IBM Security MaaS360

 View Only

  • 1.  Disable Personal device enrollment

    Posted Fri June 03, 2022 10:57 AM
    Hi

    All my devices are  DEP or Knox registered.
    (How can I disable/Stop personal devices enrollment to maas360 portal? (PO, Work profile..)


    \Avi A.

    ------------------------------
    Avi Achiel
    ------------------------------


  • 2.  RE: Disable Personal device enrollment

    Posted Mon June 06, 2022 02:42 AM
    Hi Avi,

    You may modify your corporate identifier to something unknown to the users so that the self-enrollment URL will also change and unknown to them


    Technical support can also be reached via chat or phone for a more interactive support session.
    * US – 1 (800) 546-5750
    * United Kingdom – 1 (800) 085-3140
    * India – 1 (800) 400-7016
    * New Zealand – 1 (050) 861-7047
    * Australia – 1 (800) 713-826
    * International – +1 (919) 864-3650
    Product Support Details for IBM MaaS360 -- https://www.ibm.com/support/pages/node/6445463

    ------------------------------
    ETHAN
    ------------------------------

    Original Message


  • 3.  RE: Disable Personal device enrollment

    Posted Mon June 06, 2022 04:20 AM
    Hi Avi

    Another response has been given here but which may impact your DEP/KME enrollments. Here are your options: 

    1. Change authentication type to passcode (users cannot use known user credentials to enroll). 
    https://www.ibm.com/docs/en/maas360?topic=portal-configuring-directory-enrollment-settings-in-maas360
    However as this will impact your DEP and KME enrollments it is not recommended. 
    https://www.ibm.com/docs/en/maas360?topic=ios-enrolling-your-device-dep-using-passcode
    https://www.ibm.com/docs/en/maas360?topic=ekdimp-creating-device-owner-do-enrollment-configuration-in-maas360-portal

    2. Change your Corp ID for your self-enrollment to a value that users will not be familiar with (as per post from previous user). 
    You can either switch back to your account ID (visible on the bottom of the page when logged into admin console) or a different corp identifier. 
    This should be changed once and once only to prevent issues with enrollment. 
    However if you do this the enrollments for DEP and KME/AZT should be reviewed to make sure the configuration is updated with the new identifier. 
    https://www.ibm.com/docs/en/maas360?topic=portal-configuring-directory-enrollment-settings-in-maas360

    Just on the general subject of enrollment, I assume you have migrated to Android Enterprise management already. 
    If not you can get started using these 2 links:
    https://www.ibm.com/docs/en/maas360?topic=android-enterprise-enrollment
    https://www.securitylearningacademy.com/enrol/index.php?id=6066

    Best of luck!

    ------------------------------
    Eamonn O'Mahony
    Technical Client Success Manager
    IBM Security
    Dublin, Ireland
    ------------------------------

    Original Message


  • 4.  RE: Disable Personal device enrollment

    Posted Mon June 06, 2022 06:43 PM
    Hi Avi,

    To add, supposed you have PO-enrolled devices already and you wanted to remove control, you can:

    1. Look for the devices via 'Advanced Search' and create a device group (see: https://www.ibm.com/docs/en/maas360?topic=portal-creating-device-group-from-advanced-search-results)

    2. Create a Group Based Rules


    Let me know which direction you would take and if this helped.

    ------------------------------
    ETHAN
    ------------------------------

    Original Message