Internal applications are often developed to perform enterprise-specific tasks. Abrupt removal of these applications can cause frustration and halt work. You can prevent the removal of important internal applications, by using the application removal protection. Application Removal Protection ensures that the system does not remove business-critical applications unless approved by the admin and holds the app removal commands based on the threshold values.
You can either use the default values or enter the limits that trigger the system to hold application removal commands. These actions stops the system from removing associated internal applications from devices. Until an admin acts on the held app removal commands, the system does not remove internal applications. In general, threshold values apply to bundle IDs and apply at a customer type organization group, and is inherited by the child organization groups. When setting threshold values and acting on them, consider these characteristics so that you can take informed actions on applications and have the permissions they need to act on the app removal commands. Because the system applies threshold values per bundle ID, it is possible for a single application to have varying names and still have the same bundle ID.
Note: Admins cannot override threshold values in the child organization groups. Admins' placement in the organization group hierarchy controls their available roles and actions. Admins in child organization groups can act on the removal commands in their assigned organization groups. Admins in parent organization groups can edit the values and act on removal commands in the parent group and in the child organization groups.
Application removal protection system canvasses the application removal command queue for values that meet or exceed your threshold values. Several application or group state changes can trigger application removal commands. For example, application removal commands trigger when you edit your smart groups, publish applications, deactivate, or retire applications, delete applications and so on. Complete the following steps to configure application removal protection in an organization group at the customer level or below in the Workspace ONE UEM console.
Enter the following threshold settings:
|Devices Affected||Enter the maximum number of devices that can lose a critical application before the loss hinders the work of the enterprise.|
|Within (minutes)||Enter the maximum number of minutes that the system sends removal commands before the loss of a critical application hinders devices from performing business tasks.|
|Email Template||Select an email notification template and make customizations. The system includes the App Remove Limit Reached Notification template, which is specific to the app removal protection.|
|Send Email to||Enter email addresses to receive notifications about held removal commands so that the recipients can take actions in the app removal log.|
Save the settings.
You can use the App Removal Log page to continue to hold application removal commands, dismiss commands, or release the commands to devices. The command status in the console displays the application removal log that represents a phase of the protection process until an admin acts on the held commands, the system does not remove internal applications.
Complete the following steps to review the App Removal log to act on the held App Removal Commands:
Filter, sort, or browse to select data.
You can select the Impacted Device Count link to browse the list of devices affected by actions. This action displays the App Removal Log Devices page that lists the device name of the devices. You can use the device name to navigate to the devices' Details View.
|Held for approval||The protection system holds removal commands, and the system does not remove the associated internal application.
The removal commands are in the command queue but the system cannot process them without admin approval.
|The system holds removal commands because the threshold values were met.|
|Released to device||The protection system sent the commands to remove applicable internal applications off devices.||The system released the commands because an admin configured the release.|
|Dismissed by admin||The protection system purged the removal commands from the command queue.
The system did not remove applicable internal applications off devices.
|The system purged the commands because an admin configured the dismissal.|
You can select Release or Dismiss.