Airwatch Configuration and Customization

Airwatch configuration and customization settings help the admin deploy custom settings and configurations to end users from the central console in compliance with company policy.

Introduction

Airwatch configuration and customization allows the admin to deploy custom configurations and settings to an end-user device while enrolling it. The parameters are optional, and if the value is not provided, a default value is chosen, and in case the default value is not applicable, a prompt is shown to enter the value. Settings deployed after initial configuration are updated with all managed clients, and IBM connections for Airwatch accepts the new values. The different configurations are:

  • User name
  • User password
  • Server URL for IBM connections
  • Account labels
  • Account deletion authority to users
  • Theme colours
  • Foreground colours
  • Air watch browser enabling/disabling settings
  • Remember password option
  • Inactivity timeout

 

Managing Airwatch Configuration

The custom settings feature provided by Airwatch can automate the IBM connections for the AirWatch setup.

Account credentials

Go to My Organisation on  Airwatch Admin Console. Navigate to Groups and Settings, then click on settings. Selects apps, then settings and policies. Again click on settings and select custom settings—toggle custom settings to enable.

Every setting is separated by a new line and is a key=value pair. Many variable substitutions are supported and provide dynamic value support, which can be included in the value portion of the setting. The + icon next to the custom settings field displays all the available choices with all options in braces.eg .com.IBM.mobile.connections.user={Email Address}The parameters are optional, with some parameters having a default value and others show a prompt for the value. Settings configured after initial deployment are distributed to managed clients, and IBM connections for AirWatch accepts an updated value.

Airwatch Configuration keys

Airwatch provides custom configuration options for enrolling devices.Some of these are:

  1. .com.ibm.mobile.connections.user:Create user name for end user.Cannot be left blank in 0Auth authentication as user name and password cannot be specified in this environment.
  2. .com.ibm.mobile.connections.password:Used to create a user password.Cannot be left blank in 0Auth authentication as user name and password cannot be specified in this environment.
  3. .com.ibm.mobile.connections.serverurl:Specify an account URL for IBM connections server.
  4. .com.ibm.mobile.connections.servername:The name of the account.
  5. .com.ibm.mobile.connections.allowremoveaccount: Allows users to delete accounts without logging in, and this feature is useful in environments where accounts are set by the MDM app, which the user will not use. To use this property configuration feature in mobile config.xml file has to be modified and its property set to true, which overrides what is specified in server configuration, and the account can be deleted. The only available values are true and false. Default value false prevents users from deleting an account without logging in, whereas true deletes an account without login.
  6. .com.ibm.mobile.connections.themecolour: IBM connections for AirWatch theme colours allows user to select a theme colour with a value of 6 character string representing a hexadecimal colour code. The default value is blank, in which case the default app colour is used. This setting can be globally implemented and not on individual devices. Theme colour selected by admin overrides the theme colour specified in mobile in IBM connections for AirWatch.
  7. .com.ibm.mobile.connections.foregroundcolor: This key allows admin to select customized colours of text and icons displayed on background colours specified in theme colours under .com.ibm.mobile.connections.themecolour.A hexadecimal colour code is selected by 6 character string value which in case left blank implements default app foreground colours. These settings can be implemented globally on all devices and not individually. Only iOS supports this key.
  8. .com.ibm.mobile.connections.usesecurebrowser:The accepted values are true and false.False value completely disables the AirWatch browser, and true value allows the Airwatch browser for any non-connection host URLs.
  9. .com.ibm.mobile.connections.secureBrowserPattern: The secure browser pattern value can only be set if using secure browser value is set to true, in which case a regular expression pattern for URL’s hostname is used. The hostname of the web link that was pressed is compared to the regular expression pattern by IBM connections for AirWatch. Airwatch browser is used if the hostname matches the expression. Otherwise, a third-party browser is used.
  10. .com.ibm.mobile.connections.RememberPassword:Allows or prohibits remember password features for users.
  11. .com.ibm.mobile.connections.inactivitytimeout: Reauthentication by users with the server is required after a certain length of inactivity in minutes within the application.

For global account creation and implementation of settings following commands can be used:

  • .com.ibm.mobile.connections.user:Create user names
  • .com.ibm.mobile.connections.passwords:Create account passwords.

For individual account creation and implementation of settings following commands can be used:

  • .com.ibm.mobile.connections.user1:Create user name.
  • .com.ibm.mobile.connections.password1:Create account password.

A server URL and user ID for the account is needed to create a new account. To create a single server parameter use line .com.ibm.mobile.connections.ServerURL1.Parameters with the same suffix apply to the same account. Parameters with appended suffix identify the index of the account to which property would apply.

Managing Airwatch System Customisation

VMware custom profile settings allow users to access profile settings without the need for a VMware update. Pre released Windows Insider devices can use configuration service providers (CSP’s). Airwatch Enterprise Mobility Management (EMM) Windows 10  custom profile settings offer these features.

Windows 10 Custom Profile Solution Overview

The latest functions can be delivered to managed devices using custom settings profiles. To configure a profile, follow these steps:

  • Navigate to suitable platform’s profile settings in the Airwatch console.
  • Upload SyncML(XML) code into text box by selecting custom settings payload.
  • Deliver the settings to the device by clicking save and publish.

A correct and validated chunk of SyncML code is needed to configure the system settings profile. Some methods are described below to proceed with SyncML file upload:

  1. Copy SyncML files
  • Suited for enterprises who do not want to rebuild from scratch
  • Very easy to implement
  • Tested samples with foolproof results
  • Limitations: Designed for limited devices and Operating Systems(OS) and offers limited features.

 

2.Copy SyncML of a newer edition of the Airwatch console profile

  • For people who did not go for a console upgrade but still want the latest profile features.
  • Level of effort: Intermediate
  • Advantages: Skip the production environment upgrade and directly implement the latest settings.
  • Limitations: The supported features are limited to the Airwatch console.

3.Create SyncML from scratch

  • Best suited for Windows Insider Devices, which want to use pre-released Configuration Service Provider(CSP).
  • Intermediate to advanced level of difficulty
  • Advantage: Deliver pre-released CSP’s to Windows Insider Devices.
  • Limitations: Can be only used by Windows Insider Devices

 

Formatting Basics:Creating a complete block of SyncML

A complete block of SyncML has following features:

  • <[Characteristic]> to <[Characteristic]> command execution
  • Add, delete, replace or exec can be used as characteristics.
  • No text before or after characteristic is allowed
  • Linearizes code block to condense size but may or may nor remove whitespaces.

Example:

<Replace>
<CmdID>2</CmdID>
<Item>
<Target> <LocURI>./Device/Vendor/MSFT/AssignedAccess/KioskModeApp</LocURI></Target> 
<Meta><Format xmlns="syncml:metinf">chr</Format></Meta>
<Data> {"Account":"standard","AUMID":"AirWatchLLC.AirWatchBrowser_htcwkw4rx2gx4!App"}</Data>
</Item>
</Replace>

Update or delete settings

Tags can be updated or settings can be deleted manually using a Windows 10 Custom Profile Settings.

  • Settings can be updated using replace tag:<Replace> to </Replace>
  • Settings can be deleted using delete tag:<Delete> to </Delete>

Example to remove Kiosk Assigned Access Setting

<Delete>
<CmdID>2</CmdID>
<Item>
<Target> <LocURI>./Device/Vendor/MSFT/AssignedAccess/KioskModeApp</LocURI></Target>
</Item>
</Delete>

 

 

Configure a Windows 10 Custom Settings Profile

Step 1: A block of SyncML code has to be either created from scratch or copied.

To copy the code

  • Samples can be found at VMWare Code Sample Exchange.
  • Pick a code suiting your needs and copy the text.

To copy profile settings from the latest Airwatch Console:

  • For the desired profile functionality, login into a version of the Airwatch console that supports it.
  • Create a profile by configuring and saving the payload.
  • Search for the created profile in listview.Select Radio button then select </> XML option.Copy the SyncML.
  • Open the text editor, paste the SyncML and edit it. Lines of text should be removed, so all code is within the tags.<[ Add, Delete, Replace, or Exec ]> to <[ Add, Delete, Replace, or Exec ]> 2).Linearizing SyncML and removing white spaces is also an option.
  • The formatted code is copied.

To create SyncML from scratch,

  • Open the Configuration Service Provider(CSP) reference
  • The latest Windows Insider Device features can be accessed.
  • Create a code sample by complying with the site’s guidelines.
  • Copy-paste the code

Step 2: Go to devices and select profiles. Click on ListView, then select Add and click Add profile. Navigate to Windows and select Windows desktop.

Step 3: Determine the profile’s context by referring to LocURL.

  • Select user profile if LocURL begins with ./User/.
  • Select device profile if LocURL begins with ./Device/.

Step 4: General settings are configured to determine how the profile deploys and who receives it.

Step 5: Custom settings payload is selected.

Step 6: Paste the complete block of SyncML in the text box after selecting configure.

Step 7: Click Save and Publish

Airwatch Custom Branding

Airwatch allows custom branding for AirWatch Console, Self-service portal and app catalogue. The company logo can be set, and background colours can be changed in tune with brand colours. The text and foreground colour appearing on the background can be changed as well. App catalogue name, icon and colour too can be modified. The console commands override the user command for custom branding.

Branding AirWatch console and self-service portal

Steps to configure custom branding for AirWatch console:

  • Open AirWatch console
  • Navigate to Groups and Settings. Click on All settings. Then click on Systems, and select branding.
  • Selecting inherent settings allows users to select their own set of customizations, whereas override allows user deployed settings on all devices.
  • Company logo upload in the login page background option is provided used in AirWatch console and self-service portal.
  • Change colour settings in tune with company branding by scrolling down to colours options. All the following colours can be changed independently of each other. As the colours from the palette are changed, they are reflected in real-time. Save the settings which are applied to the AirWatch console and self-service portal.
    Header colour
    Navigation colour
    Highlight colour
  • Once save is clicked, all settings are applied to the console and self-service portal with the company logo, background colour and other colour settings.
  • Features also applied to the app catalogue, but a few additional features for the app catalogue can be accessed differently.

Branding app catalogue features

  • Go to groups and settings. Click on All Settings. Click on apps. Navigate to catalogue and then select general.
  • Click on the publishing tab. Select the name under catalogue title, upload a custom image to override the default app icon,
  • Select the customization tab on top to provide a custom branding logo. If not provided, the company logo provided in branding settings is used as the default icon.

Branding Airwatch agent and Airwatch apps

AirWatch agents and AirWatch apps can be branded by changing default SDK profile settings or using a new SDK profile configuration.

Changing default profile SDK settings:

  • Go to groups and settings
  • Go to all settings
  • Go to apps
  • Go to Settings and Policies
  • Click settings
  • Set current settings to Override, then enable branding
  • Available configurations in colour settings: Toolbar colour, Primary colour, Primary Text Colour, Secondary colour, Secondary text colour,
  • Available configurations in background settings: Background image and company logo
  • All settings configured are shown in real-time. Once save is clicked, these settings apply to Airwatch applications.

Creating a new SDK profile configuration:

  • Go to groups and settings
  • Go to all settings
  • Go to apps
  • Go to Settings and Policies
  • Click on Profiles
  • Click on Add profile and select SDK profile
  • Choose between iOS or android for the platform.
  • Provide a name and click save
  • Then click on the branding option on the left-hand side menu. Select configure.
  • Configuration options similar to the default SDK profile are shown.
  • Set current settings to Override, then enable branding
  • Available configurations in colour settings: Toolbar colour, Primary colour, Primary Text Colour, Secondary colour, Secondary text colour,
  • Available configurations in background settings: Background image and company logo
  • All settings configured are shown in real-time. Once save is clicked, a new SDK profile is created.

To deploy a default or custom SDK profile, branding options are shown when deploying the application.

  • Click on add application
  • Go to the assignment tab
  • Scroll down to the application that uses Airwatch SDK. Select enabled.
  • In a slide down, menu options are shown for default SDK profile or custom made SDK profile.
  • Select desired option and click on the publishing option.

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.