Frequently asked questions.
Find the answer you're looking for.
GENERAL
TinyMDM is a cloud-based Mobile Device Management solution, here to reduce the threat of data security and help boosting the workforce productivity by providing a centralised control of Android devices for end-users.
Yes, we offer a 30-day free trial without any hidden fees nor obligation to buy. Click here to create an account and start the free trial with all features available (no credit card required).
TinyMDM is an official Android EMM partner, and hence authorized to use the powerful Google EMM API. Being a specialist of Android mobile device management allows us to run perfectly on all Android devices (6 and newer), and to encourage and help businesses reduce their costs (Android devices are cheaper, and thus a more compelling option).
Android for Work provides additional management features and a secure company container for your Android devices. This unifies Android management by removing device manufacturer differences and offers the same management features for all Android devices.
If you purchase your Android devices from an official Zero Touch Android reseller, this reseller will setup a Zero Touch account for your organization and import the devices ID. TinyMDM supports the Zero Touch, i.e. once you have selected TinyMDM as your EMM solution from your Android Zero Touch account, the devices will be enrolled straight out of the box, with no action needed from the end-user, and they will respect the security policies you have defined on TinyMDM.
The impossibility to deploy paid applications though an MDM solution is a restriction decided by the Google services (Android for work). To work around it, you can reach out to the developers of the apps you’re interested in deploying for licensing options. You can ask the developers to make a version of the app downloadable without upfront payment, which unlocks with a license key that can be pushed via a managed configuration. Or you can agree to licensing externally and they supply an APK file that you can upload as a private app with TinyMDM.
TinyMDM DASHBOARD
Once your TinyMDM account is created, you first have to register your business through the dashboard (go to "EMM Enterprise" tab and click on "Register your business"). Then, you will be able to create or import users. They will receive a QR code and a password via email that they will need to enroll their device later on, using either one. The last step is to create a policy and affect it to some users: it's the rules that will be applied to their mobile devices. Setup a tailor-made policy depending on work profiles thanks to the different features available: Security challenge settings, Apps management, Internet filtering level, Geolocation…
For more information about the first steps to follow, check out our QUICK START guide.
In the EMM Enterprise tab, you will get to choose which apps are approved by your company, at a global level: select public apps that are going to be authorised, or deploy your own private app or web app. To learn more about App management, check out our tutorials.
The policy represents the security rules that you want to apply to the mobile devices (security challenge settings, apps management, internet filtering level, physical tracking…). You can create as many policies as you want and affect them to different work profiles. For example, create a tailor made policy named "Sales" and apply it to all the users on your sales team.
Before giving your employees a managed device, you first have to register them via the “Users” tab. From there, you can add your users one by one or directly import a list of users via CSV file (more info about importing users here).
A user profile is usually linked to a natural person (ex: John Doe), using one or several devices. For example, you can create the user "John Doe" using his email address and apply the Policy "Sales" to it: the policy rules will be applied to all of John Doe's devices.
If you don't want to link the user profile to a natural person but let's say to a group or a place (if the User ID is going to be shared by several people), you can create an "Anonymous user". For example, you can create the user "Room 1" (with no email, just a name) and apply the Policy "Meeting room" to it: the policy rules will be applied to all devices linked to the user "Room 1". More information about Anonymous Users here.
The Admin code, or rescue code, is used to unblock a user in several cases:
- If a user wants to force the factory reset of a device when it has been prohibited in the policy, the admin code will be requested.
- If a user wants to leave the Kiosk mode by clicking on the admin button "Exit Kiosk" from the device, the admin code will be asked.
- If a user wants to activate the Wi-Fi connection from the device while Wi-Fi has been disabled in the security policy, the admin code will be requested.
PRICING AND SUBSCRIPTION
MDM solutions are always either very complex and expensive, or affordable but with very limited functionalities. TinyMDM is the most cost-efficient MDM solution: both classic and advanced functionalities are available for $22 / year / device. Prices in € are visible here.
You can clic on "Get a custom quote" here and after filling out the form to specify your number of devices, you will get an answer within 1 business day.
You can be billed annually ($22 / device), or monthly ($2.20 / device) if you want more flexibility. In both cases, you will receive your bill by email. Your bill is based on the number of devices in your account, meaning you only pay for what you’re using. You can add additional devices at any time and only pay a prorated fee. Example: if you subscribe with an annual subscription on the 1st of January 2019 and enroll 20 devices, you will be charged $440 for a year (20*$22). However if you need to add 5 devices from the 1st of October 2019, you will only pay a prorated fee for those 5 devices until your next bill, the 1st of January 2020. More information about our prices here.
At the end of the free trial, you can subscribe to TinyMDM CLASSIC plan (billed annually) or FLEXIBLE plan (billed monthly) through your console: log in to your account and click on the My Account tab. You will be asked for the number of devices you want to add to your accoun. You'll be able to add more devices whenever you want and only pay a prorated fee. You can find more info here.
You can unsubcribe whenever you want and your bill won't be renewed, but all sales are final.
Find out the payment methods accepted here.
You can pay in USD, CAN or GBP. More information can be found here.
We believe in straight-forward, transparent pricing. We don’t charge extra fees for account setup, onboarding, training, or technical support.
MANAGEMENT MODE
Enterprises need to manage a wide range of devices, including corporate-owned devices, employee-owned devices, and sometimes a mix of corporate-owned / personally-enabled devices. With all of these different levels of ownership, businesses need to make sure business apps and data are safe on any device used for work, no matter who owns the device. With TinyMDM, IT administrators can choose to setup a fully managed profile to keep a full control of the device; or simply create a work profile to separate business and personal data on a personal device. More info about the difference between these two management options here.
Switch on the new device (first use), or perform a factory reset and restart it. If the device runs with Android 7 or more, when the device starts, tap six times in the middle of the first screen. That will open the camera, allowing you to scan the QR code (generated from the console). Then you just need to follow the configuration Wizard, accept the installation and terms of use of TinyMDM and the device will be enrolled. For a more detailed step by step tutorial click here. If the device runs with Android 6, follow the configuration Wizard (startup screen, connect to the wifi, etc. depending on the model). On the Google sign in page, enter the code afw#tinymdm instead of an email address. Android Enterprise will offer to install TinyMDM: click on Install and Accept and continue. Then, simply enter your credentials or scan your QR code (both received by email). All the screenshots are provided in order to guide you step by step here.
To delete a fully managed device from your TinyMDM console, go on the Devicestab and click on the top right of the device's card. Then, you just have to click on Wipe the device. The card will be deleted from the console and a factory reset will automatically be done on the device.
Setting up a Work Profile allows organizations to manage business data and business apps in a secure container, leaving everything else under the user’s control (personal accounts, personal apps and private data are separated). Work profiles allow an IT department to securely manage a work environment without restricting users from using their device for personal apps and data. It's ideal for managing employee-owned devices (BYOD), or even company-owned / personally-enabled devices (COPE) if the end-user needs more freedom.
To enroll a device using this mode, download the TinyMDM app from the Playstore and choose the option "Setup a work profile". Then follow the steps, and at the end a secure containerization will be created on the device. More info about how to setup a Work Profile here.
To delete a work profile on a personal device, go on the Devices tab and click on the top right of the device's card. Then, you just have to click on Wipe work profile. The secured container will disappear and all the corporate data will be deleted from the device.
SECURITY
As per our terms of service, TinyMDM guarantees an SLA of 99% monthly uptime. In case of exceptional scheduled maintenance, you will be notified 3 days before the beginning of the maintenance.In case of failure or if the SLA is less than 99% monthly uptime, you will be able to ask for a partial or total refund of the fees corresponding to the period of the failure time. At most the total amount paid per month can be reached for an incident in the relevant month.
As per monitoring our error rates or threats against our system, we are automatically alerted when/if:
- There is an unusual request influx (Email and SMS Alert)
- There is an error on an Android device or in the backend (Error log with Alert by Email and SMS)
- Errors are monitoring via AWS cloudwatch service
- Data access is subject to a strict access policy : Only authorized members of the staff have access to the database through a well-defined security policy : credentials changed frequently, only authorized IP can access, two-step authentication method.
- All our instances expose only the strict necessary protocol. Remote access for authorized members of the staff is protected by a private/public key connection and by an authorized ip group.
- Customer login notification including the IP address to our customers when someone logs in his account, to warn the user in case of password hacking.
- Captcha and complexity of password are mandatory
- Backup of databases is performed every day over a two month window for security reasons in case of data loss. Backups are hosted on amazon's S3 service, so there is a logical partition for this archived data.
- The database is subject to classic security measures (server not directly accessible by internet, only authorized backend servers can access the database.
- We are protected against DDOS threats
- Abnormal requests are monitored
COMMON MISTAKES
Please make sure that the package ID of your private app is unique and doesn't already exist on the Playstore. For example, Gmail package ID on the PlayStore is "id=com.google.android.gm", so you won't be able to deploy a private app with the same package ID. If this happens to you, please ask your developer to rename the package and try again to upload your private app. More info about deploying a private app here.
A web application needs Chrome to be able to work since it uses internet. It is therefore essential that Chrome is authorized and installed on the device from the security policy for the web app to work. In Kiosk mode, however, you can choose to "hide" Chrome so that the user can not access it, and only the web app is accessible. More info here.
When you try to enroll a device by scanning a QR code and get the error message "Login error: Your device does not have an assigned security policy", it's because the user you're trying to link the device to doesn't belong to any policy. The administrator first has to create a policy, add users to it, and only then enroll devices.
When trying to enroll a device, if the Google Play Services update stays incomplete, there can be an error message. First you need to check your Wi-Fi connection. If your device is correctly connected to the Wi-Fi and the problem recurs, click on "Report error". We will collect the data and a technical expert will come back to you once we have isolated the causes of the error.
In order to use TinyMDM on devices connected to a network protected by a firewall, some settings are necessary. Indeed, our application uses Google’s FCM notification system, like most Android apps. You can find how to set your firewall for TinyMDM to work here.
Once your files are imported into the TinyMDM dashboard and shared to devices from the security policy, they will appear in Downloads, as well as in applications that allow the file to be read. For example, you will be able to find PDF documents both in Downloads and in an application such as Adobe Reader.
If your devices remain offline for 270 consecutive days (about 9 months), they will be automatically deleted from Android Enterprise by Google. As a result, the devices will no longer receive any notifications from Google (installation/uninstallation/application updates...) and you will be required to factory reset and re-enroll them in order for them to be registered again in Android EMM. This is a limit set by Google which is subject to change and for which TinyMDM cannot be held responsible.
If you see a pop-up on your device such as "Remote Control Request" or "Authorization Required" that asks you to access settings to enable TinyMDM overlay on other applications, it is necessary to authorize it for certain features to work properly. You will only see this pop-up if you enable one of the following three features for the first time on the device: remote view or control, speed management, or the floating home button in kiosk mode. Once this overlay permission has been approved, the pop-up will no longer appear on the device.
As the managed Play Store is managed by the Google Services and not directly by TinyMDM, it has a different domain name to the rest of the console. Because of this, some browsers or extensions may block access to this page. We therefore invite you to authorise access to the play.google.com domain from your browser or extension, then refresh your page to regain access to the managed Play Store.