Creating an Android Enterprise Device Policy

About this task

Use this procedure to create an Android Enterprise Enrollment Policy.
Important: As of SOTI MobiControl v14.4, all fresh installations of SOTI MobiControl have Android Enterprise selected as the default Android Plus Management style. To continue with this procedure, you must confirm that you have selected OEM Specific for All Android Devices or OEM Specific for Android 6.0 and Below. See Choosing an Android Deployment Type for instructions.

Procedure

  1. From the main menu, select Policies > Enrollment > All Policies. The Enrollment Policies window opens.
  2. Select New Enrollment Policy—the Enrollment Policy wizard launches.
  3. Select Google > Android Enterprise device family type. The General tab opens.
  4. On the General tab, enter a name and description for the policy. Make the name brief but descriptive, especially if you plan to create many enrollment policies.
  5. Select one of the following enterprise binding options:
    OptionDescription
    Managed Select a Managed Enterprise Account from the list or select Manage Accounts to delete accounts or add new ones. See Enterprise Bindings for more information.
    Domain Select a Google Domain from the list or select Manage Accounts to delete accounts or add new ones. See Enterprise Bindings for more information.
    None No enterprise binding.
  6. Select Next. The Device Type tab opens.
  7. Select one of the following device types:
    OptionDescription
    Work Managed

    On a Work Managed device, the organization manages the entire device. You can monitor and control apps, data, and settingsthrough SOTI MobiControl.

    See Android Enterprise Work Managed for details.
    Work Profile

    A device with a Work Profile is a personal device owned by the device user. This management style is often called BYOD(bring your own device). You can choose to enroll devices via Android Enrollment API (AMAPI). For more information about work profiles, see Android Enterprise Work Profile.

    Corporate Personal

    On a Corporate Personal device, the organization manages the entire device but allocates a section (or container) for the user's personal apps and data. See Android Enterprise Corporate Personal for details.

  8. Select Next. The Groups tab opens.
  9. Choose if the enrollment requires authentication. No authentication means that devices can enroll without user verification. If you require authentication, select one of the following options:
    OptionDescription
    Password Type a single password for use across all devices that enroll with this policy.
    Directory Select to add directory groups. Choose a directory service from the list and use the Search Groups field to find a group. You can add a new directory service connection by selecting Manage Services. From the menu, choose Directory, Identity Provider, or SOTI Identity. See Identity Management for more information. Once you add the directory group, select a device group destination and applicable terms and conditions.
    Tip: Users must configure OpenID Connect (OIDC) in Microsoft Entra ID to make the configured directory visible in an enrollment policy. Additionally, the server URI for the SOTI MobiControl server on Microsoft Entra ID must be in this format:
    • https://{server name}/mc/duas/oauth/2.0/azure/handleAuthCode

    Where you replace {server name} with the name of your SOTI MobiControl server.

  10. Select Next. The Settings tab opens.
  11. Select from the available settings, then select Finish. You have created a new enrollment policy, and the Enrollment Policy Info page displays.
    Tip: This page lists policy details and device enrollment options. You can also choose how to install the agent on devices by using an available APK file or downloading an INI file. Configuring a QR code to enroll Android Enterprise devices is also an option.
  12. Select OK to complete the process.