IBM Security MaaS360

 View Only
  • 1.  Profile Owner Enrolment Mode in MaaS360

    Posted Mon July 05, 2021 02:51 AM
      |   view attached
    Hi Experts,

    Good Day! Hope this message finds you well!

    I have subscribed to MaaS360 portal and completed my initial setup by enabling Android Enterprise Solution Set in Setup-->Services option. I have devices that users are already using. They have configured their personal Gmail Accounts for configuring android settings on their android phones. Now if I enrol these devices, these have been enrolled as Profile Owner (PO) and there creates two profile in Phone i.e. PERSONAL and WORK. 

    My Questions are:
    1- How can I switch the enrolment mode of this enrolled device to DO from the PO mode?
    2- How can I enrol the next devices so that the device should not be enrolled as PO, rather it should be enrolled as DO? Do I need to make some changes on MaaS360 portal or do any configuration/settings on the Android Phones?
    3- If the device has been enrolled as PO (as in case 1, above), can't I apply the security policies/restrictions on personal profile like enabling/disabling camera, Bluetooth etc?

    Kindly respond, I shall be extremely grateful.

    Regards,
    MFaruqi

    ------------------------------
    Muhammad Burhan Faruqi
    ------------------------------


  • 2.  RE: Profile Owner Enrolment Mode in MaaS360

    Posted Tue July 06, 2021 04:38 AM
    Edited by Eamonn O'Mahony Tue July 06, 2021 04:39 AM
    Hi Muhammad
    Good question!  
    The standard enrollment process when enrolling into Android Enterprise brings you into Profile Owner mode by default. 
    Device Owner mode requires a from-the-ground-up installation which requires either a hard (factory) reset and data wipe, or a device which is fresh out-of-the box. 
    This can be started off in 3 ways, which you will need to understand before you test. 
    There's a 10 minute training video on our Security Learning Academy which would be a very good starting point: 
    https://www.securitylearningacademy.com/course/view.php?id=3790
    Please log in there with your IBMid, create a profile and then when you take the course it will be accumulated against your profile. 
    There are other courses in there which are relevant which I would encourage you to explore by searching with text "Android Enterprise" and/or "MaaS360". 
    Let us know when you have been able to test this and if you have any further questions. 
    Best

    ------------------------------
    Eamonn O'Mahony
    Technical Client Success Manager
    IBM Security
    Dublin, Ireland
    ------------------------------



  • 3.  RE: Profile Owner Enrolment Mode in MaaS360

    IBM Champion
    Posted Tue July 06, 2021 08:58 AM

    My Questions are:
    1- How can I switch the enrolment mode of this enrolled device to DO from the PO mode?

    This is completely determined by the actual device enrollment at the time you enroll it.  Unfortunately you can only go to DO from PO by doing a full factory reset of the device, removing factory reset protection. 
    2- How can I enroll the next devices so that the device should not be enrolled as PO, rather it should be enrolled as DO?

    When you wish to enroll a device which will be managed with DO, you must enter the code afw#maas360 when prompted for a Gmail account.  This triggers the profile set up. 

     

    Do I need to make some changes on MaaS360 portal or do any configuration/settings on the Android Phones?

    You need to ensure your security policy(s) in MaaS is configured correctly for all DO settings you need.


    3- If the device has been enrolled as PO (as in case 1, above), can't I apply the security policies/restrictions on personal profile like enabling/disabling camera, Bluetooth etc.?

    Remember PO is designed for BYOD devices. When you have not enrolled a device using the DO enrollment described above, only those functions that are relevant to PO will be available.  It is about API's and a number of things including how MaaS has been architected.

     

    Thanks,

     

    Mitch Lauer

    connecTel  Wireless  

               

    159 Perry Highway, Suite 200

    Pittsburgh, PA 15229

    216-970-6981 | Cell

    412-339-5775 | Help Desk

    412-339-5765 | Direct Dial