Register your business with Gmail or G Suite
Select business-wide approved apps
Add or import users and create groups
Setup policies and assign users
Enroll devices (fully managed or work profile)
1) REGISTER YOUR BUSINESS (30 seconds)
Prerequisites:
- You need to have a TinyMDM account. If you didn’t sign up to TinyMDM free trial yet, do it now here.
- Since TinyMDM is officially approved as an Android EMM partner, we’re using the powerful Google EMM API: therefore you’ll need a Gmail or a G Suite account (to register as a company).
Before doing anything else, you first have to register your business.
- In the TinyMDM Dashboard, go to Enterprise approved apps and click on Register your company. You will be redirect to an Android For Work page in order to do so.
- Login with your corporate Gmail or G Suite account.
- Fill the form with your company information and click on Finish, you will be redirected back to the TinyMDM Dashboard.
Help resource: How to register your business
From the Enterprise approved app tab, select the apps that are going to be approved company-wide: public, private or web ones. Note: all the selected apps are going to be approved company-wide, but you’ll be able to adapt the list depending on the policies you’re setting up.
- Public apps: click on the Browse apps button and authorise as many apps as you want in a few clicks.
- Private apps: click on the Private apps button and upload private apps if needed (APK format).
- Web apps: click on the Web apps button and create your own web app by indicating a title and a URL; and customise its display and icon.
Help resources: How to approve public apps / Private apps / Web apps
Before giving your employees a managed device, you first have to register them via the “EMM Users” tab. Here you can import a list of user via CSV file or add them one by one.
Important : Anonymous users
If you don’t want to link the User profile to someone’s particular email address (for example if the user profile is going to be shared by a team, or link to several devices), you can create what we call an Anonymous user. By doing so, you don’t have to give an email address, but you still have to enter a Directory name (an internal user ID/alias, used for email configuration for example, like “team1” or “salesteam.south”).
- To import a list of users (csv file):
Click on the Import your users button. Select a csv file with the following structure : <user_name>;<user_email>;<group_name>;<directory_name>;<is_anonymous :0 or 1>;
Example: John Doe;johndoe@mydomain.com;Sales;johndoe;0Here, to create an Anonymous user, enter 1 for <is_anonymous:1>. You can leave <user_email> empty (<;;>), but make sure to precise the <directory_name>.Example: Salesteam South;;Sales;salesteam.south;1 - To add your users one by one:
Click on Add EMM user, fill the form and click OK. Here, to create an Anonymous user, tick the Anonymous user checkbox. You will only be asked for the user’s Full name and Directory name.
Your users will then receive a QR code and a password via email that they will need to enroll their device later on (using either one). Please note that using the Anonymous user method, the devices will have to be enrolled by the administrator thanks to the QR code displayed on the TinyMDM Dashboard. But first, you need to create a policy!
Help resources: How to add a single user, How to import users from a CSV file.
The policy represents the security rules that you want to apply to the mobile devices. Note: in the App management section, you will find the enterprise approved apps selected earlier. You can decide to authorise or forbid some of these apps depending on the policy you’re creating.
- Go to EMM Policy tab, then click on Create a policy
- Select users, or groups of users, subjected to this policy (you can easily modify it whenever needed)
- Setup your tailor-made policy thanks to the different tabs available: security challenge settings, apps management, internet filtering level, physical tracking, wifi configuration…
Help resources: How to create a policy from scratch.
5) ENROLL A FULLY-MANAGED DEVICE or SETUP A WORK PROFILE
More info about the difference between a fully managed device and a work profile here.
Prerequisites:
- The device must be new or reset to factory settings.
- The device must be running Android 7.0 and higher (for devices running Android 6, refer to the enrollment via afw# code).
- [This enrollment method is not compatible with Huawei (EMUI 5 or less) and Xiaomi devices.]
1. On the first screen displayed at startup, tap six times in a row, anywhere on the screen (but six times in one spot), and wait a few seconds.
Note: even if the first screen is often the one where the language selection is made, it may vary according to the manufacturer of the device. Whatever the first screen is, the important thing is to tap six times on the initial screen, whatever it is.
2. The camera of the device opens: the QR code must be scanned (visible in the administration console, or by email if it has been sent to the end user).
3. Connect to a Wi-Fi network and follow the steps of the configuration wizard.
4. The device automatically downloads TinyMDM. Click Begin and accept the Terms of Use.
5. The configuration defined in the security policy applies directly!
SETUP A WORK PROFILE ON A DEVICE ALREADY IN USE
Enabling a Work Profile is ideal for managing employee-owned devices (BYOD) or giving more freedom to employees using a company-owed device: it allows companies to manage the business data and apps, but leave everything else on the device under the user’s control. To setup a work profile on a device already in use:
– Download the TinyMDM app from the Play Store
– Open the app and choose the option “Work Profile”
– Follow the configuration wizard and accept the Terms of Use
Business-related apps managed by the Work Profile have a particular business icon setting them apart from personal apps. They are held in a secure container and depending on the policy, affected to the device, a secure password will be needed to access it.
The Play Store inside the Work Profile will only display the Enterprise approved apps, but users can access the Play Store as usual once outside the Work Profile.
