Alma
Evans

Automated MDM enrollment: Your key to easy device deployment

Alma Evans

Mar 15, 2019

9 min read

Enrolling your devices to an MDM solution could be a tedious and cumbersome process. Especially, when you have a huge bulk of devices to be deployed. Generally, physical access to each of the devices is needed in order to complete the setup process. For instance, your employees should typically navigate to a website to download the MDM software to their devices.
Needless to mention, you must guide them through the entire process to get your devices enrolled. That is, the device is not under your control until and unless your user takes the necessary steps for enrollment. The worst case is that there are provisions for them to remove management from these enrolled devices. Most of these difficulties could be relieved to an extent by automating the enrollment process.

Use Hexnode for automatic deployment of your endpoints

There is a set of automatic enrollment programs making the device enrollment process an absolute breeze. Apart from lessening the burden for both the IT admin and the end users, these automated MDM enrollment programs can also make MDM enrollment mandatory and lockable. They could streamline the initial device set up and provide a no-touch configuration for the devices.
As soon as your employee receives the device and powers it on, the device automatically applies all the settings and configurations provisioned by your enterprise. This ensures that all your user devices are receiving your organization’s configurations from the moment they’re in use.

Automated MDM enrollment programs

Hexnode MDM supports effective quick enrollment solutions such as Apple Device Enrollment Program, Samsung Knox Mobile Enrollment, Google Zero Touch Enrollment to quickly configure and roll out thousands of devices across your organization.

Apple Device Enrollment Program

Apple Device Enrollment Program
Apple’s Device Enrollment Program streamlines the deployment and configuration of iOS, MacOS and tvOS devices purchased either directly from Apple or through any authorized resellers. Apple DEP seamlessly collaborates with MDM to automate device enrollment, to allow mass provisioning and to simplify the initial setup.

Program features

  • Over-the-air configuration – DEP eliminates the need for IT administrators to manually enroll devices. It automates MDM enrollment and applies your organization’s configurations.
  • Streamlined setup process – Allows you to skip certain set up assistant steps like Apple ID, passcode, and terms of service screens.
  • Non-removable MDM – User’s devices are locked in MDM for on-going management.
  • Wireless supervision – With Apple DEP you have the option to enable supervised mode giving you the ability to provide a higher level of device management.

Setting up automated MDM enrollment for your Apple devices

Hexnode MDM seamlessly integrate with Apple’s Device Enrollment Program to enable automatic deployment of your corporate Apple devices. To get going with Apple DEP and Hexnode MDM, follow the series of steps below:

  • Enroll in Apple Business Manager – Enroll your organization in Apple Business Manager by providing your organization info. including D-U-N-S number and an email address that hasn’t been used for any other Apple services.
  • Integrate Apple DEP with Hexnode MDM
    1. Create a DEP account and get the public key certificate file from your Hexnode MDM portal.
    2. On your Apple Business Manager portal, create a new MDM server, upload the previously downloaded file to get a server token
    3. Transfer the token to the MDM server to complete the integration. You can also add a DEP profile as the default policy to be applied to all the devices under this account.
  • Manage devices in Apple DEP – On your Apple Device Manager portal, devices could be assigned via serial number, order number or uploading CSV file. Also, choose the MDM server to associate the devices with.

Once Hexnode has synced with DEP, your devices get listed in the portal and you can now associate DEP policies with the devices. All these configurations take effect the next time the devices are activated. During the process, the devices get enrolled with Hexnode MDM.


Samsung Knox Mobile Enrollment

Samsung Knox Mobile Enrollment platform allows IT administrators to speed and facilitate the deployment of Samsung devices in bulk with minimal user interactions. Using KME, a device can be shipped directly from an approved reseller to the end user, the device being configured with MDM policies making it ready to be used right out-of-the-box.

Program features

  • Out-of-the-box device enrollment – Once you successfully add your devices to KME, your user just has to turn on the device and connect it to a network to get it enrolled.
  • Streamlined setup process – Users could be allowed to skip unwanted setup wizard screens to make the enrollment process even faster.
  • Manages multiple MDM configurations – Works with almost all MDM vendors and could manage multiple MDM profiles for different vendors and different enrollment settings.
  • MDM re-installation on a device reset – Even if the devices are reset, KME will re-provision the device once it is activated. So, even if a device is lost or stolen and whoever has the device in possession attempts to reset the device, the device will automatically re-enroll to the MDM solution where it can be tracked and managed by the organization.

Setting up automated MDM enrollment for your Samsung devices

Hexnode MDM’s integration with Samsung Knox Mobile Enrollment allows the organization to automate the provisioning of dedicated Samsung devices. Only that your organization should have a Samsung account and Knox portal account to get started. Devices could be configured in a few steps:

  • Add devices to your KME portal – You must register your participating Samsung device reseller in the portal. He uploads your device details and you have to approve the upload and your devices will be added to the portal. For non-reseller devices, you can make use of the Knox deployment app.
  • Create MDM profiles and assign to devices – Create enrollment profiles with downloadable links of Hexnode MDM APK and other configurations. Assign the profile to approved devices.

Once you have done so, during the initial set up the device downloads the Hexnode MDM agent and enrolls, all by itself without you needing to touch a thing.


Google Zero-touch Enrollment

Google Zero-touch Enrollment is a simple mass enrollment method which offers seamless setup and deployment of corporate-owned Android devices which are compatible. With Zero-touch enrollment, there is no need to manually configure devices or force users for a complicated setup. You can ship the devices directly to your users and allow users to skip many of the set-up steps for easy activation.

Program features

  • Large scale deployment – Makes large scale roll-outs fast and easy for organizations.
  • Management and settings can be pre-configured – Pre-configures work-managed devices even before shipping. Users just power on the enterprise-ready device and launch their work apps.
  • Can enforce management – Admin can enforce management and provision the device as a fully managed (Android Enterprise Device Owner) device. Even when devices are reset, they still boot up with management in place. This ensures that Admins are always in control.

Setting up automated MDM enrollment for your brand-new Android devices

Hexnode provides support for Google Zero-touch Enrollment to automatically enroll your corporate-owned device as Android Enterprise Device Owner. There are a few steps by which this could be achieved:

  • Reseller sets up your zero-touch enrollment account.
  • Create a Google account.
  • Setup the Zero-touch enrollment portal.
  • Add configurations with Hexnode MDMs mobile policy data.
  • Apply configurations to devices.

Enrollment occurs over-the-air on any compatible device (purchased from a reseller partner) when the device first boots or after a factory reset.

Windows Autopilot deployment

Windows Autopilot is a cloud service from Microsoft that provides you a zero-touch experience for deploying Windows 10 devices. There is no need to reimage or manually set up your devices before handing them out to your users. The Windows 10 device will perform the Azure AD join and enroll in MDM automatically and MDM will provision your policies, settings, and apps.

Program features

  • Can join devices to Azure AD and MDM – Windows autopilot automatically joins the device to Azure AD and enrolls in MDM as soon as the user powers on the device. With the new Windows 10 version 1809, you can choose to join devices to Active Directory also.
  • Setup wizard skipping – Can streamline the deployment of devices by skipping certain setup screens.
  • Self-deployment mode – There is a self-deployment mode to enable zero-touch provisioning. The device joins to Azure AD and auto-enroll to MDM and stays on the enrollment status page until all the policies and applications you have configured get provisioned on it making the device business-ready. No need to enter the user name and password. All that needed is just a network connection.
  • Remote device reset – Can reset the device remotely with the Autopilot reset option and re-deploy it to another user if needed. The reset option can also be used in managing lost or stolen devices to remove sensitive data.
  • Can restrict admin account creation – IT admin can choose to restrict the user to a standard account in the deployment profile.

Requirements:

  • Windows 10 version 1703 or higher (supported editions – Pro, Pro Education, Pro for Workstations, Enterprise, Education)
  • Azure Active Directory premium subscription
  • MDM subscription

Deployment steps:

  • Device Registration – Register the devices with the Windows Autopilot deployment service
  • Deployment profile assignment – Create an Autopilot deployment profile and assign it to your devices.

The device is now ready for shipping. The user just has to unbox the device, power it on and connect to a network to get it ready for work.

Windows Autopilot Deployment feature is on our roadmap and will be made available for you in a short period of time.

All these automated MDM enrollment features with Hexnode MDM ensures that your corporate devices are deployed and configured to your organization’s settings without much complexity.

Share

Alma Evans

Product Evangelist @ Hexnode. Already lost up in the whole crazy world of tech... Looking to codify my thoughts for now...

Share your thoughts