Lab 7: Preparing for Enrollment and Management

Objective and Tasks

Configure essential enrollment settings to support device enrollment:

  1. Enable Directory Authentication Enrollment
  2. Define Grouping
  3. Define a Terms of Use Policy
  4. Define Privacy Settings

Task 1: Enable Directory Authentication Enrollment

You enable directory authentication to support device enrollment with directory accounts.

  1. Open the Workspace ONE UEM administration console.
    1. On the ControlCenter Windows taskbar, click the Google Chrome icon.
    2. From the bookmarks bar, select Workspace ONE UEM.
      • You can also enter https://techseals.awmdm.com/AirWatch in the address bar to access the console page.
  2. Log in to Workspace ONE UEM.
    • User name: studentadmin{labid}
    • Password: Pa$$w0rd
  3. On the Workspace ONE UEM console menu bar, verify that Student{labid} is selected from the Organization Group drop-down menu.
  4. In the navigation pane on the left, select Groups & Settings > All Settings > Devices & Users > General > Enrollment.
  5. On the Authentication tab, click Override next to Current Setting.
  6. Next to Authentication Modes(s), select the Basic and Directory check boxes.
  7. Next to Source of Authentication for Intelligent Hub, click WORKSPACE ONE UEM.
    1. Note: This should be selected by default. In a later lab we will also showcase authentication with Access.
  8. Click Save.

Task 2: Define Grouping

You define the organization group (OG) assignment mode for enrolling devices.

Grouping permits Workspace ONE UEM to place the devices into the correct OGs based on your configuration.

  1. On the Workspace ONE UEM console menu bar, verify that Student{labid} is selected from the Organization Group drop-down menu.
  2. In the Settings dialog box, select Groups and Settings > All Settings > Devices & Users > General > Enrollment in the navigation pane on the left.
  3. Click the Grouping tab.
  4. Next to Current Setting, click Override.
  5. Next to Group ID Assignment Mode, verify that Default is selected.
  6. Click Save.

Task 3: Define a Terms of Use Policy

In this task, you define the terms of use policy for the devices to be enrolled.

  1. On the Workspace ONE UEM console menu bar, verify that Student{labid} is selected from the Organization Group drop-down menu.
  2. In the Groups and Settings dialog box, select All Settings > Devices & Users  > General > Enrollment in the navigation pane on the left.
  3. Click the Terms of Use tab.
  4. Next to Current Setting, click Override.
  5. Next to Require Enrollment Terms of Use Acceptance, click Enabled and then click Save.
    • When an Enrollment Terms of Use policy is required, all device users must accept the Terms of Use during enrollment. If a Terms of Use policy is not set, the Terms of Use from a parent OG is enforced, if it has one.
  6. Click Add New Enrollment Terms of Use.
  7. Enter Custom Terms of Use in the Name text box.
  8. Review all settings, such as enforcing the policy for specific platforms, device ownership types, and enrollment types.
NOTE
If you exclude the device that you plan to enroll, the Terms of Use are not shown during your enrollment in later lab activities.
  1. (Optional) Click the Select Language drop-down menu to change the language. The default language is English.
  2. In the text editor, enter This is a test terms of use for the Workspace ONE training course and click Save.
  3. Click Save.

Task 4: Define Privacy Settings

When you enroll your device, the Workspace ONE UEM console default is to enroll it as an employee-owned device.

  1. On the Workspace ONE UEM console menu bar, verify that Student{labid} is selected from the Organization Group drop-down menu.
  2. In the Settings dialog box, select Groups and Settings > All Settings > Devices & Users > General > Privacy in the navigation pane on the left.
  3. Next to Current Setting, click Override.
  4. Scroll down to the Applications section.
  5. In the Personal Application row, change the setting for Employee Owned to Collect Do Not Display.
    • By changing this setting to Collect and Display, you can gather user data and make the data visible in the Workspace ONE UEM console
    • By changing this setting to Collect Do Not Display, you can collect user data for use in reports and compliance, but data is not displayed within the Workspace ONE UEM console.
    • By changing this setting to Do Not Collect, you can prevent user data from being shown in both the Workspace ONE UEM console and in generated reports.
NOTE
When you enroll your device, the Workspace ONE UEM console default is to enroll it as a Corporate - Dedicated device. Enrollment results in personal applications being shown in the device details under the Application section. To prevent your personal applications from appearing in the Workspace ONE UEM console, you change the setting to Do Not Collect and click Save.
  1. Click Save.
  2. Enter 1234 if you are asked to enter a security PIN.
  3. Review all remaining privacy settings, including whether the Workspace ONE UEM administrator can remotely erase a device (factory wipe), remote control a device based on ownership, display user information, and so on.
  4. Close the Settings dialog box.

0 Comments

Add your comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.