New Android Enterprise Enrollment Flows

New Android Enterprise Enrollment Flows

This post was originally published on this site ---

The latest release of the VMware AirWatch Admin Console – AirWatch v9.1 boasts impressive new Android enterprise enrollment flows. While new functionality is always exciting, evaluating all of the options can be a bit confusing and overwhelming. What’s an admin to do? Today’s post looks at the currently available enterprise-focused Android enrollment options through the lens of a “Wizard of Oz” analogy. Relating the enrollment flows to the familiar characters in Dorothy’s squad will hopefully make the options easier to remember, and therefore easier to evaluate.

The wonderful wizard of android enterprise enrollment banner

Android Enterprise Enrollment Flows

Each Android device in your organization’s deployment requires enrollment to communicate with AirWatch and access network resources. Android has two enterprise-focused enrollment modes: Work Managed Device enrollment and Work Profile enrollment. This section explains the various enrollment workflows, compares them to the Wizard of Oz, and provides the  steps for the enrollment workflows introduced in the latest AirWatch Console release.


Android Enterprise Modes

Before going  into specific configurations and how-to steps, it is really important to understand the available enterprise modes for Android devices. Since the modes are as different as Kansas and Oz, use your organization’s device ownership structure to determine the best fit.Android Enterprise Enrollment Modes Comparison
In this analogy, I think of the personal side of the device as Kansas, and the work side of the device as Oz. Devices in Work Profile mode live in two worlds at once, but devices in Work Managed mode are all Oz, all the time. See Understanding Android Enterprise Device Modes for more information. Warning, fancy analogy not included in reference material.

We’re Not in Kansas Anymore – Work Profile Device Enrollment

Work Profile enrollment, also known as Profile Owner, is one of the older enterprise enrollment flows. It secures a connection between Android devices and your AirWatch environment. The process begins by downloading the AirWatch agent from the Google playstore. Then, the AirWatch Agent facilitates enrollment. Once enrolled, access relevant information and manage devices in real-time.


Dorothy and Work Profile Enrollment

For me, the post-enrollment device bears a strong resemblance to our tornado hopping friend – Dorothy Gale. In the Wizard of Oz, Dorothy experiences a dual reality. **SPOILER ALERT** At the same time she is in Kansas, she is also in Oz (in her dreams). In a similar way, a device enrolled into the work profile has a dual persona, because it exists as a work device and a personal device.

To review the enrollment procedure, see Enrolling Android Devices into Work Profile Mode.


We’re Off to See the (Android Setup) Wizard – Work Managed Device Enrollment

In situations where devices require strict monitoring and management, use the work managed device mode to provision devices with the data necessary to maintain end-user productivity.
There are several ways to enroll Work Managed devices. However, each option makes use of the Android Setup Wizard in some capacity. Since these workflows all rely on a wizard, I thought immediately of Dorothy’s pals, who also relied on a wonderful wizard.

Lions, and Tinmen, and Scarecrows, Oh My!

Each of the available work managed enrollment workflows exhibits a behavior that reminds me of a specific member of Dorothy’s crew. This section explains the available options, and follows the explanation with a brief Wizard of Oz comparison.

“If I only had a brain” – AirWatch Relay with NFC Bump

The AirWatch Relay enrollment method is one of the older enterprise enrollment options. It involves the admin downloading and using the AirWatch Relay application to stage Android devices. Enrollment gets completed in two steps referred to as a NFC bump. Bump one configures region, Wi-Fi, and any applicable advanced settings that apply to all the devices in your fleet. Bump two configures the enrollment settings and automates the enrollment process.


Scarecrow and AirWatch Relay Enrollment

The Scarecrow’s famous refrain is “if I only had a brain,” but ironically, he was the wisest of all of his friends. In a similar bit of irony, relay enrollment is almost a completely brainless experience for end-users. However, the actual enrollment procedure is more complicated than any of the others. How can this be? Well, relay enrollment is a staging enrollment. This means you, the IT admin, enroll the device for the end user.

To review the enrollment procedure, see Provisioning Work Managed Device with AirWatch Relay.

“If I Only had a Heart” – AirWatch Identifier

AirWatch Identifier is one of the new enrollment methods introduced in AirWatch Console v9.1. It simplifies the enrollment procedure for administrators by having end users enter a simple identifier, or hash value that pulls the AirWatch Agent to their devices.


Tinman and AirWatch Identifier

The Tinman’s famous refrain is “If I only had a heart.” In a twist of irony that makes him a perfect foil to the Scarecrow, Tinman has the most heart out of all his companions. I compare AirWatch Identifier enrollment to the Tinman, because this workflow requires the end user to have some heart. While there is a staging configuration available for this workflow, the basic workflow involves the end-user entering a number of inputs. While the information they need to remember isn’t exactly rocket science, they will have to care enough to read the email they get that has the AirWatch Identifier in it.

“I even scare myself” – QR Code

QR code based enrollment is another method introduced in AirWatch Console v9.1. It sets up and configures Work Managed Device mode by scanning a QR code from the setup wizard. This enrollment flow is ideal for an admin staging multiple devices before deploying to users or for end users enrolling their own devices with the QR code provided by an IT admin.


QR’dly Lion and QR Code Enrollment

This enrollment flow analogy is a bit of a stretch, and I’ll be honest, I really just like the turn of phrase QR’dly Lion. However, for those of you who need a better reason, here’s a what I came up with. The Cowardly Lion’s willingness to take action despite suffering from crippling fear makes him the bravest of them all. Therefore, the QR code is for an admin who is afraid of their end-users messing up the enrollment process, but who isn’t going to let that stop them from giving devices to end-users. The QR code makes enrollment pretty user-friendly, so fear not! This workflow only requires a tiny amount of bravery.

Getting Started with Android Enterprise Enrollment

Android Enterprise Enrollment Flow Requirements

Before deploying Android devices, meet the Requirements for Deploying Android.To simplify the available information, everything relevant to Android Enterprise is compiled into the table below. 


Android Enterprise Enrollment Flow Requirements

AirWatch Identifier Enrollment for Work Managed Devices

To enroll using the AirWatch Identifier:

  1. On a factory reset device, tap Get Started.
  2. Establish a Wi-Fi connection on the device.
  3. When prompted to add a Google account, enter the identifier afw#airwatch.
  4. The setup wizard pulls the AirWatch Agent from the Google Play Store to the device.
  5. Tap Install, beginning installation. When complete, the Agent opens.
  6. Select an Authentication Method to continue enrollment. There are two options:
    Email AddressUses an user email addresses autodiscovery system to enroll devices to environments and organization groups (OG). For example, end users enter [email protected] or Server DetailsYour organization’s unique enrollment environment and the Group ID that associates devices with the appropriate corporate role..
  7. Follow the remaining prompts to complete enrollment.
  8. Post-enrollment, profiles and applications begin pushing to the device.
  9. Navigate to Devices > Details View > Summary and view the Security section of the page to view the installation status. A green check indicates success.

QR Code Enrollment for Work Managed Devices

To enroll using a QR Code:

  1. Power on the device.
  2. When prompted by the setup wizard, tap the Welcome screen six times in the same place.
  3. Connect to Wi-Fi.
  4. The setup wizard downloads a QR code reader app which automatically starts once download completes.
  5. Scan the QR code.
  6. The setup wizard downloads the AirWatch Agent configured with Server URL and Group ID information.
  7. Enter the user credentials.
  8. Follow the remaining prompts to complete enrollment.
  9. Post-enrollment, profiles and applications begin pushing to the device.
  10. Navigate to Devices > Details View > Summary and view the Security section of the page to view the installation status. A green check indicates success.

The post New Android Enterprise Enrollment Flows appeared first on VMware End-User Computing Blog.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.