Mobile Device Manager Plus provides an option for Self Enrollment, wherein the end users can enroll devices by themselves. This is helpful in scenarios when you want to ensure data security on personally owned devices which access corporate data, ie, BYOD/COPE devices. Follow the steps mentioned below to configure Self Enrollment settings. Ensure that AD/Azure authentication is enabled for Self Enrollment to work. The Self Enrollment process remains the same for iOS, Android and Windows devices. Users should access the following URL from the device which needs to be enrolled:
The following steps needs to be performed to enable Self Enrollment:
In the case of MDM Cloud, when users try to self enroll the device, they will be prompted to sign up and create an account with Zoho. On successful account creation, they will receive an email, to register their account and join the organization. An email with the OTP and the enrollment invite will be sent to the users.
On-prem:
Users will get an authentication prompt where they should enter email, username and password. Additionally, if more than one AD is integrated then users can select the AD in dropdown and authenticate.
Cloud:
A specific AD can chosen for authentication in MDM Server. Users will be redirected to the corresponding AD, once it is authenticated the enrollment process will continue.
The self enrollment URL is usually shared across the organization and any device can be enrolled with the URL as it is device/ user independent. Thus, administrators may want to restrict self enrollment to specific AD groups. MDM allows you to restrict self enrollment only to specific AD groups, ensuring only specific devices get enrolled with MDM. Follow the steps specified below to restrict self enrollment:
Self-enrollment can be restricted to certain platforms. For example, admin may choose only to allow self-enrollment on specific platforms such as iOS or Android and restrict it on others. This can be done to maintain security and control over the enrollment process. While configuring Self Enrollment, admin can select the platforms that they want to restrict from enrollment.
Self Enrollment allows users to enroll multiple devices without any admin intervention. While it reduces admin intervention, allowing users to enroll multiple devices could lead to security concerns in organizations and hence most organizations prefer restricting the number of devices that can be enrolled per user. MDM allows admins to regulate the number of devices that can be enrolled by the user.
While configuring Self enrollment, admins can enter the number of devices that can be enrolled per user under the option Number of devices per user. This will ensure the user can access the URL only to enroll the specified number of devices.
The devices which are enrolled need to be added to groups. When devices are enrolled using Self Enrollment, we can choose the groups to which the devices will be added upon enrollment.
When a new device is enrolled into a specific group, all the profiles and apps distributed to that group will automatically be applied to the newly added device. This will ensure that all the policies and restrictions applied to the device as soon as it is enrolled.
If no groups are added while configuring Self Enrollment,the devices will be considered as unassigned. In this case, the devices will not be part of any group and will be considered as individual devices. Therefore, these devices will not receive any of the profiles or apps upon enrollment. Follow the steps given here to manually add the devices to Groups.
It is recommended to promote Self Enrollment to users by publishing/promoting the Self Enrollment URL, through the internal forums, blogs, mails to reach more users.
As soon as the device gets enrolled, users will receive an App catalog from where they can install apps that are distributed through Mobile Device Manager Plus. Administrators will also be notified that a new user has enrolled the device. If any specific profiles, or apps are distributed to the group where the device is enrolled, then the newly added device automatically receives all the configurations and apps applied to the group.
ME MDM app icon will be listed on all enrolled mobile devices. By clicking the ME MDM app icon, MDM app opens and the end user can see the distributed Apps and associated profiles listed here. Profiles that are associated to the devices will be listed under Policies and Restrictions. Device Details will provide the complete information about the device.
In case of Knox devices, an exclusive Knox container is created within the mobile device. By clicking the Knox container icon, the user can access the corporate resources. Apps that are distributed by Mobile Device Manager Plus for the Knox container can be accessed by clicking "Apps" icon within the container. By clicking the "Personal home" icon, the user can exit the Knox container and view the personal data and apps in the device.
Users can follow the steps mentioned below on their windows mobile device, to get their mobile devices enrolled with the Mobile Device Manager Plus server. Users must access the self enrollment url and subsequently will be instructed to following the steps mentioned below:
Users can see that they have successfully enrolled the windows device. Upon device enrollment, the ME MDM app will be available in the device. Distributed profiles and apps can be viewed from this app. Once the enrollment is completed, the admin will be notified.
Thank you for your feedback!
Sorry about that!