- Home
- /
- Article
Webex App | Secure mobile devices
We provide several options for IT administrators to secure the Webex App app on users mobile devices. This includes Microsoft Intune SDK, EMM with AppConfig, app wrapping using the iOS IPA files and the Android AAB files, and admin controls for mobile management.
As an IT administrator, you can enforce complete control by enrolling the device with Microsoft Intune or another third party service for device enrollment, or use Control Hub to configure settings that enforce pin lock or control the data sharing between the users within your organization.
Mobile Device Management (MDM)—For mobile devices owned by the enterprise organization, these devices and all applications are enrolled in and managed by the MDM app.
Mobile Application Management (MAM)—For personally owned mobile devices, Webex App is only enrolled in and managed by the MAM app.
The following is the recommended order to use these options:
-
Microsoft Intune
-
AppConfig
-
App wrapping
-
Admin controls in Control Hub
Microsoft Intune integration
Microsoft Intune integration supports personally owned devices and protects the Webex App with optional device enrollment. For more information, see Microsoft Intune.
For details on how to provision and manage Webex with the Microsoft Intune Endpoint Manager, see Webex | Installation with Microsoft Intune.
-
Microsoft Intune app allows enforcement of app policies such as on-demand VPN, or use of work email.
-
MDM device enrollment is optional.
-
Webex App for Microsoft Intune available from App Store / Google Play.
-
The Microsoft Intune SDK integration provides more features that those provided by AppConfig and MAMs using wrapped versions of the Webex App.
-
Compliance and conditional access: Microsoft Intune integrates with Azure AD (identity and access management) to enable a broad set of access control scenarios. For example, you can require mobile devices to be compliant with organization standards defined in Microsoft Intune before accessing the Webex App.
-
Microsoft Intune app protection policies are rules that ensure an organization's data remains safe or contained in a managed app. A policy can be a rule that is enforced when the user attempts to access or move corporate data, or a set of actions that are prohibited or monitored when the user is inside the app.
Set up EMM with AppConfig
AppConfig is a community that defines basic operating system (OS) level application control capabilities for iOS and Andriod.
The following table shows the AppConfig policies supported by Webex App on Android and iOS. It also shows the name
and (type) of the configurable properties in the app.
For information on how to configure these behaviors/policies for the Webex App, refer to your application management system's documentation on using AppConfig.
|
iOS |
Android |
---|---|---|
Default Browser Enabled |
Supported Use Managed App Config Key
|
Not supported |
Disable Copy and Paste |
Supported Use Managed App Config Key copyAndPasteDisabled (bool) |
Supported Use Android OS settings with "User Android Work profile settings available in EMM configuration" |
Disable Screen Capture | Use the iOS operating system's restrictions option available in EMM to prevent screen capture from Webex App |
Supported Use Android OS settings with "User Android Work profile settings available in EMM configuration" |
Managed Open-In/Document Sharing |
Supported Use iOS Managed Webex App Restrictions parameters available in EMM config |
Supported Use Android OS settings with "User Android Work profile settings available in EMM configuration" |
Passcode/TouchID |
Supported Use Managed App Config Key
|
Supported Use Managed App Config Key
|
Prevent App Backup |
Supported Use iOS Managed Webex App Restrictions parameters available in EMM configuration |
Supported Use Android OS settings with "User Android Work profile settings available in EMM configuration" |
Remote Wipe |
Supported Use iOS Managed Webex App Restrictions parameters available in EMM configuration |
Supported Use Android OS settings with "User Android Work profile settings available in EMM configuration" |
Require FedRamp Cluster Login |
Supported Use Managed App Config Key
|
Supported Use Managed App Config Key
|
Single Sign-On |
Supported Use Managed App Config Key
|
Supported Use Managed App Config Key
or
|
WebView for Login |
Not supported. |
Enables the app to use WebView for authorization sign in flow
|
You can prefill the login email address for each user by setting the App Config parameter login_hint
. You should set the parameter using an email address variable from the MDM provider. These variables and their usage vary by provider, so refer to the EMM documentation for details.
-
Ways to deploy Webex:
-
Additional reading:
App wrapping with IPA and AAB
Wrapped versions of the Webex App, the IPA file for iOS and the AAB file for Android, are available using the Webex mobile application management program.
The AAB file for Android contains the APK file.
-
Wrapped application files allow the management application to control how an application can be used on a mobile device. The wrapping process provides an additional set of libraries that the management application uses to control the wrapped app.
-
We provide the IPA and AAB versions of Webex App.
-
The MAM manageable versions of Webex App must be enrolled and authorized by the MAM application.
-
Users must download the wrapped and MAM managed version of Webex App from your own app store or MAM app repository.
-
Using MAM controlled wrapped versions of Webex App can provide additional controls to those provided through AppConfig.
Admin controls for mobile management
If you choose not to use the Microsoft Intune, AppConfig or App wrapping options, then the following are the admin controls that are available in Control Hub for administrators:
-
Ensure that content is secure and only people with a lock screen can access the Webex App app on their mobile devices.
-
Set up file sharing policies:
-
Prevent message previews showing on locked screens. See enable security settings.
-
To secure a compromised device or when someone leaves a company, you can revoke their access. See revoke a user's access to Webex.