How to choose the right enrollment method for specific enterprise features?
While analyzing a UEM solution, an organization may be looking out for specific features that can meet its growing needs. Hexnode UEM offers the comprehensive UEM toolkit that helps enterprises cover every possible device management aspects. However, some UEM features are specific to certain enrollment methods. For instance, silent installation of iOS apps works only on supervised devices. So, businesses can use specific enrollment methods to unlock several features and controls.
This article summarizes the enterprise-specific device enrollment methods facilitated by Hexnode. Hence, organizations can choose the most suitable method depending on the features essential to them.
Choose the right method for enrolling Apple devices
Supervision is a unique management mode mainly designed for institutionally-owned iOS, iPadOS and tvOS devices. Supervising a device unlocks advanced management controls that are not available for non-supervised devices. So, to supervise a device, you must either use Apple Business Manager (ABM)/Apple School Manager (ASM) or the Apple Configurator method.
Here are some of the features that can be unlocked by supervising iOS devices by either ABM/ASM or Apple Configurator:
Supervising and enrolling Apple TV devices via ABM/ASM or Apple Configurator will unlock the following benefits:
- Set up Apple TV as a conference room display to wirelessly share content from iOS or macOS devices via AirPlay.
- Lock down Apple TVs to a single application (single app kiosk). In addition, you can enforce additional restrictions for Apple TV kiosks (tvOS 10.2+).
- Deploy Apple TV software updates.
- Restart tvOS devices.
In the case of macOS devices, almost all features work for all types of enrollments. However, the following features require macOS to be enrolled via ABM/ASM:
- Enable ‘Activation Lock’ restriction
- ‘Clear Activation Lock’ remote action
- Bypass Activation Lock with bypass code
- Enforce OS Updates
In addition to the above features, enrolling Apple devices via ABM/ASM has added benefits over other enrollment methods.
Select the suitable enrollment method for Android devices
Hexnode offers many techniques for onboarding Android devices with deployment methods varying from simple QR codes to zero-touch enrollment.
However, certain UEM features are available only with devices that are enrolled in the Android Enterprise program. Android Enterprise is a robust platform that enables organizations to use Android devices and apps in the workplace by providing numerous enterprise-specific device functionalities. The Android Enterprise program empowers enterprises to run their businesses as they want, while managing the endpoints with end-to-end security. You can enroll in Android Enterprise either as a Device Owner or Profile Owner.
Here are some general features available for all devices enrolled as either Device or Profile Owner enabled devices:
- Clear Password action (Android 7.0+)
- Request application feedback
- App Configurations
- App Permissions
- Android Enterprise – Compliance
- OEMConfig restrictions
- Restrictions on:
- Users can adjust volume
- Beam from the device
- Configure cellular network
- Configure Wi-Fi
- Configure user credentials
- Users can enable location sharing
- Read any connected physical external media
- Trust Agents for Smart Lock
- Unredacted Notifications
- Fingerprint Unlock
- Iris Scanner
- Face Unlock
- Control apps
- Verify apps before install
- App Runtime Permissions
- Parent profile app linking
The features specific to the different management modes in Android Enterprise are listed below:
|Device Owner||Bypass Factory Reset Protection (Google Account Verification)|
|Schedule OS Updates|
|Lock Task Mode|
|Profile Owner||Work Profile Password to set up a password for the work container.|
|Prevent copying contents between normal and work profiles|
If an organization prefers remote deployment of large-scale OS updates on Android devices, go for ROM/OEM enrollment.
Some UEM configurations and restrictions available for Android devices are device-specific. For instance, some restrictions such as disabling NFC, configuring VPN, customizing boot/shutdown animation, etc., works only on Samsung Knox devices.
Choose the right enrollment method for Windows devices
Hexnode houses several methods to enroll Windows devices. Almost all features work on all types of enrollment methods. However, go for enrollment via the Hexnode Installer method if your organization has the following requirements:
- Executing custom scripts on Windows devices to automate specific routine or time-consuming operations.
- To perform real-time diagnosis of devices using the remote viewing functionality.
- Deploy enterprise (MSI) apps without any manual intervention.
- Dynamically fetch the hardware information of a device from the Hexnode portal, which will be displayed on its Device Summary page.