Enrollment is the first step in managing devices using Mobile Device Manager Plus (MDM). It involves onboarding the device to the MDM Server for further management. MDM offers multiple enrollment methods pertaining to every organization and their needs. For instance, organizations that provide devices to employees can use admin enrollment methods such as Zero Touch Enrollment (ZTE), Knox Enrollment (KME), EMM Token or Apple Business Manager (ABM) enrollment methods to gain complete control over the corporate owned devices. Whereas organizations that deploy personally owned devices (BYOD) can utilize enrollment methods such as Enrollment through invites or Self Enrollment method to ensure control only over the corporate data and apps on the devices. You can customise the enrollment settings by navigating to the Enrollment tab -> Enrollment Settings on the MDM Server.
In order to complete enrollment, users must be assigned to the devices. While assigning users, it is important to authenticate the users to ensure only authorized users can enroll their devices. You can configure the authentication type to be used during enrollment in the Authentication tab. You can choose any of the authentication types given below:
- Using One Time Passcode
- Authentication using Directory Services or Zoho Authentication
- Combination of both of the above
Unmanaged device notification
The ME MDM app or MDM profile must be present on the device for continued management. In some cases, the user may try to unmanage the device and prevent the admins from managing it any further by removing the ME MDM app or MDM profile from the device. In case of corporate owned devices, admins can prevent users from revoking management through Supervision using ABM or Device Owner provisioning using ZTE or KME. But for personal devices, since users cannot be restricted completely from revoking management, admins can instead make sure that they are notified when a user unmanages the device by enabling the option Notify when device becomes unmanaged. Admins can enter more than one email address if the notifications have to be sent to multiple mailboxes.
Inactive Device Policy
MDM contacts the managed devices, once a day, to check for the availability of the devices even when there is no command to be executed. If any device remains unresponsive, it signifies that the device has lost contact with the MDM Server.
Below are the scenarios when a device may lose contact with the server. If the device is,
- switched off.
- not connected to the Internet.
- factory reset and is unmanaged.
- removed from management by the user when it did not have internet connectivity.
- connected to any network, internal or otherwise, that blocks certain URLs thereby preventing the device from contacting the MDM server. To verify this, try accessing mdm.manageengine.com from the device browser.
By default if no response is received from a device for more than 7 days, the device will be marked inactive. The admin can also specify the duration after which unresponsive devices will be marked inactive in the Inactive Devices Policy. Admins can view the list of inactive devices in the Homepage dashboard on the MDM Console or as reports. Admins can also Schedule Inactive devices report by navigating to Reports tab -> Schedule Reports -> Add Schedule Report, to be notified of devices that have lost contact with the server via email.