By Max Grue, Consultant & Technical Support Engineer, CapaSystems
CapaOne MDM has now become part of CapaOne. The development department has created an easy-to-use MDM solution that all sizes of companies can use to manage their Android & Apple devices, including configuring devices, installing apps, and managing device security. All of this can be tied to one or more groups, making it easier to mass distribute applications and configurations.
The Android section is based on Google’s Android Enterprise platform, making it compatible with most Android devices.
The CapaOne Apple section is built on MicroMDM which is an abstraction layer to Apple developer API. This allows for: Device enrollment, Configuration management, App management, Security management and device supervision.
You can also integrate Azure to synchronize your users with the CapaOne Portal and link them to a device. If Azure integration is set up, you can use Microsoft Authentication in the enrollment configuration, automatically connecting the user who logs onto the device during enrollment.
CapaOne MDM FAQ
Q: What is a configuration?
A: A configuration can be a password, Bluetooth, or user policy. For example, if you want to make a password policy where the user must use at least six digits, it will look like this:
Q: Can I choose what installation type my applications should be?
A: You can choose between the following for Android:
- Force Installed. It can’t be removed: The IT administrator can only remove the application via CapaOne in the Android section.
- PreInstalled. It can be removed: When you choose “PreInstalled,” the application is installed on the device if the user has not previously deleted the application from the device. If so, the application will be available for download in the Play Store.
- Blocked from installation: This application is blocked from installation. It can also be used for personal configuration, where you block apps.
- Available in-store: The application is available in the Play Store.
- Required for setup: Must be used to set up/enroll the device. If it fails, the device will not be enrolled.
- Automatically installed in KIOSK mode: When this application is installed on the device, it automatically locks in KIOSK mode.
A: You can choose between the following for Apple:
- Removable: If disabled, this app isn’t removable while it’s a managed app.
Available in iOS 14 and later, and tvOS 14 and later.
- Tap to Pay: If enabled, it requires users to use Face ID or a passcode to unlock their device on iPhone after every transaction that requires a customer’s card PIN. If disabled, the user can configure this setting on their device.
- VPP Settings: If enabled, this app uses a VPP license when linked to a device if one is available.
Q: Can I enroll my KNOX, Zero Touch and DEP devices?
A: You can enroll KNOX, Zero Touch, BYOD and DEP devices in CapaOne MDM. CapaOne Android supports Zero-Touch and KNOX Mobile Enrollment (KME) and BYOD devices. That means you can enroll any Android device compatible with either of these platforms in the solution.
BYOD devices for CapaOne Android can be enrolled with a work-profile. This creates a separate container for personally owned devices for work. Data between Private container and Work container is not shared. Users can at any given time remove the work-profile on the device.
CapaOne Apple supports BYOD devices (Un-Supervised) and DEP devices (Supervised).
This is done by creating a DEP certificate for CapaOne Apple which sync devices assigned to CapaOne Apple.
Android – Work profile (BYOD):
Android:
To enroll a KNOX or Zero Touch device in the Android section, you must create an enrollment configuration in the CapaOne Portal. Once you have created the enrollment configuration with the desired settings, choose view, select the KNOX or Zero-Touch tab, and follow the guide.
The solution
Android Device Policy is part of Android Enterprise and is used for the Android section of CapaOne MDM. It allows administrators to enforce security policies, manage device settings, and ensure compliance with organizational rules on Android devices used for work purposes.
Apple BYOD:
To enroll a BYOD to CapaOne MDM, you must create an enrollment configuration in the CapaOne dashboard. Once you have created the enrollment configuration with the desired settings, choose view, select the QR Code and follow the guide.
Apple DEP devices:
You can create a new enrollment configuration with the settings you want to apply to the devices assigned to this DEP enrollment configuration.
e.g.
You can define follow settings for the DEP enrolled devices:
DEP Certificate.
Once you have created a DEP certificate from you https://business.apple.com/ a synchronization of DEP devices assigned to the Apple section of CapaOne MDM will begin.
Link DEP devices to enrollment configuration.
After a sync of DEP devices, you can link them to a DEP configuration of your choice.
Key Features
The Apple section of CapaOne MDM is built on MicroMDM which is an abstraction layer to Apple developer API. This allows for: Device enrollment, Configuration management, App management, Security management and device supervision.
Here are some key features that regards to Android:
- Device Management: Allows IT administrators to manage and monitor Android devices enrolled in the company’s management system. That includes deleting devices and applying security updates, among other things
- Security Policies: Enforces security measures on devices such as setting screen lock requirements, encrypting data, and applying password policies.
- Application Management: Controls app installations and permissions on managed devices to ensure that only approved apps can be installed or used.
- Work Profile: With the introduction of Android Work Profile, users can have a separate secure area on their personal or work devices dedicated to work-related apps and data, ensuring a clear separation between personal and work-related content.
Here are some key features that regards to Apple:
- Device Enrollment: Allows administrators to enroll devices manually or leverage Apple’s Device Enrollment Program (DEP) for streamlined automated enrollment.
- Configuration Management: Create and deploy configuration profiles to enforce security policies, restrict access to features, and manage Wi-Fi, VPN, and other settings.
- App Management: Distribute internal or public apps to devices, control app installations and updates, and potentially revoke app access remotely.
- Security Management: Enforce strong passwords, enable encryption, and remotely wipe devices if necessary.
- Device Supervision: Gain deeper control over supervised devices, allowing features like app blacklisting and data encryption at rest.
How do I get started with CapaOne MDM?
To use CapaOne MDM, you can create a trial account with 30 days to test the product.
If you already have access to the CapaOne Portal, you can go to https://dash.capaone.com/ from here you can choose Android or Apple.
For Android:
You still need to create an Android Enterprise account and link it to CapaOne, this must be done first. Then create an enrollment configuration, after which Enrollment can begin on the company’s Android devices via QR code, Token, KNOX, or Zero-Touch. (The enrollment configuration can subsequently be edited to point to one or more groups, configurations, or applications.)
For Apple:
When you enter the Apple section in the dashboard the first time, you must click on Let’s get started! Button. This will set up a pot for your Apple environment. Afterward, you must create an Apple Push certificate for the devices to communicate with CapaOne Apple.
Next, create the applications and configurations you want and test them on one or more devices to ensure that it works as you wish. Then everything can be linked to a group, after which the group can subsequently be linked to your enrollment configuration.
Conclusion
CapaOne MDM is a comprehensive and powerful MDM solution that can help businesses of all sizes manage their Android devices.
Suppose you’re looking for an MDM solution. In that case, CapaOne MDM is a good choice:
- Easy-to-use: CapaOne MDM is easy to use even for companies with limited IT resources
- Scalability: CapaOne MDM is scaled to meet the needs of businesses of all sizes
- Security: CapaOne MDM is a secure solution that meets the security requirements of businesses in all industries If you’re interested in learning more about CapaOne Android, you can visit