninstall

You can add this device policy in XenMobile to uninstall XenMobile from Android and Window Mobile/CE devices. When deployed, this policy removes XenMobile from all devices in the deployment group.

The Device Policies Page in the Console

You work with device policies on the XenMobile console Device Policies page. To get to the Device Policies page, click Configure > Device Policies. From here, you can add new policies, see the status of existing policies, and edit or delete policies.

The Device Policies page contains a table showing all the current policies.

localized image

To edit or delete a policy on the Device Policies page, you can select the check box next to a policy to show the options menu above the policy list, or you click a policy in the list to show the options menu on the right side of the listing. If you click Show More, policy details appear.

localized image

To add a device policy

1. On the Device Policies page, click Add.

The Add a New Policy dialog box appears. You can expand More to see additional policies.

localized image

2. To find the policy you want to add, do one of the following:

  • Click the policy.

    The Policy Information page for the selected policy appears.

  • Type the name of the policy in the search field. As you type, potential matches appear. If your policy is in the list, click it. Only your selected policy remains in the dialog box. Click it to open the Policy Information page for that policy.

    Important: If your selected policy is in the More area, it is only visible if you expand More.

localized image

3. Select the platforms you want to include in the policy. Configuration pages for the selected platforms appear in Step 5.

Note: Only those platforms supported by the policy are listed.

localized image

4. Complete the Policy Information page and then click Next. The Policy Information page collects information, such as the policy name, to help you identify and track your policies. This page is similar for all policies.

5. Complete the platform pages. Platform pages appear for each platform you selected in Step 3. These pages are different for each policy. Each policy may be different between platforms. Not all policies are supported by all platforms. Click Next to move to the next platform page or, when all the platform pages are complete, to the Assignment page.

6. On the Assignments page, select the delivery groups to which you want to apply the policy. When you click a delivery group, the group appears in the Delivery groups to receive app assignment box.

Note: The Delivery groups to receive app assignment box does not appear until you select a delivery group.

localized image

7. Click Save.

The policy is added to the Device Policies table.

To edit or delete a device policy

1. In the Device Policies table, select the check box next to the policy you want to edit or delete.

2. Click Edit or Delete.

  • If you click Edit, you can edit any and all settings.
  • If you click Delete, in the confirmation dialog box, click Delete again.