Managed Apps

Apps installed and controlled by MDM. Allows for remote configuration, removal of app data upon unenrollment, and managed open-in restrictions.

What to Know

Managed Apps create a clear boundary between personal and corporate data on devices. When an app is managed, its data container is tagged as organizational property — meaning IT can remotely configure app settings, enforce data loss prevention policies, and automatically remove all app data when a device is unenrolled or reassigned. This protects corporate information while respecting user privacy, since unmanaged apps remain untouched during offboarding.

The managed state also enables advanced data governance features like managed open-in restrictions (preventing users from copying data from managed apps into unmanaged ones), per-app VPN routing (sending only corporate app traffic through the VPN tunnel), and managed pasteboard controls. Without these capabilities, organizations face significant data leakage risks as users inevitably copy sensitive documents, credentials, or customer data into personal note-taking apps, cloud storage, or messaging platforms.

Common Scenarios

Enterprise IT: Deploy managed versions of Microsoft 365, Slack, Box, or Salesforce to ensure corporate data within these apps is automatically removed when employees leave. Use managed open-in to prevent users from saving customer lists from Salesforce into their personal Dropbox or screenshotting financial data from Excel into personal photo libraries.

MSP: Configure client-facing productivity apps as managed to ensure client data is cleanly separated from the device owner’s personal apps. This is especially important in BYOD or contractor scenarios where the same device accesses both personal and multiple client environments — managed apps ensure each client’s data remains isolated and removable.

Education: Deploy managed versions of Google Classroom, Canvas, or student information systems to automatically remove all class materials, grades, and student data when a device is reassigned to a new student at the end of the school year. This prevents data leakage while avoiding the need for full device wipes between users.

In Addigy

Addigy automatically marks apps as managed when they are deployed through the Apple Apps (VPP) catalog or installed via MDM InstallApplication commands. Admins can configure managed app settings through the Apple Apps interface or by deploying managed app configuration dictionaries in Custom Profiles. When a device is unenrolled from Addigy, all managed apps and their associated data containers are automatically removed, ensuring corporate data doesn’t persist on devices that are no longer under management.