Provisioning Android devices

During device provisioning, a device is enrolled to BigFix Mobile and deployed with the policies from the associated policy group.

You can get Android devices enrolled in BigFix Mobile in the following ways:

  • Provisioning BYOD devices with enrollment URL: Users can enroll their personally-owned Android devices through the enrollment URL shared by IT admin. This requires LDAP credentials to authenticate.

  • Provisioning BYOD devices using QR code: Users can enroll their personally-owned Android devices through the QR code shared by IT admin. This does not need any authentication, as the QR code is generated by authenticating through enrollment link.
  • Provisioning fully-managed devices using QR code: Users can enroll company-owned fully-managed Android devices through QR code shared by IT admin. This does not need any authentication, as the QR code is generated by authenticating through enrollment link.
  • Dedicated Android devices - QR code enrollment: Users can enroll company-owned dedicated Android devices through QR code shared by IT admin. This does not need any authentication, as the QR code is generated by authenticating through enrollment link.
  • Zero-touch enrollment: Zero-touch applies to company-owned devices that the users receive directly from the reseller. The devices can be provisioned as fully-managed devices or dedicated devices.
Note: You can only deploy one set of policy through a policy group into Android devices. You cannot directly deploy a policy into Android devices. You must add a policy into a policy group before deploying. If you deploy another policy group onto an Android device, it effectively overrides any previous policies applied.

Before starting the enrollment:

  • (Optional) The IT admin must ensure a policy group is created that is assigned to appropriate group and is deployed on the MDM server. All the policies added to a policy group are provisioned on the enrolled Android devices.

    • BYOD Enrollment group - If a policy group is assigned to BYOD Enrollment group and deployed on MCM server, on enrollment (through enrollment URL or QR code) devices get provisioned asBYOD devices with policies added in that policy group.

    • Fully Managed QR Enrollment group - If the policy group is assigned to Fully Managed QR Enrollment group and deployed on MCM server, on enrollment (through QR code enrollment or zero-touch provisioning) devices get provisioned with fully-managed or Device Owner policies added in that policy group.

    • Dedicated Device Enrollment group - If the policy group is assigned to this group and deployed on MCM server, on enrollment (through enrollment QR code) company-owned devices get provisioned with Dedicated Device policies added in that policy group.
      Important: Ensure to add a policy with Kiosk mode setting to the policy group for dedicated devices. Otherwise, the device works as just a fully-managed device.

  • Device users must know the following:

    • The MCM Server enrollment URL, which the BigFix administrator shares through email or chat. The MCM server enrollment URL must be the fully qualified domain name of the MCM server (For example, https://enroll-mdm.bigfix.com).

    • The email ID and password associated with a valid Active Directory (AD) credentials. These are the LDAP credentials supplied during Android MCM server installation. If the LDAP was disabled, then the enrollment UI does not prompt for authentication credentials.