Enrolling an Android Device in Endpoint MDM Part 2

This is how you can be enrolling an android device in Endpoint with corporate-owned, fully managed user device. These are the following steps to get an Android device enrolled with screenshots. If you need a refresher on how do enroll a device with a personal device with a work profile, please check out Part 1.

Prerequisites to Enrolling an Android Device in Endpoint

Like mentioned above, the proper profile must be set-up.

Getting the QR code

A profile has been set up to enroll devices (Android only now) with a QR code. The code is located here:

Since this profile is different then the others it shows up different. One the setting is toggled on you will see a QR code similar to what you see above.

Here is the QR Code:

You can print this code out and have it ready when you need to enroll a mobile device.

Enrolling a Mobile Device

The mobile device you are enrolling must be set to factory defaults. If it is a brand-new phone this has been done already. If it is a phone that has never been enrolled in Endpoint Manager, it needs to be factory reset. If the phone is already enrolled in Endpoint Manager and you need to redeploy it to another user, also need to wipe the phone and re-enroll. The Device Name and Management Name field in the portal need to be changed to reflect the new user (See Renaming the Device and Description in Endpoint Manager)

  1. To begin enrolling, at the first screen you see when the phone is turned on, tap continuously in the center of the screen until you see the QR code scanner. Samsung S10 and above the QR code scanner is built in. If the phone is lower than an S10 you will have to install QR Code scanning software first. Scan the QR code mentioned above. The process will begin.
  • Next you will be asked to connect to Wi-Fi. Connect
  • Tap Next
  • Tap agree,
  • Uncheck the check box and Tap “Agree and Continue”.
  • Sign the user in.
  • Once you have signed in the user, tap “Install Apps”
  • The following Apps are installed. Outlook for mobile and Teams will be installed after due to a configured and applied App Configuration Policy. Tap done.
  • Tap “setup” to register the device.
  1. Tap “sign in” to for Intune.
  1. Sign in with the users’ credentials again.
  1. Tap “Register”.
  1. Tap “Next”
  1. Tap “Done”.
  1. Tap “Next”.
  1. If you want to add the users Google Account, you can do it here. If not, Tap “Skip”.
  • Swipe up and tap “Accept”.
  • Give the phone a passcode. I would use password as it is more secure.
  • Check the first two radio buttons and tap “Agree”.

The phone is now set up in endpoint manager.

Renaming the Device and Description in Endpoint Manager

The device is now in endpoint manager.  To view the Android devices that are enrolled go here in Endpoint Manager:

It looks like this:

The two fields you need to change are the Device name and Management name. When the device is first registered the fields are auto generated. Change them so it is easier to read and distinguish who the device belongs to. I changed the  Device Name to <userId>_model_number (i.e., abc123_S22). Change the Management Name to <User_Full_Name> <Model Number> (i.e., John Doe S22)

Common Tasks Performed in Endpoint Manager

With the Corporate Owner with Work profile enable you can perform the following tasks:

Retire – Good for when person leaves company but wants to take the phone. It removes all company data and email profiles assigned through Intune but leaves personal data.

Wipe – For Mobile devices it resets the phone back to factory defaults. Good for a lost or stolen devices

Delete – Removes the device from Endpoint but does not remove company data

Remote Lock – Locks the phone. Good for when phone is lost but the user may know where it is.

Reset Work Profile Passcode – Locks the Work Profile on the phone. A temp password is generated in Endpoint manager that allows for the workspace to be unlocked. DOES NOT reset the passcode of the device. You still need to let the user know to NOT change the assigned device passcode.

Play Lost Device Sound – Good for when user misplaces phone but is sure it is nearby. The lost alert sound can be played from one to 5 minutes on the phone while the user looks for it.

I will be writing an article on how to deploy apps to the device very soon. Stay tuned for that!!

Happy IT’ing

Dan

Avatar photo

I am an IT professional with over twenty years experience in the field. I have supported thousands of users over the years. The organizations I have worked for range in size from one person to hundreds of people. I have performed support from Help Desk, Network / Cloud Administration, Network Support, Application Support, Implementation and Security.

Pin It on Pinterest