Android - Fully Managed Devices

This guide will describe how to enrol organisation owned devices to be fully managed. This method is recommended for new or newly reset company-owned devices.

Fully managed devices grants your organisations the following benefits for devices:

  • Ensure devices and apps meet security standards and are in compliance.
  • Automatic installation of a standard list of applications.
  • Restrict application installation to an-allow list.
  • Forgoes requirements for associated Google accounts.
  • Grants the ability to reset the device passcode and remotely lock the device.
  • Grants the ability to locate the device.
  • Prevents application sideloading.

The following screenshots were generated using a Samsung phone, but the process will be very similar for other models.

Prerequisites

To enrol a device to your company, you will require:

  • A new or newly reset Android device (Version > 8.0)
  • A company Microsoft login.

Enrolling the Device

The following setup can be done by any user in the organisation. The steps may slightly differ depending on the device manufacturer and Android version.

  1. On the initial setup screen, tap the blank space on the screen 5 times to initiate QR code setup.

    Android/Samsung Setup Screen

  2. Scan the QR Code provided to you by Private Universe

    Android QR Code Setup

  3. Connect to your company guest Wi-Fi network if you have one. Otherwise, connect to your staff Wi-Fi.

    Android Wi-Fi setup

  4. Read and accept any prompts regarding the privacy of enrolling the device.

    Android device MDM setup

  5. Accept Chrome Terms of Service and log in to your company Microsoft account as usual, accepting any related prompts. This will register the device under your ogranisation.

    Chrome ToS and MS account sign in

  6. Once signed in, the setup will now automatically install required apps. Wait for the apps to finish installing and then proceed.

    Automatic app installation

  7. Register the device into Intune by signing in to your Microsoft account again. Continue when prompted about the Microsoft Authentication Broker. Proceed accordingly for any prompts.

    Intune registration 1 Intune registration 2

  8. Read and accept the Google permission requirements.

    Google Wizard

  9. Read and Accept Samsung permission requirements

    Android QR Code Setup

    Your device is now enrolled.

User Setup

This set up should be done by the end user.

  1. Set up a screen lock code. This is required to use Microsoft Applications such as Outlook, Word and Teams. Open the Android system settings, navigate to "Lock Screen" and set up PIN under "Screen Lock Type".

  2. Log into the required Microsoft Apps as usual.

Apple - User Enrollment