Choosing the enrollment method using Android Device Enrollment Wizard

The Android Device Enrollment Wizard offers a comprehensive range of options to customize the enrollment process according to the requirements of your organization. An overview of the various enrollment methods available for each device management mode is as follows.

This wizard streamlines the process of creating enrollment requests for all modes from a single location. You can configure enrollment settings for Android devices by selecting the appropriate enrollment method, device management type, device ownership, and other enrollment options. The choice of enrollment method depends on factors such as the device ownership, level of control over corporate data, and the level of flexibility wanted for employees. For instance, organizations that seek strict control over corporate data can opt for COSU devices, while those prioritizing employee flexibilities can choose BYOD or WPCO devices.

The following table summarizes the device management modes, enrollment methods, and minimum OS versions for each enrollment method.
Device Management Mode Enrollment Method Requirements
Personally owned devices (BYOD) Google Play Store Android 7.0+
Corporate-owned devices for work use only QR code Android 7+
Zero-touch Android 8+
Samsung Knox Knox 3.0+
Corporate-owned dedicated devices (COSU) QR code Android 7+
Corporate owned devices for work and personal use (WPCO) QR code Android 7+
Zero-touch Android 8+
Corporate-owned devices without Google Mobile Services Android Debug Bridge  

Creating new enrollment request

Follow these steps to create a new enrollment request through Android Device Enrollment wizard:
  1. From the IBM® MaaS360® Portal home page, go to Devices > Enrollments.
  2. Click Other Enrollment Options and select Android > Android Device Enrollment.
  3. In the Android Device Enrollment wizard, provide the following details in the Enrollment Mode section:
    Setting Description
    Enrollment mode
    QR code
    Administrators generate a QR code for devices that need to be enrolled. This code contains the necessary information to initiate the device enrollment process. Users can enroll their devices by scanning the QR code, eliminating the need for manual configuration or complex passwords.
    Zero-touch
    Automatically enrolls devices without requiring user interaction. This mode is ideal for company-owned devices that are being deployed to new employees or for devices that are being replaced. Devices automatically enroll into MaaS360 up on startup or factory reset. This mode eliminates the effort of enrolling each device manually.
    Samsung Knox Mobile
    (KME) This mode is ideal for company-owned Samsung devices that are deployed to new employees or for those devices that require replacement. KME simplifies device management for Samsung devices by automatically enrolling them into the MaaS360 Portal. This mode eliminates manual user input and reduces IT workload.
    Android Debug Bridge
    Non-GMS Android Enterprise Enrollment. This mode is ideal for Android devices that do not have Google Play services and Google Play Store access. Supports features like Device Actions, Device Management, COSU, and Non-Android Enterprise App distributions. For more information, see Corporate-owned devices without Google Mobile Services.
    Managed Google Play account type
    Device Account
    The device account can be active only on one device at a time.
    User Account
    The user account is active on a maximum of 10 devices and provides access to the Managed Google Play account from all the devices enrolled by the user.
    Device management
    Work Profile on Corporate-Owned Device
    The company-owned devices are set up with a work profile to enable those devices for both work and personal activities.
    Device Owner (Dedicated device or kiosk mode)
    The company-owned devices are set up for full device management. The organization manages all apps that are installed on the device and can enforce policies and commands for compliance. Also, kiosk (COSU) policies can be implemented on fully managed devices to restrict usage to a single app or a limited set of apps.
    Device Owner (Dedicated device or kiosk mode)
    The company-owned devices are set up for full device management. The organization manages all apps that are installed on the device and can enforce policies and commands for compliance. Also, kiosk (COSU) policies can be implemented on fully managed devices to restrict usage to a single app or a limited set of apps.
    Device Owner without Google Managed Services (Non-GMS)
    The non-GMS devices are devices that do not have access to GMS. The company-owned non-GMS devices are enrolled by using QR code and Android Debug Bridge (ADB). The scope of device management capabilities is restricted due to the unavailability of Google Mobile Services (GMS).
    Device ownership
    Corporate-Owned
    The company-owned device is assigned to a single user.
    Corporate-Shared
    The company-owned device is shared among multiple users. Each user logs in to a separate account and receives a distinct set of apps and files.
  4. Provide the following details in the User Details section:

    These details are auto-populated for users during the enrollment process.

    Setting Description
    Enrollment email ID Provide an email address that you want to use for enrollment. This email must match the email address of a MaaS360 portal user account.
    Username If you want to skip the authentication screen during device enrollment, provide the username, password, and domain of a MaaS360 portal user account. Make sure that these authentication details match the username, password, and domain in a MaaS360 portal user account.
    Password
    Domain
  5. Provide the following details in the Additional Settings section:
    Setting Description
    Prompt for device name When the value is 'Yes': This setting prompts the user to provide a custom device name during the enrollment.
    Note:
    • The combination of the custom device name and the device model number is used for the device name.
    • If this option is not selected, the combination of the device ID and the device model number is used for the device name.

    For more information about assigning a custom device name, see Assigning custom device name in MaaS360
    Allow user to skip enrollment If this setting is set to 'Yes', users are prevented from skipping device enrollment screens.
    Disable system apps If this setting is set to 'No', retains system apps such as Calendar and Clock on the device after the enrollment. If set to Yes, system apps are unavailable on the device after the enrollment.
    Note: For KME enrollments, use the System Applications setting in the Knox Admin portal to enable or disable system apps.
    Device custom attributes

    Prerequisite - Configure device custom attributes in Devices > Device Attributes.

    You can use custom attributes to include extra information about enrolled devices that is not automatically captured in the MaaS360 portal after device enrollment. This custom information is displayed on the Device Summary page in the MaaS360 portal. You can filter devices based on the custom attributes using the Advanced Search feature.

    For example, when enrolling guest devices with a dedicated QR code, you can configure a custom attribute of type text with the following settings:
    • Key: QR code type
    • Value: Guest
    The following table shows the supported custom attribute types and their respective limits:
    Type Limit
    Text 10
    Enum 5
    Date 3
    Numbers 5
    Boolean 5
    Locale and Timezone Applies the selected locale and time zone on the device. However, users can change these details after the device enrollment.
    Note: These settings are supported only on Android 8+ devices that are enrolled through QR code and Google zero-touch enrollment method.
    Additional Attributes You can include up to 10 additional attributes when you create enrollment profiles for Zero-touch, QR code, and KME. You can use these attributes to configure advanced device enrollment settings supported by MaaS360. For example, if you set lock_on_reboot to true, MaaS360 continues the device enrollment process even if the device undergoes a restart during enrollment. For the list of supported attributes, see Additional Android Enterprise enrollment attributes
  6. Provide the following details in the Wi-Fi Settings section:

    Configure the wifi profile details. When the wifi profile is pushed to the device, they automatically connect to that configured wifi during the enrollment process.