pdf icon
Category Filter

Enroll Android devices using QR Code Enrollment

MDM solutions offer a variety of enrollment methods to simplify the device onboarding process and provide complete management and security capabilities for corporate-owned devices. For devices that require complete management but cannot be enrolled via ZTE, KME or NFC, QR code enrollment can be used. QR Code enrollment is a quick and easy onboarding method with minimal user interaction.

Pre-requisites for QR Code Enrollment

  • The device must be running Android 6.0 or above.
  • The device must be new or factory-reset.
  • The device must be Google certified. You can check if the device is Google certified by navigating to Play Store -> Settings -> Play Protect certification. Check for the device is certified status.

How QR Code Enrollment works?

Older Version (Single QR Code)

There are three major steps in enrolling devices using EMM token. They are:

  1. Install ME MDM app on the device
  2. If the device is already in use, factory reset the device. Specify the Google account requested during initial setup as afw#memdm. This is the EMM token or the DPC identifier, which automatically installs ME MDM app on the device. If the device is new, boot up the device and provide EMM token as the Google account.

  3. Based on the Android OS version, choose either of the methods given below
  • Enroll the device by scanning QR code (For devices running Android 6.0 or above)
  • Once the installation is complete, the ME MDM app opens automatically. Click on Scan QR and permit ME MDM app to access the device camera. Scan the QR code given on the MDM sever to complete enrollment.

  • Advanced QR Code Enrollment (Recommended for Android running 9.0 or above)
    1. For devices running Android 8.0 or later versions, entering the EMM token as the Google account can be skipped optionally. On tapping the Welcome screen 6 times, the setup wizard prompts to configure Wi-Fi settings for the device to contact the MDM server. Once this is done,the QR Reader gets installed and opens automatically. The QR code shown on the MDM server can then be scanned to complete enrollment.
    2. For devices running Android 9.0 or later versions, Wi-Fi connection can be set up prior to device enrollment which implies both the steps: entering the EMM token as well as configuring the Wi-Fi settings can be skipped optionally. If the Wi-Fi is pre-configured, tapping the Welcome screen 6 times, automatically opens the QR Reader. Soon after the QR code is scanned, the device gets enrolled with MDM.

    Note:

    ME MDM supports hidden Wi-Fi network, which will work in the back end by default.

After enrolling the devices, the next step is to assign users. Check manual user assignment for detailed instructions on how to assign users.

New Version (Multiple QR Codes)

With QR code enrollment, you can onboard devices using enrollment templates. An Enrollment Template serves as a gateway where different QR codes are generated for each template. The template works as an entry point using which devices gets onboarded based on their usage, the policies they require, the department it belongs to, the naming conventions, and the asset owner.

Advantages of QR Code Enrollment

  • Bulk devices can be enrolled instantly with QR Enrollment Template.
  • Automate User Assignment helps in channelizing the device to its user and group automatically.
  • Minimum admin action required.

Preparation of enrollment templates

Tagging Multiple Devices to a Common User

Kiosk devices, purpose-built for frontline workers, serve a specific function and are often limited to a predetermined set of applications. Although these devices cater to a wide audience, they're ultimately owned by their parent organization. To ensure efficient utilization and management of these devices, they are generally assigned to a specific group, such as a department or a team. In addition, they are typically assigned to a designated manager, asset owner, or common user who has the responsibility to oversee the devices' usage and maintenance.

By preparing this Enrollment Template, you can assign the device to a Single User to manage the device, a departmental group to facilitate necessary policies, apps and a device naming convention.

How to tag Multiple Devices to a Common User

Create an enrollment template to assign multiple devices to a single user.

  1. On the MDM web console, click Enrollment.
  2. Select QR Code Enrollment under Android.
  3. Click New Template.
  4. Select Assign Devices > To Single User.
  5. Click Save.

With Single User enabled, once the device activation is completed and the template QR code is scanned, the device gets automatically assigned to the user and the group if the group is associated with the template. The device will then automatically get the apps and profiles it needs from the group to which it belongs.
 
Management type

Select the management type of the devices:

  • Full Device Management: Admin has full control over the device.
  • Workspace Management: Admin can manage only the corporate apps and data by creating a separate work container on the device. 

Enable Users to enroll using Directory Credentials

You can enable users in your organization to enroll devices using their directory credentials. To facilitate it, you can integrate different directory services such as Active Directory, Azure, and Okta. Once the directory credentials are provided, the devices are automatically assigned to the authenticating user and user group. Ensure that Directory authentication is enabled for QR Code enrollment.

How to tag individual devices

Create an enrollment template to assign Individual devices to its users using Directory Authentication.

  1. On the MDM web console, click Enrollment.
  2. Select QR Code Enrollment under Android.
  3. Click New Template.
  4. Select Assign Devices > by Directory Authentication.
  5. Click Save.

With Directory Authentication enabled, once the device activation is done and the template QR code is scanned, the individual user will be prompted to provide their Directory Credential to complete the device onboarding.

Enroll and Assign Devices Individually

For corporate-owned, user-associated devices without Directory Authentication, the admin can use a template with manual assignment. A template with manual user assignment is the default template, and user assignments for devices that use a manual template can be done individually or in bulk.

On the MDM server, click on the Enrollment tab and select QR Code Enrollment under Android. The devices enrolled via QR Manual Template are listed under Staged Devices, awaiting user assignment.

You can assign a user to a single device by clicking on the Assign User option present under Action or assign users in bulk to multiple devices by clicking on the Assign Users button shown on top and uploading a CSV with the required user details.

Sample CSV Format

USER_NAME,DOMAIN_NAME,EMAIL_ADDRESS,GROUP_NAME,UDID,IMEI,SERIAL_NUMBER,DEVICE_NAME,PHONE_NUMBER,Enrolled_Time

    Note:
  • The CSV file should contain the following fields : User Name, Domain Name, Email Address, Group Name, UDID, Serial Number, Device Name, Phone Number, Enrolled Time.
  • The fields User Name, Email Address, and Platform Type are mandatory. All the other fields are optional. If not provided, default values are taken.
  • The default values for various non-mandatory fields are : Domain Name ‑ MDM, Owned By ‑ Corporate, Group Name ‑ Default Group for given Owned By & Platform Type.
  • The first line of the CSV is the column header and the columns can be in any order.
  • Blank column values should be comma separated.
  • If the column value contains a comma, it should be specified within quotes.

Activating the device

Configuring a Wi-Fi network

You can choose to set up a Wi-Fi network so that you don't have to set it up manually when you turn on the device.

For Android 6.0 +

  1. Activate ‑ On a new/factory reset device running Android 6.0 or later, specify the Google account requested during the initial setup as afw#memdm. This DPC identifier automatically installs the ME MDM app on the device.
  2. Enroll ‑ Once the ME MDM app is installed, select the appropriate Enrollment Template from the list of templates in the drop-down and scan the QR code in the template.
  3. Provision ‑ Assigning devices to an Individual user/technician/group is based on the option selected under Assign Users by the IT admin while creating an Enrollment Template.

For Android 9.0 +

  1. Activate and Enroll ‑ On a new/factory reset device running Android 9.0 or later, tap the Welcome screen 6 times to access the device camera and scan the QR code in the Enrollment Template.
  2. Provision ‑ Assigning devices to an Individual user‑technician‑group is based on the option selected under Assign Users by the IT admin while creating an Enrollment Template.
    Note:
  • When a Wi-Fi configuration is added or changed on Android 9.0+, the QR code on the enrollment template also gets modified.

Modify or Delete a Template

On the QR Code Template under the Enrollment tab, you can modify or delete a template.

You can modify a template to alter the associated configurations. Remember, modifying the template does not change the QR code associated with that template.

Similarly, you can delete a template where the QR code associated with that template will become invalid and the template will be removed from the MDM console.

Roles and Permissions

The Enrollment module permissions configured as Full control, Write, or Read follows as given in the table below.

Action Full Control Write Read
Create Enrollment Templates Yes No No
Modify/Delete Templates Yes, both theirs and other's templates No No
Enroll using QR templates for their scope Yes Yes no
Assign Users for Enrolled devices in staged view Yes Yes No
  • Users with administrative privileges within the assigned group can modify or delete templates, while those without such privileges cannot.

FAQs

  1. Why another template with manual user assignment cannot be created?
  2. Manual template is a default template and multiple manual templates cannot be created.

  3. What happens to the devices enrolled using a particular template if the template is deleted?
  4. The devices enrolled to the MDM server will remain the same but the QR code of the template becomes invalid.

  5. Who can modify/delete a template?
  6. The administrator and anyone who has full control access to the enrollment module can modify/delete a template.

  7. Can re-assign userbe done manually though the device is enrolled using Automate User Assignment Template?
  8. Yes, you can re-assign the user by clicking re-assign user under Devices tab.

 

Jump To