Device Enrollment
Mobile devices can be managed via ESET PROTECT On-Prem and an ESET security product running on the mobile device. To start managing mobile devices, you need to enroll them in ESET PROTECT On-Prem (it is no longer necessary to type IMEI or other identification numbers into the mobile device).
The diagram below illustrates how a Mobile Device communicates with Mobile Device Connector during the enrollment process:
This diagram explains when enrollment, re-enrollment and unenrollment can be used and explains the difference between managed and unmanaged devices.
•Enrollment: Enrollment can only be used when the device is not managed by MDM. In this case, the device does not exist in the Computers section. Deleting a device from the Web Console does not make it unmanaged and the device will appear in the Web Console after a successful replication. Only the unenrollment process can remove a device from managed status. Each enrollment token is unique and one-time-only so it can be used only once. When the token is used, it cannot be used again.
•Re-enrollment: Re-enrollment can only be used if the device is managed. The re-enrollment token is always different from the enrollment token and it can also be used only once.
To re-enroll a device, open the Computers section and select the mobile device you want to re-enroll. Open the Computer menu and select Mobile > Re-enroll.
•Unenrollment: Unenrollment is the correct way to stop managing a device. Unenrollment is performed using a Stop managing Client Task. If the device is not responding, it can take up to 3 days until the device is actually removed. If you want to remove the device just to enroll it again, use re-enrollment instead.
Follow these instructions to perform iOS Device enrollment with the Apple Business Manager (ABM). |
You can enroll mobile devices in the Computers section. Select the Static Group that you want to add mobile devices to, click Add Device > Mobile devices and then select one of the following enrollment methods:
•Android or iOS/iPadOS - There are two enrollment methods:
oSend email - mass enrollment of mobile devices via email. This option is best suited if you need to enroll a large number of mobile devices or if you have existing mobile devices that you do not have physical access to. Using this option requires active participation from the user/owner of the mobile device.
oScan QR code - single mobile device enrollment. You will be able to enroll one mobile device at a time and will need to repeat the same process for each device. We recommend that you use this option only when you have a smaller number of mobile devices to enroll. This option is suitable if you do not want users/mobile device owners to do anything and must perform all enrollment tasks yourself. Also, you can use this option if you have new mobile devices which will be handed over to users when the devices are all set up.
•Android Device Owner (only Android 7 and later) - single mobile device enrollment for Android devices only. You will be able to enroll one mobile device at a time and will need to repeat the same process for each mobile device. This enrollment process is possible only on mobile devices that are new (out-of-the-box) or after wipe/factory reset. This enrollment process will provide elevated management rights to the administrator over the management rights of the mobile device user.