Enrolling Devices

Overview

To manage your devices, you must first enroll them into SOTI MobiControl. This establishes a connection between the SOTI MobiControl deployment server and the device. Once connected, the device is available through the SOTI MobiControl console where you can apply settings, collect data, install applications, and more.

Device enrollment differs between operating systems - see Managing Devices for the list of supported devices. Depending on the device, you may need to install a SOTI MobiControl Device Agent.

Note: When enrolling devices, SOTI MobiControl strives to generate X.509 certificates that are MDMPP40:FCS_CKM.1.1 compliant for Android, Apple, Linux and Windows devices.

This section contains the following topics and folders:

Additional Enrollment Methods

SOTI MobiControl Stage

Scan barcodes to enroll your devices with SOTI MobiControl Stage. It is available for Android Plus and Windows Mobile/CE devices. See Using SOTI MobiControl Stage for more information.

Unified Enrollment

Unified enrollment provides an enrollment launch point common to all device manufacturers across a platform. It is available for Android Plus, iOS and Windows Modern devices. See Using Unified Enrollment for more information.

SAML Enrollment With Azure AD Directory Service Connection (Android and iOS Only)

You can enroll Android and iOS devices using a SAML 2.0 IdP connection (Azure or third-party) backed with an Azure AD directory service connection. Android and iOS devices that have been enrolled in this way can be found in device searches and can be targeted for profile assignment.

To see which IdPs other than Azure IdP can be configured with Azure AD, select here.

SAML Enrollment Without Directory Service Connection (Android and iOS Only)

You can enroll Android and iOS devices using an Azure or third-party IdP without an associated directory service connection. Android and iOS devices that have been enrolled in this way can be found in device searches and can be targeted for profile assignment.

Note: When devices are enrolled in this way, SOTI MobiControl cannot regularly query the IdP for updated user information.

Enrolling rooted devices

SOTI MobiControl only supports devices where the digital protections added by the manufacturer are not circumvented. SOTI MobiControl detects rooted devices during or after enrollment. For Windows devices, users can enable the health attestation feature to detect rooted or insecure devices. This feature uses Microsoft services to perform various health and security audits on the devices, and based on the report, SOTI MobiControl flags the devices as compliant or non-compliant. A similar feature is available for Android devices.