Self Enrollment


Bring Your Own Device (BYOD) has become an essential part of mobile device management. Enterprises today entertains BYOD as a part of business strategy to increase productivity. BYOD enables employees to access the corporate data anytime from anywhere. Which means more productivity as well as more risk. This is what forces, every enterprise to look out for a mobile device management solution which not only monitors the devices, distribute apps but also ensures that data security. Mobile Device Manager Plus provides you the leverage to manage employee owned devices and corporate devices at ease. You can create separate groups for managing employee's devices and impose polices and restrictions in such a way that the corporate data is always kept secure and protected.

Mobile Device Manager Plus provides an option for self enrollment, where the end users can enroll the devices by themselves. Follow the steps mentioned below to configure Self Enrollment settings. Ensure AD authentication is enabled for self enrollment to work. Self Enrollment process remains to be the same for iOS, Android and Windows devices. User should access the following URL from the device which needs to be enrolled http:<servername:portnumber>/mdm/enroll. The following steps will explain you on configuring self enrollment settings:

  1. Click  MDM Tab

  2. Under Settings in the left pane, click Enrollment

  3. Click Settings and configure the Self Enrollment settings

  4. Specify whether you wanted to enable or disable the self enrollment

  5. Click the check box to receive notifications when a device is enrolled using self enrollment.

  6. Specify the e-mail address to which the notification needs to be sent.

  7. Click Save

The devices which are self enrolled will be listed under the default groups, such as corporate or personal based on the operating system. Mobile Device Manager Plus has five default groups, they are Default_iOS_Corporate, Default_iOS_Personal, Default_Android_Corporate, Default_Android_Personal and Default_Windows_Corporate.  Apart from the default groups, you can also set any of the group that you have created as a default group. For example if you have created a new group for managing corporate iOS devices named iOS admin, you can set iOS admin as the default group, so that all the corporate  iOS devices which are enrolled henceforth will be listed under iOS admin.

When a new device is enrolled into a specific group, all the profiles and Apps distributed to that group will automatically be applied to the newly added device. This will ensure that all the policies and restrictions applied to the device as soon as it is enrolled. If any device is manually moved to the group, then the profiles and restrictions or Apps will not be applied. Similarly when a device is removed from a group or moved to a different group, the profiles or the Apps will not be revoked.

Change the Default Group for Self Enrollment

Follow the steps mentioned below to change the default group:

  1. Click on MDM tab

  2. Under Settings Click Enrollment

  3. Click Settings, and choose Groups for Enrolled Devices Under Self Enrollment

  4. Select the device type for which you wanted to change the default group and Click Edit Default Group button.
    All the groups available based on the operating system will be listed from which you can choose and save the default group.

Self Enrollment process on iOS devices

  1. End user uses the self enrollment URL, to access the Enrollment window

  2. The following information should be filled in.

    1. Email

    2. User Name

    3. Password

    4. Domain

    5. Owned By

  3. End user will be prompted to install the Mobile Device Manager Plus profile. Click Continue to complete the profile installation.

As soon as the device gets enrolled, users will receive an App catalog from where they can install apps that are distributed through Mobile Device Manager Plus. Administrators will also be notified that a new user has enrolled the device. If any specific profiles, or Apps were distributed  to the group where the device is enrolled, then the newly added device will automatically receive all the configurations and Apps applied to it.

Self Enrollment process on Android devices

  1. When the user access the self enrollment URL from a SAFE or KNOX device, then the ME MDM App that has been exclusively designed for SAFE or KNOX devices will be downloaded. If the URL is accessed from a  normal android device, then the appropriate App will be downloaded

  2. Once the download has been successful, user will have to click on the downloaded ME MDM App to install it

  3. After the installation completes, user should open the App

  4. User needs to provide the Active Directory credentials after opening the App

  5. User should specify the type of device as Corporate or Personal.

  6. User should accept the Terms and Conditions by clicking Continue

  7. Users need to enable Device Administrator on their mobile device and click Activate

  8. Users can see that the device has been enrolled successfully.

When a device gets enrolled, users will receive an App catalog from where they can install Apps that are distributed through Mobile Device Manager Plus. Administrators will also be notified that a new user has enrolled the device. If any specific profiles or Apps were distributed to the group where the device is enrolled, then the newly added device will automatically receive all the applied profiles and distributed Apps.

ME MDM App icon will be listed on all enrolled mobile devices. By clicking the MDM App icon, MDM App opens and the end user can see the distributed Apps and associated profiles listed here. Profiles that are associated to the devices will be listed under Policies and Restrictions. Device Details will provide the complete information about the device.

In case of KNOX devices, an exclusive KNOX container is created within the mobile device. By clicking the KNOX container icon, the user can access the corporate resources. Apps that are distributed by Mobile Device Manager Plus for the KNOX container can be accessed by clicking "Apps" icon within the container. By clicking the "Personal home" icon, the user can exit the KNOX container and view the personal data and apps in the device.

Self Enrollment process on Windows devices (windows 8.0 & 8.1)

Users can follow the steps mentioned below on their windows mobile device, to get their mobile devices enrolled with the Mobile Device Manager Plus  server. Users must access the self enrollment url and subsequently will be instructed to following the steps mentioned below:

  1. On the mobile device that needs to be enrolled, go to Settings

  2. Touch Company Apps (in windows 8) / Workplace  (in windows 8.1)

  3. Touch Add Account

  4. Enter the following details:

    1. Email Address: Specify your corporate email address (recommended email address)

    2. Password : Active Directory Password

    3. User name : Active Directory User Name

    4. Domain : Name of the Active Directory Domain

    5. Server : Specify the url <https://[MDMServerPath]:9383/mdm/wpdiscover/1>

  5. Touch Sign In

  6. It can be seen that the account has been added. Touch Done.

Users can see that they have successfully enrolled the windows device. As soon as the device is enrolled successfully, the device will be scanned automatically and the device details will be updated in the Mobile Device Manager Plus server. Users can see the hardware details and details of the Apps that are installed on the device. End User will receive an ME MDM App on the mobile device. All the devices enrolled via self enrollment will be listed under Default_Windows_Corporate. Administrator can choose to modify it manually if required.



See Also: Device Authentication,Enroll iOS Devices, Enroll Android Devices, Enroll KNOX Devices, Enroll Windows Devices,Customize ME MDM App



Copyright © 2005-2015, ZOHO Corp. All Rights Reserved.