Jump to:navigation, search
Wiki
























































































}





}








in the respective device tile the administration can be removed from the devices }}













De.png
Fr.png


Connecting a Mobile Security Account to Managed Google Play


Mobile Device Management (MDM) using Android Enterprise Mobility Management (EMM)


New:

  • from 03.2020 (Portal version 1.5.1)
  • Integration Android Enterprise Mobile Management



Flow chart

The following steps are required to use Android Enterprise profiles:

  1. Linking a Google account as Google Managed Play with Securepoint Mobile Security
  2. Create an Android Enterprise Profile in Securepoint Unified Security Portal and configure, e.g:
    1. Rules New
    2. Apps
    3. WiFi Configurations
  3. Creating a Registration Token for a Profile
  4. Register device

Preparations for EMM

Account Information

With Android ''Enterprise Mobility Management profiles, much more extensive configurations can be made than is possible with a normal profile or also directly on the device.

  • More than 25 different authorization types, e.g:
    • Access to Internet connections
    • Access to local accounts
    • Access to fingerprint sensor
  • Default for passwords, e.g:
    • Numeric
    • Biometric
    • Complex
  • Restrictions, for example:
    • Do not send contact data via Bluetooth
    • Only allow preconfigured WLANs
    • Do not allow screenshots
    • Allow only one app in kiosk mode (no access to other areas of the device)
  • Allow or pre-install only previously released apps


Link Google Enterprise with Securepoint Mobile Security

In order to be able to use the full functional scope of Android Enterprise for companies and administer it via Securepoint Mobile Security, a link must be established between the Mobile Security account and a Google account for EMM.
It is important to note that there is only one Google Enterprise account for all devices of a tenant (customer with own mobile security account)' (Without EMM, every device has its own Google account.): Google accounts are free - also as enterprise account!)
A Google Account may only be associated with one tenant at a time ! Otherwise, all devices assigned to a tenant – and thus to a Google Account – will appear in all other tenants linked to the same Google Account!

 Account  InfosAdd Enterprise account

A Google account (newly created or already existing) is enabled as an enterprise account by linking Securepoint Mobile Security as EMM provider


Create Android Enterprise Profile

Under Profiles you can now create a profile with the platform Android Enterprise.
On the other hand you can configure it here, e.g.:

  • Rules
  • Configure Apps
  • WiFi configurations
  • Restrictions
  • Password policies
  • Security settings



Creating a Registration Token for a Profile

Register new device with Android Enterprise

Under   Devices /   Register new device you can now register a device.


Old device registration

The old device registration will be discontinued soon. It should no longer be used!
Devices with Android ≥ 10 (Q) can be administered exclusively with Enterprise profiles!



Android Enterprise

Caption Option Description
Would you like to use an existing registration token? Create a new registration token If a registration token has already been created that has not yet expired, it can be selected and displayed here.
Profile Android Enterprise Profil This profile is to be applied to the device to be registered.
License TTT-Point AG | MDM [0/10] (aaaa) Select the license to be used for new enrolled devices.
New MDM licenses include the complete administration of devices.
Mobile security licenses include additional protection in open networks through security features of the Securepoint Cyber Defense Cloud.

New It is possible to assign devices to a new License after a runtime license expires.
Duration 30 Tage Specifies how long this token can be used
After this, device registration with this token is no longer possible.
Possible values:
30 minutes
One hour
One day
One week
15 days
30 days
Additional data     Any data associated with the registration token. Displayed under   Devices in the device overview
Only once    Specifies whether the registration token may only be used once.


MS v1.4.8 Geräte Gerät-Anmelden EMM2-en.png

+ Create registration token Creates a registration token with QR code and a value that can be entered using the keyboard.
The name of the associated profile is displayed, as well as the date on which it expires and can no longer be used.



Register device

Fully managed devices

Fully managed devices (COPE, Company Owned personal enabled) are connected directly to the Android Enterprise profile during initial setup or after a device reset. The link to a Google account and thus to an app store is defined by the assigned profile.

  • Initial power-up or device reset (factory settings)
  • Selection of regional settings
  • Tap the display 7 times quickly to open a QR code scanner WLAN / Installation?}
  • Scanning the profile QR code (see above)
  • The device is configured as a fully managed device.
    • All policies, apss and restrictions stored in the profile will be applied directly to the device
      This process may take a few minutes during the initial installation!




Configuration with additional work profile

Geräte, in den nur das Arbeitsprofil von einer Organisation - und damit durch das Securepoint Mobile Security Profil - verwaltet wird, benötigen die App Android Device Policy aus dem Android App-Store. Mit dieser App wird der Registrierungstoken gescannt oder über die Tastatur eingegeben und die Geräte können im Portal registriert und konfiguriert werden.

  • Installation der App [Android Device Policy] aus dem Google App-Store
  • Scannen des QR-Codes oder Eingabe des des Registrierungstokens über Tastatur
    • Für das Enterprise Profil wird auf dem Gerät ein Arbeitsprofil erstellt
    • Alle konfigurierten Anwendungen, Einschränkungen etc. werden innerhalb des Arbeitsprofils erstellt und angewendet




Remove devices from Mobile Security management

Under   Devices / {spc

Fully managed devices

  • Alle Daten werden gelöscht.
  • The devices are reset automatically' and immediately to their factory status!

Devices with working profile

  • All apps and data within the work profile are wiped.
  • The work profile on these devices is removed.