How to enroll Android devices with MDM?
Mobile Device Manager Plus allows organizations to manage commericial and rugged devices. The first step to Android device management is to register the Android device with MDM. Mobile Device Manager Plus provides multiple Android device enrollment methods to meet the varying needs of organizations. With the advent of Android Enterprise, several features and configurations have been added that secure the devices and make them cater to the needs of an organization. Additionally, ManageEngine is recognized by Google as Android Enterprise Gold Partner.
Personal Owned Devices
For personal devices, Android Enterprise employs the Profile Owner method. This approach involves creating a Work profile, which acts as a container that separates the personal and corporate spaces on the device. In this scenario, organizations have complete control over the work profile without affecting the users privacy. Profile Owner, while offering robust control over the work profile, supports fewer features compared to Device Owner.
If the device is enrolled in Mobile Device Manager Plus through self-enrollment or enrollment through invites, it is automatically provisioned as Profile Owner.
Some of the main features supported by Profile Owner
- Preventing the sharing of data from work profile to personal profile.
- Restricting the installation/uninstallation of apps.
- Restricting screen capture in the work profile.
Corporate Owned Devices
For corporate-owned android devices, MDM provides two types of management: Full device and Workspace management. These are the enrollment methods available for corporate devices:
- Zero Touch Enrollment (ZTE)
- Samsung Knox Mobile Enrollment (KME)
- QR code Enrollment
- NFC Enrollment
- Android Debug Bridge (ADB)
Confused about the correct enrollment technique to be used for enrolling devices in your organization? Click here to know what is the most optimal enrollment technique, for your scenario.
Full Device Management
For corporate-owned devices, the recommended management method is to provision them as Device Owner or Full Device Management type. This ensures that the organization has full control over the device, essentially owning it. Device Owner or Full Device Management provides enhanced features, guaranteeing comprehensive control over the device and safeguarding confidential data from unauthorized access. It supports all the features available in Profile Owner and has additional capabilities for more extensive device management.
Some of the features supported by Device Owner
- Additional restrictions such as restricting device reset, modifying settings, etc.,
- Silent app installation
- Blocklisting/Allowlisting apps
The complete set of restrictions supported by Device Owner can be viewed here.
Workspace Management
In situations where a device is both corporate-owned and personally enabled, Android Enterprise introduces Workspace Management. A work profile is created on the devices that effectively separates personal and corporate data, offering control over the corporate data without influencing the personal side. Workspace Management is a versatile approach that combines elements of both Profile Owner and Device Owner to ensure comprehensive security and management of corporate assets on personally enabled devices.
Benefits of Workspace management in corporate owned devices:
- Users cannot remove the Work Profile from the device
- The Admin can perform Complete Wipe on the device.
- The Enterprise Factory Reset Protection policy can be applied to the device.
To know more about the feature comparison between all three management types, click here
Removing an Enrolled Device
- On the web console, navigate to Enrollment.
- Click on Devices tab.
- Click Search button and search for the device by using its known properties (user name, device name etc).
- Click on Action button and select Remove Device.
- In the confirm box that appears, click OK.
Removing the device will remove all the profiles and apps associated with the device. However, ME MDM App in the device will not be removed. Users must manually remove the app if required.
Click here to know about the ports to be opened for managing mobile devices.