You are here: Mobile SDK > Mobile SDK for Android > Integrating with EMM providers > Integrating with AppConfig-compiant EMM providers

Integrating with AppConfig-compliant EMM providers

AppConfig delivers the first standard approach to configuring and securing apps in the enterprise by defining a collection of best practices for enterprise application developers to interpret app configurations and security policies from EMM (Enterprise Mobility Management) systems, and for EMM systems to configure and secure mobile applications. These best practices make it simpler for developers to implement a consistent set of controls so that enterprise IT administrators can easily configure and manage apps from any participating EMM platform. AppConfig lets enterprises leverage their existing investments in EMM systems, VPNs, and identity management solutions.


MicroStrategy Mobile is designed to take advantage of the configuration and security capabilities provided by AppConfig. For Android devices, AppConfig uses a feature called "App Restrictions" to build on the extensive app security and configuration frameworks available natively. EMM providers can send configurations (app and security) from the admin server to managed devices via the "Restrictions".


Many applications require users to enter URL, port, email address, and various configurations as part of a one time setup of an application. By leveraging native APIs, AppConfig lets administrators use the EMM server to set these configurations remotely. This simplifies the setup process for end users and alleviates the help desk and documentation burden caused by manual setup. App developers define a set of configuration keys the app accepts from an EMM server and administrators simply set the keys and values in the EMM provider’s management console and they are pushed to the app.


Getting started


Before you begin your integration, make sure you have met the requirements and compiled your MicroStrategy Mobile app. Once you have done this, you are ready to push configurations, per app VPN settings, and security restrictions to the MicroStrategy Mobile app.





To use MicroStrategy Mobile for Android with an EMM provider that supports the AppConfig protocol, you must first meet the following prerequisites:

Setting up the environment

A detailed explanation of how to set up Android for Work in your environment is provided below:



Configuring and securing MicroStrategy Mobile

Once you have met the prerequisites, you are ready to use AirWatch's "App Restrictions" to distribute MicroStrategy Mobile configuration information to all your managed devices, enforce security policies and access control, and enable MicroStrategy Mobile to use an App tunnel to connect to back end and corporate networks.

To publish MicroStrategy Mobile:


  1. Open the AirWatch Console, upload MicroStrategy Mobile, and click Save & Assign to assign the app to devices.

  2. On the Add Assignment screen, select the device group that has the devices that MicroStrategy Mobile will be pushed to and set the delivery time to control when it will be delivered.

  3. Edit the assignment to set up the application configurations, including the configuration URL and application security restrictions, and the per-app VPN profile (for the AppTunnel). Navigate to Apps & Books -> Applications -> List View. Click the Public tab, select the MicroStrategy Mobile app and click the Edit or Edit Assignment icon. Select the Deployment tab and the Deployment page opens. You use the Deployment page and other settings on the AirWatch Console to configure the following:

You configure many of these settings on the Deployment page shown below:

App Configuration


Under Application Configuration on the Deployment page, set the value of ConfigurationURL which is a link to a full set of configuration settings such as Intelligence Server and Mobile Server connectivity, project information, home screen configuration, and general app settings. You can initialize the application by putting the configuration URL into Application Restrictions. The configuration URL is a key-value pair. To distinguish configuration URLs between Android phone and tablet, use the following keys for the URL:

Set the value of the configuration URL key to the URL that has the configuration information. The URL must be a String value whose "%" encoding characters have been replaced with "%25". The ConfigurationURL can be obtained from the MicroStrategy Mobile Administrator page, under Mobile Configurations. For information on how to create a mobile configuration, refer to Configuring connectivity settings for iOS and Android devices.

Before the configuration URL is applied, the user is asked to confirm whether he/she wants to reconfigure your application. If the user selects "No", he/she will be prompted again the next time the application is launched.


Security policies and access control


Some security capabilities are natively provided by the operating system and the EMM vendor, while other capabilities require the implementation of an app configuration.

The following security capabilities do not require configuration on the AirWatch Console:



To set the following security policies, you use the Deployment page and other settings on the AirWatch Console.


App Tunnel

To enable per-app VPN, you must:

  1. Create a device profile with AppProxy VPN enabled, and assign it to your device. For example, on the AirWatch console, you configure and distribute the VPN profile in Devices -> Profiles -> Add Profile -> Android -> Android for Work -> VPN, where you specify the domains/hostnames in the profile to auto-trigger the VPN.

  2. Configure VPN in the device profile. For example, on the AirWatch console, go to VPN -> Configure and set the Connection Type to "AirWatch Tunnel".

  3. Assuming that you have already selected MicroStrategy Mobile to in your list of public apps, on the Deployment page, select the Use VPN checkbox and choose the Per-App VPN Profile to use.

  4. Install AirWatch Tunnel to the device and open AirWatch Tunnel. The per-app VPN only works when AirWatch Tunnel is installed on your device. You can find this app in Google Play. To make AirWatch Tunnel work, you must publish it in Google Play for Work and the AirWatch console as com.airwatch.tunnel, and then push it to the device. After AirWatch Tunnel is installed, you can manually connect to the VPNs with this public app.

  5. You can also find and connect to the VPNs in Settings -> More networks -> VPN. If you leave the device for a while when the VPN is connected, the status of the VPN sometimes becomes "Idle" in the AirWatch Tunnel app. In this case, you have to manually disconnect the VPN in Settings -> More networks-> VPN and connect it again:

  6. These settings take effect after MicroStrategy Mobile is pushed to the device. When MicroStrategy Mobile is launched, it automatically connects to the VPN server, and a key icon is shown on the left side of the status bar, indicating the VPN is activated by AirWatch Tunnel.