Sapsiwai - Fotolia


How AirWatch enrollment and security measures work

The AirWatch enrollment process is fairly simple from the user's perspective. Learn how SSO and other security features affect the AirWatch EMM user experience.

CAMBRIDGE, Mass. -- Enterprise mobility management tools are a way for IT to better secure employees' devices, but they provide some important benefits for users, too.

Once users are enrolled in an enterprise mobility management (EMM) product such as AirWatch, they have access to all their business apps in one place, made even simpler through single sign-on and corporate app stores. At a Boston VMware User Group (VMUG) meeting here last week, attendees saw a video that demonstrated how AirWatch enrollment and user logins work in these steps:

1. For an employee-owned device, IT sends the user a text message or email that contains a QR code or link to download the AirWatch mobile app. (For a corporate-provided device, the IT department can set up AirWatch before handing it over to the user.)

2. The user downloads the AirWatch EMM app, which already includes a profile that IT customized with the necessary corporate apps and data. That profile also includes any security policies that AirWatch will apply to the device, such as those around encryption and app access controls.

3. Upon download, AirWatch automatically pushes all apps and Web bookmarks that IT wants to provide for corporate use to the device.

Now that the user has AirWatch installed on her device, it's easy to navigate. Corporate and personal apps appear alongside each other on the regular home screen, and because the AirWatch enrollment process provides single sign-on, the user only has to log in once. With the AirWatch App Catalog, similar to an app store, IT can promote corporate apps, and the user can find other apps useful for business. Admins can even push new apps that a user requires through the App Catalog, so they download instantly to the device.

AirWatch enrollment made easy

EMM also makes app access easier because employees don't have to log in to a VPN when they're out of the office, said Tom Grace, an AirWatch account executive, who presented the VMUG session. IT can set AirWatch to allow users to reset their forgotten EMM passwords through a self-service Web portal.

"I don't care what kind of environment you are, that's probably the number one call in to the help desk: passcodes," Grace said.

Once the AirWatch enrollment process is complete, IT can wield control with a number of security measures. For instance, admins can encrypt the AirWatch Browser app to allow for secure access to corporate portals, such as the company intranet. Again, such access would not require the user to log in to a VPN.

For email, IT can choose to automatically configure corporate email access in the AirWatch Inbox app or manually configure access through the device's native email client.

Most organizations providing EMM prefer to use the platform's corporate email client rather than the native one because it adds a layer of security. IT can apply security policies to AirWatch Inbox, for instance, including requiring that users open attachments in AirWatch Content Locker, a data storage and collaboration service.

IT can also set certain restrictions on email attachments it deems sensitive, such as preventing the user from cutting and pasting from a document, forwarding it or printing it.

Lastly, IT always has the ability to perform either a full-device wipe or an enterprise wipe, which allows admins to only remove the corporate resources and not any of the user's personal data.

Next Steps

Read how AirWatch has evolved in this Q&A with VMware's EUC GM.

Learn how the enterprise mobility management market has grown.

Determine which EMM provider is right for your business.

Dig Deeper on EMM tools | Enterprise mobility management technology