Jump to:navigation, search

Die Seite Vorlage:Ui-icon.css hat keinen Inhalt.


Android device enrollment with Google Enterprise


  • Note on the importance of the Google email address

Flow chart

The following steps are required to use Android devices:

  1. Linking a Google account as Android Enterprise Account with Securepoint Mobile Security
  2. Create an Android Enterprise Profile in Securepoint Unified Security Portal and configure, e.g:
    1. Rules New
    2. Apps
    3. WiFi Configurations
  3. Creating a Registration Token for a Profile
  4. Register device


There must be a connection from the Securepoint Mobile Security Portal to an Android Enterprise account.

Die Seite Vorlage:Ui-icon.css hat keinen Inhalt.

Link Google Enterprise with Securepoint Mobile Security

Settings for Apple and Android

In order to be able to use Android Enterprise for companies and administer it via Securepoint Mobile Security, a link must be established between the Mobile Security account and a Google account for EMM.
It is important to note that there is only one Google Enterprise account for all devices of a tenant (customer with own mobile security account). Without EMM, every device has its own Google account.

A Google Account may only be associated with one tenant at a time !Otherwise, all devices assigned to a tenant – and thus to a Google Account – will appear in all other tenants linked to the same Google Account!

Associating in the menu

Products Mobile Security  SettingsAdd/Link

A Google account is enabled as an enterprise account by linking Securepoint Mobile Security as EMM provider
The communication of the Securepoint Mobile Security Portal runs completely via this Google account.

  • To avoid unwanted side effects, a new account should definitely be created.

    It is recommended to use a naming scheme here: mdm.$Kundenname@gmail.com

  • Google accounts are free - even as an enterprise account!

  • If the account is suspended by Google or deleted by the owner, all devices will be reset.
    It is essential to ensure that this Google account is not deleted under any circumstances, or that the GMail address is blocked.

    There must be an Android profile that can be assigned to the device.

    Android Profile

    Under Profiles you can now create a profile with the platform Android Enterprise.
    On the other hand you can configure it here, e.g.:

    • Rules
    • Configure Apps
    • WiFi configurations
    • Restrictions
    • Password policies
    • Security settings
  • Best Practice: Description the most important configuration options

  • Device enrollment

    Registration Token for a Profile

    Under   Devices /   Register new device you can now register a device.

    Caption Option Description MSP v1.6.4 Android Geräte Anmeldung-en.png
    Register new device with Android Enterprise
    Would you like to use an existing registration token? Create a new registration token If a registration token has already been created that has not yet expired, it can be selected and displayed here. (Fig. see below)
    Profile Android Enterprise Profil This profile is to be applied to the device to be registered.
    License TTT-Point AG | MDM [0/10] (aaaa) Select the license to be used for new enrolled devices.
    MDM licenses include the complete administration of devices.
    Mobile security licenses include additional protection in open networks through security features of the Securepoint Cyber Defense Cloud.

    It is possible to assign devices to a new License after a runtime license expires.
    Duration 30 Tage Specifies how long this token can be used
    After this, device registration with this token is no longer possible.
    Possible values:

    30 minutes
    One hour
    One day
    One week
    15 days
    30 days

    Additional data     Any data associated with the registration token. Displayed under   Devices in the device overview
    Only once    Specifies whether the registration token may only be used once.
    Allow private use Not specified
    Private use is permitted
    Private use is not permitted

    Determines whether private use is allowed on a device logged in with this registration token.


    For corporate devices:
    By enabling private use, the user can set up a work profile on the device. To disable private use, the user must provision the device as a fully managed device.

    For private devices:
    Enabling personal use allows the user to set up a work profile on the device. Disabling private use prevents the device from being provisioned. Private use cannot be disabled on a private device.

     Create registration token Creates a registration token with QR code and a value that can be entered using the keyboard.
    The name of the associated profile is displayed, as well as the date on which it expires and can no longer be used.
    MSP v1.6.4 Android Geräte Anmeldung Token-en.png

    Register device

    Fully managed devices

    Fully managed devices (COPE, Company Owned personal enabled) are connected directly to the Android Enterprise profile during initial setup or after a device reset. The link to a Google account and thus to an app store is defined by the assigned profile.

    • Initial power-up or device reset (factory settings)
    • Selection of regional settings
    • Tap the display 7 times quickly to open a QR code scanner WLAN / Installation?}
    • Scanning the profile QR code (see above)
    • The device is configured as a fully managed device.
      • All policies, apss and restrictions stored in the profile will be applied directly to the device
        This process may take a few minutes during the initial installation!

    Configuration with additional work profile

    Geräte, in den nur das Arbeitsprofil von einer Organisation - und damit durch das Securepoint Mobile Security Profil - verwaltet wird, benötigen die App Android Device Policy aus dem Android App-Store. Mit dieser App wird der Registrierungstoken gescannt oder über die Tastatur eingegeben und die Geräte können im Portal registriert und konfiguriert werden.

    • Installation der App [Android Device Policy] aus dem Google App-Store
    • Scannen des QR-Codes oder Eingabe des des Registrierungstokens über Tastatur
      • Für das Enterprise Profil wird auf dem Gerät ein Arbeitsprofil erstellt
      • Alle konfigurierten Anwendungen, Einschränkungen etc. werden innerhalb des Arbeitsprofils erstellt und angewendet

    Remove devices from Mobile Security management

    Under   Devices / {spc

    Fully managed devices

    • Alle Daten werden gelöscht.
    • The devices are reset automatically' and immediately to their factory status!

    Devices with working profile

    • All apps and data within the work profile are wiped.
    • The work profile on these devices is removed.