Category filter

Hexnode Planning & Deployment Guide

Why UEM?

The IT footprint trajectory of today’s businesses is climbing through the roof. Corporate IT teams battling with stacks of devices are becoming commonplace at work. Employees exercising the benefit of working with multiple personal devices in addition to the corporate endpoints may be improving their efficiency, but it certainly sends the work-life balance of an IT admin further down the spiral. Endpoint management is even harder with heterogeneous devices spread across different geolocations. Nevertheless, managing field worker devices is another headache for the IT people as these devices are more prone to vulnerabilities and therefore require stronger security features as opposed to desk worker devices. The best way to tackle all these issues is by employing an intelligent endpoint management solution with a rich feature set that facilitates a unified interface from where, all the work devices, irrespective of their OS, build, or type can be administered. The concept of a central workplace assists IT in saving time and energy as they are relieved from roaming around multiple platforms for getting the same amount of work done. It helps IT enforce restrictions and configurations on the device to create a ready-to-work experience.

What is Hexnode?

Hexnode is a prominent unified endpoint management vendor in the market that is built with the mission to deliver seamless administration on remote work-critical devices from a central workplace on the cloud. Hexnode composes a worry-free environment for the IT admins by ensuring the compliance of the devices in the corporate framework through robust administrative policies. In addition to the generic device management capabilities, Hexnode also offers best-in-class app, content and kiosk management features. The kiosk support for almost every platform gives Hexnode an edge among the other prominent vendors.

The UEM bridges the gap between modern and legacy management practices through intelligent features and powerful integrations. It offers businesses a secure and central ecosystem that can house almost all IT assets, including users and their devices. The devices managed through the UEM enjoy the highest resistance to external threats and data vulnerabilities and adhere to the organization’s compliance policies.

Prominent Hexnode Features

Hexnode has been employed by organizations across the globe for several purposes. The management mechanisms of organizations differ from each other, and therefore their device management needs too. The following are some of the main features in Hexnode.

  • No-touch out-of-the-box bulk device enrollment
  • Compliance management and monitoring
  • One-time remote actions
  • Device restrictions
  • Wireless network configurations
  • Security policies
  • Over-the-air organizational resource set up like Email, Exchange ActiveSync, etc.
  • Remote OS updates
  • Expense management policies
  • App management
  • Content management
  • Kiosk lockdown policies

How to adopt Hexnode UEM?

If you are adopting or migrating to Hexnode, you should be aware of some implementation tactics that will make your life easy. Adding new tools to your organizational infrastructure requires multiple tiers of planning. So, to deploy a new UEM solution, you need a concrete plan. The plan depends on several factors like your use-cases, business environment, your employees, technical assets and more. Note that use cases and requirements are unique for each enterprise, and you can add to or remove from the suggestions, best practices and recommendations based on what works for you the best.

Planning UEM Deployment

The first step into the seamless deployment of a UEM solution is planning. Planning the UEM deployment is a multi-tier process that includes setting clear-cut goals, inventorying assets, creating a deployment model and more.

  • Identify the objectives:

    An organization’s device management requirement changes with respect to its business goals and current developments. So, setting a common goal for businesses across verticals is unfeasible. Therefore, this guide will provide you some general guidelines and suggestions on planning and deploying the Hexnode UEM solution for your organization.

    The main objective of an MDM/UEM solution is to assist IT admins in managing and monitoring organizational assets without affecting the business continuity or the productivity of the employees. To thoroughly identify the objectives of the UEM solution, the best practice is to conduct internal research. This will help you identify the critical features and future expansions that are on the roadmap. If you are migrating to Hexnode, inspect and identify the workflow that you have currently implemented. Also, try to analyze your business requirements that the previous vendor was unable to deliver.

    Some of the few common objectives of using Hexnode are listed below.

    • IT delegation

      Delegate the entire IT workload among a small group of personnel to potentially improve the efficiency of IT staff. For effective delegation, each person/technician is given a different role. They have access to limited Hexnode resources, and access is decided based on the duties of the delegated technician role.

      For proper delegation, identify the crucial areas with higher workloads; such areas might require more IT staff. Audit the staff and identify their areas of interest. Work can be assigned based on these findings. A Hexnode account will only have a Super Admin by default; that admin will have to create all the other required technicians and assign them with appropriate roles.

    • Secure access to devices

      Accessing work resources through mobile endpoints increases the possibilities of intrusion, data leaks and vulnerabilities. Earlier, the users were only allowed to access corporate resources through the secure company network. With modern trends like BYOD, COPE and more, end-users can work from anywhere, anytime, disparaging the necessity of secure corporate networks. So now it became the duty of IT to ensure device and data security at all times, irrespective of the network connectivity. A UEM helps organizations fight the battle against virtual and physical threats via its safe and strong policies.

      To efficiently do this, conduct a study on the type of security issues that you may face. Determine how you want to minimize the impact or eliminate the possibility of security threats. Make use of the security and compliance policies in Hexnode to assist you in this process. Analyze the results of these policies based on the device performance and make the necessary changes.

    • Data privacy and security

      On employee-owned devices and personally enabled corporate devices, personal data lies together with corporate data. On the one hand, this increases the vulnerability of the corporate data; on the other hand, the privacy of the end-user is getting violated as the IT has free access to all the data on the device. This creates a privacy threat and cannot be left unacknowledged. Hexnode offers a solution for these issues through strong data segregation and privacy policies to ensure the security of corporate data and the privacy of personal ones.

      Data privacy and security can be reinforced by creating comprehensive plans based on incorporating preventive measures. It includes drafting data separation policies like Managed domain, business container, etc., to prevent the mixing of personal and corporate data. Hexnode also offers many critical management actions like remote wipe, lost mode, etc., to safeguard device data. Also, make use of the enrollment methods suitable for BYOD and COPE use-cases while onboarding devices.

    • Minimal employee disruption

      Employee productivity is proportional to business growth. However, full-scale employee productivity often remains a hoax in many businesses. The device used for work is one of the prime sources of distraction. Hexnode offers many policies to reduce employee disruptions and maximize concentration.

      Determine how you want to minimize the number of unproductive work hours of each employee and how to minimize its impacts. Once you formulate a plan, make use of the restrictions profiles to turn off notifications and other required settings. If required, make use of the kiosk mode for device streamlining. There are several other policies to disable access to unwanted apps/sites and more.

  • Create asset inventory

    Organizations own and operate large amounts of assets; it includes users, devices, certificates, network assets and more. Therefore, proper management of such assets is mandatory for the appropriate functioning of the organization. To set up a web UEM or to migrate to one, you need a list of inventories that needs to be managed through the solution. So, create a comprehensive asset list that helps you seamlessly adapt to the new UEM environment.

    While creating inventory, make sure that Hexnode supports the management of your devices (OS and version), required management type, etc.

    • Supported OSs

      Hexnode supports the management of Android, iOS, iPadOS, tvOS, macOS, Fire OS, Windows and IoT devices.

    • Supported versions
      • Android 5.0 and later
      • Android Enterprise 5.0 and later
      • iOS 11.0 and later
      • iPadOS 13.0 and later
      • macOS 10.7 and later
      • tvOS 6.0 and later
      • Fire OS and later
      • Windows 10 or later

      If your device runs any of the listed OS but a lower version, try updating the device to a higher version.

    • Deployment scenarios

      The device deployment mechanism to be employed depends on whether you are using the device for work only or as a multi-purpose work and personal device. The work use of a personal device can be as little as opening the mail app through the browser. Many organizations now support the use of personal devices to work. The dedicated work devices create a purpose-specific environment that can only be used for work. Hexnode supports the enrollment and management of personal devices at work, personally enabled corporate devices, fully managed and dedicated machines.

      Create a plan on how to manage the work devices. Identify points of vulnerability and suggest solutions to counter them.

  • Select a suitable license

    Organizations, even in the same vertical, sometimes have different workflows and operational mechanisms. Therefore, it’s safe to say that no two organizations will always use the same set of features to manage their endpoints. All of them demand different features. Also, organizations with fairly limited resources might not require the same management requirements as a big company. Hence, Hexnode offers its features across five different editions. Each edition is priced differently from the other. The features are arranged in such a way that the most elementary and essential features are available through the lowest pricing plan. Going up the ladder, the next pricing plan contains all the features in the previous, plus some additional superior features. This way, an organization only has to pay for the features they actually require. Hexnode has a pay-as-you-grow pricing philosophy that enables you to level up or down the pricing plan and the number of devices of your own choice.

    The five pricing editions are Express, Pro, Enterprise, Ultimate and Ultra. Express is the most basic Hexnode edition with only the basic MDM and kiosk suite features. You can avail all the features in Hexnode with the Ultra edition. Hexnode offers a 14-day free trial for every new sign-up with an option to switch between all available Hexnode editions. A maximum of 100 devices can be enrolled in a trial portal. When the trial period ends, the user should subscribe to continue using the UEM. During subscription, the user can choose the suitable edition and the number of devices as per their requirements. You can purchase the license for a minimum of 15 devices.

    Analyze your use cases and compare the required features with the features offered on each pricing plan. Select the suitable plan that you might use to move forward with the subscription.

  • Review the corporate infrastructure

    Analyze the organizational ecosystem and review its structure. Look for any possible workflows that you can incorporate into the new UEM solution. Keep in mind that your operational infrastructure might be outdated and therefore filter out the solutions that will best help you reach your goal rather than just satisfy the current needs.

    If you are migrating to Hexnode, check for the policy deployment strategies, policy management, conflicts etc., in Hexnode. You can target a policy towards individual users/devices, groups and even domains. Group deployment enables you to associate policies to a large crowd at once in no time. The policy summary, versioning, cloning, policy templates, etc., will also help in easy policy management.

    To implement this, create policies in Hexnode with the help of the operational workflows and data collected.

  • Draft a rollout plan

    Set up the whole plan on how to roll out devices, users, policies and other configurations. It means setting up a complete kickstart plan.

    Identify how to onboard the UEM, enroll users and devices, deploy pilot groups, conduct surveillance, troubleshoot, and audit the deployments.

    While creating a rollout plan, correctly identify and record your success matrix analysis. Success analysis is critical to determine whether everything is going according to the plan. If not, you will have to immediately put your contingency plan in motion to disable any potential business discontinuity.

  • Communicate with the users

    Change is never easy, especially when the lion’s share of your employees is new to the world of technology. Therefore, communication is the key to bridge the gap between confusion and productivity. Gather your employees and explain to them any changes that you are planning to bring about. Educate them on the new UEM that is to be rolled out. Explain any of the new policies or potential workflow changes.

    Inform them about the help you might require from them to set up the device. Communicate about other interactions that they might have with the UEM; this helps to eliminate a sudden panic when you require them.


  • New to the UEM environment

    Identify the Hexnode UEM plan that you require. Make sure to test out the required features and find out the troubleshooting mechanisms and more. You can avail the 14-day free trial to test the features. Using the trial, you can enroll devices and test all the features in Hexnode.

  • Previously used a third-party MDM

    If you have previously employed a third-party MDM/UEM solution, the most critical action to be carried out is to disenroll the device. A device can only be managed through a single management server at a time. So, to enroll the device in Hexnode, you should first remove the device from the previous management server.

    Some Considerations:

    • To disenroll some devices, you might have to reset the device. Make sure to back up any important data on the device prior to this action. Also, remove FRP (Factory Reset Protection) or Apple activation lock on the device, if any, to prevent potential complications.
    • When devices are disenrolled, they are the most vulnerable to attacks. Plan the migration in a swift pattern so that the device doesn’t have to stay unmanaged for a long time. To have minimal impact on your productivity, try to plan the migration in such a way that the procedures can be completed during off-shift hours or off-season. For instance, if you are a school admin planning a hands-off migration, holiday breaks are a perfect time for migration.

The following are the deployment/migration procedure to be followed for seamless onboarding.

1. Set up the portal

Configure the Hexnode UEM web server before enrolling users and devices. This includes setting up email and SMS settings, enrollment settings, admin and technician settings and more.

Refer this help documentation on getting started with Hexnode SaaS UEM to learn more.

2. Migrate users

Users are one of the important assets in an organization. Hexnode supports adding individual users and users in bulk. Bulk user addition can be achieved through domain synchronization via directory integration. Hexnode supports the following directory integration: Okta, Active Directory, Google Workspace, and Microsoft Entra ID.

Moving devices and users in pilot groups are the recommended migration strategy. Pilot groups are sample groups with minimum members; it is mainly used for test purposes. If you encounter any issues while moving the pilot group, you can identify the issue and rectify it with ease as the number affected will be minimum. This helps you completely resolve the errors before moving the rest of the inventory. It will help you mitigate any issues without causing any major work disruptions.

3. Migrate policies

Set up the device management and compliance policies in Hexnode with the required configurations. Policies help to configure, restrict, manage and monitor the devices. The intelligent and transformative policies in Hexnode enable you to offer superior administration on the devices. An advantage of the Hexnode policy workflow is that you can set up the management profiles for all your devices, irrespective of the platform, using a single policy. This reduces the hecticness of battling with multiple management profiles and their deployment. Also, the policy can be aimed at a scaled set of targets, making policy targeting a piece of cake. You can define a device, user, group or domain as a policy target in Hexnode.

4. Disenroll

Prior to enrollment, disenroll the device from the previous MDM/UEM server. Refer the respective vendor documents to identify the best method to do so. Be swift with this action, since on disenrolling, the device becomes unmanaged and susceptible to threats. Also, disenroll the devices in small batches rather than doing it in bulk. This will help you sustain business continuity, and it is a better strategy to troubleshoot any possible errors.

5. Enroll in Hexnode

Post disenrollment, enroll your devices in Hexnode. Hexnode offers a multitude of device enrollment alternatives that requires device interaction ranging from no to minimal touch. These enrollment procedures are made as seamless as possible to ensure high efficiency. You can enforce higher security during device enrollment by enforcing user authentication. Hexnode offers SSO with Microsoft, Google Workspace and Okta to simplify user authentication.

Here are a few references to learn to enroll devices in Hexnode,

6. Auditing and Validation

Once the portal is set up and the assets are moved, you should check whether everything happened according to the plan. You should cross-check the whole platform and identify discrepancies if any. Sometimes there may be devices that stay unresponsive or offline or may not get enrolled. Also, there may be some users who might not be moved and more. These errors are to be corrected and validated again before moving forward.

Device deployment

Device deployment involves all the actions that are required to be completed so that the device is available to the end-user for work. It involves several steps, including device enrollment, app deployment, device configuration and more.

  • Configure enrollment settings

    The device has to be enrolled in Hexnode for it to be managed and monitored through the web console. All devices except unmanned kiosk devices are assigned to a particular user who is entitled to use the device. This allows IT to apply policies to users so that it will reach all the devices owned by a user. Unmanned kiosks enrolled in Hexnode are assigned to a single default user since it does not require user-specific configurations.

    Hexnode offers a large number of enrollment settings and methods. Identify and select the most suitable method and configure the enrollment settings based on your requirements.

  • Configure compliance policies

    Once the device is enrolled, you can monitor its compliance with the organizational standards and policies with Hexnode’s compliance policies. Hexnode’s features allow you to send notifications to the IT admins and the concerned parties when the device breaks this compliance. You can also get a comprehensive report of compliance breakdown from the Hexnode console.

  • Configure endpoint security

    Endpoint security is one of the core use-cases of a UEM solution. You can avail a number of security policies and actions for all device platforms from the Hexnode console. With robust policies such as Geofencing, you can adjust the security configurations on the devices as you move in and out of specified geolocation. You can also monitor the health of the device from the UEMs intuitive dashboard.

  • Configure device settings

    Configuration of devices is made remote with UEM. Critical work configurations and settings can now be enforced on the devices without handing them over to the IT team. Also, remote distribution from the cloud helps to ensure that the configurations stay intact on the device. You can even monitor the device settings alignment from the UEM console.

  • Deploy apps

    App deployment is one of the primal reasons for the development of a device management solution. Apps can be remotely installed, uninstalled, updated and patched using the UEM solutions. Hexnode supports the management of different types of apps such as Store, Private, in-house, VPP, Managed, web and more. Apps can be deployed in Hexnode either via the required app policy or via the install application action. The policy offers a full-time hands-free administration of the app, and the action provides a one-time installation command. Apps can even be silently installed on devices added in Hexnode; this means that the apps can be installed on the devices without any end-user trigger. If the command is sent from the UEM console, Hexnode will install the app on the device on behalf of the organization, and it requires no end-user interaction.

  • Execute one-time actions

    One-time actions are the critical commands that are to be executed in the wake of a specific issue. For example, the wipe device action can be executed when the device goes missing to prevent business data from getting out. Hexnode offers many such security and configuration actions, making management easy as it requires no setup or configuration. Select the targets to which the commands are to be pushed and send the action, they will get executed once they reach the device.

Educate users

As you implement Hexnode, your end-users should be completely aware of the existence of the UEM solution as well as the importance of such a solution in the work atmosphere. This will help you easily resolve any future conflicts. It is important that you disclose all the visible workflow changes that primarily effects the end-users with them and how it will affect their daily routine.

It is best if you allocate a dedicated set of your technical staff into end-user problem resolution during the enrollment phase. Then, as time progresses, you can disengage these people based on the decrease in the density of the user issues. This would help to resolve any unnecessary panics or productivity issues.

It is best you educate your employees about the UEM, its workflows and the expected behavior of their work devices. Also, make sure to educate them on the operations they have to perform for setting up the device, like managing permissions on the Hexnode app upon installation.

  • How-to Guides