Skip to main content
Matrix42 Self-Service Help Center

Tags Guide Part III: iPad, iPhone, iPod

Profile

Profiles for each device type are managed independently allowing separate configuration and management of profiles for each device type. When a device is provisioned, it will be provisioned with the profile configuration at the time the device was enrolled. When a profile change is made, new devices will receive the new configuration as well as devices that are currently managed and/or blocked. When any Profiles are changed, ensure the settings are correct as these will be applied immediately to all applicable devices. Please ensure you click on the Save or Save & Close button on the bottom right of the screen to commit your changes before selecting another page.

All Profiles which are marked with a star * are available for supervised devices

Exchange ActiveSync

Setting iPhone iPad iPod Description
Exchange ActiveSync Settings Enabled or Disabled Enabled or Disable Enabled or Disable Enables Profile
Label e.g. Imagoverum Exchange or e.g. {firstname} e.g. Imagoverum Exchange or e.g. {firstname} e.g. Imagoverum Exchange or e.g. {firstname} The Label for the Email Account as it appears on the device. 
Server Name e.g. outlook.office365.com  e.g. outlook.office365.com  e.g. outlook.office365.com  External Exchange Active Sync address 
Past Days of Mail to Sync
  • Unlimited
  • One Day
  • Three days
  • One week
  • Two weeks
  • One Month
  • Unlimited
  • One Day
  • Three days
  • One week
  • Two weeks
  • One Month
  • Unlimited
  • One Day
  • Three days
  • One week
  • Two weeks
  • One Month
Period of mail to synchronize to the device
Use SSL Enabled or Disabled Enabled or Disabled Enabled or Disabled If the URL for the External Mail Server is protected by an SSL Certificate then use SSL.
Use oAuth Enabled or Disabled Enabled or Disabled Not supported Enables and uses oAuth Authentication for Identity Providers on native mail client
Allow Mail to be Moved from This Account Enabled or Disabled Enabled or Disabled Enabled or Disabled If disabled, prevents the user forwarding emails from Corporate Email using a secondary email account
Allow Applications access to this email account Enabled or Disabled Enabled or Disabled Enabled or Disabled If disabled, prevents the user from using this email account in third-party apps to forward content
Allow Recent Address Syncing Enabled or Disabled Enabled or Disabled Enabled or Disabled If disabled, no email addresses are replicated for contacts that were recently used but do not exist in the standard Contacts list.
Use Custom Username Variable e.g. {CustLdapVar0} or support@imagoverum.com e.g. {CustLdapVar0} or support@imagoverum.com e.g. {CustLdapVar0} or support@imagoverum.com Define a Custom Variable Attribute for the Username for the EAS Profile.
Use Custom Email Variable e.g. {CustLdapVar0} or tim.tober@imagoverum.com e.g. {CustLdapVar0} or tim.tober@imagoverum.com e.g. {CustLdapVar0} or tim.tober@imagoverum.com Define a Custom Variable Attribute for the Email Address for the EAS Profile.
Use Custom Password Variable e.g. {UserPassword} or Pa$$w0rd  e.g. {UserPassword} or Pa$$w0rd  e.g. {UserPassword} or Pa$$w0rd  Define a Custom Variable Attribute for the Email Password for the EAS Profile.
Enterprise Certificate Choose File Choose File Choose File Upload a certificate for certificate based authentication with one certificate
Certificate Password e.g. Pa$$w0rd e.g. Pa$$w0rd e.g. Pa$$w0rd Password for the certificate

Email

Setting iPhone iPad iPod Description
Email Settings Enabled or Disabled Enabled or Disabled Enabled or Disabled Enables Email Settings
Email Address e.g. {UserEmail} or support@imagoverum.com e.g. {UserEmail} or support@imagoverum.com e.g. {UserEmail} or support@imagoverum.com Defines Email Address of the Account
User Display Name e.g. {UserName} or Tim Tober e.g. {UserName} or Tim Tober e.g. {UserName} or Tim Tober Defines  Display Name of the User for this Email Account
Account Description e.g. Imagoverum Mail e.g. Imagoverum Mail e.g. Imagoverum Mail Defines Friendly Name of this Email Account
Account Type
  • IMAP
  • POP
  • IMAP
  • POP
  • IMAP
  • POP
Toggles between IMAP and POP Account Types
IMAP Path Prefix e.g INBOX e.g. INBOX e.g. INBOX Defines where to look for mail 
Allow Mail to be Moved from This Account Enabled or Disabled Enabled or Disabled Enabled or Disabled If disabled, prevents the user forwarding emails from Corporate Email using a secondary email account
Allow Applications access to this email account Enabled or Disabled Enabled or Disabled Enabled or Disabled If disabled, prevents the user from using this email account in third-party apps to forward content
Incoming Mail
Incoming Mail Server e.g. imap-mail.outlook.com or pop-mail.outlook.com e.g. imap-mail.outlook.com or pop-mail.outlook.com e.g. imap-mail.outlook.com or pop-mail.outlook.com  
Incoming Mail Port e.g. 995 e.g. 995 e.g. 995  
Incoming Mail Username        
Authentication
  • None
  • Password
  • MD5 Challenge-Response
  • NTLM
  • NTTP MD5 Digest
  • None
  • Password
  • MD5 Challenge-Response
  • NTLM
  • NTTP MD5 Digest
  • None
  • Password
  • MD5 Challenge-Response
  • NTLM
  • NTTP MD5 Digest
 
Embed User Password Enabled or Disabled Enabled or Disabled Enabled or Disabled  
Embed Custom Password Enabled or Disabled Enabled or Disabled Enabled or Disabled  
Use SSL Enabled or Disabled Enabled or Disabled Enabled or Disabled  
Outgoing Mail
Outgoing Mail Server e.g. imap-mail.outlook.com or pop-mail.outlook.com e.g. imap-mail.outlook.com or pop-mail.outlook.com e.g. imap-mail.outlook.com or pop-mail.outlook.com  
Outgoing Mail Port e.g. 995 e.g. 995 e.g. 995  
Outgoing Mail Username        
Authentication
  • None
  • Password
  • MD5 Challenge-Response
  • NTLM
  • NTTP MD5 Digest
  • None
  • Password
  • MD5 Challenge-Response
  • NTLM
  • NTTP MD5 Digest
  • None
  • Password
  • MD5 Challenge-Response
  • NTLM
  • NTTP MD5 Digest
 
Password Same As Incoming Enabled or Disabled Enabled or Disabled Enabled or Disabled  
Embed Custom Password Enabled or Disabled Enabled or Disabled Enabled or Disabled  
Use SSL Enabled or Disabled Enabled or Disabled Enabled or Disabled  

Passcode

Setting iPhone iPad iPod Description
Passcode Settings Enabled or Disabled Enabled or Disabled Enabled or Disabled Enables Passcode Settings
Allow Simple Enabled or Disabled Enabled or Disabled Enabled or Disabled Permit the use of repeating, ascending or descending characters
Require Alpha Numeric Enabled or Disabled Enabled or Disabled Enabled or Disabled Require passcode to contain at least one letter
Minimum Length 4-19 4-19 4-19 The smallest number of passcode characters allowed
Minimum Complex characters 1-4 1-4 1-4 Smallest number of non-alphanumeric characters allowed. If ‘Allow Simple’ is checked, then this configuration is disabled.
Maximum Passcode Age - 1-730 days or none 1-730 or empty 1-730 or empty 1-730 or empty How often passcode must be changed
Auto-lock (minutes) Never, 1,2,3,4,5 Never, 1,2,3,4,5 Never, 1,2,3,4,5 Device automatically locks due to inactivity after this time period
Passcode history (1-50 passcodes, or none) 1-50 or empty 1-50 or empty 1-50 or empty Number of unique passcodes required before reuse
Grace Period for Device Lock
  • Immediately
  • 1 Minute
  • 5 Minutes
  • 15 Minutes
  • Immediately
  • 1 Minute
  • 5 Minutes
  • 15 Minutes
  • Immediately
  • 1 Minute
  • 5 Minutes
  • 15 Minutes
Amount of time device screen can sleep before device locks
Maximum Failed Attempts 4-16 4-16 4-16 Number of passcode entry attempts allowed before the device is reset to factory settings

Restrictions

Setting iPhone iPad iPod
Allow Automatic Sync while Roaming Enabled or Disabled Enabled or Disabled Not available
Allow Camera Enabled or Disabled Enabled or Disabled Enabled or Disabled
Allow In App Purchase Enabled or Disabled Enabled or Disabled Enabled or Disabled
Allow Screen Capture* Enabled or Disabled Enabled or Disabled Enabled or Disabled
Allow Youtube Enabled or Disabled Enabled or Disabled Enabled or Disabled
Allow Voice Dialing Enabled or Disabled Enabled or Disabled Enabled or Disabled
Allow Game Center Friends Enabled or Disabled Enabled or Disabled Enabled or Disabled
Allow iCloud Backup Enabled or Disabled Enabled or Disabled Enabled or Disabled
Allow iCloud Document Sync Enabled or Disabled Enabled or Disabled Enabled or Disabled
Allow iCloud Key Value Sync Enabled or Disabled Enabled or Disabled Enabled or Disabled
Allow Photo Stream Enabled or Disabled Enabled or Disabled Enabled or Disabled
Allow Untrusted SSL Certificates Enabled or Disabled Enabled or Disabled Enabled or Disabled
Force iTunes Password Prompt Enabled or Disabled Enabled or Disabled Enabled or Disabled
Force Encrypted Backup* Enabled Enabled Enabled
Allow Siri While Locked* Enabled or Disabled Enabled or Disabled Enabled or Disabled
Allow Diagnostic Data to be Sent to Apple Enabled or Disabled Enabled or Disabled Enabled or Disabled
Allow Passbook While Locked Enabled or Disabled Enabled or Disabled Enabled or Disabled
Allow Shared Photo Stream Enabled or Disabled Enabled or Disabled Enabled or Disabled
Allow Cloud Keychain Sync Enabled or Disabled Enabled or Disabled Enabled or Disabled
Allow Lock Screen Control Center Enabled or Disabled Enabled or Disabled Enabled or Disabled
Allow Lock Screen Notifications View* Enabled or Disabled Enabled or Disabled Enabled or Disabled
Allow Lock Screen Today View* Enabled or Disabled Enabled or Disabled Enabled or Disabled
Allow Open In From Managed to Unmanaged Apps* Enabled or Disabled Enabled or Disabled Enabled or Disabled
Allow Open In From Unmanaged to Managed Apps* Enabled or Disabled Enabled or Disabled Enabled or Disabled
Allow OTA PKI Updates Enabled or Disabled Enabled or Disabled Enabled or Disabled
Force Limited Ad Tracking Enabled or Disabled Enabled or Disabled Enabled or Disabled
Allow Fingerprint For Unlock Enabled or Disabled Enabled or Disabled Enabled or Disabled
Allow Activity Continuation Enabled or Disabled Enabled or Disabled Enabled or Disabled
Allow Managed Apps Cloud Sync* Enabled or Disabled Enabled or Disabled Enabled or Disabled
Force Airdrop to be considered Unmanaged* Enabled or Disabled Enabled or Disabled Enabled or Disabled
Force Apple Watch Wrist Detection* Enabled or Disabled Enabled or Disabled Enabled or Disabled
Allow iCloud Photo Library Enabled or Disabled Enabled or Disabled Enabled or Disabled
*Supervised devices only:
Allow Game Center Enabled or Disabled Enabled or Disabled Enabled or Disabled
Allow iBookstore Enabled or Disabled Enabled or Disabled Enabled or Disabled
Allow iBookstore Erotica Enabled or Disabled Enabled or Disabled Enabled or Disabled
Allow Configuration Profile Installation Enabled or Disabled Enabled or Disabled Enabled or Disabled
Allow iMessage Enabled or Disabled Enabled or Disabled Enabled or Disabled
Allow Explicit Music and Podcasts Enabled or Disabled Enabled or Disabled Enabled or Disabled
Allow iTunes Enabled or Disabled Enabled or Disabled Enabled or Disabled
Allow Safari Enabled or Disabled Enabled or Disabled Enabled or Disabled
Enable Autofill Enabled or Disabled Enabled or Disabled Enabled or Disabled
Enable Javascript Enabled or Disabled Enabled or Disabled Enabled or Disabled
Allow Popup Enabled or Disabled Enabled or Disabled Enabled or Disabled
Force Fraud Warning Enabled or Disabled Enabled or Disabled Enabled or Disabled
Accept Cookies
  • Always
  • Never
  • From Visited Sites
  • Always
  • Never
  • From Visited Sites
  • Always
  • Never
  • From Visited Sites
Allow Siri Enabled or Disabled Enabled or Disabled Enabled or Disabled
Allow Facetime Enabled or Disabled Enabled or Disabled Enabled or Disabled
Allow Multiplayer Gaming Enabled or Disabled Enabled or Disabled Enabled or Disabled
Allow Cellular Data Modification Enabled or Disabled Enabled or Disabled Enabled or Disabled
Allow Find My Friends Modification Enabled or Disabled Enabled or Disabled Enabled or Disabled
Allow Host Pairing Enabled or Disabled Enabled or Disabled Enabled or Disabled
Allow AirDrop Enabled or Disabled Enabled or Disabled Enabled or Disabled
Allow App Removal Enabled or Disabled Enabled or Disabled Enabled or Disabled
Allow Activation Lock Enabled or Disabled Enabled or Disabled Enabled or Disabled
Allow Podcasts Enabled or Disabled Enabled or Disabled Enabled or Disabled
Allow Definition Lookup Enabled or Disabled Enabled or Disabled Enabled or Disabled
Allow Predictive Keyboard Enabled or Disabled Enabled or Disabled Enabled or Disabled
Allow Auto Correction Enabled or Disabled Enabled or Disabled Enabled or Disabled
Allow Spell Check Enabled or Disabled Enabled or Disabled Enabled or Disabled
Allow UI App Installation Enabled or Disabled Enabled or Disabled Enabled or Disabled
Allow Keyboard Shortcuts Enabled or Disabled Enabled or Disabled Enabled or Disabled
Allow Apple Watch Pairing Enabled or Disabled Enabled or Disabled Enabled or Disabled
Allow Changing Device Name Enabled or Disabled Enabled or Disabled Enabled or Disabled
Allow Wallpaper Modification Enabled or Disabled Enabled or Disabled Enabled or Disabled
Allow Automatic App Downloads Enabled or Disabled Enabled or Disabled Enabled or Disabled
Allow Enterprise App Trusts Enabled or Disabled Enabled or Disabled Enabled or Disabled
Allow Notifications Modification Enabled or Disabled Enabled or Disabled Enabled or Disabled
Allow Bluetooth Modification Enabled or Disabled Enabled or Disabled Enabled or Disabled
Allow Passcode Modification Enabled or Disabled Enabled or Disabled Enabled or Disabled
Allow App Store Enabled or Disabled Enabled or Disabled Enabled or Disabled
Allow Account Modification Enabled or Disabled Enabled or Disabled Enabled or Disabled
Allow Erase Content And Settings Enabled or Disabled Enabled or Disabled Enabled or Disabled
Allow Spotlight Internet Results Enabled or Disabled Enabled or Disabled Enabled or Disabled
Allow Enabling Restrictions Enabled or Disabled Enabled or Disabled Enabled or Disabled
Only join Wi-Fi networks installed by profiles (iOS 10.3+) Enabled or Disabled Enabled or Disabled Enabled or Disabled
Allow Dictation (iOS 10.3+) Enabled or Disabled Enabled or Disabled Enabled or Disabled
Allow Hotspot Modification Enabled or Disabled Enabled or Disabled not supported
Allow Find My Device Enabled or Disabled Enabled or Disabled not supported
Allow Find My Friends Enabled or Disabled Enabled or Disabled not supported
Allow QuickPath Keyboard Enabled or Disabled Enabled or Disabled not supported
Force Wi-Fi Power On Enabled or Disabled Enabled or Disabled not supported
Allow Files Network Drive Access  Enabled or Disabled Enabled or Disabled not supported
Allow Files USB Drive Access  Enabled or Disabled Enabled or Disabled not supported

* Supports User Enrollment 

VPN

Private APN

If you have a Private Access Point Name (APN) for your SIM Cards, then Silverback has the ability to configure this for you on the managed devices.

Setting iPhone iPad iPod Description
Private APN Settings Enabled or Disabled Enabled or Disabled not available Enables the Private APN Feature on Selected Devices.
Name e.g. VFD2 Web e.g VFD2 Web not available The name of the carrier access point
Username e.g. User e.g User not available The username to connect to the access point
Password e.g. Pa$$w0rd e.g. Pa$$w0rd not available The password to connect to the access point
Server e.g web.vodafone.com e.g. web.vodafone.com not available The fully qualified address of the proxy server
Port e.g. 8080 e.g. 8080 not available APN Port

Wi-Fi 

Silverback has the ability to pre-populate multiple Wi-Fi settings on your devices, so the user does not need to know the password for these networks themselves.

  • Click New WiFi profile
Setting iPhone iPad iPod Description
Wi-Fi Settings Enabled or Disabled Enabled or Disabled Enabled or Disabled Enables the sending of Wi-Fi settings
SSID e.g. Corporate Wi-Fi e.g. Corporate Wi-Fi e.g. Corporate Wi-Fi Service Set Identifier of the wireless network
Security Type
  • WEP
  • WPA2
  • Any Personal
  • WPA2 Enterprise
  • Any Enterprise
  • WEP
  • WPA2
  • Any Personal
  • WPA2 Enterprise
  • Any Enterprise
  • WEP
  • WPA2
  • Any Personal
  • WPA2 Enterprise
  • Any Enterprise
Defines the used Wireless network encryption
Hidden Network Enabled or Disabled Enabled or Disabled Enabled or Disabled Enable if the target network is not open or hidden
Automatically Join Enabled or Disabled Enabled or Disabled Enabled or Disabled The device will automatically join the Wi-Fi network
Password e.g. Pa$$w0rd e.g. Pa$$w0rd e.g. Pa$$w0rd Password for authenticating to the wireless network
Proxy (WPA2 Enterprise & Any Enterprise Only)
Protocols
  • TLS
  • LEAP
  • TTLS
  • PEAP
  • EAP-FAST
  • EAP-SIM

 

  • Use Pac
  • Provision PAC
  • Provision PAC Anonymously
  • TLS
  • LEAP
  • TTLS
  • PEAP
  • EAP-FAST
  • EAP-SIM

 

  • Use Pac
  • Provision PAC
  • Provision PAC Anonymously
  • TLS
  • LEAP
  • TTLS
  • PEAP
  • EAP-FAST
  • EAP-SIM

 

  • Use Pac
  • Provision PAC
  • Provision PAC Anonymously
Defines the protocol utilized by encryption type and the PAC configuration
Authentication
  • Use Per-connection Password
  • Use Individual Username
    • Use User Password
  • Use Individual Client Certificates
    • Individual Client Certificate subject
    • Populate into Active Directory
  • Add Certificate
  • Use Per-connection Password
  • Use Individual Username
    • Use User Password
  • Use Individual Client Certificates
    • Individual Client Certificate subject
    • Populate into Active Directory
  • Add Certificate
  • Use Per-connection Password
  • Use Individual Username
    • Use User Password
  • Use Individual Client Certificates
    • Individual Client Certificate subject
    • Populate into Active Directory
  • Add Certificate
Defines the used authentication mechanism
Trust
  • Allow Trust Exceptions
  • Add or Remove Server
  • Add Certificate
  • Remove Certificates
  • Allow Trust Exceptions
  • Add or Remove Server
  • Add Certificate
  • Remove Certificates
  • Allow Trust Exceptions
  • Add or Remove Server
  • Add Certificate
  • Remove Certificates
Defines Trusted certificates
Proxy
  • Proxy Type (None, Auto, Manual)
  • Server
  • Port
  • Individual Usernames or pre-defined Username
  • Individual Passwords or pre-defined Password
  • PAC URL
  • Proxy Type (None, Auto, Manual)
  • Server
  • Port
  • Individual Usernames or pre-defined Username
  • Individual Passwords or pre-defined Password
  • PAC URL
  • Proxy Type (None, Auto, Manual)
  • Server
  • Port
  • Individual Usernames or pre-defined Username
  • Individual Passwords or pre-defined Password
  • PAC URL
Ensures the device talks to the necessary Proxy

Wallpaper*

Define a custom Home Screen and Lock screen for your iOS supervised devices. 

Setting iPhone iPad iPod Description
Lock Screen Enabled Enabled not available Enables customs Lock Screen on devices. 
Choose File Choose File not available

Upload custom Lock Screen

Supported file types are: *.jpg and *.png

Home Screen Enabled Enabled not available Enables customs Lock Screen on devices. 
Choose File Enabled not available

Upload custom Lock Screen

Supported file types are: *.jpg and *.png

Application Lock*

Through the use of the Application Lock feature, you can now ‘Lock’ a specific App to the screen of the device, meaning that the user cannot minimize or close the specified App from the screen. Another common name for this functionality is the kiosk mode or single app purpose mode. 

Setting iPhone iPad iPod Description
Application Lock Enabled or Disabled Enabled or Disabled Enabled or Disabled Enables Application Lock
App Identifier e.g. com.apple.mobilesafari or com.syncdog.matrix42.securecontainer e.g. com.apple.mobilesafari or com.syncdog.matrix42.securecontainer e.g. com.apple.mobilesafari or com.syncdog.matrix42.securecontainer The Identification String of the App that you want ‘Locked’ to the screen. Compare the Lockdown area to find out the necessary Bundle ID
Options
Disable Touch Enabled or Disabled Enabled or Disabled Enabled or Disabled Disables the users’ ability to interact with the screen
Disable Device Rotation Enabled or Disabled Enabled or Disabled Enabled or Disabled Disables the screen orientation change
Disable Volume Buttons Enabled or Disabled Enabled or Disabled Enabled or Disabled Disables the hardware volume buttons on the device
Disable Ringer Switch Enabled or Disabled Enabled or Disabled Enabled or Disabled Disables the hardware ringer switch on the device
Disable Sleep Wake Button Enabled or Disabled Enabled or Disabled Enabled or Disabled Disables the hardware power button
Disable Auto Lock Enabled or Disabled Enabled or Disabled Enabled or Disabled Controls whether the device will automatically lock screen
Enable Voice Over Enabled or Disabled Enabled or Disabled Enabled or Disabled Forces the voice over feature on the device
Enable Zoom Enabled or Disabled Enabled or Disabled Enabled or Disabled Forces the zoom feature on the device
Enable Invert Colors Enabled or Disabled Enabled or Disabled Enabled or Disabled Forces the inverted colors feature on the device
Enable Assistive Touch Enabled or Disabled Enabled or Disabled Enabled or Disabled Enables the assistive touch menu for one handed operation on the device
Enable Speak Selection Enabled or Disabled Enabled or Disabled Enabled or Disabled Enables the speak selection control on the device
Enable Mono Audio Enabled or Disabled Enabled or Disabled Enabled or Disabled Forces the mono audio on the device
User Enabled Options
Voice Over Enabled or Disabled Enabled or Disabled Enabled or Disabled Allows the user to control voice over
Zoom Enabled or Disabled Enabled or Disabled Enabled or Disabled Allows the user to control zoom
Invert Colors Enabled or Disabled Enabled or Disabled Enabled or Disabled Allows the user to control color inversion
Assistive Touch Enabled or Disabled Enabled or Disabled Enabled or Disabled Allows the user to control voice over

Updating Application Lock Apps  

Applications locked in Single App Mode cannot be updated due to a restriction in iOS. In Silverback a workflow is implemented that allows for these apps to be updated. This means that when you attempt to update a Single App Mode Locked app, the system will automatically disable Single App Mode and attempt to update the app. The system will continue to attempt this until the application is updated. The number of attempts to check this is determined by a setting in the Settings Administration page. To increase or decrease the amount of maximum check times perform the following steps:

  • Login as Settings Administrator
  • Navigate to MDM Payload
  • Change the value for iOS Single App Mode Re-enablement Automation Workflow (not recommended)

Manual Override of Application Lock

In some scenarios its necessary to force an individual device to enable or disable Single App Mode for troubleshooting. This can be done from the device info pop-up for a device that has Single App Mode settings applied. Note that once the device checks in, it may lock or unlock again based on it’s Tag settings.

Admin_Guide_SB_028.png

Global HTTP Proxy*

Enabling the Global HTTP Proxy will force all Network Traffic through a designated proxy server.

Setting iPhone iPad iPod Description
Global HTTP Proxy Enabled or Disabled Enabled or Disabled Enabled or Disabled Enables the Global HTTP proxy
Proxy Type
  • Manual
  • Automatic
  • Manual
  • Automatic
  • Manual
  • Automatic
Allows the administrator to select a proxy type
Server e.g. http:// proxy.imagoverum.com or 192.168.0.101 e.g. http:// proxy.imagoverum.com or 192.168.0.101 e.g. http:// proxy.imagoverum.com or 192.168.0.101 The FQDN or IP address of the proxy server
Port e.g. 80 or 443 e.g. 80 or 443 e.g. 80 or 443 The port of the proxy server
Individual Usernames Enabled or Disabled Enabled or Disabled Enabled or Disabled Controls the user ability to enter their own credentials
Username e.g. Proxyuser e.g. Proxyuser e.g. Proxyuser Allows the administrator to define the group username
Password e.g. Pa$$w0rd e.g. Pa$$w0rd e.g. Pa$$w0rd Allows the administrator to define the group password
PAC URL e.g. http:// proxy.imagoverum.com/proxy.pac or 192.168.0.101/proxy.pac e.g. http:// proxy.imagoverum.com/proxy.pac or 192.168.0.101/proxy.pac e.g. http:// proxy.imagoverum.com/proxy.pac or 192.168.0.101/proxy.pac Allows the administrator to specify the location of the PAC script

Web Content Filter*

Web Content Filter settings allow the administrator to control URLs accessible on the iOS7+ devices from Safari.

Setting iPhone iPad iPod Description
Enable Filter Enabled or Disabled Enabled or Disabled Enabled or Disabled

Enables the Web Content Filter on the devices. This function evaluates each web page as it is loaded and attempts to identify and block content not suitable for children. The search algorithm is complex and may vary from release to release, but it is basically looking for adult language, i.e. swearing and sexually explicit language.

Permitted URLs Used only when Filter is set to true. Otherwise, this field is ignored. Each entry contains a URL that is accessible whether the automatic filter allows access or not.
Whitelisted Bookmarks

If any URLs are specified in this matrix, the user can tab into Safari's address bar and will see these bookmarks. All other manually entered URLs will be blocked

The folders are to be specified like: \Root Folder\Subfolder

Blacklisted URLs The URLs specified in this matrix are not accessible on the device.

Certificate Trusts

Setting iPhone iPad iPod Description
Certificate Settings   Enabled or Disabled Enabled or Disabled Enabled or Disabled Enables Certificate Settings in this Tag
Add Root Certificate Choose File Choose File Choose File Select and Upload Root Certificate
Certificate Password e.g. Pa$$w0rd e.g. Pa$$w0rd e.g. Pa$$w0rd Defines Password for Root Certificate
Root Certificates e.g. CN=Imagoverum Root, OU=Imagoverum, OU=IV, O=Imagoverum, S=German, C=DE e.g. CN=Imagoverum Root, OU=Imagoverum, OU=IV, O=Imagoverum, S=German, C=DE e.g. CN=Imagoverum Root, OU=Imagoverum, OU=IV, O=Imagoverum, S=German, C=DE Displays uploaded certificates details
Add Root Certificate Choose File Choose File Choose File Select and Upload Root Certificate
Certificate Password e.g. Pa$$w0rd e.g. Pa$$w0rd e.g. Pa$$w0rd Defines Password for Root Certificate
Intermediate Certificates e.g. CN=Imagoverum Intermediate, OU=Imagoverum, OU=IV, O=Imagoverum, S=German, C=DE e.g. CN=Imagoverum Intermediate, OU=Imagoverum, OU=IV, O=Imagoverum, S=German, C=DE e.g. CN=Imagoverum Intermediate, OU=Imagoverum, OU=IV, O=Imagoverum, S=German, C=DE Displays uploaded certificates details

Single Sign On

Setting iPhone iPad iPod Description
Display Name        
Kerberos Realm        
Principal Name        
Use Client Certificate        

Certificate Name

       

Certificate Type

       
Certificate Authority Address        
Template Name        
Subject Name        
Subject Alternate Name        
Limit this account to specific URL Patterns        
URL Pattern        
Limit this account to specific App Ids        
App Identifier        

App Portal

The Application portal is where devices can access Enterprise applications and recommended Third Party applications via a web clip icon. To enable access to the Application portal for end users and push the app portal web clip icon to devices, ensure App Portal Enabled box is ticked.

Setting iPhone iPad iPod Description
App Portal   Enabled or Disabled Enabled or Disabled   Enabled or Disabled   Enables and pushes the App Portal Icon to enrolled devices.

To customize the App Portal navigate to Admin > App Portal  

Managed Domains

Setting iPhone iPad iPod Description
Domain Types  
  • Email Domains
  • Safari Domains
  • Email Domains
  • Safari Domains
  • Email Domains
  • Safari Domains

Email Domains: Email addresses not matching any of these domains will be marked in Mail

Safari Domains: URL patterns of domains from which documents will be considered managed

Domain Settings e.g. imagoverum.com e.g. imagoverum.com e.g. imagoverum.com Defines the Email or Safari Domain

Custom Profiles

Custom Profiles can be created with the Apple Configurator 2 on a MacOS device and imported into Silverback.

Use Custom Profiles if you miss a setting or a configuration that Silverback does not covers, but has an availability in Apple Configurator 2. 

  • Click New Custom Profile
Setting iPhone iPad iPod Description
Name   e.g. CalDAV Profile e.g. CalDAV Profile e.g. CalDAV Profile Display Name for the Custom Profile
Description e.g. Custom CalDAV Profile e.g. Custom CalDAV Profile e.g. Custom CalDAV Profile Description for the Custom Profile
Mobileconfig File Choose File Choose File Choose File Uploads the *.mobileconfig file

Web Clips

Silverback allows administrators to push down Internet shortcuts to their Managed Devices, giving users easy access to the websites the administrator wants.

  • Click New Web Clip
Setting iPhone iPad iPod Description
Web Clip Name   e.g. Matrix42 e.g. Matrix42 e.g. Matrix42 Web Clip Display Name 
Link e.g. https://www.matrix42.com e.g. https://www.matrix42.com e.g. https://www.matrix42.com Target URL for the Web Clip
Removable Enabled or Disabled Enabled or Disabled Enabled or Disabled Give the user the option to remove the shortcut from the device
Precomposed Icon Enabled or Disabled Enabled or Disabled Enabled or Disabled If disabled, iOS adds the gloss effect to the icon when displaying on the device.
Full Screen Enabled or Disabled Enabled or Disabled Enabled or Disabled Hides the Safari Browser Interface, displaying the website in Full Screen.
Icon File Choose File Choose File Choose File A button for uploading a Custom Icon. Support File Type: *.png

Home Screen Layout 

Home Screen layout allows Administrators to organize app icons across supervised iOS devices.  A unified layout of interfaces makes switching between devices easier and users and support can expects apps to be in the same location on their devices. Apps which aren't used very often can be moved maybe to page 2 or 3 on the devices. 

Device Type iPhone iPad iPod
Availability available available not available

Configure Home Screen Layout

  • Enable Home Screen Layout 
  • Enter a Profile Name
  • Right-Click Dock 
  • Click Add Application

Now you have a couple of options:

  • Add Application
  • Add Folder
Add Application Description Handling
iOS delivers a couple of pre-installed or native applications with the operating systems. You can select them from here Type as an example Phone, afterwards all results are shown with Phone in the name: e.g. Find iPhone and Phone. Click on the application icon to select the desired app
Select from App Store We implemented a direct search in Silverback, so that you can search for any app which is listed in the public App Store Type as an example Matrix42 and you will see all Matrix42 related applications. Companion, M2Mobile and  M42 Secure Container. Click on the application icon to select the desired app
Enter the Bundle ID of application This field will be auto filled after selecting the desired App by select from native applications or from App Store. If you distributed any Enterprise app, then enter here the Bundle ID of your Enterprise App Will be filled automatically or needs to be entered manually when adding an Enterprise app to Home Screen Layout
Enter the name of application This field will be auto filled after selecting the desired App by select from native applications or from App Store. You can rename the application if you want but be aware that the Name is only visible in the Tag, the Application name on the devices will stay in the original name. Will be filled automatically or can be entered or adjusted for convenience.  

Ensure that you enter just applications that you will deploy with Silverback to your device fleet or native application. So every application, excluding native applications, should be available in App Portal section in Silverback. 

Add Folder Description
Here you can enter the name of the folder you want to create on your Home Screen Layout. Afterwards you can add with Add Application apps that will be organized in this folder. The name you will enter here will be the name of the folder on every included device. 

Each folder contains as well pages. By default Silverback will create the Folder Page 1 as default. Right Click Folder Page 1 to add applications to that page. 

  • Right Click Pages
  • Click Add
  • Right Click Page 1
  • Add here in the same way applications and/or folders. 
  • Proceed with creating pages and adding applications and/or folders
  • For ordering everything just drag & drop folders or applications. 
  • Click Save

Some quick notes:

  • Dock allows to add and assign overall 6 applications or folders
  • Pages section allows to create overall 20 pages
  • Each page allows to add 24 applications or folders 
  • If Dock or Pages are fully loaded it is not possible to drag & drop apps or folders into the right position. Remove one app or folder and rearranging is again possible
  • Apps that have not been assigned a screen position and apps that have been installed on the device manually will appear after the assigned apps
  • Once a home screen layout has been applied, the app icon layout cannot be modified on the device itself. 
  • If two or more Home Screen Layout profiles are assigned to one device, the latest edited will win
  • Shortcuts can be used
    • Rename (F2)
    • Delete (Del)
    • Add Application (Shift + A)
    • Add Folder (Shift + F)
    • Add Page (Shift + P)

Policy

With Policy or Policies Administrators have the ability to enforce rules with Silverback, such as enforcing what Apps are installed on the devices, what Cellular Networks the device is on through to enforcing the Serial Numbers of the devices as they are enrolled into the system. These are the environmental conditions that Silverback will continue to monitor for and ‘police’ for any devices that are associated with the Tag.

OS Version Compliance 

Administrators have the ability to control which OS versions are allowed within their environment. To allow an OS version, simply ensure the checkbox next to the respective OS version is ticked. Enrolling a device with a disabled OS version will result in the device automatically being blocked.

  • Alert Administrators: When the checkbox is checked, all administrators will receive an email when a device that violates OS compliance is detected, or when a new OS version is discovered.
  • Automatically Approve New OS Versions: When an OS platform is enrolled to Silverback for the first time, the OS is automatically added to the list. By default, unknown OS platforms are disabled and relevant devices will be blocked. To automatically authorize new OS versions as they are discovered, ensure the checkbox is ticked.

Use this feature where you do not want devices to be automatically blocked when a user upgrades their device to a new future OS version that is released by their software vendor.

OS Updates*

A common question that you may face is how can we prevent our devices from updating updating to the latest version of iOS and how can we test the new iOS update before all of our users will install it?  Often, organizations wish to check the latest iOS release, verifying that the business-related apps they use will continue to function properly on the devices used by their organization. Starting with iOS 11.3 and for supervised devices Apple began to offer the possibility to specify a number of days to delay software updates, with a maximum of 90 days. With this option enabled, the user of the device will not see a software update until the specified number of days has passed since the release.

Setting iPhone iPad iPod Description
Defer Operating System updates for X Enabled or Disabled Enabled or Disabled not available Enables the deferral of operating system updates
Days 1-90 1-90 not available Defines the time period of how long updates will be deferred

Create different Tags with different values to allow new OS updates in waves.  Here is an example how it could look like: 

  • Do not use the feature for the internal IT or MDM department.
  • Enable and restrict set the policy for Pilot Users to 14 days
  • Enable and restrict set the policy for non-critical departments to 30 days
  • For critical department use the maximum value of 90 days.  

Hardware Compliance 

Administrators have the ability to enforce a hardware compliance policy through Silverback. Simply uncheck the boxes for hardware types that should not be supported and any devices that match the hardware type and are managed by Silverback will be blocked. The list of hardware types is managed via the Device Types option in the Admin Tab of the Silverback Console. If a mapping from device type to hardware type exists, the hardware type will be displayed in the hardware compliance list. When a Device Manufacturer release a new version of their hardware the model numbers may not be known by Silverback, in this case Silverback will ‘learn’ them and store them as ‘Unknown’ in the Device Types section under the Admin Tab where the Administrator can update them manually. To allow these devices into your system you enable the ‘Unknown’ checkbox option. This will allow the device into your Silverback Environment and you can later re-classify this device type in the Admin > Device Types section.

  • Alert Administrators:  When the  checkbox is checked it will ensure that administrators receive an email when a device that violates hardware compliance is detected.

Application Blacklist

For iOS devices offers two different ways to create an Application Blacklist. The first one is the Silverback blacklist where the system periodically detects installed applications and in combination with the Lockdown policy Administrators can decide what to do with a device that violates the configuration. The second way is for supervised devices where Administrators easily can decide which application should be visible on the device or which applications should not be installed on devices if the public app store is open for end user. 

Silverback Blacklist

Silverback maintains a blacklist of application names to ensure the detection and management of devices with blacklisted applications. The blacklist works by matching application names of applications on devices against the strings in the blacklist. The blacklist employs a case-insensitive substring search algorithm to determine policy violations.

To add an application to the blacklist

  • Enter the Application Name you want to blacklist (WhatsApp) 
  • Click Add
  • Notice the info message: This application name has been blacklisted successfully.

Configure Lockdown Policies to take decisions if Silverback detects an blacklist violation 

Enforce blacklist/whitelist* 

For supervised devices Silverback offers the ability to blacklist/whitelist applications directly, so that dependent on the configuration these application will be hidden or whitelisted for end users. 

System Apps

Stocks

Tips

Videos

Email

Notes

Reminders

Calculator

Maps

Music

Wallet

Health

Phone

iTunesStore

Messages

VoiceMemos

Weather

Podcasts

GameCenter

FindMyFriends

iBooks

FindMyiPhone

Clock

Camera

FaceTime

Contacts

News

PhotoBooth

AppStore

Watch

Compass

Photos

Calendar

Safari

Companion

AppleStore

AppleSupport

Classroom

Clips

FindiPhone

GarageBand

Home

iCloudDrive

iMovie

iTunesConnect

iTunesRemote

iTunesU

Keynote

LogicRemote

MusicMemos

Numbers

Pages

Playgrounds

Remote

Trailers

TV

WWDC 

 

Apps 

To add any app that is not listed in System Apps area just enter the Bundle ID and click Add. In case that Apple delivers new applications between Silverback Releases take a look at this application list: Apple Bundle Identifiers. From time to time the native Apple App Bundle Identifiers will be published

For all other applications: 

If the app is in the App Store.

If you have the .ipa file directly

  • Copy the .ipa file and rename the extension to .zip. (So e.g. SecureContainer.ipa will become SecureContainer.zip)
  • Unzip the zip file. You will get a new folder named like the zip file.
  • Search for the file iTunesMetadata.plist in that new folder.
  • Open the file with a text editor and search for softwareVersionBundleId. For Matrix42 Secure Container this looks like this and is com.syncdog.matrix42.securecontainer

Lockdown

The Lockdown screen allows you to determine what device compliance policies are enabled and what action should automatically occur when a violation is detected. Each policy is enabled/disabled through their associated checkbox. Enabling a lockdown policy ensures that the device is inspected to ensure it is compliant with that policy during the initial enrollment as well as at regular intervals as defined by the ‘Perform check every’ drop down.

Lockdown Actions

Action Description
No action No action is performed on the device; however alerting administrators may be performed if configured.
Lock A lock command is sent to the device which will lock the screen of the device. 
Block The device is blocked, and the device is moved to the blocked devices table. 
Wipe The device is hard reset to factory default settings.
Reapply This will re-apply the iOS Setting that disables the ability for the device to roam for voice or data. The setting is forced upon the user.  For application black list in particular, this will prevent the application from launching or being installed on the device.
Alert administrator Emails are sent to all administrators notifying them of the policy violation when it is detected. 
Exclude Home Network Allows the Administrator to disable roaming alerts for devices roaming on Home Networks
Allow Home Networks Allow Home Network’ checkbox allows the user to roam on Home Networks without triggering lockdown action.

Lockdown Policies

Policy  General iPhone iPad iPod Description
Enforce SIM Authentication Enabled or Disabled
  • No action
  • Lock 
  • Block
  • Delete Business Data
  • Factory Wipe
  • No action
  • Lock 
  • Block
  • Delete Business Data
  • Factory Wipe
not available The first SIM Silverback detects on a managed device will be considered the ‘canonical’ SIM. Any subsequent changes to the SIM (e.g. removal of the SIM from the device or changing the SIM on the device) are considered a policy violation.
Enforce Application Blacklist

Enabled or Disabled

Either Blacklist or Whitelist

  • No action
  • Lock 
  • Block
  • Delete Business Data
  • Factory Wipe
  • No action
  • Lock 
  • Block
  • Delete Business Data
  • Factory Wipe
  • No action
  • Lock 
  • Block
  • Factory Wipe

See the blacklist section for more information on this configuration. The blacklist can be enabled or disabled from this screen.

Enforce Application Whitelist

Enabled or Disabled

Either Blacklist or Whitelist

  • No action
  • Lock 
  • Block
  • Delete Business Data
  • Factory Wipe
  • No action
  • Lock 
  • Block
  • Delete Business Data
  • Factory Wipe
  • No action
  • Lock 
  • Block
  • Factory Wipe

Application Whitelist will ensure that each device has only applications approved by a system administrator that reside in the Silverback App Portal. Whitelist is derived from the Application Name. Ensure applications in the App Portal are labelled correctly prior to enabling Application Whitelist.

Enforce Hardware Authentication Enabled or Disabled
  • No action
  • Lock 
  • Block
  • Delete Business Data
  • Factory Wipe
  • No action
  • Lock 
  • Block
  • Delete Business Data
  • Factory Wipe
  • No action
  • Lock 
  • Block
  • Factory Wipe
Hardware authentication can be enabled or disabled from this screen. See the hardware authentication for more information on this configuration.
Cost Control Settings
Send Roaming Alerts Enabled or Disabled No actions available No actions available not available

Enabling this will send an alert to all Silverback Administrators when a device starts Roaming for any reason (Voice/Data).

Enforce Data Roaming Policy Enabled or Disabled
  • No action
  • Lock 
  • Block
  • Factory Wipe
  • Delete Business Data
  • Reapply
  • No action
  • Lock 
  • Block
  • Factory Wipe
  • Delete Business Data
  • Reapply
not available

You can choose which lockdown action to apply when a device has data roaming enabled. Availability of this setting on the device is dependent on the Carrier.

Enforce Voice Roaming Policy

Enabled or Disabled

Enforce Data Roaming Policy will activate this setting

  • No action
  • Lock 
  • Block
  • Factory Wipe
  • Delete Business Data
  • Reapply
  • No action
  • Lock 
  • Block
  • Factory Wipe
  • Delete Business Data
  • Reapply
not available Voice Roaming is when the device has Voice Roaming Enabled = YES on the device. Availability of this setting on the device is dependent on the Carrier.
Enforce Home Networks Policy Enabled or Disabled
  • No action 
  • Block
  • Factory Wipe
  • No action 
  • Block
  • Factory Wipe
not available Enables the ‘Home Networks’ policy, meaning Silverback Admins can specify what data networks are classed as ‘Home Networks’.
Home Networks

Add

Enforce Home Networks  Policy will activate this grid

e.g. Imagoverum Wi-Fi e.g. Imagoverum Wi-Fi not available This grid is where Silverback Administrators can specify their ‘Home Networks’.

Companion

Companion extends end point security into a secure workspace for your users. Users can store and edit files locally within the application, ensuring that these documents are kept securely and cannot be accessed by other applications or users. Companion also allows users and administrators to manage data usage on the device and configure policy settings around this.

General 

Setting Description
Bookmarks Displays a list of added Bookmarks being pushed to Companion
SharePoint Sites Displays a list of added SharePoint Website URLs being pushed to Companion
Certificates Displays a list of added certificates that can be configured and then assigned to Bookmarks and SharePoint Sites
Bulk Message Sends a message to all Companion users within the given tag.
Silversync Configures File Sync Settings for Companion based on configured Silversync Feature
Add Bookmarks
  • Click Bookmarks
  • Click New Bookmark
  • Fill in the following values
Setting iPhone iPad iPod Description
Label e.g. Imagoverum Intranet e.g. Imagoverum Intranet e.g. Imagoverum Intranet Display Name of the bookmark
URL e.g. https://intranet.imagoverum.com e.g. https://intranet.imagoverum.com e.g. https://intranet.imagoverum.com Website Address for the Bookmark
Icon File Choose File Choose File Choose File Supported file type = *.png
Authentication Enabled or Disabled Enabled or Disabled Enabled or Disabled Enables or disables authentication options for the Bookmark
Authentication Type
  • Client Certificate - Basic
  • Client Certificate - Kerberos
  • Client Certificate - Basic
  • Client Certificate - Kerberos
  • Client Certificate - Basic
  • Client Certificate - Kerberos
Choose between Basic and Kerberos for Authentication
Username e.g. {UserName} or tim.tober@imagoverum.com e.g. {UserName} or tim.tober@imagoverum.com e.g. {UserName} or tim.tober@imagoverum.com Variable or Username to use for authentication
Use User Password Enabled or Disabled Enabled or Disabled Enabled or Disabled If available, send the user’s password with the settings
Certificate Select certificate Select certificate Select certificate Displays uploaded Certificates in Certificates section 
  • Click Save
Add SharePoint Sites
  • Click Sharepoint Sites
  • Click Sharepoint Site
  • Fill in the following values
Setting iPhone iPad iPod Description
Label   e.g. Imagoverum Sharepoint e.g. Imagoverum Sharepoint e.g. Imagoverum Sharepoint Display Name of the Sharepoint Site
URL e.g. https://imagoverum.sharepoint.com e.g. https://imagoverum.sharepoint.com e.g. https://imagoverum.sharepoint.com Sharepoint Site Address
Authentication Type
  • Office365
  • Web Forms
  • Basic Authentication
  • Form Authentication
  • Client Certificate - Basic
  • Client Certificate - Kerberos
  • Office365
  • Web Forms
  • Basic Authentication
  • Form Authentication
  • Client Certificate - Basic
  • Client Certificate - Kerberos
  • Office365
  • Web Forms
  • Basic Authentication
  • Form Authentication
  • Client Certificate - Basic
  • Client Certificate - Kerberos

Office 365 authentication is only available for Office 365

Webforms authentication requires the user to type their credentials in the web view

Basic authentication sends the credentials of the user in the Authorization header

Form authentication is a headless authentication method for Sharepoint site configured for Form Based Authentication

Client Certificate - Basic will provide a specified certificate to the user to use in conjunction with Basic authentication

Client Certificate - Kerberos will provide a specified certificate to the user to use in conjunction with Kerberos authentication
Access Model
  • Sharepoint 2013 REST
  • Sharepoint 2010 REST
  • Sharepoint 2013 REST
  • Sharepoint 2010 REST
  • Sharepoint 2013 REST
  • Sharepoint 2010 REST
The Access Model that should be used.
Sharepoint 2013 Access Model is recommended for best experience.
Content Refresh Interval (hours) e.g. 4 e.g. 4 e.g. 4 The Interval for check Sharepoint for Updates.
Username e.g. {UserName} or tim.tober@imagoverum.com e.g. {UserName} or tim.tober@imagoverum.com e.g. {UserName} or tim.tober@imagoverum.com Field to specify the Username.
Custom LDAP attributes can be used in this field.
Use User Password Enabled or Disabled Enabled or Disabled Enabled or Disabled Specifies that the client should automatically use the User’s Password. This is only available when Password is Cached or on initial enrollment
Certificate Select Certificate Select Certificate Select Certificate

Displays uploaded Certificates in Certificates section when Authentication Type is set to Client Certificate

Add Certificates
  • Click Certificates
  • Click New Certificate
  • Fill in the following values
Setting iPhone iPad iPod Description
Certificate Name   e.g. Web Authentication e.g. Web Authentication e.g. Web Authentication A name that will be used to identify the Certificate settings
Certificate Type
  • Enterprise
  • Certificate Authority
  • Enterprise
  • Certificate Authority
  • Enterprise
  • Certificate Authority
Determine if the Certificate is from an Enterprise (single PKCS12 Certificate) or Certificate Authority (Certificate is generated per user)
Enterprise
Certificate Authority PKCS12 File Choose File Choose File Choose File A PKCS12 Certificate that will be used to generate client certificates for devices.
Certificate Password e.g. Pa$$w0rd e.g. Pa$$w0rd e.g. Pa$$w0rd The password for the PKCS12 Certificate Authority Certificate
Certificate Authority
Certificate Authority Address e.g.  https://ca01.imagoverum.com/CADemo01  e.g.  https://ca01.imagoverum.com/CADemo01  e.g.  https://ca01.imagoverum.com/CADemo01  Network address for the Certificate Authority
Template Name e.g. Web Authentication e.g. Web Authentication e.g. Web Authentication The template name to be used for Certificate Requests
Subject Name e.g. {firstname} {lastname} e.g. {firstname} {lastname} e.g. {firstname} {lastname} Subject Name of the certificate
Subject Alternate Name e.g. {UserName} e.g. {UserName} e.g. {UserName} Subject Alternate Name of the certificate 
  • Click Save 
Send Bulk Message

Companion can receive Text-Based Messages sent from the Silverback Administrator Console in the form of an App Notification when the app is minimized.

  • Click Bulk Message
  • Enter the Message Text
  • Click Send
Silversync

Configures File Sync Settings for Companion based on configured Silversync Feature. 

Settings iPhone iPad iPod Description
Allow File Sync Enabled or Disabled Enabled or Disabled Enabled or Disabled Allows File Sync
Disable on Blocked Enabled or Disabled Enabled or Disabled Enabled or Disabled Disables File Sync for blocked devices
Allow Sync on Cellular Data Enabled or Disabled Enabled or Disabled Enabled or Disabled Allow Sync when device uses Cellular
Cellular Data File Size Limit e.g. 10 e.g. 10 e.g. 10 Restricts file sizes in MB when device uses Cellular
Allow Email of Files Enabled or Disabled Enabled or Disabled Enabled or Disabled Allows to Email File types via Email
Allow Opening Files Into Other Apps Enabled or Disabled Enabled or Disabled Enabled or Disabled Allows opening files into other apps on device
  • Click Save

Settings

Setting iPhone iPad iPod Description
Companion Enabled Enabled or Disabled Enabled or Disabled Enabled or Disabled

Enables Companion Configuration in general

Install Companion App Store Enabled or Disabled Enabled or Disabled Enabled or Disabled

Installs current available Companion application from Apple App Store

Use Device Based VPP deployment Enabled or Disabled Enabled or Disabled Enabled or Disabled

When you want to use distribution via Volume Purchase Program enable this setting.

But first be enabled for VPP and buy some Companion Licenses in Apple Business Manager. 

EpiC Settings
Secure Enrollment Enabled or Disabled Enabled or Disabled Enabled or Disabled Enables Secure Enrollment for devices
Offline Grace Period e.g. 30 e.g. 30 e.g. 30 Companion modules will be blocked if the device doesn’t check in during this period. The value is days
Custom Epic Text e.g. This is a free form text e.g. This is a free form text e.g. This is a free form text Configure custom text to be displayed to the user
Show Blocked Reasons Enabled or Disabled Enabled or Disabled Enabled or Disabled Configures whether the user is told why they have been blocked. If this is disabled the user is not told why, just that they are blocked
Allow Automated Unblocking Enabled or Disabled Enabled or Disabled Enabled or Disabled Companion can allow users to rectify a block where it was triggered by a policy violation. For example if the user violated an application blacklist, they may remove the app and then scan with Companion to automatically become unblocked
Browser Settings
Allow URL Bar Enabled or Disabled Enabled or Disabled Enabled or Disabled  
Disable on Blocked Enabled or Disabled Enabled or Disabled Enabled or Disabled  
File Settings
Allow Files Enabled or Disabled Enabled or Disabled Enabled or Disabled Determines whether the Files module is available to the users
Disable on Blocked Enabled or Disabled Enabled or Disabled Enabled or Disabled Disables the Files module when Silverback blocks the device
Require PIN Enabled or Disabled Enabled or Disabled Enabled or Disabled Determines whether the users are required to have a PIN code protecting Companion
Allow Email Out Enabled or Disabled Enabled or Disabled Enabled or Disabled Allow the user to email files out of Companion or not
Data Cost Control Settings
Allow Usage Enabled or Disabled Enabled or Disabled Enabled or Disabled Determines whether the Data Usage module is available to the users
Disable on Blocked Enabled or Disabled Enabled or Disabled Enabled or Disabled Disables the Data Usage module when Silverback blocks the device
Allow User to Change Settings Enabled or Disabled Enabled or Disabled Enabled or Disabled Allow the user to change settings within the Companion Client. If not, the administrator must define settings
Rollover Day 1-31 1-31 1-31 Determines the day for the Data Usage to be reset on the device
Local Data Cost Control
Allow User to Reset Usage Enabled or Disabled Enabled or Disabled Enabled or Disabled Allow the user the ability to reset their local Data Usage within the Companion client
Data Allowance (MB) e.g. 2048 e.g. 2048 e.g. 2048 The Amount of local Cellular Data the user is allowed, until the user is alerted and the configured action is performed
Action on Local Data Limit Reached
  • No Action
  • Lock
  • Block
  • Wipe
  • No Action
  • Lock
  • Block
  • Wipe
  • No Action
  • Lock
  • Block
  • Wipe
The MDM action that is carried out when the local data limit is reached
Alert Administrators Enabled or Disabled Enabled or Disabled Enabled or Disabled Determines whether the administrative e-mail alert is sent out when a device reached the data limit
Consumed Usage Alert Treshold 0%-100% in 5% steps 0%-100% in 5% steps 0%-100% in 5% steps Determines the threshold value for the local Data Allowance usage alert. When this threshold is reached, the user receives a notification on the device
Roaming Data Cost Control
Allow User to Reset Usage Enabled or Disabled Enabled or Disabled Enabled or Disabled Allow the user the ability to reset their roaming Data Usage within the Companion client
Roaming Data Allowance (MB) e.g. 100 e.g. 100 e.g. 100 The Amount of roaming Cellular Data the user is allowed, until the user is alerted and the configured action is performed
Action on Roaming Data Limited Reached
  • No Action
  • Lock
  • Block 
  • Wipe
  • Reapply
  • No Action
  • Lock
  • Block 
  • Wipe
  • Reapply
  • No Action
  • Lock
  • Block 
  • Wipe
  • Reapply
The MDM action that is carried out when the roaming data limit is reached
Alert Administrators Enabled or Disabled Enabled or Disabled Enabled or Disabled Determines whether the administrative e-mail alert is sent out when a device reached the data limit
Consumed Roaming Usage Alert Treshold 0%-100% in 5% steps 0%-100% in 5% steps 0%-100% in 5% steps Determines the threshold value for the roaming Data Allowance usage alert. When this threshold is reached, the user receives a notification on the device
Licence Message Settings
Invalid Licence Message e.g. You have no valid License. Please contact your System Administrator e.g. You have no valid License. Please contact your System Administrator e.g. You have no valid License. Please contact your System Administrator The text message displayed on the users’ devices

Network Usage Rules

On iOS devices, roaming and cellular data can be enabled or disabled for managed applications either on a per-app basis, or through the use of wildcard bundle identifiers. Managed applications are either distributed with Silverback or has Take management if the app is already installed checkbox enabled in the App Portal. 

Setting iPhone Ipad iPod Description
App Identifier Match e.g. com.netflix.Netflix or com.netflix.* e.g. com.netflix.Netflix or com.netflix.* e.g. com.netflix.Netflix or com.netflix.* Bundle ID that should receive the Network Usage Rule. When entering an App Identifier, a list of applications that Silverback is aware of will be presented
Allow Cellular Enabled or Disabled Enabled or Disabled Enabled or Disabled Whether the application is allowed to use cellular data
Allow Roaming Enabled or Disabled Enabled or Disabled Enabled or Disabled Whether the application is allowed to use roaming data

After adding Network Usage Rules use Edit button for quick editing (save with Accept button) or use Remove button to remove the application(s). 

Computer Objects

Create Computer Objects in your Active Directory. You may already be familiar with the automatic creation of Computer Objects after a Computers joins your Active Directory.  Silverback can do the same and has the ability to create Computer Objects during the Enrollment on your behalf. For this functionality configure the following settings: 

Setting iPhone iPad Description
Enabled Enabled or Disabled Enabled or Disabled If enabled, Computer Objects will be created
Computer name prefix e.g. iPhone-{DeviceId} e.g. {SerialNumber}  Defines the Computer Name. You can use a Prefix and fill it with a variable, but ensure that Computer Names are limited to 15 characters. All Silverback Variables but we recommend to take one of the examples. 
Organizational unit e.g. OU=Silverback,DC=imagoverum.com,DC=com e.g. OU=iPads,DC=imagoverum.com,DC=com Defines the location, where Computer Objects should be created
Domain Administrator e.g. administrator@imagoverum.com e.g Imagoverum\Administrator Administrator credentials are required to create Computer Objects. Please enter your UPN or SamAccountName
Password e.g Pa$$w0rd e.g. Pa$$w0rd Administrator credentials are required to create Computer Objects. Please enter your Administrator password

Apps 

The Apps Feature Section is how Administrators can automate the distribution of Device Apps for specific groups of users. Before you can begin assigning Apps to the Tag you first need to have the uploaded into the Silverback App Portal. Once you have Apps in the Silverback App Portal, they can be distributed using the Apps Feature associated with your Tag.

App Types

Three different App Types are available for iOS devices:

Type Description
Enterprise Applications owned by an Organization with *.ipa file
App Store Applications from public Apple App Store
VPP Applications bought via Volume Purchase Program


Assign Apps 

Once Apps are uploaded into the Silverback App Portal Tab, they can be distributed to devices via a Tag they have been associated with.

  • Navigate to Apps
  • Click Assign More Apps
  • Select any applications from the shown Assign Applications page 
  • Click Add Selected Apps 

Overview

Already assigned applications are displayed in the Apps section of any Tag with the following columns: 

Column Description
Type Displays the app type, either Enterprise, App Store or VPP
Name Displays the application name
Version Displays the application version for Enterprise Apps
Description Displays the application description given in App Portal
Remaining VPP The remaining number of VPP licenses for this app
Total VPP The total amount of VPP licenses for this app
Manage VPP From there you are able to add and remove old VPP Redemption files.
Manage Config Click edit to change deployment options
Remove Removes the App from the Tag

Change Deployment Options 

By default configurations will be inherit from the App Portal. To customize the settings perform the following steps for each application.

  • Click the Edit button in the Manage Config column
  • Update Deployment Options
  • Click Save

Content

The Content Tab is where content locations are provided for users. These are defined at a Tag level which means only users in this Tag will receive these content settings in their M42Mobile app.

Content Provider

The following content providers can be configured for the M42Mobile App. The Username and Password fields support system variables, so you can dynamically configure these for all users.

Content Provider Settings
Silversync
  • Name
  • Notes
  • Silversync Server Locations
Box
  • Name
  • Notes
  • Username
  • Password
  • Custom Values
Dropbox
  • Name
  • Notes
  • Username
  • Password
  • Custom Values
GoogleDrive
  • Name
  • Notes
  • Username
  • Password
  • Custom Values
OneDrive
  • Name
  • Notes
  • Username
  • Password
  • Custom Values
ownCloud
  • Name
  • Notes
  • Username
  • Password
  • Server URL
  • Custom Values
Sharepoint 
  • Name
  • Notes
  • Username
  • Password
  • Server URL
  • Access Model 
    • Sharepoint 2010
    • Sharepoint 2013
  • Authentication Mode
    • Basic
    • Forms
    • WebForms
    • Office365
  • Custom Values

Silversync Server Locations

For assigning content with Silversync, there are generally two ways to do this: 

Add Content Requirement Description
Selecting the folders from the Content Tree Server Based Authentication Expand and collapse folders if you want to assign content at a level down in the file system
Typing in file paths manually User based Authentication Assign the content manually by typing in file paths.

To add content manually:

  • Click Add
  • Enter the path directly
    • C:\SilversyncContent\users\{UserName}
    • \\NetworkShare\SilversyncFiles\Everybody 

It’s important to note that these paths support system variables. In the example above “{UserName}” will be replaced with that unique user’s username. This is useful for mapping to a home drive network share for example. 

  • Was this article helpful?