Category Filter

How to enroll a device in Android Enterprise as Device Owner

A device owner can be assigned only during the initial setup of the device. Making Hexnode For Work app a device owner can grant additional permissions for the MDM.

It is best to enroll a company-owned device as Android Enterprise Device Owner. Stick with Profile Owner enrollment if your employees are using their personal devices at work. Device Owner enrollment restricts you from accessing the apps other than those allowed by your organization. Whereas in Profile Owner, both the personal and work apps are available on the same device.

First, enroll your organization in Android Enterprise program and then go through the steps mentioned below to enroll your device as a device owner.

Supported Versions:

  • Samsung Knox devices: Android version 6.0 and above, or Knox SDK 2.6 and above.
  • General Android Devices: 5.0 and above

Make Hexnode For Work App the Device Owner

If you make Hexnode For Work app device owner, all the personal apps from the device will get removed and will get restricted to only work apps which are allowed by the organization.

Note:

For devices running Android 7 and above, you can use QR Code (Admin > Android Enterprise) to enroll your devices as “Device Owner”.

If you have an old device, reset the device to its factory settings to begin enrollment. If you are using a new device, you can initialize enrollment from the Welcome screen without resetting the device. Ensure that you remove all the accounts associated with your device prior to the factory reset.

Android 7.0+:

For devices running Android 7+ and above,

On the Hexnode MDM console,

  1. Navigate to Admin > Android Enterprise.
  2. Configure the QR Code Settings.
    • Skip encryption: Enable this option to skip device encryption while enrolling the device. This option is enabled by default.
    • Enable system applications: Enable this option to allow system applications on the device. This option is also enabled by default.
      Note:


      If Enable system Applications is not checked in the portal, then Okta authenticated Android Enterprise Device Owner enrollment will be disrupted with an error message: “No browsers detected! Install one to complete authentication to enroll in Hexnode”

    • Wi-Fi Settings: You can either choose No Wi-Fi network configuration or Add Wi-Fi network configuration to QR Code. If Add Wi-Fi network configuration to QR Code option is chosen, specify the following parameters to add a Wi-Fi configuration to the QR Code:
      Wi-Fi Settings Description
      SSID Specify the identification name of the Wi-Fi network.
      Security Type There are three options to choose from – None, WEP, WPA/WPA2. The rest of the Wi-Fi network configurations depend on the security type selected.
      Password Enter the password of the Wi-Fi network if WEP or WPA/WPA2 security type is selected.
      Connect to hidden network Allow users to connect to a hidden Wi-Fi network, the one whose SSID is not broadcasting. By default, connecting to hidden networks is disabled.

      Note:


      Some devices may prompt users to connect to a network before scanning QR Code. In such cases, if Add Wi-Fi network configuration to QR Code is configured, connect the device to the same network as configured in the portal before scanning the QR Code, else the scan will fail.

    • Click Save.

On the Device,

  1. Tap on the welcome screen 6 times.
  2. A QR code reader will get installed on your device.
  3. On your portal, Navigate to Admin > Android Enterprise. A QR code will be present on the screen.
    Note:

    You can also view the QR Code on your Hexnode MDM portal from Enroll > All Enrollments > Enterprise > Android Enterprise or Enroll > Platform-Specific > Android > Android Enterprise.

  4. Scan the QR code. Now the device will get connected to the Wi-Fi network configured in the portal. If not configured, manually connect your device to a network.
  5. Click on Accept & Continue to continue the installation process.
  6. Enable Device administration, Usage Access, Draw over apps, Write system settings and Notification access permissions. Click on Next.
  7. Your device will begin enrolling with Hexnode MDM.
  8. The installation is successfully completed as soon as a work account is created on your device.

Android 6.0+:

For devices running Android 6 and above, reset the device to its factory settings to enroll the device.

  1. Follow the on-screen procedure for setting-up the device.
  2. When prompted to enter your Google Account, enter ‘afw#hexnodemdm’ and click Next.
    afw#hexnodemdm device owner enrollment
  3. To install Hexnode for Work app on your device, click on Install.
    Install Hexnode for work app for Android Enterprise enrollment
  4. Click on Install to confirm installing Hexnode for Work app.
    Agree to install Hexnode for Work app
  5. Either enter the Hexnode server name or scan the QR Code and click Next.
    Note:

    On your Hexnode MDM portal, go to Enroll > Platform-Specific > Android > QR Code, Email or SMS to view the QR Code.


    Initiate the device enrollment
  6. Click on Agree after reading Hexnode End-User License Agreement.
    Hexnode EULA agreement
  7. Click on Continue to set up your device in Device Owner Mode. This allows admins to enforce complete control over your device. You will be prompted to confirm setting up your device as device owner. Click on Continue. Click on Cancel to cancel the installation process.
    setup work device
  8. Click on SET UP to continue the installation process.
    set up the device
  9. Enable Device administration, Usage Access, Draw over apps, Write system settings and Notification access permissions. Click on Next.
    Grant the required permissions for the app
  10. Your device will begin enrolling with Hexnode MDM.
  11. The installation is successfully completed as soon as a work account is created on your device.
    Successful enrollment
Note:

There might be some device-specific differences in the enrollment procedure. For example, some devices might ask for additional permissions, agree to those permissions to move forward.

Android 5.0 :

For devices running Android 5.0, after the initial factory reset,

  1. On your device, navigate to Settings > System > About phone.
  2. Tap on Build number 7 times to turn on Developer Options.
  3. Go back to System Settings and click on Developer Options.
  4. Enable USB debugging option from the list.
  5. Next, download Hexnode for Work APK.
  6. Download and install Android Debug Bridge (ADB) on your system. Open the command prompt and type in the path where the adb folder resides. For example, if you have installed adb in C drive, the command would be as follows:
     cd  C:\adb
  7. Next, run the following command to initialize adb.
    adb start-server
  8. Connect the device to the computer and run the command to install the APK downloaded earlier.
    adb install HexnodeMDMWork.apk
  9. Type in the following command to make Hexnode for Work a device owner:
    adb shell dpm set-device-owner com.hexnode.mdm.work/com.hexnode.mdm.receivers.HexnodeDeviceAdminReceiver
  10. You will need to install the Hexnode for Work app to manage your work profile. Click on Install. The app will be downloaded on your device.
  11. Click on Install to install Hexnode for Work app on your device.
  12. Enter your server name. Click on Next.
  13. Click on Continue to setup your device in Device Owner Mode. This allows admins to enforce complete control over your device. You will be prompted to confirm setting up your device as device owner. Click on Continue. Click on Cancel to cancel the installation process.
  14. Click on Accept & Continue to continue the installation process.
  15. Enable Device administration, Usage Access, Draw over apps, Write system settings and Notification access permissions. Click on Next.
  16. Your device will begin enrolling with Hexnode MDM.
  17. The installation is successfully completed as soon as a work account is created on your device.