1) REGISTER YOUR BUSINESS (30 seconds)

Prerequisites:
- You need to have a TinyMDM account. If you didn’t sign up to TinyMDM free trial yet, do it now here.
- Since TinyMDM is officially approved as an Android EMM partner, we’re using the powerful Google EMM API: therefore you’ll need a Gmail or a G Suite account (to register as a company). If you don’t have one, you can create one here.

Before doing anything else, you first have to register your business.

  1. In the TinyMDM Dashboard, go to Enterprise approved apps and click on Register your company. You will be redirect to an Android For Work page in order to do so.
  2. Login with your corporate Gmail or G Suite account.
  3. Fill the form with your company information and click on Finish, you will be redirected back to the TinyMDM Dashboard.

Help resource: How to register your business

2) SELECT YOUR BUSINESS-WIDE APPROVED APPS (5 minutes)

Prerequisites: none

From the Enterprise approved app tab, select the apps that are going to be approved company-wide: public, private or web ones. Note: all the selected apps are going to be approved company-wide, but you’ll be able to adapt the list depending on the policies you’re setting up.

  1. Public apps: click on the Browse apps button and authorise as many apps as you want in a few clicks.
  2. Private apps: click on the Private apps button and upload private apps if needed (APK format).
  3. Web apps: click on the Web apps button and create your own web app by indicating a title and a URL; and customise its display and icon.
app management

Help resources: How to approve public apps for your business & How to deploy your own private app / web app

3) CREATE OR IMPORT USERS (60 seconds)

Prerequisites: none

Before giving your employees a managed device, you first have to register them via the “EMM Users” tab. Here you can import a list of user via CSV file or add them one by one.

Important : Anonymous users
If you don’t want to link the User profile to someone’s particular email address (for example if the user profile is going to be shared by a team, or link to several devices), you can create what we call an Anonymous user. By doing so, you don’t have to give an email address, but you still have to enter a Directory name (an internal user ID/alias, used for email configuration for example, like “team1” or “salesteam.south”).

  1. To import a list of users (csv file):
    Click on the Import your users button. Select a csv file with the following structure : <user_name>;<user_email>;<group_name>;<directory_name>;<is_anonymous :0 or 1>;
    Example: John Doe;johndoe@mydomain.com;Sales;johndoe;0Here, to create an Anonymous user, enter 1 for <is_anonymous:1>. You can leave <user_email> empty (<;;>), but make sure to precise the <directory_name>.Example: Salesteam South;;Sales;salesteam.south;1
  2. To add your users one by one:
    Click on Add EMM user, fill the form and click OK. Here, to create an Anonymous user, tick the Anonymous user checkbox. You will only be asked for the user’s Full name and Directory name.

Your users will then receive a QR code and a password via email that they will need to enroll their device later on (using either one). Please note that using the Anonymous user method, the devices will have to be enrolled by the administrator thanks to the QR code displayed on the TinyMDM Dashboard. But first, you need to create a policy!

Help resources: How to add a single user, How to import users from a CSV file.

4) CREATE A POLICY (5 minutes)

Prerequisites: none

The policy represents the security rules that you want to apply to the mobile devices. Note: in the App management section, you will find the enterprise approved apps selected earlier. You can decide to authorise or forbid some of these apps depending on the policy you’re creating.

  1. Go to EMM Policy tab, then click on Create a policy
  2. Select users, or groups of users, subjected to this policy (you can easily modify it whenever needed)
  3. Setup your tailor-made policy thanks to the different tabs available: security challenge settings, apps management, internet filtering level, physical tracking, wifi configuration…
create a policy

Help resources: How to create a policy from scratch.

5) ENROLL A FULLY-MANAGED DEVICE or SETUP A WORK PROFILE

Prerequisites:
- To setup a fully managed device: new or freshly factory reset Android device, version is 5.0 or newer
- To setup a work profile on a device already in use: Android version 5.0 or newer

More info about the difference between a fully managed device and a work profile here.

ENROLL A NEW DEVICE (FULLY MANAGED)

The enrollment process can usually be done by the final user since he received by email a QR code/password and a link explaining how to do so. Remember, in the case of an Anonymous user, the enrollment must be done by the administrator.

  1. Switch on your new device (first use), or perform a factory reset and restart your device.
  2. Follow the configuration Wizard (startup screen, connect to the wifi, etc. depending of the model). Note: on the “Copy apps & data” screen, choose not to copy data by clicking on “Don’t copy”.
enrollment TinyMDM 1
enrollment TinyMDM 2
enrollment TinyMDM 3
enrollment TinyMDM 4

 

  1. On the Google sign in page, enter the code afw#tinymdm instead of an email address.
sign in with code afw#tinymdm

 
 

  1. Android Enterprise will offer you to Install TinyMDM: click on Install and Accept & continue.
Android enterprise
install TinyMDM
install TinyMDM 2

 

  1. Choose the Google services you want to accept (no impact on TinyMDM)
Google services

 

  1. Configure TinyMDM : Click on Begin and Accept the Terms of Use
TinyMDM begin
TinyMDM terms of use

 

  1. When asked, enter your credentials (received by email) or scan the QR code to log in.
login TinyMDM

 

  1. You’re ready to go ! Depending on the policy defined earlier, you might be prompt to choose a compliant password.
TinyMDM congratulations
Change the password TinyMDM

SETUP A WORK PROFILE ON A DEVICE ALREADY IN USE

Enabling a Work Profile is ideal for managing employee-owned devices (BYOD) or giving more freedom to employees using a company-owed device: it allows companies to manage the business data and apps, but leave everything else on the device under the user’s control. To setup a work profile on a device already in use:

– Download the TinyMDM app from the Play Store
– Open the app and choose the option “Work Profile”
– Follow the configuration wizard and accept the Terms of Use

fully managed or work profile
setup work profile
welcome_TinyMDM
TinyMDM terms of use

Business-related apps managed by the Work Profile have a particular business icon setting them apart from personal apps. They are held in a secure container and depending on the policy, affected to the device, a secure password will be needed to access it.

The Play Store inside the Work Profile will only display the Enterprise approved apps, but users can access the Play Store as usual once outside the Work Profile.

work profile tinymdm