Getting Started with BYOD Android Devices (Profile Owner Mode)
This guide provides a streamlined checklist to deploy MaaS360 for personally owned Android devices using Android Enterprise in Profile Owner mode. This deployment method is ideal for organizations managing BYOD (Bring Your Own Device) scenarios, where company data and apps are isolated in a secure work profile on an employee's personal device.
Use this setup when:
Your organization allows employees to use their personal Android devices for work. Profile Owner mode creates a separate, secure work profile on the device that your IT team can manage through MaaS360, without having access to the personal side of the device.
Deployment tip:
MaaS360 offers extensive configuration options. This checklist includes common tasks to help you get started. We recommend piloting with a few devices, then refining and scaling the deployment.
Before You Begin:
Checklist for Profile Owner (BYOD) Enrollment
|
Task
|
Path / Guided Help
|
Best Practice
|
|
Integrate Android Enterprise with MaaS360
|
In MaaS360, navigate to Setup> Services > Mobile Device Management > Enable Android > connect
You can use a managed Google Play Account or G-suite to bind.
|
Use a company-managed Google account that multiple admins can access.
|
|
Configure Directory and User Authentication Setup
|
In MaaS360, navigate to Setup > Settings > Directory and Enrollments > User Authentication Setup > Select Default Authentication
|
By default, user authentication for enrollment is based on the authentication type specified in the user record (Local or Corporate). If you're using SAML, the default is configured in the User Authentication Setup settings.
|
|
Configure User Settings
|
In MaaS360, navigate to Setup > Settings > User Settings > Basic > User Password Settings
|
- By default, MaaS360 doesn’t generate passwords for local users. Manually set them for admin-driven setup, or auto-generate them for user enrollment.
- Corporate users authenticate through your directory using Cloud Extender or Entra ID.
|
|
Configure Android Security Policy Settings
|
In MaaS360, navigate to Security > Policies > View the Android MDM policy
|
Within the Android MDM Policy, each setting will have a grey blurb underneath showing the type of enrollment mode these settings apply to.
PO means it applies to Profile Owner enrollments.
|
|
Enroll Devices
|
Follow Guide for PO enrollment
|
Make sure Wi-Fi is available for setup. Enrollment process varies by method used.
|
|
Manage Devices in MaaS360 Portal
|
In MaaS360, navigate to Devices > Inventory > Locate the device > View to open the device summary > Select More to access all available actions
|
Keep inventory clean and up to date. Refer to IBM training for tips.
|
To learn more, explore the IBM Documentation or visit our YouTube channel Big Blue Helps for step-by-step MaaS360 tutorials.