Product Documentation

APN device policies

Jun 15, 2015

You can add a custom Access Point Name (APN) device policy for iOS and Android devices. You use this policy if your organization does not use a consumer APN to connect to the Internet from a mobile device. An APN policy determines the settings used to connect your devices to a specific phone carrier's General Packet Radio Service (GPRS). This setting is already defined in most newer phones.

iOS settings

Android settings

1. In the XenMobile console, click Configure > Device Policies. The Device Policies page appears.

localized image

2. Click Add to add a new policy. The Add a new Policy page appears.

localized image

3. On the Add a New Policy page, click More and then under Network access, click APN. The APN Policy information page appears.

localized image

4. In the Policy Information pane, enter the following information:

  • Policy Name: Type a descriptive name for the policy.
  • Description: Optionally, type a description of the policy.

5. Click Next. The Policy Platforms page appears.

Note: When the Policy Platforms page appears, all platforms are selected and you see the iOS platform first.

6. Under Platforms, select the platforms you want to add.

When you finish configuring the settings for a platform, refer to Step 7 for how to set that platform's deployment rules.

iOS settings

localized image
  • APN: Type the name of the access point. This must match a an accepted iOS APN or the policy will fail.
  • User name: This string specifies the user name for this APN. If the user name is missing, the device prompts for the string during profile installation.
  • Password: The password for the user for this APN. For obfuscation purposes, the password is encoded. If it is missing from the payload, the device prompts for the password during profile installation.
  • Server proxy address: The IP address or URL of the APN proxy.
  • Server proxy port: The port number for the APN proxy. This is required if you entered a server proxy address.
  • Under Policy Settings, next to Remove policy, click either Select date or Duration until removal (in days).
    • If you click Select date, click the calendar to select the specific date for removal.
    • In the Allow user to remove policy list, click AlwaysPassword required, or Never.
    • If you click Password required, next to Removal password, type the necessary password.
localized image

Android settings

localized image
  • APN: Type the name of the access point. This must match a an accepted Android APN or the policy will fail.
  • User name: This string specifies the user name for this APN. If the user name is missing, the device prompts for the string during profile installation.
  • Password: The password for the user for this APN. For obfuscation purposes, the password is encoded. If it is missing from the payload, the device prompts for the password during profile installation.
  • Server: This setting, which predates smart phones, is usually empty. It references a Wireless Application Protocol (WAP) gateway server for phones that could not access or render standardweb sites.
  • APN type: This setting must match the carrier's intended use for the access point. It is a comma separated string of APN service specifiers and must match the wireless carrier's published definitions. Examples include:
    • *. All traffic goes through this access point.
    • mms. Multimedia traffic goes through this access point.
    • default. All traffic, including multimedia, goes through this access point.
    • supl. Secure User Plane Location is associated with assisted GPS.
    • dun. Dial Up Networking is outdated and should rarely be used.
    • hipri. High priority networking.
    • fota. Firmware over the air is used for receiving firmware updates.
  • Authentication type: In the list, click the type of authentication to be used. Defaults to None.
  • Server proxy address: The IP address or URL of the carrier's APN HTTP proxy.
  • Server proxy port: The port number for the APN proxy. This is required if you entered a server proxy address.
  • MMSC: The MMS Gateway Server address provided by the carrier.
  • Multimedia Messaging Server (MMS) proxy address: This is the multimedia messaging service server for MMS traffic. MMS succeeded SMS for sending larger messages with multimedia content, such as pictures or videos. These servers require specific protocols (such as MM1, ... MM11).
  • MMS port: The port used for the MMS proxy.

7. Expand Deployment Rules and then configure the following settings: The Base tab appears by default.

localized image
  • In the lists, click options to determine when the policy should be deployed.
    • You can choose to deploy the policy when all conditions are met or when any conditions are met. The default option is All.
    • Click New Rule to define the conditions.
    • In the lists, click the conditions, such as Device ownership and BYOD, as shown in the preceding figure.
    • Click New Rule again if you want to add more conditions. You can add as many conditions as you would like.
  • Click the Advanced tab to combine the rules with Boolean options. The conditions you chose on the Base tab appear.
localized image
  • You can use more advanced Boolean logic to combine, edit, or add rules.
    • Click ANDOR, or NOT.
    • In the lists that appear, choose the conditions that you want to add to the rule and then click the Plus sign (+) on the right-hand side to add the condition to the rule.

      At any time, you can click to select a condition and then click EDIT to change the condition or Delete to remove the condition.

    • Click New Rule again if you want to add more conditions.

In this example, the device ownership must be BYOD, the device local encryption must be True, and the device mobile country code cannot be only Andorra.

localized image

8. Click Next. The APN Policy Assignment page appears.

9. Next to Choose delivery groups, type to find a delivery group or select a group or groups in the list to which you want to assign the policy. The groups you select appear in the Delivery groups to receive app assignment list.

localized image

10. Expand Deployment Schedule and then configure the following settings:

  • Next to Deploy, click ON to schedule deployment or click OFF to prevent deployment. The default option is ON. If you choose OFF, no other options need to be configured.
  • Next to Deployment schedule, click Now or Later. The default option is Now.
  • If you click Later, click the calendar icon and then select the date and time for deployment.
  • Next to Deployment condition, click On every connection or click Only when previous deployment has failed. The default option is On every connection.
  • Next to Deploy for always-on connection, click ON or OFF. The default option is OFF.

Note

This option applies when you have configured the scheduling background deployment key in Settings > Server Properties. The always-on option is not available for iOS devices.

The deployment schedule you configure is the same for all platforms. Any changes you make apply to all platforms, except for Deploy for always on connection, which does not apply to iOS.

localized image

11. Click Save to save the policy.