- You need to have a TinyMDM account. If you didn’t sign up to TinyMDM free trial yet, do it now here.
- Since TinyMDM is officially approved as an Android EMM partner, we’re using the powerful Google EMM API: therefore you’ll need a Gmail or a G Suite account (to register as a company).
Before doing anything else, you first have to register your business.
- In the TinyMDM Dashboard, go to Enterprise approved apps and click on Register your company. You will be redirect to an Android For Work page in order to do so.
- Login with your corporate Gmail or G Suite account.
- Fill the form with your company information and click on Finish, you will be redirected back to the TinyMDM Dashboard.
Help resource: How to register your business
From the Enterprise approved app tab, select the apps that are going to be approved company-wide: public, private or web ones. Note: all the selected apps are going to be approved company-wide, but you’ll be able to adapt the list depending on the policies you’re setting up.
- Public apps: click on the Browse apps button and authorise as many apps as you want in a few clicks.
- Private apps: click on the Private apps button and upload private apps if needed (APK format).
- Web apps: click on the Web apps button and create your own web app by indicating a title and a URL; and customise its display and icon.
Before giving your employees a managed device, you first have to register them via the “EMM Users” tab. Here you can import a list of user via CSV file or add them one by one.
Important : Anonymous users
If you don’t want to link the User profile to someone’s particular email address (for example if the user profile is going to be shared by a team, or link to several devices), you can create what we call an Anonymous user. By doing so, you don’t have to give an email address, but you still have to enter a Directory name (an internal user ID/alias, used for email configuration for example, like “team1” or “salesteam.south”).
- To import a list of users (csv file):
Click on the Import your users button. Select a csv file with the following structure : <user_name>;<user_email>;<group_name>;<directory_name>;<is_anonymous :0 or 1>;
Example: John Doe;firstname.lastname@example.org;Sales;johndoe;0Here, to create an Anonymous user, enter 1 for <is_anonymous:1>. You can leave <user_email> empty (<;;>), but make sure to precise the <directory_name>.Example: Salesteam South;;Sales;salesteam.south;1
- To add your users one by one:
Click on Add EMM user, fill the form and click OK. Here, to create an Anonymous user, tick the Anonymous user checkbox. You will only be asked for the user’s Full name and Directory name.
Your users will then receive a QR code and a password via email that they will need to enroll their device later on (using either one). Please note that using the Anonymous user method, the devices will have to be enrolled by the administrator thanks to the QR code displayed on the TinyMDM Dashboard. But first, you need to create a policy!
The policy represents the security rules that you want to apply to the mobile devices. Note: in the App management section, you will find the enterprise approved apps selected earlier. You can decide to authorise or forbid some of these apps depending on the policy you’re creating.
- Go to EMM Policy tab, then click on Create a policy
- Select users, or groups of users, subjected to this policy (you can easily modify it whenever needed)
- Setup your tailor-made policy thanks to the different tabs available: security challenge settings, apps management, internet filtering level, physical tracking, wifi configuration…
Help resources: How to create a policy from scratch.
More info about the difference between a fully managed device and a work profile here.
The enrollment process can usually be done by the final user since he received by email a QR code/password and a link explaining how to do so. Remember, in the case of an Anonymous user, the enrollment must be done by the administrator.
- Switch on your new device (first use), or perform a factory reset and restart your device.
- Follow the configuration Wizard (startup screen, connect to the wifi, etc. depending of the model). Note: on the “Copy apps & data” screen, choose not to copy data by clicking on “Don’t copy”.
- On the Google sign in page, enter the code afw#tinymdm instead of an email address.
- Android Enterprise will offer you to Install TinyMDM: click on Install and Accept & continue.
- Choose the Google services you want to accept (no impact on TinyMDM)
- When asked, scan the QR code of the managed-user account or enter its login credentials (received by email) or . Note: do not enter the TinyMDM admin credentials.
- You’re ready to go ! Depending on the policy defined earlier, you might be prompt to choose a compliant password.
Enabling a Work Profile is ideal for managing employee-owned devices (BYOD) or giving more freedom to employees using a company-owed device: it allows companies to manage the business data and apps, but leave everything else on the device under the user’s control. To setup a work profile on a device already in use:
– Download the TinyMDM app from the Play Store
– Open the app and choose the option “Work Profile”
Business-related apps managed by the Work Profile have a particular business icon setting them apart from personal apps. They are held in a secure container and depending on the policy, affected to the device, a secure password will be needed to access it.
The Play Store inside the Work Profile will only display the Enterprise approved apps, but users can access the Play Store as usual once outside the Work Profile.