Register your business with Gmail or G Suite
Select business-wide approved apps
Add or import users and create groups
Setup policies and assign users
Enroll devices (fully managed or work profile)
1) REGISTER YOUR BUSINESS (30 seconds)
Prerequisites:
- You need to have a TinyMDM account. If you didn’t sign up to TinyMDM free trial yet, do it now here.
- Since TinyMDM is officially approved as an Android EMM partner, we’re using the powerful Google EMM API: therefore you’ll need a Gmail or a G Suite account (to register as a company).
Before doing anything else, you first have to register your business.
- In the TinyMDM Dashboard, go to Enterprise approved apps and click on Register your company. You will be redirect to an Android For Work page in order to do so.
- Login with your corporate Gmail or G Suite account.
- Fill the form with your company information and click on Finish, you will be redirected back to the TinyMDM Dashboard.
Help resource: How to register your business
From the Enterprise approved app tab, select the apps that are going to be approved company-wide: public, private or web ones. Note: all the selected apps are going to be approved company-wide, but you’ll be able to adapt the list depending on the policies you’re setting up.
- Public apps: click on the Browse apps button and authorise as many apps as you want in a few clicks.
- Private apps: click on the Private apps button and upload private apps if needed (APK format).
- Web apps: click on the Web apps button and create your own web app by indicating a title and a URL; and customise its display and icon.
Help resources: How to approve public apps / Private apps / Web apps
Before giving your employees a managed device, you first have to register them via the “Users and Groups” tab. To create users, many options exist: you can do so one by one by clicking on Add a user, or import a csv list of users by clicking on Import users.
For each user, you can define:
– an email adress. Ex: john.doe@demo.com
– a name. Ex: John Doe
– a directory name (important to configure an email account for example). Ex: john.doe
– a group.
If you don’t want a user to be linked to an email address, you can click on Anonymous user. In this case, only its name will be required to create a user (see the tutorial Add “Anonymous” users using TinyMDM).
If you want users to receive an email with the QR code to enroll their device, you can tick Send an email to the user. In any case the QR code will still be permanently visible on the TinyMDM console.
All the created users appear as cards. If they haven’t already been affected to a policy, the No policy for the user message appears. You will need to create a policy from the Policies tab and affect one or multiple users before being able to enroll the devices linked to it.
Help resources: How to create users and groups, How to import users from a CSV file.
If you don’t need to have specific users (if the devices don’t belong to anyone in particular, or if you don’t need to push configurations linked to an email address, or if the devices are shared…), you can skip this step and use our multiple enrollment feature instead. This way, users will be created automatically each time a device is enrolled, and users will be named according to their own device ID.
The policy represents the security rules that you want to apply to the mobile devices. Note: in the App management section, you will find the enterprise approved apps selected earlier. You can decide to authorise or forbid some of these apps depending on the policy you’re creating.
- Go to EMM Policy tab, then click on Create a policy
- Select users, or groups of users, subjected to this policy (you can easily modify it whenever needed)
- Setup your tailor-made policy thanks to the different tabs available: security challenge settings, apps management, internet filtering level, physical tracking, wifi configuration…
Help resources: How to create a policy from scratch.
5) ENROLL A FULLY-MANAGED DEVICE or SETUP A WORK PROFILE
More info about the difference between a fully managed device and a work profile here.
Prerequisites:
- The device must be new or reset to factory settings.
- The device must be running Android 7.0 and higher (for devices running Android 6, refer to the enrollment via afw# code).
- [This enrollment method is not compatible with Huawei (EMUI 5 or less) and Xiaomi devices.]
1. On the first screen displayed at startup, tap six times in a row, anywhere on the screen (but six times in one spot), and wait a few seconds.
Note: even if the first screen is often the one where the language selection is made, it may vary according to the manufacturer of the device. Whatever the first screen is, the important thing is to tap six times on the initial screen, whatever it is.
2. The camera of the device opens: the QR code must be scanned (visible in the administration console, or by email if it has been sent to the end user). If the device doesn’t have a camera, you can display an enrollment token instead and type it in.
3. Connect to a Wi-Fi network and follow the steps of the configuration wizard.
4. The device automatically downloads TinyMDM. Click Begin and accept the Terms of Use.
5. The configuration defined in the security policy applies directly!
SETUP A WORK PROFILE ON A DEVICE ALREADY IN USE
Enabling a Work Profile is ideal for managing employee-owned devices (BYOD) or giving more freedom to employees using a company-owed device: it allows companies to manage the business data and apps, but leave everything else on the device under the user’s control. To setup a work profile on a device already in use:
– Download the TinyMDM app from the Play Store
– Open the app and choose the option “Work Profile”
– Follow the configuration wizard and accept the Terms of Use
Business-related apps managed by the Work Profile have a particular business icon setting them apart from personal apps. They are held in a secure container and depending on the policy, affected to the device, a secure password will be needed to access it.
The Play Store inside the Work Profile will only display the Enterprise approved apps, but users can access the Play Store as usual once outside the Work Profile.
