Enroll Android devices

This document will explain you on the various types of enrollment. Our Mobile Device Management solution, provides a wide range of options to enroll mobile devices. Enrollment is the first and the most important stage for managing a mobile device. You will have to enroll all the devices, which needs to be managed. There are different types of enrollment, they are explained below:

Profile Owner and Device Owner

With the advent of Android for Work, Android devices support additional configurations and features. Corporate-owned devices can be provisioned as Device Owner, using multiple methods as listed here.

Enrollment using Invitation

This is a standard way of enrolling mobile devices.  As an administrator, you can send emails, with the link for enrollment. Users will be able to enroll their mobile devices, only if they receive this email. Enrollment invitations can be sent to users manually or in bulk. When you use to manually select a user and send invite, then the enrollment will happen for a single device. You can also choose to send enrollment invitations to multiple users as bulk enrollment.

Confused about the correct enrollment technique to be used for enrolling devices in your organization? Click here to know what is the most optimal enrollment technique, for your scenario.

Enroll Single Device

 The link on the email is specific for a particular user and good only for enrolling one device. If the user wants to enroll more than one device, then you will have to send more than one invite for the user to enroll as many number of devices. Learn more about the steps to enroll devices here

Bulk Enrollment

This option facilitates you to enroll many devices at a same time. You can simply create a csv file with the User Name, Domain Name, Email, Platform and Owned by details and upload the same. Multiple entries should be in separate lines. Learn more about Bulk Enrollment here

Most Suited for:

·         Most suitable for BYOD

·         When you want to limit the users to whom the enrollment invite should be sent

·         It works good when the users will be knowledgeable to complete the enrollment process by following the instructions which will be sent via email

·         If you wanted to use OTP or Two Factor Authentication for Enrollment

Points to be Noted:

·         Users will have to accept the invitation and initiate the enrollment process within 7 days

·         You will have to follow up with the users to complete the enrollment process

Enrollment without Invitation - Self Enrollment

Users do not require an invite from you. All you need to do, is share/publish the self enrollment url. Using the self enrollment url, users can enroll their devices, using their Active Directory/Azure credentials. The specified url needs to be accessed from the mobile device, which needs to be enrolled. Users do not have any restriction to enroll more than one device, as long as you have purchased sufficient license count to manage devices. Click here to know more about the Self Enrollment

Most Suited for:

·         If you wanted to use only Active Directory/Azure authentication for enrollment

·         A single user can enroll multiple devices

·         User does not require any invitation or approval for initiating enrollment

Points to be Noted:

·         This will not work for a workgroup set up

·         You will not have a track on the devices/users if the enrollment has failed

Enrollment by Administrator - Using NFC

You can enroll devices using NFC with the ManageEngine NFC Enrollment app. You will have to ensure that the devices support NFC and Wi-Fi is turned on the target device. You should manually configure a admin device and make it as a terminal. You can bump this device with the target devices to initiate the enrollment process. Learn know more about enrolling devices using NFC here

Most Suited for:

·  If you wanted to enroll corporate devices

·  You do not want user intervention

Points to be Noted:

·  This will not work if the device does not support NFC

·   You should have the device physically for bumping the device

Enrolling Devices

Follow the steps mentioned below to enroll the devices.

  1. On the web console, navigate to Enrollment

  2. Click  Enroll Device and select Android. Choose either Samsung or Non-Samsung based on your requirement.

  3. If you wish to complete the enrollment without any user interaction select By myself under Devices to be enrolled else, select Through User Invites to send an invite to the users to complete the enrollment.

  4. User Name- Enter the user name of the device that needs to be enrolled.

  5. Email address- It is mandatory to  enter the email address of the user who will receive the enrollment request.

  6. Owned By- Owner of the device either Corporate or Personal

  7. Assign to Group- Specify the group to which the device should be added. If you select an existing group from the drop down, then the newly added device will automatically get all the Apps and profiles which were already distributed to the group. By doing so you can automate the process of imposing the minimum required restrictions and Apps to all the newly added devices.

    If you add a new group name, then a new group will be created and the device will be added to it.

  8. Click Enroll to enroll the device.

Ensure that you configure your Proxy settings, and the mail server settings, so that you the user can receive the email with the authentication passcode.

End users will receive an email with the  enrollment instructions and the link to enroll the devices. Based on the authentication policy defined for enrollment, users will be receiving the authentication passcode.  Users need to manually install the MDM profile by clicking on the enrollment request. ME MDM App (android agent) will be installed on the device. All enrolled devices will be listed in the Devices Tab in the Mobile Device Manager Plus console under Groups and Devices.

Enroll Additional devices for same user

You can enroll multiple devices for the same user. In case a user has more than one mobile device that needs to be managed,  you can enroll those devices by following the steps mentioned below;

  1. On the web console, navigate to Enrollment

  2. Under Devices tab, choose the User Name to whom you wanted to enroll the additional device
  3. Under Actions click Enroll Addition Device option.

  4. Specify the Platform as Android

  5. Specify the Owned By type as Corporate or Personal and click Enroll

The mail to enroll additional device would be sent to the specified user.

Bulk Enrollment

This option facilitates you to enroll many devices at a same time. You can simply create a csv file with the User Name, Domain Name, Email, Platform and Owned by details and upload the same. Multiple entries should be in separate lines. Refer the below mentioned csv file for example,

Sample CSV Format

     USER_NAME,DOMAIN_NAME,EMAIL_ADDRESS,PLATFORM_TYPE,OWNED_BY,GROUP_NAME
     ANDREW,andrew@mobiledevicemanagerplus.com,Android,,Android_Group,
     BEN,ZOHOCORP,ben@mobiledevicemanagerplus.com,Android,Corporate,Android_Group,
 
Note : 
     1. The CSV file should contain the following fields: User Name, Domain Name, Email Address, Platform Type, Owned By, Group Name
     2. The fields User Name, Email Address and Platform Type are mandatory. All the other fields are optional. If not provided, default values will be taken

     3. The default values for various non-mandatory fields are: 
               Domain Name -- MDM
               Owned By -- Corporate
               Group Name -- Default Group for given Owned By & Platform Type.
     4. The first line of the CSV is the column header and the columns can be in any order.
     5. Blank column values should be comma separated.
     6. If the column value contains comma, it should be specified within quotes.

Follow the steps mentioned below, to enroll devices through Bulk Enrollment.

  1. On the web console, navigate to Enrollment

  2. Click  Bulk Enrollment. A window opens, click Browse to upload the created CSV file and Import the same.

    Enrollment mail will be sent to all the users listed in the csv file.

Enrollment Process on Android devices

The users, upon receiving the enrollment requests, can enroll their device as mentioned below:

User needs to copy the Server Name, Port Number and passcode given in the email. The following steps will explain you the enrollment process on the android device. If the user's device is a normal android device, ME MDM App for android devices will be downloaded. If the user's device is a SAFE device, then an ME MDM App that has been exclusively designed for SAFE devices will be downloaded. ME MDM App for SAFE devices has advanced management capabilities unlike normal android devices.

  1. Users will receive a mail for enrollment and will have to click on the link in the email, to start the enrollment process.

  2. When Mobile Device Manager Plus recognizes the device as normal android device or SAFE device, the user will be automatically directed to the App's PlayStore page and the appropriate App can be downloaded.
    If Mobile Device Manager Plus is unable to identify the device, user will be provided with a link which explains the list of SAFE devices. User can refer to the link and determine if the device is SAFE or not. On choosing to download the appropriate App, the user will be directed to the App's PlayStore page from which the App can be downloaded.

  3. Once the download has been successful, user will have to click on the downloaded app to install it.

  4. After the installation completes, user should open the App.

  5. User needs to provide the One Time password or AD/Azure credentials after opening the App. This depends on the authentication type, if two factor authentication is enabled, then user will have provide both the OTP as well as the AD/Azure credentials.

  6. User should accept the terms and conditions by clicking continue

  7. Users need to enable Device Administrator on their mobile device and click Activate

  8. Users can see that the device has been enrolled successfully.

  9. ME MDM App icon will be listed on the mobile device.

  10. By clicking the MDM App icon, MDM App opens and the end user can see the distributed Apps and associated profiles listed here.

Apps that are distributed by ME MDM will be listed in App Catalog. Profiles that are associated to the devices will be listed under Policies and Restrictions. Device Details will provide the complete information about the device.  

Removing an Enrolled Device

  1. On the web console, navigate to Enrollment

  2. Click on Devices tab

  3. Click Search button and search for the device by using its known properties( user name, device name etc)

  4. Click on Action button and select Remove Device

  5. In the confirm box that appears, click OK.

Removing the device will remove all the profiles and apps associated with the device. However, ME MDM App in the device will not be removed. Users must manually remove the app if required.

Click here to know about the ports to be opened for managing mobile devices.

See Also: Device Authentication,Enroll iOS Devices, Enroll KNOX Devices, Enroll Windows Devices, Self Enrollment,Customize ME MDM App
Copyright © 2019, ZOHO Corp. All Rights Reserved.
ManageEngine