Enrolling Devices

Overview

To manage your devices, you must first enroll them into SOTI MobiControl. This establishes a connection between the SOTI MobiControl deployment server and the device. Once connected, the device is available through the SOTI MobiControl console where you can apply settings, collect data, install applications, and more.

The process of enrolling devices differs between different operating systems (see Managing Devices for the list of supported devices). Also, depending on the type of device, you may need to install a SOTI MobiControl device agent (see Device Agents for more details).

Note: When enrolling devices, SOTI MobiControl generates X.509 certificates that are MDMPP40:FCS_CKM.1.1 compliant for Android, Apple, Linux and Windows devices.

This section has the following topics:

Additional Enrollment Methods

SOTI MobiControl Stage

Scan barcodes to enroll devices with SOTI MobiControl Stage. It is available for Android Plus and Windows Mobile/CE devices (see Using SOTI MobiControl Stage).

Unified Enrollment

Unified enrollment provides an enrollment launch point common to all device manufacturers across a platform. It is available for Android Plus, iOS and Windows Modern devices (see Using Unified Enrollment).

SAML Enrollment With Azure AD Directory Service Connection (Android and iOS Only)

Enroll Android and iOS devices using a SAML 2.0 IdP connection (Azure or third-party) backed with an Azure AD directory service connection. Android and iOS devices enrolled in this way can be found in device searches and targeted for profile assignment.

Note: To see which IdPs other than Azure IdP can be configured with Azure AD see Azure AD Identity Provider Compatibility Docs.

SAML Enrollment Without Directory Service Connection (Android and iOS Only)

You can enroll Android and iOS devices using an Azure or a third-party IdP without an associated directory service connection. Android and iOS devices enrolled in this way can be found in device searches and targeted for profile assignment.

Note: SOTI MobiControl cannot regularly query the IdP for updated user information from devices enrolled using the SAML Enrollment Without Directory Service Connection enrollment method.

Enrolling rooted devices

SOTI MobiControl only supports devices where the digital protections added by the manufacturer are not circumvented. SOTI MobiControl detects rooted devices during or after enrollment. For Windows devices, users can enable the health attestation feature to detect rooted or insecure devices. This feature uses Microsoft services to perform various health and security audits on the devices, and based on the report, SOTI MobiControl flags the devices as compliant or non-compliant. A similar feature is available for Android devices.

Next Steps

After enrolling, you can choose to perform further operations on them such as Viewing Device Information or Performing Device Actions.