Mobile Device Enrolment – Android

It’s quite normal to want to have access to email & your calendar on the move but what security considerations need to be taken into account to keep your personal data and company data separate?

Enrolling your mobile device means your company has greater visibility of the security settings on your mobile device, and can make sure that company data is handled securely on your device.

It can, for example, ensure that company data on the device is encrypted, that any company data can be wiped remotely if the device is lost or stolen, and that other security measures are in place to protect access to company data and resources.

Once the mobile device management system is switched on, you’ll only be able to access company data on devices which have been enrolled. Your company may also require that you only access this data through approved, managed applications on your device.

This process does not affect any of your personal data or apps already present on the device.

You may be prompted to increase security on your phone as part of the process, this may involve setting a longer, more complex PIN or password on the phone, or encrypting the device.

What information can my company see?

Your company will be able to see this information about your device:

  • Model
  • Serial Number
  • Operating System
  • Device Name
  • Owner
  • Work Apps

Your company will never be able to see this data or information on your device:

  • Call and Web History
  • Location
  • Personal Email and Text Messages
  • Personal Contacts
  • Personal Calendar
  • Camera roll

  • Passwords

    iStock-1133141435

 

How will it work?

After enrolling, you will have a Personal profile and a Work profile on your phone, separating out personal and work apps. Your list of applications will be split along those lines too.

You may find you have the same app installed twice after you enroll, one for personal use, and one for work use.

Picture1-2
Picture2-1

How this appears may vary depending on your device manufacturer. On Samsung devices, for example, the work profile apps may appear under a “Workspace” folder.

Picture3

Enrolling your device

Picture4

To enrol your device you will only require your mobile device.

The first step is to download and install the Intune Company Portal App on your mobile device.

Go to the Google Play Store on your android device.

Search for the Intune Company Portal app

You will need Android 11.0 or later.

Any older phones not running Android 11.0 or higher will not even have the option to enroll displayed.

Tap Install and wait for this to install.

Now the app has installed, tap Open

Picture5

Enrolling your device

 

When the Intune Company Portal App has been opened, tap Sign In

Picture6-1

Enter your email address and password and tap Sign In.

Picture7
Picture8

Begin device registration

Once logged into the application you should be prompted to begin enrolling your mobile device.

Note: If you are not prompted to do this immediately, tap the notification bell in the top right of the screen and then tap Company Access Setup is incomplete to start the process.

Picture9
Picture10

You will see  screen similar to the one below

Picture11

Tap BEGIN to start the process.

You’ll see a screen showing you what permissions your company will have on this device.

Picture12

Tap CONTINUE.

Setup & activate your work profile

The following process may differ depending on your mobile device manufacturer.

 You will see the app begin to set up your work profile

 

Picture17
Picture14

At the next screen tap Accept & Continue.

Picture15

Once the process has finished tap Next.

You will see that your work profile has been successfully created.

Picture16

Tap Continue

Picture17-1
Picture18

The app will then register the device and add the device to the Company Portal before finishing setting up your work profile.

Update device settings

If required, you may now need to change some settings to increase security on your device.

Steps can include – increasing the length or complexity of your mobile device PIN or password, setting a phone start-up PIN, and will depend on the security requirements of your company.


The device restrictions are as follows:

  • Minimum password Length: 6 Numerical Digits
  • Maximum Minutes until screen locks: 10
  • Number of previous passwords to prevent re-use: 10
  • A push Notification and email will be sent if these policies are not matched daily
  • After 14 days if the device is still not compliant no access to work resources will be allowed
Picture19

Tap Continue

On the next screen you will see a list of device settings that need changing.

Picture20

The settings must be changes in order for you to be allowed access to the company resources.

Tap Resolve against the first item in the list.

Picture21

Follow the prompts and instructions to enable features and/or change your device settings to meet the requirements.

When finished, press Continue

 Your device settings will be re-checked

Picture22

If you met all the requirements, you’ll see three green ticks in the Company Portal app.

Tap Done.

Picture23

In conclusion

 

Now you’re setup you can securely access your company information knowing that should anything happen to your device any sensitive data can be remotely removed.