11.3 Creating a Mobile Enrollment Policy

For devices to be enrolled (registered) in your ZENworks Management Zone, you must create a Mobile Device Enrollment policy and assign it to users who will enroll devices. Mobile Enrollment policy decides which user can enroll devices, what devices the user can enroll, the mode to be used for device enrollment, and the location and naming of the device. Depending on the diversity of needs in your organization, you can create a single Mobile Enrollment policy for all users or you can create multiple policies for users with different needs.

11.3.1 Procedure

  1. On the Getting Started with Mobile Management page, navigate to the Enrollment Policy section, click New Enrollment Policy to display the Create New Policy wizard. Alternatively, from the left hand side navigation pane of ZCC, navigate to Policies > New > Policies.

  2. On the Select Platform page, select Mobile and then click Next.

  3. On the Select Policy Category page, select General Mobile Policies and then click Next.

  4. On the Select Policy Type page, select Mobile Enrollment Policy and then click Next.

  5. On the Define Details page, specify a name for the policy, select the folder in which to place the policy and then click Next.

  6. On the Configure Device Ownership page:

    1. You can enable the Allow the device user to select ownership type option to allow users who are enrolling their devices select the appropriate ownership type of the device.

      Mobile policies enable you to provide two groups of settings, one group that is applied to corporate-owned devices and a second group that is applied to personally-owned devices.

      For example, the Mobile Security policy lets you configure different password, encryption, and lockout settings for corporate-owned devices versus personally-owned devices.

    2. Click Next.

  7. On the Configure Device Management page:

    1. The default settings allow the user to choose the management level (Managed Device or Email Only) during enrollment.

      The device management options are explained below:

      • Yes, allow users to enroll their devices as fully managed devices: Enables users to enroll their devices as a Managed Device only.

        • Do not show option for ActiveSync - only enrollment: Removes the ActiveSync Only (Email Only) enrollment option, forcing devices to enroll as fully managed devices.

      • No, allow users to enroll their devices as ActiveSync -only: Removes the fully managed option, forcing devices to enroll as ActiveSync Only (Email Only) devices.

    2. Click Next.

  8. On the Configure Mobile Enrollment Rules page, note the folder and naming settings for the default All Devices rule in the list, then click Next.

    Enrollment rules determine the enrolling device’s display name and folder placement in ZENworks Control Center.

    The predefined All Devices rule allows all devices to enroll, uses the device model and user’s name for the device name, and places the device in the Mobile Devices folder. If the default rule does not meet your needs, you can modify or remove the All Devices rule and add additional rules as needed. For example, you can create a rule to place all Android devices in one folder and all iOS devices in another.

  9. On the Configure the Un-enrollment Settings page you can configure the un-enrollment settings, which will take effect when users un-enroll their devices from the ZENworks Server or the management zone. Select any one of the following for a corporate-owned device or a personally-owned device and click Next:

    • Retire Device: The device is retained in the zone, however the status is set as retired. When the device is retired, ZENworks does not manage the device anymore, but the device data and history is retained.

    • Delete Device: The device is removed from the zone.

  10. On the Summary page, you can perform the following actions:

    • Create as Sandbox: Creates a Sandbox-only version of the policy. A Sandbox version of a policy enables you to test it on your device before actually deploying it

    • Define Additional Properties: Enables you to edit the default settings configured in the policy.

    Click Finish to complete creating the policy.

NOTE:While editing the policy, you can select Allow Manual Reconciliation by User by navigating to Details > Advanced Setting. This feature allows the end user to manually reconcile their devices to an existing device object during enrollment. For more information, see Allowing Manual Reconciliation by User.

If you change the enrollment policy settings after mobile devices are enrolled to the zone, then the updated enrollment policy settings are not applied to the already enrolled devices. However, if the un-enrollment settings are modified after the user enrolls the device, then only the updated un-enrollment settings are applied to the user’s device. Also, un-enrollment is not applicable for those devices that are enrolled as Email Only (ActiveSync only) devices.