Work managed devices is a corporate-liable deployment scenario where the enterprise or company owns and fully controls employee work devices. These deployments use the device owner mode of operation, in which the entire device is managed by installing Miradore Online client during initial setup of a new device or after a factory reset.
- Miradore Online Enterprise Plan subscription or active trial.
- Managed Google Play Enterprise has been configured.
- Devices are running Android 5.0 or newer.
Once the requirements are met, administrators can provision Work-Managed Devices, and Miradore Online offers three different methods for installing and configuring our client during the device setup:
- QR code
- DPC token (afw#miradore)
|QR code||NFC||afw#miradore token|
QR code provisioning
The QR code provisioning is the most straightforward enrollment method that is supported in Android 7 devices. Administrator can display a QR code in Miradore Online and provision work managed devices by reading the QR code using device's camera. Start by navigating to Mobile management > Devices and click the Work managed device provisioning action. This redirects you to the work managed device provisioning page.
Administrators can configure the following settings that are encoded to the QR code.
Defines the SSID of your Wi-Fi network that is used during provisioning.
Defines the Wi-Fi network password
Defines if encryption of the device is required.
Keep system applications
Defines if system applications are available to the user after provisioning.
When settings have been configured, administrator can start enrolling the work managed devices. During the initial setup of a device or after factory reset, administrator must tab the first setup screen six times in order to launch QR code setup wizard. By doing so Android downloads QR code scanning component that is used to read the configured QR code in Miradore Online site. When the QR code has been scanned using device's camera, Miradore Online client is automatically downloaded and assigned as the device owner of the work managed device. The QR code also includes automatic enrollment credentials so the device will be automatically enrolled to Miradore Online.
The NFC provisioning method is the most widely supported provisioning method in different Android versions and can be used when devices don't support the QR code provisioning. In this method, administrator can download Miradore NFC provisioning application to his/her own phone, and use it to scan the configured QR code. After successfully scanning the QR code, the enrollment information can be trasmitted over NFC to target device during the first screen of the Android setup wizard.
In Android 5.x devices, encryption is always required and cannot be disabled, even if the QR code is configured to allow non-encrypted devices.
DPC token provisioning
The entire DPC token enrollment process is described with pictures in this PDF document.
The DPC token provisioning method uses Miradore Online specific token afw#miradore that can be entered in place of Google account identifier during the setup wizard (when asked for an email or phone number).
This launches managed Google Play accounts method and downloads Miradore Online client to the device. Miradore Online client asks user's consent for provisioning the device as the company managed device and installs our client as device owner.
During the enrollment, the user is asked for enrollment credentials, which can be created in Miradore Online similar to normal enrollment
When a device is enrolled as work managed device using some of the supported provisioning methods, it will be tagged with tag Device owner. This can be used in business policies to deploy configuration profiles and applications for these work managed devices.
Create managed Google account for provisioned devices
If you wish to deploy managed Google Play applications and configurations for the device, you must also create managed Google account for each of the devices. This is done automatically during enrollment for devices that have a user configured. You can check this information from the device page. If device has Management type: Device owner and Google Service Framework ID is available, then the managed Google account has been created automatically and the device is ready for managed Google Play deployments. You can also check from the Events tab that Create managed Google account action can be found and is ready.
In QR code and NFC provisioning methods work managed devices are enrolled automatically to Miradore Online using mass enrollment and might not have a user configured (especially if enrolling new devices out of the box). You can use device identifier CSV import before enrollment to upload a list of serial number and user relations that are checked and linked automatically during enrollment. i.e. if you know beforehand the a certain device is given to certain user at some point.
For a device that does not have a user configured, administrator must create managed Google account manually when user is updated. Navigate to Mobile management > Devices and start Create managed Google account/work profile action from the page action menu. This sends a command to the device that managed Google account must be created.
Please send comments to firstname.lastname@example.org.