Managing Android Devices

Managing Android Devices

Introduction

This exercise focuses on configurations for Work Managed Device mode. Also called Device Owner, this mode allows Workspace ONE UEM to control the entire device. Work Managed Device mode is ideal for corporate-owned devices, and requires a parent staging process. Although there are several ways to enroll work managed devices, this exercise uses the AirWatch Identifier enrollment flow. For an overview of the available enrollment flows, see Work Managed Device Enrollment.

Prerequisites

Before you can perform the procedures in this exercise, you must complete the following tutorials:

This exercise requires a user to enrol their device into Workspace ONE UEM. Note the user account information in the following table. The details provided in this table are based on a test environment. Your user account details will differ.

User Account Information

User name
testuser
Password VMware1!
Email testuser@company.com

You must also satisfy the following requirements:

  • Google admin account bound to Workspace ONE UEM
  • Android device 5.0 or later
  • Factory reset device in out of the box mode

Caution: Do not factory reset your personal device to complete these exercises. 

Logging In to the Workspace ONE UEM Console

To perform most of the steps in this exercise, you must first log in to the Workspace ONE UEM Console.

1. Launch Chrome Browser

Launch Chrome Browser

On your desktop, double-click the Google Chrome icon.

3. Authenticate In to the Workspace ONE UEM Console

  1. Enter your Username. This is the name provided in the activation email.
  2. Enter your Password. This is the password provided in the activation email.
  3. Click the Login button.

Note: If you see a Captcha, be aware that it is case sensitive.

Retrieving the Group ID

Before enrolling your device, retrieve your Group ID from the Workspace ONE UEM Console.

1. Point to the Organization Group

Finding your Group ID

Select the email address you used to log in to the Workspace ONE UEM Console.

2. Copy the Group ID

Finding your Group ID

Copy the Group ID from the Organization Group tab.

Enrolling an Android Device Using AirWatch Identifier

In this section, use AirWatch Identifier Enrollment to set up your device in Work Managed Device mode.

Note: Screenshots may differ due to differences in device models and operating system versions.

1. Out of Box Enrollment

Turn on your device from a factory reset state and tap Start.

1.1. Connect to Wi-Fi

  1. Tap to connect to the appropriate Wi-Fi network based on your location.
  2. After connecting to Wi-Fi, tap Next.

1.2. Review the Terms and Conditions

Tap Next.

1.3. Accept the Terms and Conditions

Tap Agree.

1.4. Enter the AirWatch Identifier

  1. Enter afw#airwatch into the Email or phone field to download the Workspace ONE UEM Agent.
  2. Tap Next.

1.5. Review and Configure Google Services

  1. Review and configure the Google Services, then scroll down to the bottom.
  2. Tap Next.

1.6. Install the Agent

Tap Install.

1.7. Confirm Agent Special Access and Install

Confirm the special access required by the agent and tap Install.

2. Enter Workspace ONE UEM Server Details for Enrollment

Select AirWatch MDM Agent Authentication Method

After the agent has launched, you can enroll the device. Select the Workspace ONE UEM authentication method.

Tap Server Details.

2.1. Authenticate

Attach the AirWatch MDM Agent to the HOL Sandbox
  1. In the server field, enter <WorkspaceONEHostname>.com where WorkspaceONEHostname is the host name of the Workspace ONE UEM tenant.
  2. Enter the Group ID you retrieved from the Workspace ONE UEM Console for the Group ID field.
  3. Tap Continue.

2.2. Allow Agent to Manage Phone Calls (IF NEEDED)

If prompted, tap Allow when the agent requests permission to make and manage phone calls.  Otherwise, continue to the next step.

2.3. Authenticate the Agent

Authenticate the AirWatch MDM Agent
  1. Enter the user name.
  2. Enter the password.
  3. Tap Continue.

3. Encrypt Device

Tap Encrypt.

3.1. Review Encryption Requirements

Tap Encrypt Device.

3.2. Confirm and Begin Encryption

  1. When prompted, enable Fast Encryption to reduce the time required to encrypt the device.
  2. Tap Encrypt Device. The device encrypts and restarts.

4. Complete Enrollment

After the device restarts, review the Terms and Conditions for Android for Work, and tap Agree.

4.1. Set Up Android for work

Set Up Android for work

Tap NEXT.

Note: This may take some time, be patient while the setup process completes.

4.2. Administrator Rights

Administrator Rights
  1. Tap I consent to agree to the administrator rights terms.
  2. Tap OK to confirm the Privacy Policy.

Note: Enrollment time may vary depending on your network connectivity. Typically, it takes around 1 minute to complete. Be patient while this process completes.

Important: During the enrollment process, you will see several processing screens. Note that you do not need to interact with the device further until you see the Workspace ONE UEM Agent app confirming your enrollment.

4.3. Wait for Device Connectivity (IF NEEDED)

It may take several minutes to establish a connection to Google Cloud Messaging. Wait until you see the Connectivity Issue notification change to Connectivity Normal before continuing.

4.4. Confirm Device Enrollment

Confirm Device Enrollment

You have now completed the Agent configuration wizard.  After the enrollment process completes, the agent displays the notification Congratulations! You have successfully enrolled your device.

You can now Exit the agent.