Enroll Android Devices

Enrolling Devices is the first stage in managing a mobile device, this document will explain you in detail about various steps involved in enrolling the device.

Enrolling Devices

Follow the steps mentioned below to enroll the devices.

  1. Click  MDM tab on the Desktop Central Console

  2. Under Settings click on Enrollment

  3. Click  Enroll Device and fill in the appropriate information

  4. Domain Name : Choose the Domain Name from the drop down, if you do not have any domain name, select  Default Workgroup

  5. User Name- Enter the user name of the device that needs to be enrolled.

  6. Email address :It is mandatory to  enter the email address of the user who will receive the enrollment request.

  7. Platform: Specify the platform from the drop down menu, as Android.

  8. Owned By : Owner of the device either Corporate or Personal

  9. Click Enroll to enroll the device.

  10. Assign to Group : Specify the group to which the device should be added. If you select an existing group from the drop down, then the newly added device will automatically get all the Apps and profiles which were already distributed to the group. By doing so you can automate the process of imposing the minimum required restrictions and Apps to all the newly added devices.

    If you add a new group name, then a new group will be created and the device will be added to it.

Ensure that you configure your Proxy settings, and the mail server settings, so that you the user can receive the email with the authentication passcode.

End users will receive an email with the  enrollment instructions and the link to enroll the devices. Based on the authentication policy defined for enrollment, users will be receiving the authentication passcode.  Users need to manually install the MDM profile by clicking on the enrollment request. If you use a SAFE device, you will get the android agent that has been exclusively designed for SAFE devices. If you access the download url from any normal android device, then a different agent will be downloaded. All enrolled devices will be listed in the Devices Tab in the Desktop Central MDM console under Groups and Devices.

Enroll Additional devices for same user

You can enroll multiple devices for the same user. In case a user has more than one mobile device that needs to be managed,  you can enroll those devices by following the steps mentioned below;

  1. Click MDM Tab

  2. Under Settings choose Enrollment

  3. Under Enrollment tab choose the User Name to whom you wanted to enroll the additional device

  4. Under Actions click   button

  5. Specify the Platform as Android

  6. Specify the Owned By type as Corporate or Personal and click Enroll

The mail to enroll additional device would be sent to the specified user.

Bulk Enrollment

This option facilitates you to enroll many devices at a same time. You can simply create a csv file with the User Name, Domain Name, Email, Platform and Owned by details and upload the same. Multiple entries should be in separate lines. Refer the below mentioned csv file for example,

Sample CSV Format

     USER_NAME,DOMAIN_NAME,EMAIL_ADDRESS,PLATFORM_TYPE,OWNED_BY,GROUP_NAME
     ANDREW,andrew@desktopcentral.com,Android,,Android_Group,
     BEN,ZOHOCORP,ben@desktopcentral.com,Android,Corporate,Android_Group,
 
Note : 
     1. The CSV file should contain the following fields: User Name, Domain Name, Email Address, Platform Type, Owned By, Group Name
     2. The fields User Name, Email Address and Platform Type are mandatory. All the other fields are optional. If not provided, default values will be taken

     3. The default values for various non-mandatory fields are: 
               Domain Name -- MDM
               Owned By -- Corporate
               Group Name -- Default Group for given Owned By & Platform Type.
     4. The first line of the CSV is the column header and the columns can be in any order.
     5. Blank column values should be comma separated.
     6. If the column value contains comma, it should be specified within quotes.

Follow the steps mentioned below, to enroll devices through Bulk Enrollment.

  1. Click  MDM tab on the Desktop Central Console

  2. Under Settings Click on Enrollment

  3. Click  Bulk Enrollment. A window opens, click Browse to upload the created CSV file and Import the same.

    Enrollment mail will be sent to all the users listed in the csv file.

Enrollment Process on Android devices

The users, upon receiving the enrollment requests, can enroll their device as mentioned below:

User needs to copy the Server Name, Port Number and passcode given in the email. The following steps will explain you the enrollment process on the android device. If the user's  device is a normal android device, ME MDM App for android devices will be downloaded. If the user's device is a SAFE device, then an android agent that has been exclusively designed for SAFE devices will be downloaded. ME MDM App for SAFE devices has advanced management capabilities unlike normal android devices.

  1. Users will receive a mail for enrollment and will have to click on the link in the email, to start the enrollment process.

  2. When Desktop Central recognizes the device as normal android device or SAFE device, the user will be automatically directed to the App's PlayStore page and the appropriate App can be downloaded.
    If Desktop Central is unable to identify the device, user will be provided with a link which explains the list of SAFE devices. User can refer to the link and determine if the device is SAFE or not. On choosing to download the appropriate App based on the version of Android, the user will be directed to the App's PlayStore page from which the App can be downloaded.

  3. Once the download has been successful, user will have to click on the downloaded ME MDM App to install it.

  4. After the installation completes, user should open the App.

  5. User needs to provide the One Time password/ Active Directory credentials after opening the App. This depends on the authentication type, if two factor authentication is enabled, then user will have provide both the OTP as well as the AD credentials.

  6. User should accept the terms and conditions by clicking continue

  7. Users need to enable Device Administrator on their mobile device and click Activate

  8. Users can see that the device has been enrolled successfully.

  9. ME MDM App icon will be listed on the mobile device.

  10. By clicking the MDM App icon, MDM App opens and the end user can see the distributed Apps and associated profiles listed here.

Apps that are distributed by ME MDM will be listed in App Catalog. Profiles that are associated to the devices will be listed under Policies and Restrictions. Device Details will provide the complete information about the device.  

Removing an Enrolled Device

  1. Go to Settings -> Enrollment

  2. Click on Enrollment tab

  3. Click Search button and search for the device by using its known properties( user name, device name etc)

  4. Click on Action button and select Remove Device

  5. In the confirm box that appears, click OK.

Removing the device will remove all the profiles and apps associated with the device. However, ME MDM App in the device will not be removed. Users must manually remove the app if required.

FAQs

  1. What is SAFE?

  2. Which devices are called SAFE devices?

  3. How to Secure Corporate data on SAFE devices?

  4. How to remove Android agent from the Mobile Devices

1. What is SAFE?

SAFE stands for Samsung Approved For Enterprise. These are devices manufactured by Samsung and are recommended by them for Enterprises. They are exclusively designed  with options which enables administrators to have advanced control over managing these devices.  

2. Which devices are called SAFE devices?

The following Samsung devices are called as SAFE devices:

Samsung Galaxy S V

Samsung Galaxy S IV Mini

Samsung Galaxy S IV

Galaxy S III

Galaxy S II

Galaxy Note II

Galaxy Note 8 

Galaxy Note 10.1 

Galaxy Tab

For more details refer to the following website:

http://www.samsung.com/us/business/samsung-for-enterprise/safe-devices.html

3. How to Secure Corporate data on SAFE devices?

You can secure corporate data on mobile devices by applying the following restrictions:

By forcing Passcode Policy

Disabling Cellular Data

Disabling Bluetooth

Disabling NFC

Disabling usage of Camera

Disabling data Backup (Google)

Disabling Screen capture

Disabling USB usage

Disabling usage of SD card

Disabling Tethering

Disabling Data Sync

Forcing Encrypted Backups.

Configuring Email settings to restrict data forwarding.

Imposing these restrictions can help you to secure corporate data on mobile devices.

4. How to remove ME MDM App from the Mobile Devices

To uninstall the ME MDM App from the end user's mobile device, the following steps should be followed on the mobile device:

  1. Go to Settings

  2. Choose Security Settings

  3. Click the Device Administrator

  4. Disable Device administrator

  5. Now, Go to Applications

  6. Click on the ME MDM App and click uninstall

Android agent will be successfully uninstalled from the mobile device. Once the android agent is uninstalled from the mobile device, the device will no longer be managed by Desktop Central. All the restrictions that has been imposed using Desktop Central will be removed automatically. Apps that there distributed through Desktop Central will be removed only from SAFE devices. Apps will not be removed from normal android devices. The device should be enrolled again, if it needs to managed again by Desktop Central.

 

 

  1.  

     

 

Copyright © 2005-2015, ZOHO Corp. All Rights Reserved.
ManageEngine