Mobile Device Management

FAQs - Mobile Device Management

When your company uses dozens of mobile terminals, implementing a mobile device management system (MDM) is almost a must. With MDM, you will have an inventory of the terminals in terms of their comprehensive records (location, information about hardware and software components). You will be able to quickly and easily set up the devices, reconfigure them for use in different locations, etc. You will be able to provide mobile users with an instant helpdesk.

However, the remote management system will also be advantageous for smaller installations, especially if the mobile devices are running "thick client" software that requires frequent updates. The system allows you to upload software to devices remotely without having to collect it in one place, which can sometimes be a problem, especially for mobile devices used in the field. This can make the work of more than just IT staff very easy and efficient.

Mobile device management systems can also monitor device resource usage, such as memory, battery or Wi-Fi adapter status, remotely access logs, etc.

Ivanti Avalanche can be recommended especially in situations where the customer uses a Microsoft Windows CE/Windows Mobile device and uses one of Ivanti Wavelink's client programs as an end application: terminal emulation (TelnetCE)VelocityCE or Wavelink Industrial Browser. It is the interoperability with Ivanti Wavelink products that makes the deployment of Avalanche attractive in terms of easier implementation and subsequent operation of such an ecosystem.

In other cases, especially for managing Android OS devices, it is more practical to use Soti MobiControl (on-premise or cloud) or 42Gears SureMDM (cloud).

Ivanti Avalanche lze doporučit zejména v situacích, kdy zákazník používá zařízení s Microsoft Windows CE/Windows Mobile a jako koncovou aplikaci využívá některý z klientských programů od společnosti Ivanti Wavelink: terminálovou emulaci (TelnetCE), VelocityCE nebo Wavelink Industrial Browser. Právě provázanost s produkty Ivanti Wavelink hovoří pro nasazení Avalanche, a to z hlediska jednodušší implementace a pak i následného provozu takového ekosystému.

V ostatních případech, zejména pro správu zařízení s Android OS je praktičtější použití Soti MobiControl (on-premise nebo cloud) nebo 42Gears SureMDM (cloud).

Soti MobiControl has no default password. When installing the system, MobiControl prompts for the password for the user "Administrator". So use Username=Administrator and the password entered during system installation.

If you enter the password incorrectly more than once and you have set a maximum number of attempts to enter it, the user account will be locked. If you lock all accounts in MobiControl in this way, contact Soti Support to unlock them.

Work Profile means that on an Android Enterprise-enabled device, the user's private apps and data are separated from work apps and data. Only the user of the device is able to manipulate private data, just as the user installs their private apps from their private Google Play store, while the work profile is managed by Soti MC and apps and data can be installed there automatically by the EMM system according to its setup.

The Work Profile can be created on the device at any time after the user's private Google account has already been set up.

At the moment of creating a work profile, some icons on the mobile device are "duplicated" and can be found in both the private and work profile (Contacts, Chrome, Files, etc.). Apps in the work profile are marked with a briefcase symbol.

Work Profile is used in a Bring Your Own Device (BYOD) scenario - users use their private devices for both personal and work purposes.

A Work Managed Device, on the other hand, is a device (supporting Android Enterprise) that is fully managed by the Soti MobiControl enterprise system and the user is not allowed to access their private data or applications on it. In other words, this device is not tied to the user's private Google account. A Work Managed Device can only be created from a device that is in factory settings. As part of the initial wizard, the Android operating system is made aware that the device is to be managed by the MDM system. This can be done, for example, by using the "Soti Stage Programmer" application or by entering the string afw#mobicontrol in the email address input field of the initial wizard.

Work Managed Device is typically used in the following mobile deployment scenarios:

  • Corporate Owned, Business Only (COBO) - Employer-owned device for business use only.
  • Corporate Owned, Single Use (COSU) - Employer-owned, single-purpose devices, typically barcode scanners in warehouses for inventory.

In the Soti MobiControl web console:

  • Prepare an Enrollment Policy linked to your Managed Google Play work account:

Soti Enrollment Policy

On a GMS-enabled mobile device:

  • Make sure your device can access Google services through your private Google account.
  • Search for "Soti MobiControl Agent" in Google Play and install it:
    Downloading Soti agent from Google Play 
  • Start the MobiControl agent and enter the Enrollment ID or the URL of the MobiControl server:
    Entering Soti Enrollment ID
  • The agent is installed, prompting several confirmations from the user (the images are from the Samsung phone setup):
    Work Profile setup on a Samsung device Work Profile setup on a Samsung device
  • After registration, it is recommended to uninstall the MobiControl agent from your private profile (icon without the work bag):
    Uninstalling MobiControl agent from the private profile
  • In the work profile, tap the MobiControl icon (with the work bag), assign all requested permissions to the agent one by one, and verify that it is connected:
    Enrolled Samsung device Soti Agent permissions Soti agent connected
  • If an "Apps Policy" with installation of apps from corporate Google Play is included and the device has been enrolled with an Enrollment Policy referencing this Managed Google Account, apps marked as Mandatory will be automatically installed.
  • If you "Un-enroll" the device, the work profile is deleted, i.e. the content (apps, settings and data) installed via Soti MobiControl is wiped.

In Soti MC web console:

  • Prepare an Enrollment Policy.
  • Use the "Download agent" and "INI File" of this policy to download the mcsetup.ini file.

In Zebra StageNow on PC:

  • Create a StageNow XpertConfig profile that contains the following components and settings:
    • Wi-Fi - optional: setup of Wi-Fi or other network connectivity.
    • FileMgr: Transfer of the mcsetup.ini file to the root of the internal storage location (/sdcard). The mcsetup.ini file will ensure that the mobile device will be connected to your specific MobiControl server.
    • FileMgr: Transfer of apk file with Soti agent installation. You can download this file from the Soti web site. For Zebra devices with Android 8.1 and above, select from the "Android Enterprise Agent" section, for older Android versions from the "Android - OEM Specific Agent and Plugins" section.
    • AppMgr: Install Soti agent .apk.
    • IntentMgr: Using the "Enroll Device Owner" option, ensure that the Soti agent is assigned as the device owner.
      Package Name = net.soti.mobicontrol.androidwork, Class Name = net.soti.mobicontrol.admin.DeviceAdminAdapter
      For Android+ (i.e. typically Android 7 or lower): Package Name = net.soti.mobicontrol.motorola, Class Name = net.soti.mobicontrol.admin.DeviceAdminAdapter.
    • IntentMgr - optional: launch Soti agent
      For Android Enterprise (i.e. typically Android 8.1): Package Name = net.soti.mobicontrol.androidwork, Class Name = net.soti.mobicontrol.startup.SplashActivity
      For Android+ (i.e. typically Android 7 or lower): Package Name = net.soti.mobicontrol.motorola, Class Name = net.soti.mobicontrol.startup.SplashActivity
  • Generate barcodes for the created StageNow profile.

On Zebra mobile device:

  • Reset the device to factory defaults.
  • If network connectivity is not part of your StageNow profile, set it manually..
  • Apply the StageNow profile for Soti enrollment:
    soti zebra enrollment 01
  • If the file transfer and installation of the Soti agent has been successful and the StageNow profile includes an automatic start of the agent, the device will be automatically enrolled to Soti MobiControl based on the information in the mcsetup.ini file:
    soti zebra enrollment 02
  • MobiControl starts applying Soti profiles. For example, in the picture below, a kiosk mode profile (Lockdown) is applied, where the normal user is only able to run two allowed applications:
    soti zebra enrollment 03

The Soti MDM plugin, which you can download here in the Android Enterprise Agent and Plugins section, is designed for mobile devices with the Soti Android Enterprise agent installed and managed as a "Work Managed Device". It gives administrators access to full Remote Control (without the MDM plugin, only Remote View is available). The plugin can be installed as a .pcg package and Soti profile, or you can use the MobiControl 14.4+ feature to install it using Device Actions.

On the Soti MC web console:

  • Prepare an Enrollment policy that can optionally link to a Managed Enterprise Account (free, allows you to publish apps from Google Play or private apps for installation on mobile devices):
    Enrollment policy to enroll a fully managed Android device to Soti MobiControl

On a GMS-enabled mobile device:

  • If a Google account is configured on your device, remove it.
  • Reset the device to factory defaults.
  • Select your language in the Startup Wizard, and connect to a Wi-Fi network with an internet connection if you don't connect via mobile data:
    soti ae enrollment wmd agent install 01 soti ae enrollment wmd agent install 02
  • Select "Set up as new device".
  • Type afw#mobicontrol in the "Email or phone" field and press Next:
    soti ae enrollment wmd agent install 03
  • After installing the MobiControl agent, enter the Enrollment ID or server address corresponding to your enrollment policy:
    soti ae enrollment wmd agent install 04
  • Agree to use MobiControl:
    soti ae enrollment wmd agent install 06
  • Confirm that the device is not private and enable Google services (no diagnostic data needs to be sent):
    soti ae enrollment wmd agent install 06 soti ae enrollment wmd agent install 07
  • If the registration is successful, the agent connects to the MobiControl Deployment server and starts applying Soti profiles and policies:
    soti ae enrollment wmd agent install 08
  • If the "Apps Policy" with installation of apps from corporate Google Play is in place and the device has been enrolled using a policy with a reference to this Managed Google Account, apps marked as Mandatory will be installed automatically:
    soti ae enrollment wmd agent install 09
  • The icons displayed on your mobile device only contain the basic set of apps (Chrome, Contacts, Settings, Files, Phone). If you need to display system apps, you can use the (legacy) Soti script command enable_system_app, e.g. enable_system_app com.zebra.devicemanager:
    soti ae enrollment wmd agent install 10
  • If you "Un-enroll" the device, the content (apps, settings, data) installed via Soti MobiControl will be removed and the device will be ready for a new enrollment.