Aerion Training:     Aerion offers AirWatch custom training at your location, online and in our classroom.  

          
    Next classroom trainings: 01/2018 and 02/2018 - Click here for more information.          

Whenever corporations want to take mobility management into usage, one of the key questions should be: How do we get our devices enrolled?

Users will be involved

Already in organizations with only few devices the enrollment process should not be underestimated but especially when more than 100 or 1.000 of devices need to be enrolled, it becomes clear that IT cannot do the enrollment alone, but the actual users of the devices will mostly need to do the enrollment themselves.

 

Platform difference

Each operating system has its’ own ways of how enrollments can be done. While Android and iOS only require the download of an MDM agent from the public app store and ask few questions from users, Windows Phone 8 enrollments turned out to be complex due to the nature of the operating system.

 

AirWatch Discovery Services simplify Windows Phone 8 enrollment

Corporations which utilize AirWatch Discovery Services can provide the simplest enrollment instructions to their Windows Phone 8 users. The only information which users need to input is their e-mail address and their Active Directory password. Any other parameters which are required for the enrollment are delivered by the AirWatch Discovery Services directly to the AirWatch server and do not require any user input.

Update: If you are interested in seeing the enrollment process for Windows Phone 8.1, please have a look at this blog article: MDM enrollment with Windows Phone 8.1

 

Windows Phone 8 enrollment instructions for users

The following is an example of how simple the enrollment instructions for Windows Phone 8 into an AirWatch system with Discovery Services can be.

  1. On your device navigate to > Settings  > “company apps” and click on “add account”.
  2. Provide your corporate e-mail address and your corporate password into the according fields, then click on “sign in”.
  3. Click on “done” in the “ACCOUNT ADDED” confirmation screen.
  4. From your application list open the app “AirWatch MDM Agent” to complete the enrollment and browse the corporate app store.

What happens behind the scenes

To clarify the process of simplified enrollment, some information about background processes and triggers can be found below, together with screenshots of what is happening on the device. It is important to understand that all traffic is enforced through an SSL connection to ensure data security.

What the user doesWhat the system does
1. On your device navigate to > Settings > “company apps” and click on “add account”.
Windows Phone 8 Add Company Account
 
2. Provide your corporate e-mail address and your corporate password into the according fields, then click on “sign in”.
Windows Phone 8 Configure e-mail address and password
The built-in Device Management feature of Windows phone connects to the corporate AirWatch Discovery Services Server, by calling enterpriseenrollment.domain.com (built-in functionality), where the domain is extracted from the users e-mail address. The AirWatch Discovery Server returns the configured AirWatch server URL and group ID which is needed for enrollment.
3. Click on “done” in the “ACCOUNT ADDED” confirmation screen.
Windows Phone 8 Confirmation Screen
The Discovery Server also verifies that a user with the given e-mail address exists in Active Directory and that the password has been provided correctly. If the account has been successfully verified, the device will download the “AirWatch Hub” which is a digitally signed version of the AirWatch agent. As it is signed, it can download and install in the background without prompting the user.
4. From your application list open the app “AirWatch MDM Agent” to complete the enrollment and browse the corporate app store.
Windows Phone 8 AirWatch MDM Agent
Windows Phone 8 AirWatch MDM Agent Enrollment Finalizes
Windows Phone 8 AirWatch MDM Agent Main Screen
When the user opens the MDM Agent, the enrollment is completed and optional prompts can be displayed (device ownership, asset tag, terms of use, etc.).

 

Additional benefits of the AirWatch Hub (internally distributed MDM Agent)

No Microsoft ID / Live ID required during enrollment

As the AirWatch MDM Agent/Hub is automatically downloaded from the AirWatch server, users or administrators do not need to sign-in with a Microsoft ID to fetch the agent from the public app store. This allows for easy testing and switching of users, as the device can be un-enrolled and re-enrolled (for another user) within few minutes.

In comparison, the device must be reset to factory default, if the Microsoft ID needs to be changed (because the user changes or IT wants to test different scenarios), if the device has been enrolled through the public app store.

 

Possibility of policy refresh on demand

The MDM Agent which is downloaded from the public app store will request configuration changes / profiles based on a pre-defined interval. This leads to forced waiting times after a device has been enrolled, before all configured profiles (like e-mail settings) apply to the device.

If the AirWatch Agent is distributed as an internal agent/hub, users can trigger a configuration request whenever needed, directly from the device, by going to > Settings > Company Apps and clicking the "Refresh" icon.


Windows Phone 8 manual configuration request via company apps