Mobile Device Management

The following diagram demonstrates communication between ESET Remote Administrator components and a mobile device:



Direct upgrade from ESET Mobile Device Connector version 6.1 (all releases) to version 6.5 is not possible. It is necessary to first upgrade MDM from version 6.1 to version 6.4 and then you can upgrade to version 6.5.

In order to take advantage of the Mobile Device Management feature in ESET Remote Administrator, perform the following steps to install, enroll, configure and apply policies.

1.Install Mobile Device Connector (MDC) using the All-In-one installer or perform a component installation for Windows or Linux. Make sure that you have met the prerequisites prior to the installation.


If you are installing MDC using the All-in-one installer,  HTTPS certificates signed by ERA CA are created during the installation process. (this certificate is not visible in Admin > Certificates > Peer Certificates)

To install ERA with the All-in-one installer and use a 3rd party HTTPS certificate, install ESET Remote Administrator first, then change your HTTPS certificate using Policy (in the ESET Remote Administrator mobile Device Connector Policy > General > Change certificate > Custom certificate).

If you are installing the MDC component by itself, you can use :

a) certificate signed by ERA CA (Basic > Product: Mobile Device Connector; Host: Hostname/IP Adress of MDC; Sign > Sign Method: Certification Authority; Certification Authority: ERA Certification Authority)
b) 3rd party HTTPS certificate chain signed by a CA trusted by Apple (list of CA trusted by Apple).

2.Import the HTTPS certificate chain for MDM into the certificate store on the MDM device.

3.Activate ERA MDC using a Product Activation Client Task. The procedure is the same as when activating any ESET security product on a client computer (a license unit will not be used).

4.Run a User Synchronization Server Task (Recommend). This lets you automatically synchronize users with Active Directory or LDAP for the purpose of User Management.


If you are planning to manage Android based devices only (no iOS devices will be managed), skip to step 7.

5.Create an APN/DEP certificate. This certificate is used by ERA MDM for iOS device Enrollment.

validation-status-icon-error WARNING

Certificates that will be added to your enrollment profile must be also added to your DEP profile.

6.Create a new policy for ESET Mobile Device Connector in order to activate APNS.


If you are performing iOS Device enrollment with the Apple Device Enrollment Program (DEP) continue here.

7.Enroll mobile devices using a Device Enrollment task. Configure the task to enroll devices for Android and/or iOS. This can also be done from Computers or Group tab by clicking Add new > Mobile devices while having selected a Static Group (Add new cannot be used in Dynamic Groups).

8.If you have not provided license during Device Enrollment, activate Mobile devices using a Product Activation Client Task - choose an ESET Endpoint Security license. A license unit will be used for each Mobile device.

validation-status-icon-warning IMPORTANT

The Product Activation Task via offline license cannot be run on mobile devices (ESET Endpoint For Android and MDM for iOS).

9.You can edit Users in order to configure Custom attributes and Assign Mobile devices if you've not assigned users during Device Enrollment.

10.Now you can start applying policies and managing mobile devices. For example, Create a Policy for iOS MDM - Exchange ActiveSync Account which will automatically configure your Mail account, Contacts and Calendar on iOS devices. You can also apply restrictions on an iOS device and/or add a Wi-Fi connection.

11. You can use Re-enroll on a mobile device which was corrupted or wiped. Re-enroll link will be sent via email.

12. Stop Managing (Uninstall ERA Agent) task will cancel MDM enrollment of a mobile device and remove it from ERA.