A MDM Onboarding Appendix

Oracle Enterprise Communications Platform (Oracle ECP) supports automated MDM enrollment for managed devices. Each supported platform uses a unique procedure for getting the MDM client software on the device. This appendix provides guidance for each supported platform.

Supported platforms include:

For a device to be completely added to Oracle ECP and MDM managed, it needs to be onboarded to both the MDM platform and Oracle ECP. Oracle ECP then aims to provide a "single pane of glass" for MDM and other management functions. GIU users will not need to interact with Oracle ECP Administrators to onboard their devices, regardless of platform.

The following is an overview of the order of events for each platform:
  • Android:
    1. The Device is onboarded to Oracle ECP - See Onboard Cloud Connectors Manually
    2. Oracle ECP generates a QR code - See Onboarding Request Details Overview
    3. The device scans the QR code which enrolls it in the MDM platform
  • iOS/iPhone:
    1. The device is registered in Apple Business Manager (ABM), and assigned to an MDM platform instance
    2. The device is powered up and enrolled in the MDM platform
    3. The device is onboarded to Oracle ECP - See Onboard Cloud Connectors Manually
  • Windows:
    1. The Microsoft Windows computer is onboarded to Oracle ECP as a Device - See Onboard Windows Devices for MDM Platform.
    2. Oracle ECP generates MDM login credentials for users to manually enroll devices.
    3. The user sets up the Windows machine using the provided MDM credentials.

      Note:

      For onboarding requests with multiple devices, you can download a single CSV containing all of the login credentials using the Download Report button on the Request Details page.

Identify iOS Devices in ABM for MDM Enrollment

Oracle Enterprise Communications Platform (Oracle ECP) lets users onboard iOS devices in MDM supervised mode in order to view and track device attributes from the ECP Cloud UI. An Apple Business Manager (ABM) account holder aids in setting the devices to begin the automated enrollment process.

Before You Begin
  • MDM-managed iOS devices use the Ivanti Neurons for Mobile Device Management Solution. You communicate with your device reseller to provide the Device Enrollment Program ID your organization uses while procuring equipment. The reseller must specify the Device Enrollment Program ID in the reseller portal before your fleet of iOS devices can be associated with your organization and prepared for MDM enrollment.
  • Complete the iOS MDM Certificate registration between your ABM account and your Ivanti Neurons account. When successful, Ivanti Neurons will appear as an MDM Server in your ABM Console.
  1. Contact your iPhone reseller to provide the Device Enrollment Program ID and the list of iOS devices you are enrolling. The device list must include the following information for each iOS device you want to use with MDM:
    • Device type as iPhone or iPad
    • IMEI1 and IMEI2 (when applicable)
    • Serial Number of the device
    • Model of the Device
  2. After your reseller has registered your devices, Set each device in the ABM console to use Ivanti Neurons as its MDM server.
Proceed to set up each phone as outlined in Complete iOS Device Enrollment in MDM.

Complete iOS Device Enrollment in MDM

After iOS devices are registered with Apple Business Manager, and set for automated MDM enrollment, you have to complete the process on each iPhone to be MDM managed. When they are turned on for the first time, automated enrollment in MDM begins after a brief set-up procedure.

Before you Begin:
  • The iPhone reseller has confirmed the enrollment of this device in reseller portal.
  • The iPhone is properly assigned to the correct MDM server in ABM.
  • The iOS device has been turned on and is connected to WiFi.
  1. Select the iOS device's target language as English.
    Set Language screen
  2. Select the Country or Region where this iOS device is used.
    Set Region screen
  3. Tap Continue on the Appearance screen.
    Set Appearance screen
    The Quick Start screen will display. Tap Set Up Without Another Device and the phone will proceed to the next step.Quick Start screen
  4. Tap Continue on the Written and Spoken Languages screen after the appropriate selections are made.
    Written and Spoken Languages screen
    The iOS device will take a few minutes to activate.screen that follows the Written and Spoken Languages screen
  5. Tap Enroll this iPhone when the Remote Management screen displays
    Remote Management screen
    The Configuring iPhone screen will indicate progress.Configuring iPhone screen will display
  6. Tap Continue on the Emergency SOS screen.
    Emergency SOS screen
    The iPhone will complete setup and present the home screen.iPhone Home Screen
You may now onboard this device to ECP.

Onboard Android Devices to the MDM platform

Oracle Enterprise Communications Platform (Oracle ECP) generates a QR Code after you onboard Android MDM-enabled devices to Oracle ECP. The QR code supports an enrollment profile to register devices on the Ivanti Neurons for Mobile Device Management (MDM).

Users receive a QR code generated from Oracle ECP at the conclusion of the onboarding process for that device. The QR code is available from the Onboarding Requests Details page for a device to be MDM managed. Go to the Actions > Download QR Code on this page.
Android devices must be onboarded to Oracle ECP and you must obtain the QR code referenced in the Onboarding Request Details Page topic. You will need to provide the QR code and setup instructions to device owners.
  1. Turn on the device. On the Welcome screen, tap 6 times to activate the scanner.
  2. Scan the QR code.
  3. Ensure internet access over Wi-Fi or through cellular connectivity.
  4. At the This device belongs to your organization screen, click Next.
  5. On the Set up your phone screen, accept the prompt for installing the Ivanti Go application, respond to the prompts, and confirm that the installation is successful.
  6. Accept the terms and conditions that apply for the device. For example, for a Samsung device, you may also need to choose Activate Samsung Knox Standard to allow the device to be confirmed and managed remotely. Each device type operates uniquely.
  7. Access the device home and begin using your Android mobile device.
After clicking Refresh MDM Data from an individual device's Action menu, you can confirm the Android device is MDM-managed by observing the MDM tab populated with data.

Onboard Windows Devices for MDM Platform

Using your unique MDM login credentials, you can complete onboarding a Windows device into Ivanti Neurons for MDM.

Prerequisites:
  • You must have a clean installation of Microsoft Windows
    • MDM must be enabled for this device on Oracle Enterprise Communications Platform Oracle ECP
    • The device OS type must be set to Windows
  • Windows devices must be onboarded to Oracle ECP and you must obtain the unique credentials from the Onboarding Request Details Page page.
  1. Within Oracle ECP, obtain your unique enrollment credentials by navigating to the Oracle ECP onboarding Request Details page, selecting your Windows device from the list, and selecting View Enrollment Details.
    A drawer opens with the MDM credentials, the PIN Expiration date, and a direct link to enroll the device.
  2. Within your Windows device, select the enrollment link or copy and paste the link into a new browser window.
    The Settings, Accounts, Setup a Work or School Account page displays.
  3. Select Enroll only in device management.
    A window displays with the Username and Server Name fields prepopulated.
  4. UserName—The Enrollment User username you obtained from Oracle ECP Enrollment Details.
  5. MDM Server URL—Enter the server URL (login.mobileiron.com) and click Next.
    This launches the Ivanti Neurons login page.
  6. Complete enrollment by entering the PIN when the sign-in page displays with your username pre-filled.
  7. Optionally, you can verify that the device is connected by checking for an Ivanti account link on your Windows device under Settings, Accounts, Access Work or School.