Managing device policies

Coro implements device management through policies. In a policy, you define and assign application lists to enrolled devices that, depending on the device type, can either:

  • Actively enforce application installation and usage restrictions, or
  • Report usage non-compliance

Device policies in Coro work with labels. When you create a policy, you assign one or more labels to it. Then, by assigning labels to devices you determine the policies that should apply.

Application management and enforcement by device type

For supervised iOS and iPadOS devices, a policy does not prevent excluded applications from being seen in the Apple App Store, nor does it prevent installation. However, a policy does prevent the user from being able to run an installed application that is not part of the policy Allowlist. For BYOD iOS and iPadOS enrollments, a policy cannot be enforced at all. However, Coro can retrieve an installed app list from the device and report where policy contraventions occur on the Devices page.

For company-owned Android devices, an applied policy completely prevents the user from viewing excluded applications in the Google Play Store or installing anything not on the policy Allowlist. This is also true for BYOD Android devices, although this is limited to the installed Work profile.

note

The Personal profile on a BYOD Android device is completely unaffected and continues with normal unrestricted access to apps in the Google Play Store.

Viewing device policies

To view device policies:

  1. Sign into the Coro console .
  2. Select the Mobile Device Management module.
    note

    If Mobile Device Management is not enabled, contact your Coro sales representative.

  3. From the Mobile Device Management page, select the Policies tab:

    Policies tab

Coro presents all currently defined policies grouped by device type. Expand or collapse device type sections to view associated policies, including the labels applied in each case and the last modified timestamp.

On this tab, you can:

  • Add a new policy, see Creating a new device policy .
  • Filter the page to view only selected policies or by policy assignment status.
  • Sort the policy list in ascending or descending order of last modified date, as indicated by the arrow next to the column heading.
  • Search for a policy by name.

Use the three-dot actions menu adjacent to each policy to edit or delete that policy.

Creating a new device policy

Before you set up a device policy, make sure you know the Bundle IDs (iOS/iPadOS) or Package names (Android) of the applications to add.

To create a new mobile device policy:

  1. From the Policies tab, select + ADD POLICY .
  2. Use the dropdown to select the device type for your new policy:

    Selecting a device type for a new policy

    Coro displays the Create policy dialog, starting at the Enter Policy Name step:

    note

    The screenshots used in this procedure represent creating a policy for iOS BYOD devices. Other device types use the same or similar steps, with differences noted.

    Adding a new iOS BYOD policy

  3. Enter a name for the policy, then select NEXT to continue.
  4. In the Select Policy Type step, use the dropdown to view and select from the available policy types:

    Selecting a policy type

    Important

    In this release, policy types are limited to one of the following:

    • Allowed Apps : For enrolled device types where application installation and usage is enforceable.
    • Compliant Apps : For enrolled devices types where application usage is not enforceable but can be reported on.

    For more information, see Application management and enforcement by device type.

    Select NEXT to continue.

  5. In the Define Action step, enter one or more application Bundle IDs (iOS/iPadOS) or Package names (Android) into the box provided. Coro searches for and displays a list of matching applications. Select a matching application or choose to add the bundle ID/package name as entered:

    Adding applications

    To remove an entry, select the delete option:

    Removing an added application

    Select NEXT to continue.

  6. In the Assign Labels step, use the dropdown to select one or more device group labels to apply to this policy:

    Assigning labels to the policy

    Alternatively, create a label by typing it directly into the box:

    Adding a new label to the policy

    Important

    You must select at least one label for your policy. This is the mechanism through which policies are applied to devices.

  7. To save your policy, select SAVE .

Applying a device policy

After you have defined a device policy, apply it to your mobile devices through adding the corresponding label to your devices. For more details, see Adding and removing device labels.

Policies associated with a label are assigned immediately to connected devices, although Coro recommends allowing a short time for all affected devices to be fully updated. Devices must be connected to the internet for the policy to take effect.

note

For Android devices only: If you subsequently edit an assigned policy by removing or replacing allowed applications, devices affected by the change are updated automatically without notice to the user when next online. That is, installed applications no longer allowed after the policy update are automatically uninstalled and cease to be visible in the Google Play Store.

Deleting a device policy

You can permanently delete a device policy through the Policies tab.

Perform the following steps:

  1. Locate the policy to delete from the list.
  2. Select the adjacent three-dot actions menu. Then, select Delete :

    Delete policy

    Coro presents a confirmation dialog. If you proceed, the policy is deleted and unnassigned from devices.

  3. To delete the policy, select DELETE .