SOTI Pulse Logo

Enroll Android device

Solved
JK
James Knight

We're moving from another MDM and I need to enrol about 50 Android phones. By removing them from the existing MDM I will effectively end up with factory reset phones so this will be the same as enrolling them out of the box.

I have set up my enrolment policy with a managed enterprise binding and management type = work managed.

However, I can't for the life of me see how to enrol these devices without first setting them up as individual user phones. To download MobiControl, I need to go through a complete personal user setup process including logging into the Play Store. To use the Enrolment URL I also need to go through the user setup process, and then again it asks me to log into the PlayStore. 

In the competing (poor quality) MDM, I have the option of clicking the Android screen 8 times and then scanning a QR code to take me into a work enrolment process. Is there nothing like that in MobiControl? Am I really expected to manually configure 50 phones just to un-configure them again and enrol to our network?

I really hope I'm missing something here.

Thank you

2 years ago
Android
ANSWERS
MD
Matt Dermody Diamond Contributor
2 years ago

There are 4 native methods for Device Owner / Work Managed Enrollment under Android Enterprise, all accessed during the Google Setup Wizard:

  • NFC
  • QR
  • ZTE
  • DPC Identifier

There are additional manufacturer specific options as well such as StageNow from Zebra and Enterprise Provisioner from Honeywell that can be used for devices from those brands. If you have one of those two manufacturers I would recommend using the manufacturer provided approach for enrollment.

If you do not have one of those manufacturers then of the available options I would recommend the QR method. ZTE requires your devices to be enrolled and registered with ZTE, which it might be too late for. The DPC identifier method is easiest, as it just involves typing in afw#mobicontrol into the setup wizard account prompt. I do not recommend this approach however as it will leave many system apps in a disabled state and the device in an unpredictable state that may be harder to manage. The QR based enrollment is your best bet for allowing you to control DPC extras so that you can do things like specify that all system apps be left enabled. 

https://discussions.soti.net/articles/enroll-android-devices-in-mobicontrol-using-a-qr-code-and-json-code

Downloading an EMM agent from the Play Store and manually enrolling it will never result in a Fully Managed device. That is the workflow that will lead to Work Profile based management, which is designed for BYOD use cases. This is true of all Android Enterprise EMM and it is built this way by design. 

Solution
JK
James Knight
2 years ago

That's fantastic, thanks Matt. The QR code enrolment is what I was looking for, but there's nothing about doing anything like that anywhere in the docs.

Soti really ought to build that natively into the portal, rather than require the use of this third party workaround. As you say, the other methods don't really result in a proper enrolment at all.

Thanks again

James

MD
Matt Dermody Diamond Contributor
2 years ago

Agreed that there should be native integration in MobiControl to generate the QR enrollment barcodes. If you're familiar enough with the essentials of Android Enterprise you'll understand that these processes are universal to all Android Enterprise enrollment across all EMMs due to the standardization enforced by Google. Maybe SOTI just assumed most people knew how to generate the QR codes externally from the server. That's a high learning curve though, their really should be a mechanism built into the Enrollment Rule creation process that enables you to then create the QR code within MobiControl. 

JK
James Knight
2 years ago

Yes I'm on that learning curve :-) One more quick question - if I want to use the afw#mobicontrol token within the json (rather than specify a specific version of MobiControl), how to I configure the URL?

Thanks again

James

RS
Rafael Schäfer
2 years ago

You can't.
But at the point where mobicontrol agent starts up you just must enter the enrollment ID of your enrollment policy.

But if you use QR-Code, NFC or ZT enrollment you can provide this information automatically:

{"android.app.extra.PROVISIONING_USE_MOBILE_DATA":true,                  "android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE":
                  { "enrollmentId": "YOUR_ENROLLMENT_ID","PROVISIONING_MODE":"FULLY_MANAGED_DEVICE" }}

Mobile data > true is only to allow enrollment via mobile data as well and can be kept away if not needed

provisioning mode > can be different depends on what mode you are enrolling

7
74HCT04
2 years ago

I think you may be a bit beyond this step, but SOTI published a "Provisioning android devices using QR Codes" article back in March. If it's not useful to you, James, hopefully it might help a future reader of this thread.

https://discussions.soti.net/articles/provisioning-android-devices-using-qr-codes

Personally, I've never tried this method as I used the (encrypted) 2D barcodes from Honeywell Enterprise Provisioner instead. If you follow SOTI's method I believe the SSID and WiFi passphrase (password) will be in plain-text within the QR code so I'd suggest being careful about who has access to the QR code.

SOTI's "Stage Programmer" app also produces similar 2D barcodes - again with an unencrypted WiFi passphrase. I've used this app successfully in the past.

JK
James Knight
2 years ago

Thank you for that link - this is very helpful. This also shows me how to setup the WiFi SSID and (I think) points to whatever is the most current device agent, rather than a specific version.

7
74HCT04
2 years ago

No problem. I've just added an addendum about "Mobicontrol Stage Programmer" 

https://play.google.com/store/apps/details?id=net.soti.mobicontrol.programmer&hl=en&gl=US

Yes, this link to the latest agent build can be useful (http://soti.net/apk/ae2)

A
AMMOD@SOTI
2 years ago

Hi James Knight,

Thank you for posting on SOTI Pulse, Thanks Matt Dermody, Rafael Schäfer, and 74HCT04 for responding to this post.

I'm pleased to hear that you found a solution that meets your needs

If you have any concerns or questions regarding this issue, please don't hesitate to let us know. We are here to assist you.

Kind regards,

Technical Support | SOTI Inc. |1.905.624.9828 | support@soti.net | www.soti.net |

Similar Discussions