Workspace ONE UEM powered by AirWatch permits you to deploy different security policies and restrictions to employee-owned and corporate-dedicated devices.

Using restriction profiles, you can set tight restrictions for corporate-dedicated devices, and looser restrictions for employee-owned devices. For example, restrictions to apps like YouTube or native App Stores are not typically deployed to employee-owned devices. Instead, you can create security profiles and restrictions that increase the level of device security without having a negative impact on functionality.

Device-Agnostic Restrictions

Workspace ONE UEM makes the following restrictions available for every device and platform:

  • Encrypted backups – Protect all backups with data encryption for BYOD devices with access to corporate content.
  • Force fraud warning in supported browsers – Require users to acknowledge all warnings issued by the browser when it detects a suspicious site.
  • Disable moving emails – Prohibit the exposure of sensitive corporate data by disabling the ability to forward a corporate email to a personal account, or open it in third-party applications.

Platform-Specific Restrictions

Each platform has its own set of enforceable restrictions. Evaluate these restrictions individually to determine their value to your deployment. Some, like iOS restrictions limited to supervised devices, do not apply, because employee-owned devices must not be enrolled with Apple Configurator.

  • You can create security profiles and restrictions by navigating to Resources > Profiles & Baselines > Profiles and selecting Add, then selecting the appropriate platform.
  • If you create profiles specifically for employee-owned devices, only assign them to Smart Groups based on Ownership Type: Employee-Owned. For more information, see Smart Groups.

For more information about creating security profiles and restrictions, see Add a Compliance Policy.