Device enrollment made easy

Many organizations allow employees to use mobile devices to access corporate data. Most enterprises have mobile environments that are comprised of a mix of enterprise-owned devices and user-owned devices (often referred to as BYOD—bring your own device—environments). Bringing these devices into your organization's network is the first step to securely managing them.

When it comes to enterprise-owned devices, there are few different levels of ownership.

  • Choose your own device (CYOD) Employees select a corporate-owned device from a list of approved devices.
  • Corporate‐owned, personally enabled (COPE) Employees can choose a specific corporate-owned device and use it as if it were their personal device.
  • Corporate‐owned, single‐use (COSU) Includes devices intended for a single, specific purpose such as digital signage, ticket printing, point-of-sale, or inventory management.

In the case of a BYOD environment, there is an even greater need for enterprises to authenticate devices before they enter the corporate network.

Mobile Device Manager Plus serves as a management solution that automatically works across a multitude of mobile environments and provides necessary security protocols so that unauthorized users can’t gain access to the corporate network. Mobile Device Manager Plus focuses on over-the-air (OTA) device authentication and device onboarding, making the first step of device management a breeze.

Authenticating mobile devices

Device authentication can be carried out in Mobile Device Manager Plus through the following methods.

  • One-time password A one-time password (OTP) is generated and sent to the user, along with the enrollment invitation.
  • Active Directory/Azure authentication An Active Directory or Azure password is used to authenticate the user while enrolling the device.
  • Two-factor authentication A combination of user domain credentials and a OTP is sent along with the enrollment invitation.

To learn more about the authentication techniques supported by Mobile Device Manager Plus, click here.

Simplified device enrollment

Mobile Device Manager Plus offers different enrollment methods for enrollment initiated by users and by admins.

  • User enrollment Employees can enroll their own devices in the network.
    • Enrollment through invite Enterprise administrators can send invitations via e-mail to employees whose devices have to be enrolled. This helps in bulk enrollment of devices.
    • Enrollment through SMSThis method of enrollment is useful when the employees do not have an e-mail account or the organization does not want to associate an e-mail ID to the devices. Administrators can send out the invitations via SMS to several of their employees' mobile numbers.
    • Self-enrollmentThis form of enrollment is carried out without an enrollment invitation, using employees' Active Directory credentials alone.
    • Bulk enrollment via CSV Admins can upload a file containing employee details. An e-mail is then sent to these employees, asking them to enroll their devices.
  • Administrator enrollment Enterprise admins can quickly and easily bring corporate mobile devices under management from their end using the following bulk enrollment techniques.
    • Bulk enrollment for Apple devices
      • Apple Business Manager (ABM) Enterprise administrators can enroll Apple devices without coming in contact with the devices. Devices are brought under management with all the required configurations, right out of the box. This method of enrollment ensures mandatory management of the devices whereby the management cannot be revoked by the users.
      • Apple Configurator Apple Configurator is a utility tool designed to configure and enroll corporate-owned iOS devices in an enterprise using a physical USB connection. iOS devices can be pre-loaded with associated profiles and apps before they're handed out to employees.
    • Bulk enrollment for Android devices
      • Android Zero Touch Android Zero Touch enrollment is an automated enrollment method provided by Google for on-boarding enterprise-owned devices to a mobile device management solution.The devices can be enrolled with Mobile Device Manager Plus soon after device activation which makes it an out-of-the box enrollment method. This also ensures mandatory management of the devices.
      • Knox Mobile Enrollment (KME)Knox Mobile Enrollment is a form of automated bulk enrollment for Samsung Knox devices. It is a one-time setup for administrators and ensures mandatory management of devices.
      • EMM Token enrollmentEMM Token enrollment is another automated enrollment method for Android devices that simplifies enrollment by performing it in a single step. This method also involves minimal effort on the administrator's end.
      • Android Near Field Communication (NFC) enrollment This form of Android enrollment is useful for devices that support the NFC feature. With this functionality, one device takes on the role of an admin device, while the other assumes the role of a target device (i.e. the device that has to be brought under management). All the IT administrator needs to do is bump the admin device with the target device to complete the enrollment.
    • Bulk enrollment for Windows devices
      • Windows Azure Enrollment and AutopilotWindows Azure enrollment is provided by Microsoft for on-boarding Windows 10 devices to a mobile device management solution in bulk. Along with Windows Autopilot, this method provides seamless out-of-the-box device enrollment with Mobile Device Manager Plus.
      • Enroll Windows devices using Windows Imaging and Configuration Designer (ICD) tool Device enrollment using Windows ICD speeds up the enrollment process by distributing a provisioning package (PPKG) file to the target devices. It then enrolls the devices directly with Mobile Device Manager Plus without any user intervention or admin action.
    • Bulk enrollment for Chrome devices
      • Chrome OS Enrollment Chrome OS devices can be enrolled with Mobile Device Manager Plus in bulk and managed effortlessly. This simply requires registering the devices in your G Suite account and then assigning users to manage them.

More resources