Appstore App Policy

BigFix Mobile enables you to configure application policies to install applications from the App store on the Android, iOS, and iPadOS devices.

About this task

Before creating the Appstore App policy, ensure the required Apps are added to the App Catalog.

Creating an Appstore app policy

To create an Appstore App policy, perform these steps:


  1. Log in to BigFix WebUI.
  2. Go to Apps > MCM.
  3. Click Create Policy on the top right corner.
  4. From the list of policy types, select Appstore Apps. The following page appears.

  5. Under the General Settings section, enter Appstore Apps Policy Name and Description.
  6. Select the Operating System.
  7. From the Assign Policy to Site drop-down, select the site.
  8. Configure the operating system specific settings. You can set the permissions globally for all the apps in the app policy. You can also set permissions for individual app in the policy as required by selecting the app and clicking . You can see the settings set for an app on the fly when you hover over the mouse on the icon.
    Default Settings for all apps: Enable or disable the option to distribute the apps as an offer to the end users.
    Permission Settings
    • Default Permission Policy: The permission set as Default Permission Policy is applicable globally for all the applications that are installed through the app policy. Admins can choose from the following options when setting a default runtime permission policy for the managed Android apps.
      • Prompt - prompt the user to grant permission to install apps. This is the default option. Device users can either choose to allow installation of the apps or cancel it.
      • Grant - automatically grant permission to install the managed apps without user intervention
      • Deny - automatically deny permission to prevent unauthorized app installation
    • Manage Individual Permissions: Based on the Apps selected, WebUI displays the list of permissions. IT admins can remotely set permissions to prevent applications from gaining access to data or control over a device. For example, the ability to read the user's contacts, external storage or location are runtime permissions. The user has to explicitly grant these permission for the application. However, for managed Google Play applications, administrators can configure and enforce these permissions from WebUI. Select Prompt, Grant, or Deny for individual permissions. For more details on the permissions listed, see the official Android documentation at
    • Customise the permission by apps: If you want to configure per-app permissions, you can do that by selecting the app and clicking the edit icon for the app and selecting individual permissions.
    Note: Deployment of this Appstore policy removes any previously deployed work profile applications that are not specified in this policy.
    Default Settings for all apps: The permission set as Default Settings is applicable globally for all the applications that are installed through the app policy.iOS default settings
    • Removed with MDM Profile: Enable this setting if you want to remove the app when MDM profile is removed.
    • Prevent Backup: Enable this setting to prevent backup of app data.
    • VPP Management: This option is applicable only for VPP apps. Enable this setting for delivering apps to supervised Apple devices only. Do not select this option if the app is to be delivered to an Apple user enrolled device, as that option is not allowed for BYOD enrollments. For more information, see Known limitations.
    Individual app settings: If you want to configure per-app settings, you can do that by selecting clicking the edit button available for the respective app.iOS Individual app setting
  9. Select apps: This grid lists all the apps added to the app catalog. Select the desired app and configure settings as needed.
  10. Click Save.


Appstore app policy is created and is ready to deploy.

When the policy is deployed, the device receives a notification that a set permission or action is being performed on the device by the device manager. The permission manager in the device shows the permission that are applied.

Note: Android:
  • Policy deployment will remove any past work profile apps not specified in the new policy.