Hexnode supports iOS, Android, Windows, Mac, Windows PC, Fire OS and tvOS devices. The enrollment procedure of each of these platforms are different. The admin has to initially configure the enrollment settings in the Hexnode MDM portal. After configuring the enrollment settings, the users can enroll their devices.
Settings to be configured prior to Enrollment
All the settings that need to be configured prior to enrollment is to be set under Enroll > Settings.
Open Enrollment – The fast and easy way for enrollment
In this scenario, the admin may only provide the enrollment URL to the users. The users then enroll their devices with this enrollment URL alone. The method of enrollment is different for different OS platforms. Here a default user needs to be created in order to assign all the devices enrolled in the portal to that user. If no user is specified, the device will be enrolled with the name “Default User”.
The enrollment URL will be of the form https://portalname.hexnodemdm.com/enroll/ which is common for all platforms except Windows devices. In Android and Fire OS devices, the above URL opens a page that will redirect to the Google Play Store to download the Hexnode MDM app when clicking on the Enroll option.
|iOS||Enter your enrollment URL in Safari browser.|
|macOS||Open Safari browser and enter your enrollment URL just like in iOS.|
|Android||Download and install the Hexnode MDM app in the device. Then enter your portal name in the app. The portal name will look something like portalname.hexnodemdm.com|
|Windows PC 8.1, 10||Set up workplace account with your enrollment URL. The enrollment URL will look something like https://portalname.hexnodemdm.com|
|Windows Phone 8.1, 10||Set up a workplace account in settings with your enrollment URL, user email which is mentioned in the No Authentication section in enrollment settings. The enrollment URL will look something like https://portalname.hexnodemdm.com|
Enrollment with Authentication
The enrollment with authentication method will require the user to enter a username and password for enrolling their devices. The admin can enable the enrollment request modes:
- Email – The enrollment request will be sent as a mail with authentication credentials such as enrollment URL, username, password and QR code.
- SMS – The enrollment request will be sent as an SMS with authentication credentials such as enrollment URL, username and password.
|Enrollment Request||AD User||The enrollment request containing the enrollment URL will be sent along with directions to enroll with the user’s AD credentials. A QR code will be available in the mail, so that users can scan the code instead of typing the URL.|
|Enrollment Request||Azure AD User||The enrollment request containing the enrollment URL will be sent along with the directions to enroll with their Azure AD credentials. A QR code will be available in the mail, so that users can scan the code instead of typing the URL.|
|Enrollment Request||Local User||The enrollment request contains enrollment URL, username, OTP (one-time password) and QR code which enables the user from typing the URL, username and password.|
|Self Enrollment||AD User||Here, the users enroll their devices with their dedicated AD credentials. The admin only needs to provide the enrollment URL to the users. This is the easiest way of enrollment with authentication.|
|Self Enrollment||Azure AD User||Here, the users enroll their devices with their dedicated Azure AD credentials. The admin only needs to provide the enrollment URL to the users.|
|Self Enrollment||Local User||Here, the admin can create a default user and a dedicated password manually. The devices can be enrolled with these credentials. The admin may only send the username and password as a bulk mail to the users.|
|Self Enrollment||Google User||Here, the users enroll their devices with their dedicated Google account credentials. The admin only needs to provide the enrollment URL to the users.|
|Device models allowed||The admin can specify the device models that are allowed to be enrolled in the portal.|
|Pre-approved devices only||The admin can specify if the enterprise only allows pre-approved devices to be enrolled in the portal.|
|Enforce assigned user||Enabling this option restricts the enrollment of devices to the user assigned during pre-approved enrollment of devices.|
|Enable profile service||This is used to enable SCEP (Simple Certificate Enrollment Program) for enrolling pre-approved iOS devices. This option will be automatically enabled while enrolling pre-approved devices using CSV.|
|Corporate||The admin can define if all the devices that enroll in the MDM are corporate-owned devices.|
|Personal||The admin can define if all the devices that enroll in the portal are personal devices.|
|Choose while enrolling||The admin can choose the device ownership while sending enrollment request.|
|Allow user to choose||The admin can let the user to choose the device’s ownership.|
Choose how the device is to be re-enrolled into the portal on removing Hexnode MDM agent from the device.
|Enroll as a new device||Check this option to remove all the configurations set on the device and to enroll as a new device.|
|Retain configurations and change owner||Check this option to retain all the configurations set on the device while changing the device owner.|
After configuring the enrollment settings, save the settings and all the changes will be applied to the portal.
Sending Enrollment Request
After all enrollment settings are configured, we can start enrolling the device. For No Authentication Enrollment, the admin needs to only provide the employees with the enrollment URL. For enrollment with authentication, the admin need to send enrollment request to the users. You can do this in many ways
- Create user and send enrollment request one by one
- Integrate with Active Directory and send enrollment request
- Upload CSV and enroll in bulk
- Pre-Approved Enrollment
Create user and send enrollment request one by one
This method will allow you to create a new user and send enrollment request immediately. We do not recommend this method for enrolling a large number of users. Instead, this will come in handy when you want to add a user occasionally.
- Go to Enroll > All Enrollments > Invite > Email.
- Under Send enrollment request to, switch the button to Single User.
- Click on User and select +Add New User.
- Enter the details of the user and click on Create.
- Click on the Send button to send enrollment request to that user.
Integrate with Directory Services and send enrollment request
The Active Directory integration is the most preferred way of enrollment by enterprises. Users can be imported quite easily to the MDM console with AD integration. Users and groups can also be easily imported to the portal either by using G Suite integration or Microsoft’s Azure AD integration.
Once the users are imported to the MDM console, all you need to do is
- Go to Manage > Directory Services.
- Select the domain or OUs or groups.
- Click on Actions and select New Enrollment.
Bulk enrollment with CSV import
When there are a lot of users to enroll but no Active Directory to integrate with, bulk user import is the way to go.
- Go to Enroll > All Enrollments > Invite > Email.
- Under Send enrollment request to, switch the button to Bulk User.
- Upload the CSV file with all the users and their details. You can get a sample CSV file by clicking on Download sample CSV file.
You need to provide the following details regarding the user to send bulk enrollment request.
Field Name Description Name Provide the name of the user. Provide the email address of the user to which enrollment requests are to be sent. Mobile Number Provide the mobile number of the user to which enrollment requests are to be sent. Ownership Specify the device ownership type either as Personal or Corporate owned device. Device Name Provide a suitable name to identify your device. Password Set the password required for authentication.
- Click on Next and verify the details of the CSV uploaded.
- Choose the mode through which enrollment request are to be sent and click on Send.
A Sample CSV file will be of the following format.
The devices can be set as pre-approved for enrollment in the MDM console. All the configuration settings and restrictions can be assigned to these pre-approved devices.
Just as the pre-approved devices gets enrolled in the console, the assigned policies and configurations gets automatically associated to the devices.