More than 60% of mobile devices in Denmark is powered by Android operating system. A large part of the Android devices can be administrated. Device administration is vital for our customers to ensure the user experience, as well as ensuring the accurate security level.
Using the latest Android version, customers can experience challenges enrolling devices to their MDM-service. The impact will increase as the number of devices using the new Android grows.
We want to ensure our customers are prepared to make the right decisions in this area. This blog post will give you an overview how our customer’s MDM-environments will be affected.
We have analyzed the issue and performed 40 tests of different enrollment scenarios across the leading MDM products on the market. The conclusion is the MDM products supports the user scenarios with different levels of success.
This blog post is to give you the overview on which Android 11 enrollment scenario your MDM-solution supports.
The MDM vendors are continuously developing their products. In accordance with the progress, we will update this blog with the status on support of the enrollment scenarios.
There are 11 different scenarios, on which an Android device can enroll. We have analyzed all of them. The outcome we have displayed in the table below.
The enrollment issue only relates to new devices shipped with Android 11, or Android 11 devices which are being reinstalled. The issue is not relevant to devices, which has been enrolled using a previous Android version and subsequently upgraded to Android 11.
To ensure the manageability of the table, we have used a number of abbreviations. The abbreviations used are explained below the table with relevant comments.
Android 11 Enrollment |
XenMobile/ |
Workspace ONE |
MobileIron Core |
Intune/ |
Work Profile (BYOD) |
OK |
OK |
OK |
OK |
DPC Identifier DO |
OK |
OK |
OK |
OK |
DPC Identifier WPCOD |
Not working |
Not working |
Ikke supporteret |
Not working (Results in DO) |
KME MDM Choose WPCOD |
Not working |
OK |
Workaround available |
OK |
KME MDM Choose DO |
OK |
OK |
OK |
OK |
KME DO MDM WPCOD |
Not working |
Not working |
OK |
N/A |
KME DO MDM DO |
OK |
OK |
OK |
OK |
QR code WPCOD |
Not working |
OK |
Workaround available |
Not working |
QR code DO |
OK |
OK |
OK |
OK |
Zero Touch DO |
OK |
OK |
OK |
OK |
Zero Touch WPCOD |
Not working |
OK |
Workaround available |
Not working |
Comments for the table
- Previously known as “COPE” is now named:”Work Profile on Company Owned Device”.
The MDM products currently use both terms. In the table above we only use the new term no matter which abbreviation the individual MDM may use. - MobileIron: For some scenarios there are work arounds available. These workarounds are customer specific. Please contact us if you would like further information.
In the coming MobileIron version 11.2, the work arounds will no longer be required, as the enrollment scenarios will be supported.
The new version is expected to be released in the early part of April. - Intune: A number of scenarios are mentioned as being in preview. We have tested these but be aware that they currently are only in preview.
Glossary
COPE | Corporate-Owned, Personally Enabled (Android 10 term) |
DO | Device Owner |
DPC | Device Policy Controller |
KME | Samsung Knox Mobile Enrollment |
KME DO | KME, where the device enrolls with DO |
KME MDM Choose DO (eller WPCOD) | KME, where MDM defines if the device is to enroll as DO or WPCOD |
WPCOD | Work Profile on Company Owned Device |