Create an App Policy for Microsoft Shared Mode Registration of Android Enterprise Work Managed Devices

About this task

Use SOTI MobiControl to create and configure a conditional access policy for Microsoft Shared Mode registration of Android work managed devices.
Note: To use Microsoft Shared mode with SOTI MobiControl v2024.0.0 and later, you need to change devices registered as Microsoft User Mode to Microsoft Shared Mode in Microsoft Entra ID. See How To Convert a User Mode Registration to a Shared Mode Registration for details.

Creating the Policy

About this task

Follow the procedure below to create a policy to deliver Microsoft Authenticator to Android work managed devices for Microsoft Shared Mode registration.

Procedure

  1. From the SOTI MobiControl hamburger menu, select Policies > Apps. The App Policies view opens.
  2. Select New App Policy. The Create App Policy panel displays.
  3. Select Android > Android Enterprise. The Create App Policy window's General tab displays.
  4. From the General tab, in App Policy Name, enter a name for the policy.
  5. From the Apps tab, select Add. The Select Apps window displays.
  6. From the App Source list, select Managed Google Play.
  7. Select the Managed Google Play button.
  8. In the Managed Google Play Store, search for Microsoft Authenticator. From the results, choose the app and then Select. Microsoft Authenticator displays in the apps table.
  9. Select Add.

What to do next

Complete the steps in Advanced Configuration of Microsoft Authenticator.

Advanced Configuration of Microsoft Authenticator

About this task

Follow the procedure below to configure Microsoft Authenticator.

Procedure

  1. From the Apps table, select More.
  2. Select Configure. The Advanced Configurations window opens.
  3. From Configuration Options, select Installation Options.
  4. From Deployment Type, select Mandatory.
  5. Turn on Launch App After Installation.
  6. From Configuration Options, select Managed App Config.
  7. Turn on Enable Managed App Config.
  8. Turn on Shared Device Mode.
  9. From Shared Device Mode Tenant Identifier, enter your tenant ID.
    Tip: Find your tenant ID in Global Settings > Services > Microsoft 365 > Conditional Access in the Entra Tenant ID field.
  10. From Shared Device Mode Registration token, enter the macro %SHARED_DEVICE_REG_TOKEN%.
  11. Select Save.

What to do next

Save and assign the policy to the appropriate device group.

Device Factory Reset

About this task

You must factory reset a device if it has certain registration states:
  • For a device that's already registered with Microsoft Entra ID, you must factory reset it if you want to re-register with Microsoft Entra ID again.
  • For a device that's already registered as Microsoft User Mode, you must factory reset it if you want to convert to Microsoft Shared Mode.