Android 11 and MDM support

More than 60% of mobile devices in Denmark is powered by Android operating system. A large part of the Android devices can be administrated. Device administration is vital for our customers to ensure the user experience, as well as ensuring the accurate security level.

Using the latest Android version, customers can experience challenges enrolling devices to their MDM-service. The impact will increase as the number of devices using the new Android grows.

We want to ensure our customers are prepared to make the right decisions in this area. This blog post will give you an overview how our customer’s MDM-environments will be affected.

We have analyzed the issue and performed 40 tests of different enrollment scenarios across the leading MDM products on the market. The conclusion is the MDM products supports the user scenarios with different levels of success.

This blog post is to give you the overview on which Android 11 enrollment scenario your MDM-solution supports.

The MDM vendors are continuously developing their products. In accordance with the progress, we will update this blog with the status on support of the enrollment scenarios.

There are 11 different scenarios, on which an Android device can enroll. We have analyzed all of them. The outcome we have displayed in the table below.

The enrollment issue only relates to new devices shipped with Android 11, or Android 11 devices which are being reinstalled. The issue is not relevant to devices, which has been enrolled using a previous Android version and subsequently upgraded to Android 11.

To ensure the manageability of the table, we have used a number of abbreviations. The abbreviations used are explained below the table with relevant comments.

Android 11 Enrollment

XenMobile/
Endpoint Manager
(On-Premise)

Workspace ONE

MobileIron Core

Intune/
Endpoint Manager

Work Profile
(BYOD)

OK

OK

OK

OK

DPC Identifier
DO

OK

OK

OK

OK
(Req. two login)

DPC Identifier WPCOD

Not working

Not working
(Ikke supporteret)

Ikke supporteret

Not working (Results in DO)
(In preview)

KME MDM
Choose WPCOD

Not working

OK
(Agent v. 21.01)

Workaround available

OK
(Preview)

KME MDM
Choose DO

OK

OK

OK

OK
(Req. two login)

KME DO MDM
WPCOD

Not working

Not working

OK
(Bliver DO)

N/A

KME DO MDM
DO

OK

OK

OK

OK

QR code
WPCOD

Not working

OK
(Not verified)

Workaround available

Not working
(Preview)

QR code
DO

OK

OK
(Not verified)

OK
(Not verified)

OK
(Req. two login)

Zero Touch
DO

OK

OK

OK
(Not verified)

OK
(Req. two login)

Zero Touch
WPCOD

Not working

OK

Workaround available

Not working
(Preview)

 

Comments for the table

  • Previously known as “COPE” is now named:”Work Profile on Company Owned Device”.
    The MDM products currently use both terms. In the table above we only use the new term no matter which abbreviation the individual MDM may use.
  • MobileIron: For some scenarios there are work arounds available. These workarounds are customer specific. Please contact us if you would like further information.
    In the coming MobileIron version 11.2, the work arounds will no longer be required, as the enrollment scenarios will be supported.
    The new version is expected to be released in the early part of April.
  • Intune: A number of scenarios are mentioned as being in preview. We have tested these but be aware that they currently are only in preview.

Glossary

COPECorporate-Owned, Personally Enabled (Android 10 term)
DODevice Owner
DPCDevice Policy Controller
KMESamsung Knox Mobile Enrollment
KME DOKME, where the device enrolls with DO
KME MDM Choose DO (eller WPCOD)KME, where MDM defines if the device is to enroll as DO or WPCOD
WPCODWork Profile on Company Owned Device
Contact
Contact us now