The SDK App Compliance and Policies Settings page lets you configure options that affect Workspace ONE UEM apps, Workspace ONE SDK-built apps, and wrapped apps.

What can you do with the SDK App Compliance Settings Page?

With this page, you can configure options that affect Workspace ONE UEM apps, Workspace ONE SDK-built apps, and wrapped apps.

Determine your Organization Group hierarchy

Before you review and modify the settings, understand the two types of inheritance/override options for the organization group hierarchy available at the top and bottom of the settings page and determine your choice.

  • Current Setting - Select whether to Inherit or Override the displayed settings. Inherit means use the settings of the current organization group's parent OG, while Override enables the settings for editing so you can modify the current OG's settings directly.
  • Child Permission - Select the available behavior of child organization groups that exist below the currently selected organization group. Inherit only means child OGs are only allowed to inherit these settings. Override only means they override the settings, and Inherit or Override means you can choose to inherit or override settings in child OGs that exist below the currently selected OG.

SDK App Compliance

Application Version always uses the Block action when the SDK identifies the configured parameters. The Block action prevents user access to SDK-built applications.
  • Application Version

    Use Application Version to restrict devices from accessing SDK-built applications unless the version is approved.

    For example, enter and select Workspace ONE Boxer, select Less Than, and enter 4.9. This group of parameters sets the SDK to block access to any version of Workspace ONE Boxer that is earlier than v4.9.

    This field evaluates version identifiers as numeric values separated by a period. For example, 2.3.5 or 7.5.4.1. If your version contains non-numeric values, like 2.a.5, the SDK uses only the leading numeric values and it evaluate this as 2. For a version number of 2.3.4.a, the SDK evaluates this as 2.3.4

  • Application Inactivity

    Use Application Inactivity to restrict devices from accessing SDK-built applications in case the applications stay inactive for a specified number of days. When enabled, application data is wiped when an iOS or Android application (specified by an app ID) reaches the allowed days of inactivity (1-90 days).

  • OS Version

    Use OS Version to restrict devices from accessing your enterprise resources that are not on compliant OS versions.

    For example, select Greater Than or Equal To, and enter Android 4.4.2. This group of parameters sets the SDK to block access to an Android device or wipe an Android device that either runs 4.4.2 or an OS version later than 4.4.2. This configuration approves of Android OS version 4.4.1 and earlier.

  • Security Patch Date

    Use Security Patch Date to restrict Android devices that are on a security patch older than a specified date. This function supports only the Android platform.

    Enter a date that identifies the minimum approved security patch that you require Android devices to run in the Before text box. If an Android device runs a patch published before this date, the SDK acts with the configured action.