Android Work Managed Device mode gives Workspace ONE UEM control of the entire device. Using a factory reset device helps ensure that devices are not set up for personal use.

There are several ways to enroll Work Managed devices:

  • Using AirWatch Relay to perform an NFC bump
  • Using an unique identifier or token code
  • Scanning a QR code
  • Using Zero Touch enrollment

Your business requirements determine which enrollment methods you want to use. You cannot enroll devices until you have completed Android EMM Registration. See Android EMM Registration to complete registration.

If the Android devices you are using are on a closed network, unable to communicate with Google Play, or are running Android 5.0 or lower, then enroll Android using the Legacy enrollment method in the VMware AirWatch Android (Legacy) Platform Guide.

Enrollment Settings

The Android EMM Registration page lets you configure the various options for integrating with Android. This page uses a wizard to help you set up the integration for devices. Enable these settings before beginning enrollment. For more information on enrollment settings, see Devices & Users / Android / Android EMM Registration.

AirWatch Relay

AirWatch Relay is an application that passes information from parent devices to all child devices being enrolled into Workspace ONE UEM with Android. This process is done through and NFC bump and provisions child devices to:

  • Connect to the parent device to Wi-Fi network and region settings including the device date, time, and location.
  • Download the latest production version of AirWatch Agent for Android.
  • Silently set the AirWatch Agent as device administrator.
  • Automatically enroll into Workspace ONE UEM.

AirWatch Relay allows you to bulk enroll all child devices before deploying them to end users and eliminates end users from having to enroll their own devices. All child devices must be in factory reset mode and have NFC enabled by default to be enrolled as Work Managed Device for Android.

The NFC bump process depends on the Android OS. Devices running Android 6.0+ perform one bump to connect and enroll child devices in one step. Devices running Android OS versions between v5.0 and v6.0 perform two NFC bumps. The first bump is to connect the parent device to Wi-Fi network and region settings including the device date, time, and location and download the AirWatch Agent. The second NFC bump is to enroll all child devices before deploying them to end users.

For AirWatch Relay enrollment, see Provisioning Work Managed Device mode Enrollment.

AirWatch Identifier

The AirWatch Identifier enrollment method is a simplified approach to enrolling Work Managed devices for Android 6.0+ devices. Enter a simple identifier, or hash value, on a factory reset device. After the identifier is entered, the enrollment is automated pushing down the AirWatch Agent. The user only has to enter server details, user name, and password. For AirWatch Identifier enrollment, see Enrolling Work Managed Devices Using AirWatch Identifier.

With the identifier, you can also enroll on behalf of the end user by doing Single-User Device Staging. This method is useful for administrators who set up multiple devices for an entire team or single members of a team. Such a method saves the end users the time and effort of enrolling their own devices.

For more information on Single-User Device Staging, see Stage a Single-User Device.

QR Code

Devices such as tablets do not support NFC, so these devices cannot use the AirWatch Relay enrollment method which requires NFC bump for Android 7.0+ devices.

QR code provisioning is an easy way to enroll a fleet of devices that do not support NFC and the NFC bump. The QR code contains a payload of key-value pairs with all the information that is needed for the device to be enrolled. QR Code enrollment does not require a managed Google domain or a Google account. Create the QR code before starting enrollment. You can use any online QR Code generator, such as Web Toolkit Online, to create your unique QR code. The QR code includes the Server URL and Group ID information. You can also include the user name and password or the user has to enter their credentials.

Here is the format of the text to paste into the generator:

{

"android.app.extra.PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME":

"com.airwatch.androidagent/com.airwatch.agent.DeviceAdministratorReceiver",

 

"android.app.extra.PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM":

"6kyqxDOjgS30jvQuzh4uvHPk-0bmAD-1QU7vtW7i_o8=\n",

 

"android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION":

"https://awagent.com/mobileenrollment/airwatchagent.apk",

"android.app.extra.PROVISIONING_SKIP_ENCRYPTION": false,

"android.app.extra.PROVISIONING_WIFI_SSID": "Your_SSID",

"android.app.extra.PROVISIONING_WIFI_PASSWORD": "Password",

"android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE": {

"serverurl": "Server URL",

"gid": "Group ID",

"un":"Username",

"pw":"Password"

}

}

For QR Code enrollment, see Enroll Work Managed Device Mode Using a QR Code.

Zero Touch Enrollment

Zero Touch enrollment allows for Android 8.0+ devices to be configured with Workspace ONE UEM as the enterprise mobility management provider out the box.

When the device is connected to the Internet during the device setup, the AirWatch Agent is automatically downloaded and enrollment details are automatically passed to enroll the device with no user interaction.

Prerequisites

Zero Touch enrollment is only supported by a limited number of mobile carriers and OEMs. Customers need to work with their carrier to ensure that zero touch provisioning is supported. Learn more about supported carriers and devices on the Google website.

For Zero Touch enrollment steps, see Enroll Work Managed Device Using Zero Touch

Note:

Zero Touch enrollment is only supported on Android 8.0 (Oreo) devices.