My apologies for the noob question. I am tasked with detection, enforcement, and validation that deployed devices only have approved applications installed. The MDM were using is MobileIron, which from my limited involvement seems fine to detected after an app is installed. I was looking for a solution similar to OTG that locksdown the device to only permit installs from an internal appstore that has approved applications.
Is there a solution that appstore requests only go to our internal appstore, not the official Apple appstore?
Any thoughts suggestions are welcome.
Could you disable the App Store via MDM profile?
Aaron Freimark, Enterprise iOS founder & Tekserve CTO
Aaron is correct that you could just install the necessary apps and then just deploy a profile to disable the App Store, I've been working with an MDM vendor called Airwatch that does exactly what you're looking for. So they have their own App Store in a way that you can deploy only particular apps to. So you'll disable the native Apple App Store and deploy the Airwatch App Store. Users can only see apps you approve. There is a work around however in that the App Store NEEDS to be re-enabled for a short time in the background to the download the app. So users could potentially multitask to the App Store and grab another app. The nice thing about Airwatch is that you can set a compliance policy to tell the admin that a blacklisted app has been installed. Beyond that you can do what Airwatch calls "death by notification" and basically warn the user every few seconds or minutes to remove the app since they are out of compliance, thus almost annoying them to remove the app they installed. If all else fails you can deploy policies to furthur restrict that users so then will comply to your policy.