Views:

Enroll Android devices in Mobile Device Director by connecting to manged Google Play and configuring enrollment settings.

Mobile Device Director can enroll and manage Android devices using the following enrollment profiles.
Enrollment Profile
Protection Scope
Mobile Security Deployment Location
Personally-owned devices with work profile
Work profile
Work profile
Corporate-owned dedicated device profile
Whole device
Device
Corporate-owned, fully manged user devices
Whole device
Device

Procedure

  1. Click the Android Enrollment tab.
  2. Connect to your company's managed Google Play.
    1. Click Connect to Managed Google Play.
    2. Click Sign in to a Google Account.
    3. In managed Google Play, click SIGN IN and sign in to the Google account you want to associate with all management tasks.
      Important
      Important
      The following Google Play screen captures were valid as of June 30, 2023. For further help, check your Google Play documentation.
      managedgoogleplay.jpg
      Note
      Note
      Trend Micro recommends using an account set up for work or business. Keep in mind that the account you use should be one that is easily shared or transferred in case the person setting up the managed Google Play connection leaves the company or moves teams.
      If you do not have a Google account for business, sign in to your managed Google Play and create an account by selecting For work or my business.
      google-account.jpg
    4. Click Get started.
      managedgoogleplay2.jpg
    5. Type your domain name or business name and click Next.
      managedgoogleplay3.jpg
    6. (Optional) Type your contact details in case Google needs to contact you with any data privacy related questions or notifications.
      managedgoogleplay4.jpg
    7. Select I have read and agree to the Managed Google Play agreement. and click Confirm.
      managedgoogleplay5.jpg
    8. Click Complete registration. Wait for Trend Vision One to process data from Google Play.
      managedgoogleplay6.jpg
    9. To view Google Play connection details or disconnect the Google account, click View the connection details.
  3. Configure device enrollment settings based on the enrollment profile.
    Enrollment Profile
    Description
    Configuration Steps
    User-owned devices with a work profile
    • User-owned devices with a work profile are mobile devices owned by the user. During enrollment, a work profile is created on the device to house work apps and work data. The work profile can be managed by Mobile Security. Personal apps and data stay separate in another part of the device and remain unaffected by Mobile Security.
    • Enrollment of user-owned devices with a work profile is allowed by default.
    1. To manage devices with user information from Microsoft Entra ID, select Require users to sign into Microsoft Entra ID before enrolling.
      If Microsoft Entra ID is not configured, click Go to User Configuration to configure Microsoft Entra ID before enabling this function.
    2. Scan the QR code with the user's device, or click Download Email Template to send enrollment instructions to users via email.
    3. If you email users enrollment instructions, ask your users to install the Mobile Agent and follow the enrollment instructions in the Mobile Agent to finish enrolling the device.
    Company-owned, fully-managed devices
    • Company-owned, fully-managed devices are fully-managed devices associated with a single user, used exclusively for specific work purposes. Mobile Device Director can manage the whole device and enforce policy controls.
    • Company-owned, fully-managed devices must be new or reset to factory settings to be enrolled. The steps below are for devices running Android 9.0 or later.
    • Microsoft Entra ID must be configured to allow fully-managed device enrollment.
      Learn more about configuring Microsoft Entra ID
    • For company-owned, fully-managed devices, users are always required to sign into Microsoft Entra ID before enrolling.
    1. If Microsoft Entra ID is not configured, click Go to User Configuration to configure Microsoft Entra ID before enabling this function.
    2. Enable Allow company-owned, fully managed devices.
    3. Power on the device.
    4. Tap the Welcome screen six times to open the device camera.
    5. Scan the QR code, or enter the code manually.
    6. Connect to Wi-Fi so the device can connect to Mobile Security and start enrollment.
    Company-owned, dedicated devices
    • Company-owned, dedicated devices are corporate-owned, single-use, kiosk-style devices. Such devices are used for a single purpose, such as digital signage, ticket printing, or inventory management. Admins can lock down the usage of a device to a single app, or a limited set of apps, inclusive of web apps. Users are prevented from adding other apps or taking actions on the device unless explicitly approved by admins. These devices are enrolled in Mobile Device Director without a user account and aren't associated with a user.
    • Company-owned, dedicated devices must be new or reset to factory settings to be enrolled. The steps below apply to devices running Android 9.0 or later.
    1. Enable Allow company-owned, dedicated devices.
    2. Power on the device.
    3. Tap the Welcome screen six times to open the device camera.
    4. Scan the QR code, or enter the code manually.
    5. Connect to Wi-Fi so the device can connect to Mobile Security and start enrollment.
  4. Click Finish.