IBM Support

Optimized removal of all apps and accounts on sign-out from shared devices

How To


Summary

IBM MaaS360 introduces a new feature to enhance the security and also reduces the costs for a shared device.

Objective

Feature usage
Once the configuration is applied to the device, when the shared device users sign out, all the distributed apps for that user and all the accounts on the device are removed. This enhances the security and helps prevent data leaks. For example, if a shared device user uses the Box or Outlook app, then signing out will remove the app and all the associated account details.

In addition to enhanced security, is cost savings. When a user signs back in, the apps installed for the previous user does not need to be downloaded again. The OS retains the app package and installs the apps immediately once they are available in the App Catalog, without consuming additional data. Only the apps applicable to the new shared device user are downloaded which conserves data. To maximize the benefits of this feature and reduce data consumption, it is recommended that IT Admins distribute common apps across shared device users. This way, the apps do not consume additional data.

Prerequisites

  • The feature is applicable only for Corporate shared, Device owner and for Android 9+ devices.
  • Apps distributed with both "Install once" or "Retry Installation" are benefited. However, it is highly recommended to distribute the apps with Retry Installation option instead of Install once in the Install Settings to ensure that this feature works smoothly.
The administrators can enable this option by following the steps.

Steps

  1. From IBM MaaS360 Portal Home page, select Setup and click Settings.
  2. Select App Settings and click Basic.
  3. Go to Apps settings for shared mobile devices.
  4. Select the configuration option: Configure at app level or Configure for all apps.
  5. Click Save.
Exemptions:
  • System apps cannot be removed or uninstalled during sign-out, but the accounts associated with them are removed.
  • For modes other than Device Owner and devices running below Android 9, the Configure at app level setting follows the existing behavior in the production settings. The Remove on Sign-out from Shared Device setting is considered, regardless of the above configurations.

  • MaaS360 family of apps is not removed during sign-out. During sign-out, MaaS360 agent on the device performs a selective wipe that ensures all the user data is cleanly deleted from the MaaS360 family of apps.

  • Team Viewer and MaaS360 Remote Control are not removed to allow remote debugging sessions to remain active during sign-out.

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSYSXX","label":"IBM MaaS360"},"ARM Category":[{"code":"a8m3p000000hCHXAA2","label":"DEVICES"},{"code":"a8m3p000000hCH8AAM","label":"ENROLLMENT-\u003EANDROID"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Document Information

Modified date:
05 November 2024

UID

ibm17169566

Page Feedback