I just do manual device owner enrollments.
after activating the device enter AFW#MaaS360 when initially prompted for the Gmail account and click through to the home screen.
I have created the user like this:
And then do the manual enrollment scanning the QR code.
First I apply the default Android policy so setting etc can be configured as needed. Then I apply the Kiosk policy.
In most cases the devices are opening a login to an HTML5 Site so I configure the home page in Chrome accordingly and set browsing rules only to the domain of the login page and related pages of the web site being used.
Original Message:
Sent: 11/18/2024 12:59:00 PM
From: Chad Martin
Subject: RE: Making Sense Out of Device Enrollments
Thank you for the clarification, Mitch- it definitely helps. Are you using the same Google Play account email for each user that you create (the email that is bound to Android Enterprise in MaaS360)?
For example, can I have "USERID-01" and "USERID-02" with that same GP email address? I want to say I attempted that, but the authentication was failing during enrollment.
------------------------------
Chad Martin
------------------------------
Original Message:
Sent: Mon November 18, 2024 08:30 AM
From: Mitch Lauer
Subject: Making Sense Out of Device Enrollments
I am an MSP with multiple customers who host 1 instance of MaaS360 for multiple sites. In the case of kiosk mode devices, my housekeeping practice is to assign a user to each device and match the username with the device name. In terms of naming conventions I use the following:
Location-device-01 etc.
This will make it easier to identify specific devices later.
In terms of the security policy you will be using, you can choose to have one policy for all or separate policies for each site if you anticipate some sites may ultimately require different configs.
This also holds true for "User Groups" if you plan to distribute an app rather than using an HTML 5 url for the kiosk config.
I also recommend you test the set up on 1 device especially if you are locking down WIFI networks to ensure connectivity for all required facets is working. Many times my customers are nervous about opening up access to Google play services but this will be a requirement if you are enrolling android devices. Many have created a separate WIFI network to accommodate this as opposed to connecting to "guest" or the standard WIFI networks in place.
Thanks,
Mitch Lauer
Sr. Management Consultant
Business Development,
Technology and Security
connecTel Wireless
216-970-6981 | Cell-US 416-801-3127 | Cell-Canada
412-339-5775 | Help Desk 412-339-5765 | Direct Dial
Original Message:
Sent: 11/16/2024 5:09:00 PM
From: Chad Martin
Subject: Making Sense Out of Device Enrollments
In our scenario, we will have potentially 15 android devices per site across roughly 150 sites. In order to keep everything organized, I am assuming best practice would be:
- Create a user for each individual site
- Create a group for each individual site
The devices are all going to be run in Kiosk mode and not assigned to individual users. I have the existing gmail account for the Google Play store and that account works fine for enrolling a device.
If I have to create 150 users, I am assuming I would use device account enrollment, but I'm stuck there. Say I want to create a user for a site in Houston- I would think I would name the username Houston, enter the domain, and then use the gmail account email address for the Google Play store. That looks like it fails authentication because the username no longer matches the username that the gmail account email address is in the MaaS360 user directory.
I'm hoping this makes some sense...
------------------------------
Chad Martin
------------------------------