How does Airwatch Work

Airwatch works on a client-server and user server model. The client-server is located on the admin console side and sends commands Over The Air(OTA) which are received and executed by the user-server.


Airwatch is an Enterprise Mobility Management(EMM) solution that works on Unified Endpoint Management(UEM) platforms and offers Mobile Device Management(MDM) and Mobile Application Management(MAM) capabilities. With the development of cloud technology and BYOD policies, users frequently access corporate resources on unsecured personal devices through local networks creating a variety of endpoint security challenges. The Airwatch software is designed to enable admins to remotely and centrally secure, configure, and manage endpoint devices through a single console accessed via a web portal. The admin can also remotely deploy apps(Enterprise, SAas, or from the app store) and security policies to endpoint devices. In case of a security breach,  lost or stolen device, the admin can remotely lock or perform an enterprise wipe on that specific device. Powerful collaboration tools like integrated mail, calendar, and company social are provided for better connectivity among employees. The shared content is end to end encrypted and can be shared securely. The email framework which forms the backbone of communication in any enterprise is secured as well. The employees have a Single Sign-On experience to corporate resources without the need for traditional tedious methods of connecting to a VPN and remembering multiple IDs and passwords. The enterprise data is separated from personal data. Applications and devices are continuously monitored for suspicious activity, multi-level authentication techniques are used, and data is encrypted.


Airwatch Architecture

Airwatch has a variety of components working together on individual aspects of Mobile Device Management(MDM). These components are described below:

Airwatch Agent

Without the need to connect to VPN, a single application providing employees with access to the company application catalog, single sign-on (SSO) to access corporate resources by Airwatch Agent. Users can securely access enterprise databases and resources after successful onboarding by downloading and registering themselves on the app.

Key features:

  • Streamlined Onboarding: Enrolling of devices simplified across all platforms and devices.
  • Powerful collaboration tools such as Integrated Email, calendar, and company social to help employees stay connected at all times.
  • Connectivity: Connectivity anywhere, anytime by accessing the company directory to call, message, or mail a colleague
  • Single Sign-One access to company intranet and resources, and Unified app catalog.
  • Central remote control: Central console to remotely onboard devices and deploy applications and notifications to enrolled devices,
  • Smart notifications for corporate communications to keep the employees updated about recent developments
  • MDM capabilities in Windows Rugged devices.


Airwatch Console

The enterprise IT team centrally(Unified Endpoint Management) and remotely secures and manages the endpoint devices of its employees with Management(MDM) and Mobile Application Management(MAM) capabilities through a central console accessed via a web portal.

The content available within dashboards is:

  • Dashboards: With the available preconfigured dashboards, quickly review the device fleet, easily drill down to sets of devices, apps, and more, and the overall summary of information regarding the device can be seen on the first page under the Summary tab. Navigate to the profiles tab to view all the policies and configurations that have been pushed down to the device.
  • Multi tenancy: A company can be separated into multiple divisions and multiple organization groups can be created below the top group.
  • Roles based Access: At different organization groups, assign default or custom roles to administrators.
  • Profiles: Profiles are configurations and policies that can be pushed down to the device.
  • Content Repositories: Authorization and complete control over the enterprise files that are stored with 256 bit AES encryption.


Airwatch App Catalog

Admin can remotely and centrally deploy enterprise applications, Saas applications, and app store applications which can be accessed by users via the Enterprise App catalog. The hassle of asking employees to install certain applications is over and mass up-gradation is just a click away. Traditionally employees were required to connect to VPN and remember multiple IDs and passwords. Accessing enterprise apps with Airwatch is a Single Sign-On process and just a click away. A secure workspace allows employees to be more productive and creative. The deployment features may vary for different platforms.


Airwatch Container

For BYOD devices and partly corporate-owned devices, the Airwatch container is used to segregate work and personal data, ensuring company security policy while maintaining user privacy by containing and controlling only enterprise data instead of the entire device. A common SDK framework and container password and app tunnel VPN is used to protect enterprise data and ensure secure and seamless use of personal devices in a secure work environment. Only enterprise apps and data can be accessed by admin, which is maintained in a separate compartment and personal data, GPS location, and messages remain private.


Airwatch Browser

A secure browsing environment is offered by the Airwatch browser across platforms like applications, company internal network, and external web while maintaining security compliance to enterprise security policy without connecting to VPN. Configure and customize the browser to maintain enterprise-grade security while providing a consumer-centric experience with Single Sign-On to all enterprise resources. Restrict access to suspicious external links, internet access can be limited to custom-defined websites and secure internet transactions in the Browser’s Kiosk and Restricted modes.


  • Kiosk and Restricted Modes to manage web browsing.
  • Data Loss Prevention settings to prevent copy/paste, printing, open into, history, and cookie restrictions
  • Mobile Device Management capabilities with passcode policies and device compliance checks
  • Access enterprise applications with authentication with Pincode, biometric, active directory credentials, and Application-level security.
  • Allow only enrolled and authorized users to access the company intranet with Tunnel-level security while maintaining complete security compliance with certificates for complete traffic encryption.
  • Single touch access to the external web without the need for multiple authentications and connecting to VPN.

Airwatch Boxer and Airwatch Inbox

A consumer-grade experience is offered with configurations and customizations while maintaining enterprise-grade security providing email management capabilities. prompt push notifications on received mail, scrolling, taking actions on multiple mails, card-like display, and creating favorite templates for the reply on the go with gesture-controlled features are some of the key characteristics of Airwatch Boxer.

Features of Airwatch Boxer:

For admin

  • Integrate with existing enterprise email framework
  • AES 256-bit encryption to secure mail and attachments
  • Containerization: Maintaining complete control over company data and resources while maintaining user privacy and protecting personal data by segregating enterprise data and user data.
  • Provide users with view-only options by protecting against sharing or saving of enterprise data to third-party cloud servers with Data Loss Prevention settings.
  • URLs are converted to plain text as many URLs shared may contain links to malware and the enterprise network is accessed through a safe browser.
  • Can be integrated with Microsoft Office 365 and Exchange services with Cloud deployment or on-premise deployment or hybrid model.

For users:

  • Integration of mail, calendar, and contacts on a single platform with User intuitive experience allowing users to respond to mail, manage calendar, and getting in touch with colleagues on the go.
  • At the bottom right of the screen, Gesture control is available to quickly swipe through the inbox
  • Reply on the go by creating, editing, or using pre-installed templates
  • Select multiple emails and take swipe gesture actions for bulk action on mails.
  • Without the need to remember multiple passwords and access codes, single-click sign in to corporate meetings.
  • Full-featured calendar management to stay on top of your schedule allowing users to create and manage events, view calendar attachments, send meeting invites, and view the availability of colleagues inside the boxer app.


Airwatch Organization Groups

At the user level, user group level, and organization level the administrator can create and manage accounts with Airwatch organization groups. New user accounts can be created and User names and passwords can be altered. From enrolled devices, accounts can also be deleted. For instance, creating a group of users with similar job profiles creating groups helps better organize enrolled devices. Users’ devices can be managed at a particular physical location with Organization level management if the organization has offices at multiple locations.


How does Airwatch work

The way enterprises operate is being revolutionalized by improving business processes, increasing productivity, and enhancing customer experience. Nowadays mobility is critical to overall business strategy, Airwatch offers security, configuration, and management among mobile devices deployed across organizations. Complex mobile deployments can be managed with comprehensive solutions available in Airwatch.

The multi-tenant architecture allows the admin to manage multiple devices at multiple locations on a central platform remotely. Access and authorization are controlled with role-based access. Enrolling devices on Airwatch is a simple process. Users can onboard themselves with a self-service portal as well using corporate credentials. Integrating these credentials with directory services provisions device based on user-specific role and group membership. Additional enrollment and authentication features are offered exclusively for corporate devices, employee-owned or shared devices. Devices are configured with profiles once enrolled on Airwatch to enforce corporate security settings such as passcode requirements and security restrictions. Profiles also allow secure access to corporate mail, WiFi, VPN, and other resources. Profiles are installed based on Device Type, User role, and Access level. Time-based and location-based profiles are also available.

For secure access to enterprise apps, a custom app catalog is installed on the device. Employees can quickly view and install internal apps, SaaS apps, public and purchased apps from the store.

Securely access corporate content using the Content locker app. Employees can access documents, shared content and save email attachments in a protected locker. Sync documents with enterprise file systems like Sharepoint or upload directly to the console. Files are encrypted to ensure the security of data and customized settings can be applied for file sharing, annotations, and offline use.

Once enabled for business use, monitored devices can be tracked for compliance from Airwatch Console. View up to date information on each device from the dashboard including installed profiles, applications, Compliance status, GPS location, and telecom data. Prevent Non Compliant devices through a customized compliance engine.

Update devices and send remote commands directly from the console. Enforce robust policies and set up automated actions for non-compliant devices based on specific business needs.

Define severity level, actions Airwatch automatically takes through the escalation process. Notify end users with a custom message including instructions on how to become compliant. Block access to corporate resources and if necessary perform a wipe of corporate data or the entire device. Generate reports by selecting from over 80 preconfigured templates including the list of all connected devices, compromised devices, and offline devices. Automate report distribution using Subscription and integrate with business intelligence tools for additional insights. Every device is tracked and a detailed log of actions is available on Console.


  • Barry Allen

    A Full Stack Developer with 10+ years of experience in different domain including SAP, Blockchain, AI and Web Development.


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.