Introduction
In the first blog we covered how to create an Android Enterprise account. In this blog we will cover why devices must be linked Enterprise ID and how to link devices to an Android Enterprise. It’s time for Part Two – Linking devices to an Enterprise.
Part Two – Linking devices to Android Enterprise
In this blog we will cover the following:
- Why must devices be linked to an Android Enterprise ID?
- Android Enterprise Requirements
- Android Enterprise compatible devices
- How to link a device during enrollment
- How to link an already enrolled device
Why must devices be linked to Android Enterprise ID?
When you have created the Android Enterprise account, a Managed Google Play Store is created for your enterprise. In that Play Store, you approve the apps that are allowed in your Enterprise. To access and install apps from that Play Store, your devices need to be linked to that Enterprise ID.
Play Store requires a user to be logged in, to install apps. The idea with Android Enterprise is to install apps from the Enterprise without user interaction. For that reason, a Google Play Store service account is created on the device when it is linked to the Enterprise ID.
Android Enterprise Requirements:
There are some requirements that must be fulfilled to link a device to an Android Enterprise ID:
- Device must be Android Enterprise compatible (Android 9 or newer)
- Device must be enrolled either as Device Owner or Profile Owner
- Android requires a device passcode must be present (minimum length: 4) Android Enterprise key features
Devices used in this blog
- Samsung Galaxy A51 updated to Android 11
- Nokia 3.4 updated to Android 11
Android Enterprise Compatible Devices
The only way to check if a device is compatible is to check Android Enterprise Compatible device directory. According to Androids glossary and specification of Devices, Android 9 and above devices should be compatible with Android Enterprise.
However, according to this newsletter; Samsung officially did not join Android Enterprise until Nov 2020 and only selected Samsung devices running Android 11 and above can be found in the directory.
When checking the directory for the two devices, I used to write this blog, I could find the Nokia 3.4 in the directory, but not the Samsung Galaxy A51 (SM-A515F).
But What if My Device is not in the Directory?
If your device is not in the directory, you can try and see if it works anyway. There are no guaranties, but you can try.
Disclaimer: This is a best effort situation. If the device is not in the directory, it’s not guaranteed to work.
In this example I checked if the Samsung A51 should be Android Enterprise compatible:
Open Configuration Management module and find the device.
On the device to go Inventory->Hardware tab. Check if “Capabilities” -> “Device Android Enterprise Supported” is “true”
In this case the value is true, and the device should be compatible.
Next on the device in Inventory->Hardware, check if “Capabilities” -> “Security” -> “Passcode is Present” is “true”
In this case the value is true, and the device should be compatible.
If those two items report back both values are true, it should be possible to link the device to an Android Enterprise.
How to Link a Device to Android Enterprise
A device can be linked to an Enterprise ID in two ways:
During enrollment (Enterprise ID and passcode is added in the enrollment configuration)
Unit command on an already enrolled device
During Enrollment
In CapaInstaller 6.0 a new field, Android Enterprise, was added to the enrollment configuration in the MDM Enrollment payload.
If you want to link a device during enrollment you have to select the Enterprise account and set a default passcode.
The passcode can be changed later manually, or you can link a passcode profile.
Open CapaInstaller Installer Console -> System Administration -> Enrollment Configurations and select the MDM payload.
During the enrollment process, the agent will validate if a device passcode is set and if it is compatible with Android Enterprise.
When all steps have been validated, the enrollment is completed, and the device is linked to the Enterprise ID.
On the details tab on the device in console, you can see the device is linked
On the device, open the Play Store, and check if the service account is created
When the device is linked, you can link and install the approved apps from the managed Play Store. Either in console where you link the app to device or from Play Store on the device.
Linking an already enrolled device
An already enrolled device can be linked to an Android Enterprise as well as a device being enrolled. Remember the requirements for Android Enterprise:
Device must be compatible with Android Enterprise
Device passcode must be present
Device must be enrolled as Device Owner or Profile Owner.
Check the device you want to link if it is already enrolled. Before you try to link the device to the Android Enterprise, check if the device is already linked to an Android Enterprise. If it is not, check if a device passcode is present.
When the 3 requirements have been checked and they are fulfilled, you can send the Android Enterprise unit command to the device to link it to the Android Enterprise. In Configuration Management module on the device, right click and select “Android Enterprise” and then “Link to Enterprise”.
The Link Android Enterprise – CapaInstaller Console appears. Select the Enterprise ID and click OK.
Wait till device has returned hardware inventory
When the Enterprise ID and Account ID is present and the device is linked, apps can be installed from managed Google Play Store.
By Tue Hansen, Technical Support Engineer
Download
Click the button below and download this technical blogpost as a PDF