Device Enrollment
Enrollment is the first step towards managing devices using Mobile Device Manager Plus MSP(MDM). Enrollment consists of two steps: onboarding the device to the MDM server and assigning users to these devices. The former is required to manage them while the latter is required for applying user-specific policies. There are multiple enrollment methods supported by MDM, to support the various needs in an enterprise. Some of the enrollment methods are specific to the platform, while some are common for all platforms. In certain methods, the user assignment is done as a part of the on-boarding while in other methods, the user assignment can be done after the enrollment has been done. Further, MDM also provides the option of allowing the device users to perform the user assignment instead of the administrator. Further, you can choose to assign users in bulk as well, making the enrollment completion a seamless process. The following table explains the various enrollment methods supported by MDM:
ENROLLMENT METHOD | DESCRIPTION | SCENARIO | SUPPORTED PLATFORM(S) | USER ASSIGNMENT TYPE |
---|---|---|---|---|
Enrollment invites(E-mail/QR Code/SMS) | The IT administrator can create enrollment invites using MDM, which then send to the device users who can then enroll the devices. | The number of devices to be enrolled are relatively less and the devices are already with the employees. | All platforms | User assignment is done by the IT administrators when the enrollment invites are created. |
Self-Enrollment | The IT administrator creates a common enrollment URL, which can then be accessed by the device users to enroll devices by themselves. Know more about Self Enrollment | The number of devices are already with the employees and is large in number. You also need to have directory services such as Active Directory etc. | All platforms | User assignment is done by the users themselves, when enrolling the device. |
Apple Device Enrollment Program (DEP) | The IT administrator integrates the DEP portal with the MDM server and adds the devices that are in the company stock/inventory to the DEP portal, which in turn gets enrolled with MDM. The IT administrator gets additional management capabilities when enrolled via Apple DEP as the devices are considered as Supervised devices. Know more about Apple DEP | A large organization which hands over corporate-owned iOS devices to the employees for their work and thus, wants additional management capabilities | iOS/macOS | User assignment can be done either by the Admin after the enrollment or by the user during device activation. Enrollment is complete only after user assignment and device activation |
Apple Configurator | The IT administrator uses the application present in Mac machines, to which the iOS devices to be managed are connected and subsequently get enrolled with MDM. The IT administrator gets additional management capabilities when enrolled via Apple Configurator as the devices become Supervised. Know more about Apple Configurator | If you have devices which cannot be enrolled with DEP but want Supervision, you can use Apple Configurator. | iOS/tvOS | User assignment is done by the Admin after the enrollment, on the MDM server. |
Zero Touch Enrollment | The IT administrator integrates the Zero Touch portal with the MDM server and adds the devices that are in the company stock/inventory to the Zero touch portal, which in turn gets enrolled with MDM. The IT administrator gets additional management capabilities when enrolled via Zero Touch, as the devices are provisioned as Device Owner. Know more about Zero touch Enrollment. | A large organization which hands over corporate-owned Android devices to the employees for their work and thus, wants additional management capabilities. | Android | User assignment is done by the Admin after the enrollment, on the MDM server. |
EMM Token Enrollment | The IT administrator or the user needs to provide the DPC identifier as the Google account and then scan a specific QR code to enroll the device with MDM. Know more about EMM token Enrollment | If you have devices which cannot be enrolled via Zero Touch enrollment but want to provision devices as Device Owner, you can use EMM token enrollment. | Android | User assignment is done by the Admin after the enrollment, on the MDM server. |
NFC Enrollment | The IT administrator needs to have an Admin with MDM Admin app installed, using which other devices can be enrolled using an NFC tap. Know more about NFC Enrollment | If you have devices which cannot be enrolled via Zero Touch enrollment/EMM token enrollment but want to provision devices as Device Owner. Also, if you want to enroll devices without Google services as Device Owner. | Android | User assignment is done by the Admin after the enrollment, on the MDM server. |
Android Debug Bridge(ADB) | The IT administrator needs to connect the devices to be managed to a Windows machine and enroll the devices. Know more about ADB | If you have devices which cannot be enrolled via Zero Touch enrollment/EMM token enrollment/NFC but want to provision devices as Device Owner. Also, if you want to enroll devices without Google services as Device Owner. | Android | User assignment is done by the Admin after the enrollment, on the MDM server. |
Knox Enrollment | The IT administrator integrates the Samsung Knox portal with the MDM server and adds the devices that are in the company stock/inventory to the Knox portal, which in turn gets enrolled with MDM. The IT administrator gets additional management capabilities when enrolled via Knox. Know more about Samsung Knox enrollment. Know more about Knox Enrollment | If you have Samsung devices which are Knox-capable and are to be enrolled in bulk, you can use Knox enrollment. | Android | User assignment is done by the Admin after the enrollment, on the MDM server. |
ICD Enrollment | The IT administrator needs to connect the Windows devices to be managed to a Windows machine and enroll the devices. Know more about ICD Enrollment | A large organization which hands over corporate-owned Windows devices to the employees for their work and thus, wants additional management capabilities. | Windows | User assignment is done by the Admin after the enrollment, on the MDM server. |
Laptop Enrollment | The IT administrator needs to install a batch file on the machine to be enrolled and then initiate enrollment.Know more about Laptop Enrollment | A large organization which hands over corporate-owned Windows laptops/desktops to the employees for their work and thus, wants additional management capabilities. | Windows | User assignment is done by the Admin after the enrollment, on the MDM server. |
Windows AutoPilot | The IT administrator needs to configure the AutoPilot settings to initiate bulk enrollment of Windows devices. Know more about Self Enrollment | A large organization which is already using Azure. | Windows | User assignment is done by the Admin after the enrollment, on the MDM server. |
Categories of Enrolled Devices
Devices in every organization have a certain lifecycle, whereby there are chances where the devices are under maintenance, retired etc., Further, there are always cases where the devices have been enrolled in advance with MDM and the users are assigned when a new employee joins the organization. For such cases, MDM lets you easily identify these devices using the enrollment categories explained below:
- Managed: These are the devices which have been completely enrolled and ready for MDM management.
- Staged: This category includes devices which have been retired, back in stock or in repair. You can assign such statuses when you Know more about Self Enrollmentde-provision a device from MDM management. This category also includes those devices, which have not been activated yet and/or have not been assigned users.
- Pending Enrollment: These are those devices for which the enrollment has initiated by creating an enrollment invite but the enrollment is yet to take place.
Note:
If enrollment fails due to connectivity issues or device-based problems, click on the method of enrollment used, and select 'Remove device'. Once this is done, re-try the enrollment process. If the issue persists, contact support.