MDM Enrollment: Onboarding Guide for Android Devices
Mobile devices have become a vital component of any modern workplace. Enterprises raise management demand and apply device management solutions to cover various device types and platforms. Whatever they use, device enrollment is a must-go road.
MDM(Mobile Device Management) enrollment methods are many and are different based on deployment needs. In this article, we will explore the common ways for enrolling Android devices and how to proceed.
- Part 1 : What is MDM Enrollment?
- Part 2 : 4 Common Methods to Enroll Devices with MDM
- Part 3 : Preparing for MDM Device Enrollment
- Part 4 : How to Start MMDM Enrollment for Android?
- Part 5 : How to check MDM Enrollment Status?
- Part 6 : 9 Common Issues of Enrollment Failure
- Part 7 : Tips for Successful MDM Enrollment Process
- Part 8 : FAQs
1What is MDM Enrollment?
Mobile Device Management enrollment is like giving a device pass to enter your organization's network protected by an MDM solution.
During enrollment, the MDM system associates the device with its user and installs the necessary applications to enable advanced device configuration. Enrollment is the initial phase of managing and securing devices within the organization.
Before enrollment, a foundation consisting of a company-wide device management agreement and administrator account for the MDM tool is essential.
First, an agreement needs to be formed. It is a fundamental document that enables administrators to shape the guideline for employee device enrollment. The company must obtain consent, especially for access to configure device settings via enrolling. It protects employees from potential misunderstandings and conflicts. In addition, it secures the workplace and data of the employer. Next, the IT department should set up the administrator console on an admin PC to deploy all devices in one place.
24 Common Methods to Enroll Devices with MDM
Most Android MDM software on the market provides the following enrollment methods.
It is a method that is suitable for most business scenarios. MDM administrators can enroll devices simply by installing the app package on the controlled end and then using a code to add them to the organization.
To download controlled end APK, AirDroid provides download resources directly in the console. The admin can send employees a file or link and complete the remaining step. Or, they can install the application via Google Play.
Device Owner Enrollment
Device Owner refers to the enterprise-used deployment feature of Android OS. As it comes to the enrolling process, this method allows IT admins to have more capabilities for device setting configuration. Mainly, it reflects in MDM features like Kiosk Mode and Policy.
Android Enterprise Enrollment
It is designed for GMS (Google Mobile Services) devices. And the key characteristic is that IT admins are able to manage Google Play apps as well as configure app settings in a more comprehensive and in-depth way.
Bulk Enrollment works on multiple devices simultaneously. This approach will streamline the deployment process with pre-configure settings and achieve an automated MDM enrollment effect.
Zero-touch enrollment is a practical implementation of bulk enrollment for Android devices. With it, organizations are able to automate the setup for enterprise devices before distributing them to end users.
Difference between Common MDM Enrollment Methods
Device Owner Enrollment
Android Enterprise Enrollment
|Available for most Android OS devices|| ● Android 5.0 or above|
● GMS / AOSP devices supported
| ● Android 7.0 or above|
● GMS device supported
|● Android 8.0 or above|
|Allow frequent device monitoring & remote control|| ● More Kiosk Mode & Policy capabilities|
● More features for pre-provision
● Enable enrolling via USB
| ● Available for Managed Google Play Store|
● More app management & configuration capabilities
|Streamline deployment at scale|
Note: This table is based on AirDroid Business. It might be different if you're using other MDM/EMM solutions.
3Preparing for MDM Device Enrollment
As an IT expert or administrator, you need to get ready for:
- Control End Device:
PCs and laptops are the most-used devices as control end.
- Controlled End Device:
Need to have the supporting application installed so that the admin can connect and manage devices.
- MDM Portal/Software:
The admin will need an account to log into the management console.
4How to Start MDM Enrollment for Android?
In this part, we will go through three MDM device enrollment methods. You can follow the step-by-step guide and get started on your device management trip.
Method 1: Regular Enrollment
Find "Device Enrollment" in AirDroid Business console. You can access it through "Device" in the top navigation bar.
In the dashboard, download resources for controlled end devices - the document and the link are placed.
You can choose one of them and install the accessory application (AirDroid Biz Daemon) on the devices you wish to manage.
It's worth noting that the download link with an exclusive ID num will make deployment easier. Your employees can use it to install Biz Daemon via the device browser and automatically join the organization when finishing the installation.
Method 2: Device Owner Enrollment
Same in the "Device Enrollment" menu. Click "The Enrollment via Device Owner" on the right, and you can see 6 times Tap and Enroll via USB.
For GMS Android devices, 6 times tap will be a better option for deployment. The guide is as follows:
- Starting up the new device.
- In the welcome interface, tap the screen 6 times.
- Open the device camera.
- Scan the QR code and proceed to install Biz Daemon.
- Grant permissions for Biz Daemon.
Method 3: Android Enterprise Enrollment
Devices that support Google Mobile Services can be deployed to the MDM solution via Android Enterprise. And the IT admin can manage and configure Google apps in an exclusive enterprise app library - Managed Google Play, with approved applications only.
How to enroll Android device with Android Enterprise Enrollment?
- Step 1.Find the entry in “Device Enrollment.”
- The path is as follows: Device > Device Enrollment > Android Enterprise Enrollment.
- Step 2.Bind the organization's Gmail account.
- Click the "Register/Bind with Gmail" button in the middle and jump to the page "Bring Android to Work." Next, tap SIGN IN and complete the setup.
- Step 3.Configure the Gmail account and enter "afw#setup" on the enrolling device.
- Power on the new machine or factory reset it and then restart. You will see the Gmail sign-in page on the screen. Enter "afw#setup" in the blank and proceed with the setting.
- Step 4.Create Provisioning Templates.
- This is a feature to help pre-configure device settings and apps before enrollment. Choose "Pre-install apps" > "+ Add App" > "Add from Managed Google Play Store." Now you can select applications that can be installed on the device.
- Step 5.Scan the QR code to download AirDroid Biz Daemon
- Use the enrolling device and scan the QR code in "Android Enterprise Enrollment > Enrollment Guide." And the application will install automatically.
- Step 6.Grant permissions for Daemon based on needs.
- Generally, you can authorize permissions for accessibility, files, Device admin apps, app usage data, app notifications, etc.
5How to Check MDM Enrollment Status?
All the enrolled devices can be viewed in the device list in the MDM console. Navigate to "Devices," and you can see "Device List" in the left column. Press "All Devices" or certain device groups, and the info on enrolled devices will show on the dashboard.
69 Common Issues of MDM Enrollment Failure
Deployment does not always go successfully, even if you're using the best mobile device management solution. Issues may occur during the enrolling process and here are nine common reasons that cause failure.
1. Incorrect Enrollment Credentials
You may need to enter a username, password, or enrollment token during the enrollment. And wrong credentials will make it fail.
2. Incompatible Device or OS Version
As you can see, there are several methods to deploy devices. Each method requires different a different device model and operating system version. Thus, you need to confirm the requirements so that to carry out a successful MDM device enrollment.
3. Network Connectivity Issues
Some supporting applications need to be downloaded during the process. Thus, the Internet is crucial, and stable connectivity will help.
4. MDM Server Issues
There could be many reasons for servers not to respond. For example, firewalls may block the MDM software from accessing the internet. Or an invalid, untrusted, or expired SSL certificate could also lead to enrollment issues.
5. Insufficient Device Storage
The enrollment process may fail if the device does not have enough storage space to install the MDM agent or required apps.
6. Device Restrictions
This is mainly related to the default factory configuration of the device. For instance, some mobile phones are being locked to a specific carrier, which is not allowed to use an MDM solution.
7. Incorrect MDM Configuration
Configuring device settings in advance is possible through a Policy or Koisk Mode file. In this way, while enrolling a device, those pre-set conditions can be applied to the device simultaneously. But, it could lead to failure if misconfigured.
8. Device Has Already Enrolled
If the device is already enrolled in another MDM solution or with a different account, it may not be possible to enroll it again without first unenrolling it.
9. User Error
Making mistakes is normal, especially if the admin is not familiar with the device management solution. Skipping steps might happen and cause failure.
7Tips for Successful MDM Enrollment Process
The enrollment process can be complex under certain conditions. To ensure no bottlenecks, admins can follow these tips to execute their tasks flawlessly.
1Choose a Powerful MDM Software
When choosing an MDM software, it is crucial to consider the diversity of its enrollment methods to accommodate various device types. AirDroid is a robust software solution that offers multiple enrollment methods to ensure a seamless deployment.
2Confirm OS Compatibilities
Ensure the controlled and controlled end devices have the latest operating system installed. They come with the features like Android Enterprise, Zero-touch compatibility, and recent security updates that enable them to function correctly with MDM software.
3Use Brand-new Device
This greatly reduces the probability of failure. Due to the complex app permissions of Android endpoints, MDM enrollment is likely to be affected by other applications.