Work managed devices is a corporate-liable deployment scenario where the enterprise or company owns and fully controls employee work devices. These deployments use the device owner mode of operation, in which the entire device is managed by installing Miradore Online client during initial setup of a new device or after a factory reset.
See the video for more information.
- Devices are running Android 5.0 or newer.
- The device(s) must be Factory reset before starting the provisioning process
Once the requirements are met, administrators can provision Work-Managed Devices, and Miradore Online offers these different methods for installing and configuring our client during the device setup:
- QR code
- DPC token (afw#miradore)
- Zero-touch enrollment
- Knox Mobile Enrollment
|QR code||NFC||afw#miradore token|
QR code provisioning
The QR code provisioning is the most straightforward enrollment method that is supported in Android 7 devices. Administrator can display a QR code in Miradore Online and provision work managed devices by reading the QR code using device's camera.
How to configure QR code enrollment settings
Start by navigating to Enrollment > Android Enterprise.
Administrators can configure the following settings that are encoded to the QR code on side. The settings can be saved for the further use. Saved settings will be also used when work managed devices are enrolled with the enrollment wizard (Enrollment > Enroll device).
Defines if encryption of the device is required. Devices preloaded with Android 5.0 or newer has encryption enabled by default.
Keep system applications
Defines if Android system applications are available to the user after the enrollment.
Language and Time zone
Define a language and time zone of the device.
Enrollment Wi-Fi network
Defines the SSID of your Wi-Fi network that is used during the enrollment.
Enrollmen Wi-Fi password
Defines the Wi-Fi network password.
Remove enrollment Wi-Fi configuration after enrollment
Defines if the Wi-Fi settings used during the enrollment are removed after the enrollment.
Additional Wi-Fi settings
Define the Wi-Fi used, for example, after the enrollment.
When settings have been configured, administrator can start enrolling the work managed devices.
- During the initial setup of a device or after factory reset, administrator must tab the first setup screen six times in order to launch QR code setup wizard.
- Read the configured QR code in Miradore Online site.
When the QR code has been scanned using device's camera, Miradore Online client is automatically downloaded and assigned as the device owner of the work managed device. The QR code also includes automatic enrollment credentials so the device will be automatically enrolled to Miradore Online.
The NFC provisioning method is the most widely supported provisioning method in different Android versions and can be used when devices don't support the QR code provisioning. In this method, administrator can download Miradore NFC provisioning application to his/her own phone, and use it to scan the configured QR code. After successfully scanning the QR code, the enrollment information can be transmitted over NFC to target device during the first screen of the Android setup wizard.
In Android 5.x devices, encryption is always required and cannot be disabled, even if the QR code is configured to allow non-encrypted devices.
You can also program your own NFC tag for Android Enterprise enrollments. The following video shows how you can create an NFC card with your Wi-Fi settings, and how is it used to enroll devices to Miradore Online in device owner mode.
DPC token provisioning
The entire DPC token enrollment process is described with pictures in this PDF document.
The DPC token provisioning method uses Miradore Online specific token afw#miradore that can be entered in place of Google account identifier during the setup wizard (when asked for an email or phone number).
This launches managed Google Play accounts method and downloads Miradore Online client to the device. Miradore Online client asks user's consent for provisioning the device as the company managed device and installs our client as device owner.
During the enrollment, the user is asked for enrollment credentials, which can be created in Miradore Online similar to normal enrollment
When a device is enrolled as work managed device using some of the supported provisioning methods, it will be tagged with tag Device owner. This can be used in business policies to deploy configuration profiles and applications for these work managed devices.
Please, see the documentation related to Android Zero-touch enrollment from here.
Knox Mobile Enrollment
Find the documentation about Knox Mobile Enrollment from here.
Create managed Google account for provisioned devices
If you wish to deploy managed Google Play applications and configurations for the device, you must also create managed Google account for each of the devices. This is done automatically during enrollment for devices that have a user configured. You can check this information from the device page. If device has Management type: Device owner and Google Service Framework ID is available, then the managed Google account has been created automatically and the device is ready for managed Google Play deployments. You can also check from the Action log that there is a row for Create managed Google Play account -action and the action is completed.
In QR code and NFC provisioning methods work managed devices are enrolled automatically to Miradore Online using mass enrollment and might not have a user configured (especially if enrolling new devices out of the box). You can use device identifier CSV import before enrollment to upload a list of serial number and user relations that are checked and linked automatically during enrollment. i.e. if you know beforehand the a certain device is given to certain user at some point.
For a device that does not have a user configured, administrator must create managed Google account manually when user is updated. Navigate to Management > Devices and start create managed Google account/work profile action for the device from Managed Google Play > Create account/work profile. This sends a command to the device that managed Google account must be created.
Please send comments to email@example.com.