You have finally got around to enrolling an Android Device in Endpoint Manager. If you have not done it before it is a bit of a process. These are the following steps to get an Android device enrolled with screenshots.
Prerequisites to Enrolling Android Device in Endpoint
For the ability to Wipe a device the “Corporate- Owned device with Work Profile” must be set up. If you want to check out how to enroll using a Fully Managed Profile, go to part two of the article.
Getting the QR code
A profile has been set up to enroll devices (Android only now) with a QR code. The code is located here:
Click on the Work Profile You created.
And then token:
Here is the QR Code:
You can print this code out and have it ready when you need to enroll a mobile device.
Enrolling a Mobile Device
The mobile device you are enrolling must be set to factory defaults. If it is a brand-new phone this has been done already. If it is a phone that has never been enrolled in Endpoint Manager, it needs to be factory reset. If the phone is already enrolled in Endpoint Manager and you need to redeploy it to another user, also need to wipe the phone and re-enroll. The Device Name and Management Name field in the portal need to be changed to reflect the new user (See Renaming the Device and Description in Endpoint Manager)
- To begin enrolling, at the first screen you see when the phone is turned on, tap continuously in the center of the screen until you see the QR code scanner. Samsung S10 and above the QR code scanner is built in. If the phone is lower than an S10 you will have to install QR Code scanning software first. Scan the QR code mentioned above. The process will begin.
- Next you will be asked to connect to Wi-Fi. Connect
- Tap Next
- Tap agree,
- Uncheck the check box and Tap “Agree and Continue”.
- Sign the user in.
- Once you have signed in the user, tap “Install Apps”
- The following Apps are installed. Outlook for mobile and Teams will be installed after due to a configured and applied App Configuration Policy. Tap done.
- Tap “setup” to register the device.
- Tap “sign in” to for Intune.
- Sign in with the users’ credentials again.
- Tap “Register”.
- Tap “Next”
- Tap “Done”.
- Tap “Next”.
- If you want to add the users Google Account, you can do it here. If not, Tap “Skip”.
- Swipe up and tap “Accept”.
- Give the phone a passcode. I would use password as it is more secure.
- Check the first two radio buttons and tap “Agree”.
The phone is now set up in endpoint manager.
Renaming the Device and Description in Endpoint Manager
The device is now in endpoint manager. To view the Android devices that are enrolled go here in Endpoint Manager:
It looks like this:
The two fields you need to change are the Device name and Management name. When the device is first registered the fields are auto generated. Change them so it is easier to read and distinguish who the device belongs to. I changed the Device Name to <userId>_model_number (i.e., abc123_S22). Change the Management Name to <User_Full_Name> <Model Number> (i.e., John Doe S22)
Common Tasks Performed in Endpoint Manager
With the Corporate Owner with Work profile enable you can perform the following tasks:
Retire – Good for when person leaves company but wants to take the phone. It removes all company data and email profiles assigned through Intune but leaves personal data.
Wipe – For Mobile devices it resets the phone back to factory defaults. Good for a lost or stolen devices
Delete – Removes the device from Endpoint but does not remove company data
Remote Lock – Locks the phone. Good for when phone is lost but the user may know where it is.
Reset Work Profile Passcode – Locks the Work Profile on the phone. A temp password is generated in Endpoint manager that allows for the workspace to be unlocked. DOES NOT reset the passcode of the device. You still need to let the user know to NOT change the assigned device passcode.
Play Lost Device Sound – Good for when user misplaces phone but is sure it is nearby. The lost alert sound can be played from one to 5 minutes on the phone while the user looks for it.
The steps for enrolling iPhone device are similar but I have only been involved with Android device. When I work with some Apple devices.
Happy IT’ing
Dan