Custom Restriction Fields in Provision
under review
Stuart Pearson
It would be useful to be able to add custom data to "Provisions". "Device ownership" and "On-site" are both based on registry keys. Being able to have admin-created additional types would allow users on AppsAnywhere Cloud or users where the devices are not AD-joined to be able to better control application visibility.
i.e. Custom restrictions could be created based on registry keys or file existence / contents to create better flexibility for denying access to apps that are not licensed in certain areas.
James McNab
We are actively looking at this suggestion and how we might implement it, we appreciate this is a limitation of AppsAnywhere Cloud as SAML has no concept of devices.
This would also help with https://feedback.appsanywhere.com/feature-requests/p/entra-machine-groups ahead of us implementing support for Intune device groups.
Nothing is nailed down yet but this is how I'm currently thinking about it:
- You deploy a registry key to the desired devices in an (e.g. HKLM\SOFTWARE\Software2\Tags\DeviceGroup) with a desired value (e.g. AdobeAllowed).
- You add a registry key tag restriction to the delivery method, setting the tag name and value to look for (DeviceGroup and AdobeAllowed).
- The AppsAnywhere client detects any registry keys and their values set within the path (e.g. HKLM\SOFTWARE\Software2\Tags\... and sends these tags and their values to AppsAnywhere during validation.
- AppsAnywhere restricts the delivery method to devices with the required tag and matching tag value.
Would this be a workable solution?
James McNab
Development Manager - AppsAnywhere
Stuart Pearson
James McNab,
That sounds reasonable as long as there is potential for a large(ish) amount of registry tags to be used - which it sounds like there probably would be.
Personally, I'm not too fussed about variables or files so if it's easier to use registry keys then that's fine by me.
Stuart
James McNab
Stuart Pearson Hi Stuart, thank you for the feedback.
How many tags you would be looking to create if we had this feature?
Stuart Pearson
James McNab,
It's quite hard to say, as a new user, but I can imagine somewhere around the 15 mark at the moment although I had envisaged that an (almost) infinite amount would be possible. It might be worth trying to understand how many AD groups a typical admin would have linked into their Provisions.
Stuart
Stuart Pearson
I would hope / envisage being able to set multiple custom tags, as you say Andy, based on registry / file / variable. These could be pushed out by any method - Intune, GPO, SCCM etc so would be useful for all customers, not just AppsAnywhere Cloud / Intune.
James McNab
under review
A
Andy Corps
Agreed. Simplest solution I can see is to apply a "tag" (via reg or env variable or file) to a device via Intune while deploying the AppsAnywhere client.
This tag could be used as a restriction type.