Creating an Android Enterprise Device Policy

About this task

Use this procedure to create an Android Enterprise Enrollment Policy.

Important: As of SOTI MobiControl v14.4, all fresh installations of SOTI MobiControl have Android Enterprise selected as the default Android Plus Management style. To continue with this procedure, you need to confirm that either OEM Specific for All Android Devices or OEM Specific for Android 6.0 and Below is selected instead. See Choosing an Android Deployment Typefor instructions.

Procedure

  1. From the main menu, select Policies > Enrollment > All Policies. The Enrollment Policies window opens.
  2. Select New Enrollment Policy. The Enrollment Policy wizard launches.
  3. Select Android > Android Enterprise device family type. The General tab opens.
  4. On the General tab, enter a name and description for the policy. Make the name brief but descriptive, especially if you plan to create many enrollment policies.
  5. Select one of the following enterprise binding options:
    OptionDescription
    Managed Select a Managed Enterprise Account from the list or select Manage Accounts to delete accounts or add new ones. See Enterprise Bindings for more information.
    Domain Select a Google Domain from the list or select Manage Accounts to delete accounts or add new ones. See Enterprise Bindings for more information.
    None No enterprise binding is used.
  6. Select Next. The Device Type tab opens.
  7. Select one of the following device types:
    OptionDescription
    Work Managed

    On a Work Managed device, the organization manages the entire device. Apps, data, and settings can all be monitored and controlled through SOTI MobiControl.

    See Android Enterprise Work Managed for details.
    Work Profile

    On a device with a Work Profile, the device is a personal device owned by the device user. This management style is often called BYOD or bring your own device. You can choose to enroll devices via Android Enrollment API (AMAPI). For more information about work profiles, see Android Enterprise Work Profile for details.
    Corporate Personal

    On a Corporate Personal device, the organization manages the entire device but allocates a portion (or 'container') of the device for the personal apps and data of the device user. See Android Enterprise Corporate Personal for details.
  8. Select Next. The Groups tabs opens.
  9. Choose if the enrollment requires authentication. No authentication means that devices can enroll without user verification. If authentication is required, select one of the following options:
    OptionDescription
    Password Type a single password for use across all devices that enroll with this policy.
    Directory Select to add directory groups . Choose a directory service from the list and use the Search Groups field to find a group. You can add a new directory service connection by clicking Manage Services. From the menu, choose Directory, Identity Provider or SOTI Identity. See Identity Management for more information. Once the directory group is added, select a device group destination and applicable terms and conditions.
  10. Select Next. The Settings tab opens.
  11. Select from the available settings then select Finish. The new enrollment policy is created and the Enrollment Policy Info page displays.
    Note: This page lists policy details and device enrollment options. You can also choose how to install the agent on devices; either an available APK file or by downloading an INI file. There is an option to configure a QR code to enroll Android Enterprise devices.
  12. Select OK to complete the process.