[MUSIC PLAYING] Hi. My name is James Rico. I'm a Sales Engineer with Quest Software. I work with the KACE line of products.
So as an admin, you have many types of devices. You have mobile devices to manage today. Some are company-owned. Some are personal-owned. And the question becomes, how can you effectively manage those endpoints? And to be able to manage them, you have to be able to initially connect to them. So today, we're going to talk about the different enrollment methods for mobile devices as it pertains to our KACE Cloud MDM.
So there's really two main distinctions between the types of management you'll do against mobile devices. There's BYOD, or bring your own device, and there's company-owned. That's really the main dividing line between the two. You also may hear the terms supervised versus non-supervised out there.
But basically, it means if it's a BYOD device, it's typically non-supervised. And company-owned devices are typically supervised. So you can think of it as a spectrum of controls. So you have the least amount of control with a personal-owned device. And you have the most amount of control with a company-owned device.
So let's talk about Android device management. So there's a number of styles of management for Android devices. First we're going to talk about the work profile. This is typically for the bring your own device mode of management.
And what's going to happen is, when you enroll that device, the customer's already probably-- the end user's already using the device. But you want to be able to have some control or management to be able to secure your company's data and give the user access to the tools they need to do their job.
So they'll typically click on an enrollment URL and then walk through. And we'll put a profile on that endpoint. So they'll have a link. They'll enter their work email. They'll enter their passcode. And they'll accept the terms and conditions. And a profile will be installed on the device.
There's also another type of enrollment for Android called COPE, or Company-Owned Personally Enabled device. And what that is, it's a device, it's company owned. But it gives the user enough freedom of choice on the device that they can use it as a personal device also. So your company buys the device. It has enough controls around security, application and configuration management, but also leaves it open for the user where they can manage that device on their own to use for their personal business.
Then the next one we have is a fully managed device. So similar to COPE, it is a company-owned device, but it's fully managed. So that means anything and everything an admin wouldn't want to log down on that, you could. You might use that for something like a device that's in kiosk mode or like a handheld scanner that's based on Android where you want full control over that endpoint and how it acts. It's geared for enterprise.
And then there's Android Zero Touch, so that is a method of enrolling Android devices where you buy your phones through a partner that's registered for Zero Touch. And they have a specific set of devices that meet the Zero Touch requirement.
So from that, you can buy your phones from a reseller. They can be directly shipped to an end user. The end user can log in and start using that device. And that profile and all the things you can figure will automatically drop on that endpoint, allowing it to be managing it going forward. So that's the options for enrollment around Android.
Let's next talk about our iOS and Apple devices. So for Apple, there's a couple ways to get a device enrolled. There's Apple Device Enrollment Program. And so you would use that in conjunction with Apple School Manager or Apple Business Manager. And basically, when you buy a device, the serial number is linked to that account. There's also a method for uploading an existing device's serial numbers into Apple Business Manager to use with DEP. But it's the same type scenario as Android Zero Touch, but it's for Apple devices.
So you could ship somebody a device. It's going to be in a factory reset state. So they would connect to a network, authenticate. And you would configure what they would authenticate against. So again, usually it's a company email, password. And you would have built a DEP enrollment profile that determines kind of the out-of-box experience for an Apple or iOS device.
So the user would go through all that. And again, at that time, the device is fully managed with KACE Cloud MDM.
Kind of the second method of doing that is for devices that are already in use. You have the same capability as a BYOD device. So you can send somebody a link. They can click on the link. They can authenticate. And a profile will drop on that device as well as any of the configurations or applications you configure.
Apple, iOS devices, Apple TV, those are all things you can configure and manage, either a manual enrollment or a Zero Touch-type enrollment, which Apple calls DEP.
Next we'll take a look at Windows and how that is handled. So Windows device enrollment, there's a couple of methods to do that. One is, if you have Azure AD and have access to AutoPilot, you can configure AutoPilot to redirect any Windows device that's Windows 10 or Windows 11 to be managed by KACE.
So you would upload the serial numbers for those devices in your Microsoft account. When a user gets a device, again, they'll connect to the network. And they'll be prompted to authenticate. And any of the things you configured in KACE Cloud MDM for your Windows device would get applied to that endpoint. And you'd be managing it from the get-go.
And a second way to do that is a manual style enrollment for the Windows device, similar to BYOD. So you can send the user a link. Again, they can click it. They can authenticate. And then you'll be managing that endpoint.
There's also another method to do that. So in Windows, if you go to the Users tab and select Add a Work or School account, and the user enters the same account you set up in KACE Cloud MDM, so it's typically, again, their work account, and they authenticate with that, then we're also going to put that device under management. So there's kind of two ways to enroll a Windows device manually. And then you can use AutoPilot for a Zero Touch-type enrollment for the endpoint.
So next we'll take a look at a demonstration. We've got some machines set up. We'll go through the enrollment process and take a look at that. And we'll be right back and get started with that. First we'll take a look at enrolling an iPad into KACE Cloud MDM.
So we'll open up Safari. And then the user is going to be prompted to enter their work email account and passcode, which we'll be doing next. And this ensures that they enroll the devices with the correct account, so not any password is going to work connecting into KACE Cloud MDM. It has to be one that you've already set up with single sign-on so it's going to pull in their work email account and then authenticate against your identity provider, be that Office 365 or One Identity or Okta or something like that.
So you'll have enabled single sign-on as part of the setup process. Any device that's enrolled in KACE Cloud MDM will then leverage that authentication mechanism to validate a user as who is allowed to get their device enrolled. That can also be used to put people in different groups for different policies that you may have set up.
So once we get authenticated here with our passcode, it asks us if we want to stay signed in. We'll go past that. And we're going to click on enroll device. And we want to allow that action. The profile is going to download.
And so what you'll do is click Profile Download. You have to click Install. The user has to enter their passcode. And they'll be prompted to install the profile. And this, again, if I didn't mention it earlier is, a BYOD-style enrollment for an iPad.
So right now, the profile's being downloaded and loaded on the endpoint. And we have to click Trust. And so now that device is enrolled in KACE Cloud MDM.
Next we'll look at a Windows device. That'll be coming right up. So we've got this set up for AutoPilot. So we took a Windows device, uploaded serial number into Azure AD. It's connected and redirected to KACE. Again, we saw the screen just a second ago had the KACE logo.
I entered the correct work account and passcode. And we start enrolling the device. So any time this device is factory reset, it's going to come back around to the same enrollment setup. So they'll have to authenticate against KACE Cloud MDM, which again, is leveraging your identity provider. So you can see up here, it says this KACE logo help us protect your account.
I have two-factor set up, so it's prompting me on my two-factor authentication app on my phone to authenticate. And now the enrollment process is proceeding. And we're dropping that profile on the Windows device.
And it's just going to go through its kind of standard set up as an out-of-box experience, with the key point being leveraged. It's already hooked into our mobile device management solution. So any of the things that we've built out policy-wise and attached to in Windows 10 policy would apply to this device. And once it comes back around, if you had an application set up, configurations, policies, or profiles, any of those things that are set up for your Windows 10 device would apply to that endpoint.
And there's terms of use. Again, you could edit and update that information. It gets shown to the user. Be prompted to accept that. And now the device is going into its set up here.
So it takes a few moments. The benefit of this is, hey, somebody's working from home. You order new laptops. The vendor can upload those into Azure AD on your behalf, which is linked to KACE Cloud MDM. So you can leverage AutoPilot to automatically enroll your devices.
If it's a MacBook, you'd have something similar. But it's called DEP. So for iOS and Mac OS, if it's a company-owned device, it would be a DEP enrollment. So it'd be a similar process, just a little bit different, but basically the same kind of, you define the out-of-box experience. And then after that, what happens to that device and what gets dropped down on it? And we're just about to come around here. So we'll go in and stop the video here at this point.
I'd like to thank you for your time today. And if you guys are interested in more information, feel free to click on the link on the screen or scan the QR code. There's a free 14-day trial that you can sign up for. And it's automatically provisioned for you if you go through that process. and also, there's some links for us to contact you. So if you're on that page and want to talk to me about KACE Cloud MDM, we're happy to help. Thank you.
[MUSIC PLAYING]