Enrollment is the first step in managing mobile devices using Mobile Device Manager Plus (MDM). It involves onboarding the device to the MDM Server for further management. MDM offers multiple enrollment methods pertaining to every organization and their needs. For instance, organizations that provide devices to employees can use admin enrollment methods such as Zero Touch Enrollment (ZTE), Knox Enrollment (KME), EMM Token or Apple Business Manager (ABM) enrollment methods to gain complete control over the corporate owned devices. Whereas organizations that deploy personally owned devices (BYOD) can utilize enrollment methods such as Enrollment through invites or Self Enrollment method to ensure control only over the corporate data and apps on the devices. You can customize the enrollment settings by navigating to the Enrollment tab -> Enrollment Settings on the MDM Server.
In order to complete enrollment, users must be assigned to the devices. While assigning users, it is important to authenticate the users to ensure only authorized users can enroll their devices. You can configure the authentication type to be used during enrollment in the Authentication tab. You can choose any of the authentication types given below:
MDM allows you to limit the OS versions from which enrollment should be allowed for devices. Administrators can specify the minimum OS versions that are allowed for enrollment. For example, admin can configure that only devices running on iOS 12 and above or Android 9 and above are allowed to enroll. The devices running below the specified OS versions will be automatically blocked from enrollment. This ensures that devices with outdated or unsupported OS versions are not enrolled into MDM.
Admins can deprovision the devices from MDM when a device is no longer in use or when an employee leaves the company. De-provisioning devices will completely erase all the corporate data present on the device. This helps to protect corporate data associated with unmanaged devices. In MDM, admins can configure certain settings to predefine the device deprovisioning process.
Note:
Note:G Suite should be configured. In case if you have already configured it, you need to re-authenticate and make sure that Manage data access permissions for users on your domain is enabled when the Google consent screen is prompted.
In case of corporate owned devices, admins can prevent users from revoking management through Supervision using ABM or Device Owner provisioning using ZTE or KME.
For personal devices, users cannot be completely restricted from revoking management. However, admins can take steps to stay informed when a user unmanages the device. To do this:
When these settings are enabled, if a user removes the ME MDM app from their personal device, the configured admin email(s) will receive a notification. Admins can also specify multiple email addresses to ensure notifications are sent to all relevant mailboxes.
MDM contacts the managed devices, once a day, to check for the availability of the devices even when there is no command to be executed. If any device remains unresponsive, it signifies that the device has lost contact with the MDM Server.
Below are the scenarios when a device may lose contact with the server. If the device is,
By default if no response is received from a device for more than 7 days, the device will be marked inactive. The admin can also specify the duration after which unresponsive devices will be marked inactive in the Inactive Devices Policy. Admins can view the list of inactive devices in the Homepage dashboard on the MDM Console or as reports. Admins can also Schedule Inactive devices report by navigating to Reports tab -> Schedule Reports -> Add Schedule Report, to be notified of devices that have lost contact with the server via email.
Thank you for your feedback!
Sorry about that!