Device Enrollment

Enrollment is the first step towards managing devices using Mobile Device Manager Plus(MDM). Enrollment consists of two steps: onboarding the device to the MDM server and assigning users to these devices. The former is required to manage them while the latter is required for applying user-specific policies. There are multiple enrollment methods supported by MDM, to support the various needs in an enterprise. Some of the enrollment methods are specific to the platform, while some are common for all platforms. In certain methods, the user assignment is done as a part of the on-boarding while in other methods, the user assignment can be done after the enrollment has been done. Further, MDM also provides the option of allowing the device users to perform the user assignment instead of the administrator. Further, you can choose to assign users in bulk as well, making the enrollment completion a seamless process. The following table explains the various enrollment methods supported by MDM:

ENROLLMENT METHOD DESCRIPTION SCENARIO SUPPORTED PLATFORM(S) USER ASSIGNMENT TYPE
Enrollment invites(E-mail/QR Code/SMS)

The IT administrator can create enrollment invites using MDM, which then send to the device users who can then enroll the devices.

The number of devices to be enrolled are relatively less and the devices are already with the employees.

All platforms

User assignment is done by the IT administrators when the enrollment invites are created.

Self-Enrollment

The IT administrator creates a common enrollment URL, which can then be accessed by the device users to enroll devices by themselves. Know more about Self Enrollment

The number of devices are already with the employees and is large in number. You also need to have directory services such as Active Directory etc.

All platforms

User assignment is done by the users themselves, when enrolling the device.

Apple Device Enrollment Program (DEP)

The IT administrator integrates the DEP portal with the MDM server and adds the devices that are in the company stock/inventory to the DEP portal, which in turn gets enrolled with MDM. The IT administrator gets additional management capabilities when enrolled via Apple DEP as the devices are considered as Supervised devices. Know more about Apple DEP

A large organization which hands over corporate-owned iOS devices to the employees for their work and thus, wants additional management capabilities

iOS/macOS

User assignment can be done either by the Admin after the enrollment or by the user during device activation. Enrollment is complete only after user assignment and device activation

Apple Configurator

The IT administrator uses the application present in Mac machines, to which the iOS devices to be managed are connected and subsequently get enrolled with MDM. The IT administrator gets additional management capabilities when enrolled via Apple Configurator as the devices become Supervised. Know more about Apple Configurator

If you have devices which cannot be enrolled with DEP but want Supervision, you can use Apple Configurator.

iOS/tvOS

User assignment is done by the Admin after the enrollment, on the MDM server.

Zero Touch Enrollment

The IT administrator integrates the Zero Touch portal with the MDM server and adds the devices that are in the company stock/inventory to the Zero touch portal, which in turn gets enrolled with MDM. The IT administrator gets additional management capabilities when enrolled via Zero Touch, as the devices are provisioned as Device Owner. Know more about Zero touch Enrollment.

A large organization which hands over corporate-owned Android devices to the employees for their work and thus, wants additional management capabilities.

Android

User assignment is done by the Admin after the enrollment, on the MDM server.

EMM Token Enrollment

The IT administrator or the user needs to provide the DPC identifier as the Google account and then scan a specific QR code to enroll the device with MDM. Know more about EMM token Enrollment

If you have devices which cannot be enrolled via Zero Touch enrollment but want to provision devices as Device Owner, you can use EMM token enrollment.

Android

User assignment is done by the Admin after the enrollment, on the MDM server.

NFC Enrollment

The IT administrator needs to have an Admin with MDM Admin app installed, using which other devices can be enrolled using an NFC tap. Know more about NFC Enrollment

If you have devices which cannot be enrolled via Zero Touch enrollment/EMM token enrollment but want to provision devices as Device Owner. Also, if you want to enroll devices without Google services as Device Owner.

Android

User assignment is done by the Admin after the enrollment, on the MDM server.

Android Debug Bridge(ADB)

The IT administrator needs to connect the devices to be managed to a Windows machine and enroll the devices. Know more about ADB

If you have devices which cannot be enrolled via Zero Touch enrollment/EMM token enrollment/NFC but want to provision devices as Device Owner. Also, if you want to enroll devices without Google services as Device Owner.

Android

User assignment is done by the Admin after the enrollment, on the MDM server.

Knox Enrollment

The IT administrator integrates the Samsung Knox portal with the MDM server and adds the devices that are in the company stock/inventory to the Knox portal, which in turn gets enrolled with MDM. The IT administrator gets additional management capabilities when enrolled via Knox. Know more about Samsung Knox enrollment. Know more about Knox Enrollment

If you have Samsung devices which are Knox-capable and are to be enrolled in bulk, you can use Knox enrollment.

Android

User assignment is done by the Admin after the enrollment, on the MDM server.

ICD Enrollment

The IT administrator needs to connect the Windows devices to be managed to a Windows machine and enroll the devices. Know more about ICD Enrollment

A large organization which hands over corporate-owned Windows devices to the employees for their work and thus, wants additional management capabilities.

Windows

User assignment is done by the Admin after the enrollment, on the MDM server.

Laptop Enrollment

The IT administrator needs to install a batch file on the machine to be enrolled and then initiate enrollment.Know more about Laptop Enrollment

A large organization which hands over corporate-owned Windows laptops/desktops to the employees for their work and thus, wants additional management capabilities.

Windows

User assignment is done by the Admin after the enrollment, on the MDM server.

Windows AutoPilot

The IT administrator needs to configure the AutoPilot settings to initiate bulk enrollment of Windows devices. Know more about Self Enrollment

A large organization which is already using Azure.

Windows

User assignment is done by the Admin after the enrollment, on the MDM server.

Categories of Enrolled Devices

Devices in every organization have a certain lifecycle, whereby there are chances where the devices are under maintenance, retired etc., Further, there are always cases where the devices have been enrolled in advance with MDM and the users are assigned when a new employee joins the organization. For such cases, MDM lets you easily identify these devices using the enrollment categories explained below:

Note:

If enrollment fails due to connectivity issues or device-based problems, click on the method of enrollment used, and select 'Remove device'. Once this is done, re-try the enrollment process. If the issue persists, contact support.

Copyright © 2020, ZOHO Corp. All Rights Reserved.
ManageEngine