Miradore Management Suite Portal

Support

Support

Knowledge base, self-service support

How to enroll work managed devices

Follow

Work managed devices is a corporate-liable deployment scenario where the enterprise or company owns and fully controls employee work devices. These deployments use the device owner mode of operation, in which the entire device is managed by installing Miradore Online client during initial setup of a new device or after a factory reset.

Requirements:

Once the requirements are met, administrators can provision Work-Managed Devices, and Miradore Online offers three different methods for installing and configuring our client during the device setup:

  • QR code
  • NFC
  • DPC token (afw#miradore)

 

Supported managed device provisioning methods
  QR code NFC afw#miradore token
Android 7 x x x

Android 6

  x x
Android 5   x  

 

QR code provisioning

The QR code provisioning is the most straightforward enrollment method that is supported in Android 7 devices. Administrator can display a QR code in Miradore Online and provision work managed devices by reading the QR code using device's camera. Start by navigating to Mobile management > Devices and click the Work managed device provisioning action. This redirects you to the work managed device provisioning page.

afw-work-managed-devices-provisioning-2017-03-07.png

Administrators can configure the following settings that are encoded to the QR code.

Wi-Fi network

Defines the SSID of your Wi-Fi network that is used during provisioning.

Wi-Fi password

Defines the Wi-Fi network password

Require encryption

Defines if encryption of the device is required. 

Keep system applications

Defines if system applications are available to the user after provisioning.

 

When settings have been configured, administrator can start enrolling the work managed devices. During the initial setup of a device or after factory reset, administrator must tab the first setup screen six times in order to launch QR code setup wizard. By doing so Android downloads QR code scanning component that is used to read the configured QR code in Miradore Online site. When the QR code has been scanned using device's camera, Miradore Online client is automatically downloaded and assigned as the device owner of the work managed device. The QR code also includes automatic enrollment credentials so the device will be automatically enrolled to Miradore Online.

 

NFC provisioning

The NFC provisioning method is the most widely supported provisioning method in different Android versions and can be used when devices don't support the QR code provisioning. In this method, administrator can download Miradore NFC provisioning application to his/her own phone, and use it to scan the configured QR code. After successfully scanning the QR code, the enrollment information can be trasmitted over NFC to target device during the first screen of the Android setup wizard. 

In Android 5.x devices, encryption is always required and cannot be disabled, even if the QR code is configured to allow non-encrypted devices.

 

DPC token provisioning

The entire DPC token enrollment process is described with pictures in this PDF document.

The DPC token provisioning method uses Miradore Online specific token afw#miradore that can be entered in place of Google account identifier during the setup wizard (when asked for an email or phone number).

 

afwMiradore.png

 

This launches managed Google Play accounts method and downloads Miradore Online client to the device. Miradore Online client asks user's consent for provisioning the device as the company managed device and installs our client as device owner.

 

AfWConsent.png

 

During the enrollment, the user is asked for enrollment credentials, which can be created in Miradore Online similar to normal enrollment

 

AfwCredentials.png

 

When a device is enrolled as work managed device using some of the supported provisioning methods, it will be tagged with tag Device owner. This can be used in business policies to deploy configuration profiles and applications for these work managed devices.

 

AfWDeviceOwnerTag.png

 

Create managed Google account for provisioned devices

If you wish to deploy managed Google Play applications and configurations for the device, you must also create managed Google account for each of the devices. This is done automatically during enrollment for devices that have a user configured. You can check this information from the device page. If device has Management type: Device owner and Google Service Framework ID is available, then the managed Google account has been created automatically and the device is ready for managed Google Play deployments. You can also check from the Events tab that Create managed Google account action can be found and is ready.

afw-work-managed-device-page-2017-03-07.png

 

In QR code and NFC provisioning methods work managed devices are enrolled automatically to Miradore Online using mass enrollment and might not have a user configured (especially if enrolling new devices out of the box). You can use device identifier CSV import before enrollment to upload a list of serial number and user relations that are checked and linked automatically during enrollment. i.e. if you know beforehand the a certain device is given to certain user at some point.

For a device that does not have a user configured, administrator must create managed Google account manually when user is updated. Navigate to Mobile management > Devices and start Create managed Google account/work profile action from the page action menu. This sends a command to the device that managed Google account must be created.

 

More information

About Android Enterprise Solution

How to configure managed Google Play Enterprise

 


Please send comments to contact@miradore.com.