Default SDK settings apply across AirWatch and wrapped applications, providing a unified user experience on devices. Because the configured SDK settings apply to all AirWatch and wrapped applications by default, you can configure the default SDK profile with the entire AirWatch and wrapped application suite in mind.

Before You Begin

Not all platforms or AirWatch applications support all available default SDK profile settings. A configured setting only works on the device when it is supported by the platform and app. This also means that an enabled setting might not work uniformly across a multi-platform deployment, or between applications. The SDK Settings matrix covers the available SDK profile settings and the apps and platforms they apply to.

Key Assumptions

The recommendations provided apply to an app suite that includes:

  • VMware Browser
  • AirWatch Inbox
  • VMware Content Locker
  • Enrolled devices
  • AirWatch or wrapped apps
  • SDK settings available as of MMMM yyyy.
  1. Navigate to Groups & Settings > All Settings > Apps > Settings and Policies > Security Policies.
  2. Configure Security Policies.
    Action Description Rec
    Authentication Type
    Passcode Prompt end users to authenticate with a user-generate passcode when the app first launches, and after an app session timeout.

    Enabling or disabling SSO determines the number of app sessions that get established.
    Username and Password Prompt end user to authenticate by re-entering their enrollment credentials when the app first launches, and after an app session timeout.

    Enabling or disabling SSO determines the number of app sessions that get established.
    Disabled Allow end user to open apps without entering credentials.
    SSO
    Enabled Establish a single app session across all Workspace ONE UEM and Workspace ONE UEM wrapped apps.
    Disabled Establish app sessions on a per app basis.
    Offline Access
    Enabled Allow end users to open and use Workspace ONE UEM and wrapped apps when disconnected from Wi-Fi. Offline Workspace ONE UEM apps cannot perform downloads, and end users must return online for a successful download. Configure the Maximum Period Allowed Offline to set limits on offline access.
    Disabled Remove access to Workspace ONE UEM and wrapped apps on offline devices.
    Compromised Protection
    Enabled Override MDM protection. App level Compromised Protection blocks compromised devices from enrolling, and enterprise wipes enrolled devices that report a compromised status.
    Disabled Rely solely on the MDM compliance engine for compromised device protection.
      Data Loss Prevention
    Enabled Access and configure settings intended to reduce data leaks.
    Enable Copy And Paste
    Allows an application to copy and paste on devices when set to Yes.
    Enable Printing
    Allows an application to print from devices when set to Yes.
    Enable Camera
    Allows applications to access the device camera when set to Yes.
    Enable Composing Email
    Allows an application to use the native email client to send emails when set to Yes.
    Enable Data Backup
    Allows wrapped applications to sync data with a storage service like iCloud when set to Yes.
    Enable Location Services
    Allows wrapped applications to receive the latitude and longitude of the device when set to Yes.
    Enable Bluetooth
    Allows applications to access Bluetooth functionality on devices when set to Yes.
    Enable Screenshot
    Allows applications to access screenshot functionality on devices when set to Yes.
    Enable Watermark
    Displays text in a watermark in documents in the VMware Workspace ONE Content when set to Yes. Enter the text to display in the Overlay Text field or use lookup values. You cannot change the design of a watermark from the UEM console.
    Limit Documents to Open Only in Approved Apps
    Enter options to control the applications used to open resources on devices. (iOS only) You can use Workspace ONE UEM Configuration values to restrict users from importing files from third-party applications into Workspace ONE Content . For more information, see Configure Import Restriction in Content Locker section.
    Allowed Applications List
    Enter the applications that you allow to open documents.
    Disabled Allow end user access to all device functions.
  3. Select Save.
  4.  Navigate to Groups & Settings > All Settings > Apps > Settings and Policies > Settings.

  5. Configure Settings.

    Branding
    Enabled

    Apply specific organizational logo and colors, where applicable settings apply, to the app suite.

    Disabled Maintain the Workspace ONE UEM brand throughout the app suite.
    Logging
    Enabled Access and configure settings related to collecting logs.
    Logging Level

    Choose from a spectrum of recording frequency options:

    • Error – Records only errors. An error displays failures in processes such as a failure to look up UIDs or an unsupported URL.
    • Warning – Records errors and warnings. A warning displays a possible issue with processes such as bad response codes and invalid token authentications.
    • Information – Records a significant amount of data for informational purposes. An information logging level displays general processes as well as warning and error messages.
    • Debug – Records all data to help with troubleshooting. This option is not available for all functions.
    Send logs over Wi-Fi only
    Select to prevent the transfer of data while roaming and to limit data charges.
    Disabled Do not collect any logs.
    Analytics
    Enabled Collect and view useful statistics about apps in the SDK suite.
    Disabled Do not collect useful statistics.
    Custom Settings
    Enabled Apply custom XML code to the app suite.
    Disabled Do not apply custom XML code to the app suite.
  6. Select Save.