Enrollment Policy Wizard
Use the Enrollment Policy Wizard to create and edit enrollment policies for specific devices. For step-by-step instructions, see:
Creating an Android Classic Device Policy.
Creating an Android Enterprise Device Policy
Creating a Linux Device Policy
Creating a macOS Device Policy
Creating a tvOS Device PolicyImportant: The visibility of the options described
below depends upon the selected device.
General
| Description | Describe how or where users use policies. |
| Enterprise Bindings | For Android Enterprise, choose an account type (None, Managed, Domain). See Enterprise Bindings for more information. |
| MDM Profile Description | Enter a message for users as they enroll their device. |
| Name | Enter a name for the policy. Important: This field is mandatory. |
Device Type
| Device Type | Select one of the available management types for the enrollment policy: Work Managed, Work Profile, Corporate Personal. For more information, see Android Enterprise Devices. |
Groups
| Device Group Destination | Select the device group where you want to enroll the devices. |
| User Authentication for Enrollment | Choose if you want users to authenticate devices when enrolling them. This field is mandatory. You can authenticate either by password or by directory. |
Auto Enroll
| Android Migration | Displays the Android Migration pane in the Setup Assistant. |
| Appearance | Displays the Choose Your Look pane in the Setup Assistant for iOS 13 and later ADE devices. |
| Apple ID | Displays the Apple ID pane in the Setup Assistant. |
| Apple Pay | Displays the Apple Pay pane in the Setup Assistant. |
| Customized Enrollment | Mandatory for modern authentication and acceptance of terms and conditions (compatible with iOS 13 and later). |
| Diagnostics | Displays the Diagnostics pane in the Setup Assistant. |
| Display Tone | Displays the Display Tone pane in the Setup Assistant. |
| Enable Automated Device Enrollment | Choose if you want devices to be automatically enrolled using an Automated Device Enrollment account. |
| Express Language | Displays the Express Language pane in the Setup Assistant for iOS 13 and later ADE devices. |
| File Vault | Displays the FileVault pane in the Setup Assistant. This enables the device user to enable the automatic encryption of files. |
| Home Button Sensitivity | Displays the Home Button Sensitivity pane in the Setup Assistant. |
| iCloud Diagnostics | Displays the iCloud Analytics pane in the Setup Assistant. This enables the device user to choose whether to send diagnostic iCloud data to Apple. |
| iMessage and FaceTime | Displays the iMessage and FaceTimepane in the Setup Assistant for iOS 12.0 and later ADE devices. |
| Location Services | Displays the Location Services pane in the Setup Assistant. |
| OnBoarding | Displays the Onboarding pane in the Setup Assistant. |
| Passcode | Displays the Passcode pane in the Setup Assistant. |
| Preferred Language | Displays the Preferred Language pane in the Setup Assistant for iOS 13 and later ADE devices. |
| Prevent Un-enrollment | Prevents the device user from removing the MDM profile from the device. |
| Privacy | Displays the Privacy pane in the Setup Assistant for iOS 11.3 and later ADE devices. |
| Quick Start | Displays the Device to Device Migration pane in the Setup Assistant for iOS 13 and later ADE devices. |
| Registration | Displays the Registration pane in the Setup Assistant. This enables the device user to fill out a registration form and send it to Apple. |
| Require Enrollment | Automatically enrolls the device in SOTI MobiControl. The device user must enter their credentials for LDAP-based enrollment when running the Setup Assistant.. |
| Screen Time | Displays the Screen Time pane in the Setup Assistant for iOS 12.0 and later ADE devices. |
| Select an Automated Device Enrollment account | Select the account to perform Automated Device Enrollment. |
| Set up your Apple TV | Enables the setup pane and onscreen instructions for Apple TV devices. |
| Setup new or restore from backup | Displays of the Setup New or Restore from Backup pane in the Setup Assistant. |
| Shared iPad |
Enables Shared iPad for Business configurations for devices with the following:
Restriction: The Supervise Device
option is not required.
|
| Sign into your TV provider | The user signs in once with their TV provider account information to access all supported apps. |
| Sim Setup | Displays the SIM Setup pane in the Setup Assistant. |
| Siri | Displays the Siri pane in the Setup Assistant. |
| Software Update | Displays the Software Updates pane in the Setup Assistant for iOS 12.0 and later ADE devices. |
| Supervise Device | Enables device supervision over-the-air upon device
activation. These Apple devices are automatically supervised :
Tip: Turn on Supervised
Device for Apple operating systems that are
not listed.
|
| Sync Apple TV Home Screen Layout | The user can sync the home screen layout with another Apple TV device. |
| Terms and Conditions | Displays the Terms & Conditions pane in the Setup Assistant. |
| Touch Id | Displays the Touch ID pane in the Setup Assistant. |
| Wait until device is configured | Forces the device activation wizard on iOS 9.3 and later devices to wait until the MDM has finished fully configuring the device. Users can only use the device once it is fully configured. |
| Watch Migration | Displays the Watch Migration pane in the Setup Assistant. |
| Welcome | Displays the Get Started pane in the Setup Assistant for iOS 13 and later ADE devices. |
| Where is the Apple TV | Users can select a room for the Apple TV device. |
| Zoom | Displays the Zoom pane in the Setup Assistant. |
Settings
| Activate Declarative Device Management | Enable to activate the Declarative Device Management (DDM)
protocol (requires iOS 16+) on your devices. Restriction: You can not use this
setting to deactivate iOS devices that are already activated
with the DDM protocol. See Intro to declarative device management and Apple devices for details. |
| Activation Date | Specify the date that activates the policy. |
| Activation Time | Specify the time that activates the policy. |
| Cache Password | Caches the LDAP/ IdP password entered by the device user during enrollment for 10 minutes. During this time, profiles targeting the device with configurations requiring account credentials (Email, VPN, WiFi, etc.) include the cached password in the configuration. This avoids repeat prompting for the same credentials. |
| Criteria | Enable to define a criterion that applies at enrollment. To add a
criterion, select
Add. Define the enrollment criterion based on Value, Device Property, and Operator. You can add more than one criteria. A criterion resulting in enrollment denial takes precedence as the highest priority. Example If you add a criterion that denies all Samsung devices and then add another allowing specifically for Samsung (Fold), the denial criterion take precedence in determining the enrollment restriction. Making the Samsung (Fold) critreion inactive. Note: You must enable
Enrollment Restrictions to set a
criterion. |
| Customize iPad wallpaper | Set the wallpaper for iPad devices upon enrollment (requires iOS 8+ Supervision). If enabled, select image files as the home and lock screen wallpapers. |
| Customize iPhone wallpaper | Set the wallpaper for iPhone devices upon enrollment (requires iOS 8+ Supervision). If enabled, select image files as the home and lock screen wallpapers. |
| Deploy Latest Plugins to Device | Install plugins on your SOTI MobiControl instance before deploying them to the device. |
| Device Enrollment Limit | Set the maximum number of devices you can enroll using this
enrollment policy. Note: You must enable
Enrollment Restrictions to set a
device enrollment limit. |
| Draw Over Other Apps | Enables the display of content on top of other apps. |
| Enable Terms and Conditions | Enable this requirement to display to the user the terms and conditions at enrollment. |
| Enrolled Device Name | Select an identifier for the device. Select the gear icon to insert macros to autofill portions of the device name. |
| Enrollment Restrictions | Enable setting a Device Enrollment Limit or define a Criteria that applies at enrollment. |
| Manage Plugins | Use this window to add SOTI MobiControl Device Agents and plugins. Select add to select the device models you want to add new plugins and agents to. |
| Modify System Settings | Enable modification of system settings. |
| Notification Access | Enable to read all notifications posted by the system or any installed apps. |
| Preserve Device Location on Re-enrollment | SOTI MobiControl remembers the group membership of the device when it is re-enrolled. |
| Preserve Device Name on Re-Enrollment | When a deleted device is re-enrolled, SOTI MobiControl remembers the deleted assigned device's name. |
| Rule Tag | This tag embeds into device agents belonging to this policy. |
| Select a template for the Agent certificate | Select a template to issue device identity. Select Manage Certificate Authorities to configure certificate authorities and create dynamic certificate templates for each user and device. |
| Select the device user's Terms and Conditions | Select terms and conditions that users must accept at enrollment. |
| Set Deactivation Date | Specify the date and time to deactivate the policy. |
| Update Personalized Device Name | Enable the Personalized Device Name to update to match the name set in SOTI MobiControl. |
| Usage Access | Enables access to app history and collects detailed information. |