Frequently Asked Questions (FAQ)

Questions for IT Admins


  • What is MobileIron Client? 

    MobileIron Client, also known as Mobile@Work, is a mobile app that users download to register their devices to the corporate UEM server. Once a device is registered, Client downloads configuration, apps, and other content from Core and enforces security policies established by IT.

  • What is MobileIron Core? 

    MobileIron Core is a key component of the MobileIron Platform. It is the administrative console through which administrators can define security and management policies for devices, apps, and content. Core also integrates with enterprise IT systems such as LDAP directories, email, content repositories, and network access control systems. Core may be deployed as a physical hardware appliance or as a virtual appliance using VMware ESX or Microsoft Hyper-V.

  • How many devices can you support on a single server? 

    MobileIron Core has been tested to manage up to 100,000 devices per server and up to 200 simultaneous device registrations. These numbers may vary based on the customer environment.

  • What reporting capabilities does Core support? 

    MobileIron Core collects over 200 fields of data with device, application, user metrics, and status which administrators can use to analyze, visualize, and get actionable insights into their mobile infrastructure. This data can be exported natively to Splunk, or other third-party reporting tools like Tableau, Crystal Reports, and QlikView.

  • Does MobileIron support delegation of administrative roles and functions? 

    Yes. MobileIron Core now allows IT to establish data and task boundaries to protect user privacy and provide flexible delegation of IT responsibilities. Secure spaces with delegated administration and role-based access enable the global IT lead to provide local IT or helpdesk admins with access to key systems based on their role within the organization. Global IT teams can also determine which devices local IT or helpdesk admins can see and what they can do on those devices. This enables global organizations to gain flexibility and create secure spaces for various functions within which they can complete key actions, while ensuring user privacy.

  • What is MobileIron Sentry? 

    MobileIron Sentry is the second component of the MobileIron enterprise mobility management platform. It is an in-line gateway that manages, encrypts, and secures traffic between the mobile device and back-end enterprise systems. Sentry may be deployed as a physical hardware appliance or as a virtual appliance using VMware ESX or Microsoft Hyper-V.

  • What is Apps@Work? 

    Apps@Work is an enterprise app storefront. It is an application distribution library, using which IT can publish approved in-house and 3rd-party mobile apps to end users, based on their role and function within the organization. For end users, Apps@Work is the single source to get enterprise-ready applications to help them be more productive on mobile.

  • What is AppConnect? 

    AppConnect is an app containerization technology. It creates a secure container through either an SDK and wrapper for iOS or a wrapper for Android. Apps secured using AppConnect become a secure container whose data is encrypted, protected from unauthorized access. IT can dynamically push app-specific configuration and policies to restrict open-in and copy/paste functions. A key component of AppConnect is AppTunnel which provides secure per app tunneling and access control to protect app data-in-motion.

  • What kind of apps does AppConnect work with? HTML5, etc. 

    AppConnect is an app containerization technology. It creates a secure container through either an SDK and wrapper for iOS or a wrapper for Android. Apps secured using AppConnect become a secure container whose data is encrypted, protected from unauthorized access. IT can dynamically push app-specific configuration and policies to restrict open-in and copy/paste functions. A key component of AppConnect is AppTunnel which provides secure per app tunneling and access control to protect app data-in-motion.

  • What is MobileIron Tunnel? 

    Tunnel is an Apple iOS per-app VPN solution. It allows organizations to authorize specific business apps, including internally built and App Store apps, to access corporate resources behind the firewall. Unapproved and personal apps are blocked so that only business data flows through Tunnel.

  • What is Docs@Work? 

    Docs@Work is a secure, on-device content repository. It gives the end user an intuitive way to access, store, and view documents from email and enterprise content shares such as SharePoint and lets the administrator establish data loss prevention controls to protect these documents from unauthorized distribution.

  • How is using Docs@Work different from using the VPN client on my device? 

    Docs@Work provides secure, VPN-less access to back-end repositories like SharePoint and other CIFS or WebDAV-based file shares. This provides end users seamless access to enterprise content behind the firewall. Docs@Work connects to the intranet via Sentry. As a result, intranet access is restricted to Docs@Work, making it a more secure option than traditional VPNs. Traditional, device-wide VPNs disrupt the user experience by requiring users to manually establish a VPN connection every time they want to access enterprise content. Additionally, device-wide VPNs allow any app on the device to access sensitive data.

  • Can you view documents offline with Docs@Work? 

    If enabled by the IT admin, end users can save content locally, within the secure Docs@Work container, for offline viewing.

  • What content management systems does Docs@Work support? 

    MobileIron Docs@Work works with all CMS systems that support IIS- and Apache-based WebDAV interfaces.

  • What is Web@Work? 

    Web@Work is an enterprise mobile browser that enables immediate, secure access to internal websites and web applications, while preserving a native and high-fidelity web browsing experience.

  • Does Web@Work secure cached data? 

    Yes. All cookies and cached data are encrypted as part of the AppConnect container. This data can be wiped as a part of a selective wipe should the device fall out of compliance.

  • Does MobileIron have APIs? 

    MobileIron has developed a set of Application Programming Interface (API) libraries allowing both customers and technology partners to leverage information on the mobile deployment from Core.

  • What operating systems does MobileIron support? 

    MobileIron supports Android, iOS, macOS, and Windows 10.

  • Can you perform selective wipe and restore? 

    Yes. MobileIron can wipe and restore corporate data while keeping personal data intact.

  • Can you perform jailbreak/root detection? 

    Yes. MobileIron can detect if an iOS or Android device has been compromised and can block the device from accessing corporate resources.

  • Can you restrict voice, SMS, and data? 

    No, because most operating systems do not allow it. Restricting voice calls also introduces liability in an emergency situation. Instead, the MobileIron solution allows administrators to set thresholds and mobile data usage caps for any time period, and provides real-time notification using DataView.

  • Is the MobileIron Platform certified for FIPS 140-2 compliance? 

    Yes. The MobileIron platform is certified for the use of FIPS 140-2 cryptographic modules. Our FIPS 140-2 certification letters are available here.

Questions about user privacy


  • What can my employer see on my phone/tablet when MobileIron is installed? 

    The answer varies by mobile operating system and company policy, but on iOS, for example, employers could potentially see data such as carrier, country, device make and model, OS version, phone number, location, list of installed apps, and corporate email. But, even if they wanted to, employers could not see data such as personal email, voicemails, photos, videos, and web activity (unless that data is going through the corporate network). Texts are a different. On Android specifically, IT can relay SMS messages from the device to corporate email archival systems. In this scenario, your IT administrator responsible for MobileIron cannot view these messages, however your compliance or data security team would have access to these messages. Please check with your IT administrator for details on your company’s policies. If your company is using MobileIron’s Visual Privacy you have a list of what your company can see and what actions can be taken on your device.

  • What is MobileIron? 

    MobileIron is software that companies use to secure and manage business apps, documents, and other business content on mobile phones and tablets. MobileIron software includes an administration console for the IT department and an app that employees download onto their devices from the app store or Google Play. IT uses the MobileIron console to set security and management rules. The MobileIron app provides the IT department with information about the device and its security state. This includes things like carrier, country, device make and model, operating system (OS) version, phone number, and corporate email.

    Your company’s IT department uses the MobileIron console to set policies, which are the rules that regulate the behavior of mobile devices and apps. For example, IT may set a policy that blocks a jailbroken or rooted device from getting company email. When the MobileIron app is installed on your device you can:

    • Access your corporate email, calendar, and contacts
    • Connect to corporate WiFi and VPN networks
    • Find and install work-related applications if your company is using them
    • Check compliance with corporate security policies
    • Locate lost or stolen devices

    The exact functionality of MobileIron on your device depends on the policies and configuration determined by your employer. We encourage you to reach out to your employer for additional details about your organization’s policy on company- and personally-owned devices managed by MobileIron.

  • Why does my employer want me to install MobileIron on my phone/tablet? 

    Companies use MobileIron to protect company information from being stolen or lost. Data theft can happen in many ways but some of the more likely examples include (i) use of a jailbroken or rooted device, (ii) running an old version of the operating system that has known security vulnerabilities, (iii) installation of a malicious app that can steal information from other apps on the device, or (iv) connecting to the corporate network via an unsecure network like the Wi-Fi in a coffee shop.

  • What does MobileIron do when it’s installed? 

    The technical term for what MobileIron does is “containerization,” which means separating personal apps and content from work apps and content. All of your work information and apps are kept together in a way that they can share information between themselves but can’t share it with your personal apps.

  • What can my employer do to my mobile device? 

    While it depends on the exact policies and configuration in your company, these are the types of actions an IT administrator could take:

    • Wipe enterprise content off of your phone, leaving your personal information untouched
    • Locate your device
    • Lock or unlock the device
    • Require that certain apps be installed
    • Block access to corporate email and internal resources if the device is out of compliance with company policies
  • Can my employer see my location? 

    Your company can choose whether or not to track your location and, if they decide to track location, they use a setting in the administrative console. A typical reason companies decide to track location is to help locate a device that is lost or stolen. If your company is using MobileIron’s Visual Privacy it will say if your company is tracking location.

  • Can I keep my employer from seeing my location? 

    You can turn off "sharing location data" in settings. However, if your company requires that location services be turned on, you may receive a notification that you are out of compliance with your company rules or you may be blocked from being able to access your work information on your device, including apps, email, calendar, and contacts. For assistance in this situation, please contact your IT department.

  • Can my employer read my personal emails? 

    Your employer cannot read emails sent and received from personal accounts such as Gmail. If you are sending personal emails using your work account, then yes, your employer has access to that information, the same way they do if you’re using a PC/laptop. However, they cannot read, or even see, your emails using the MobileIron console.

  • Can my employer see the apps I’ve installed? 

    If your employer distributes mobile apps to employees, they can see those apps because they are being secured using MobileIron. Your employer has the option to be able to see a list of all the apps that are installed on the device. However, not every company chooses to do this. When they do, it’s usually to understand whether there are potentially malicious apps on the device (such as apps that steal data) or whether there are apps that are against the company policies (such as gambling apps) that should not be permitted to operate on the company’s premises.

  • What’s wrong with a jailbroken or rooted device? 

    Because a jailbroken or rooted device bypasses some of the critical security features built into the device operating system (for example, application sandboxing), most malware (i.e., malicious apps) targets compromised devices, using the jailbroken or rooted device to gain unauthorized access to information from other apps on the device or to the corporate network.

  • Can MobileIron unlock my phone? 

    While MobileIron software may be used by your IT administrator to unlock your phone, we (i.e., MobileIron as a company) cannot take any direct actions on your phone. Only people at your company, usually the IT department, can take actions using the MobileIron console such as unlocking the device and wiping corporate data, etc.

  • Why can my IT department lock or unlock my phone? 

    Your IT department can choose to set a policy that will allow it to lock or unlock your phone. Typically, when a phone is used for work email and apps, the security best practice is to make sure the phone is “locked” by means of a passcode. This protects against data loss if the phone is lost or stolen. With MobileIron software on the phone, the IT department can unlock the device if you have forgotten your passcode (assuming that they’ve confirmed your identity). In case of a lost or stolen device, the IT department can also quarantine the device (to prevent loss of corporate data) or, in extreme cases, remotely wipe the device.

  • What happens if I remove MobileIron from my device? 

    Your device will be out of compliance. Depending upon the policy that your IT department has implemented, you will likely receive a notice of non-compliance. In addition, you may lose access to all work-related apps and data, including your work email, work contacts, work calendar, and apps.

Learn more about MobileIron