To help enhance security and to avoid data leak, device pairing is disabled within both Apple DEP profile as well as device restriction profile. When a user attempts to connect his/her VMware AirWatch device to either Mac or PC and launch iTunes, a user will receive the error below.
Below is the error when Apple Configurator is launched after the same device is connected.
From time to time, however, this function can come in handy for Service Desk team to download existing version of apps for restore purposes. Also, in an unlikely event that device must be back up with iTunes, this will allow the Service Desk team to do so as well.
The steps outlined below will continue to prevent data leakage and allow a one-off exception on a case by case basis.
Assuming your VMware AirWatch is integrated with Active Directory, create a security group and use it to create your assignment group within your AirWatch console.
Then, either create a new or modify an existing restriction profile and uncheck the box below within the payload. Finally, make sure the assignment group is attached to the same profile for it to take effect.
If the same box above is checked, device pairing with iTunes is not allowed. You can confirm such restriction within the device.
Once the restriction is lifted, a user may get the below when connecting the device to iTunes if the device is currently locked with a passcode.
The user will also see the below on the device after unlocking with a passcode to allow pairing:
The user should see the below in iTunes soon after:
At this point you may ask:
- Why do we need to enable device pairing option in both DEP and device profile
- Why not enable it only in either DEP or device profile?
If we use any restriction (doesn’t matter if it was a DEP profile setting or a device restrictions profile), the device will not be allowed to pair.