1. Home
  2. SureMDM
  3. How to support BYOD Devices With Android Enterprise Using SureMDM?
  1. Home
  2. Android Management
  3. How to support BYOD Devices With Android Enterprise Using SureMDM?

How to support BYOD Devices With Android Enterprise Using SureMDM?

KB ID: 42G2005571
Views: 6455
Updated: August 2021

Android Enterprise is an enterprise program from Google which helps companies providing access to business apps and data on employee phones, securely, without interfering with user’s personal data. Android Enterprise creates a secure isolated container, at operating system level, separating business data from personal data.  With no changes required in Android native user interface and in android application, all business apps can be easily deployed and securely accessed from work container.

42Gears is now a Google Android Enterprise Solution Provider.

SureMDM integration with Android Enterprise provides a flexible and effective solution to enable employee personal phones for work and counter security risks that come with it. It not only enables admins to create secure work container by separating business and personal apps but also restricts functions like copy, pasting to and from work apps, opening a corporate attachment, files, and links in personal apps and browsers. In addition, SureMDM also offers:

  • Dedicated Google Play Store –Admins can select and approve enterprise apps (from Google Play store or in-house apps) for employees. Users can then access and install these from Google Play inside a container.
  • Disabled app side loading – Admin can block installation of apps from unknown sources inside work container.
  • Customized App Permissions – Admin can exercise fine-grained control by allowing and revoking individual permission requested by apps.
  • Managed Configuration – Enterprise apps which support Android’s Managed Configurations framework can be remotely configured using SureMDM.
  • Enterprise Wipe – When an employee leaves the company, admin can just wipe work container, deleting all apps and data within, leaving personal apps and data untouched.

Note: More information regarding Android Enterprise can be found here.


There are two ways to enroll SureMDM account with Android Enterprise:

  1.  Using Gmail Account
  2.  Using Managed Google Account

Enroll SureMDM with Android Enterprise using Gmail Account

The following steps are involved in enrolling SureMDM with Android Enterprise:

  • Enroll SureMDM with Android Enterprise
  • Download and enroll SureMDM Agent with Android Enterprise on the device
  • Approve applications on your Play for Work account
  • Create and push Work Profiles using SureMDM Web Console

Steps to enroll SureMDM with Android Enterprise using Gmail Account

1. Login to SureMDM Web Console.

2. On SureMDM Home Screen, click Profiles.

3. Select Android > Enroll Android Enterprise.

4. On the Enterprise Enrollment prompt, select Enroll using your Gmail account.

Note: G Suite will not be supported by Managed Google Play Account. Select non-G Suite account.


5. On the Google Play screen, click Sign In to login with the Gmail account and click Next.

6. Enter your organization name in Business Name and click Next.

7.  Enter EU Representative details: Name, Email, Phone and click Confirm.

A message will be displayed on completion of Android Enterprise setup.

8.  Click Complete Registration.

Once Android Enterprise gets enrolled to the MDM account,  two new options are visible in Profiles > Android screen.

i. Android Enterprise Apps

Under Android Enterprise Apps, there are following options:

  • Login to Google Play for Work – This option displays list of Enterprise Approved Apps.  To approve apps, go to Google Play for Work, log in using the same Gmail account enrolled with Android Enterprise and start approving apps.
  • Configure Store Layout – Admin can use the basic layout or create a new page to display all Enterprise Approved Apps.

ii. Settings

This option allows to change store layout, keep track of Enterprise Approved Apps and licenses, direct enrollment of devices in Dedicated Devices (formerly called COSU- Corporate Owned Single Use) using QR code enrollment and option to unenroll from Android Enterprise.

Steps to download and enroll SureMDM Agent with Android Enterprise

Once the SureMDM account is enrolled with Android Enterprise, the device also needs to get enrolled with the AndroidEnterprise account. This process gets started with configuring SureMDM Agent with AndroidEnterprise.

1. Install SureMDM Agent on the  Android device.

2. Enroll the device with SureMDM account by giving Account ID.

2. Go to SureMDM Agent Settings, tap Android Enterprise.

3. On Android Enterprise Settings, tap Enroll your device.

4. On the Provision Enterprise screen, tap Set up managed profile on this device.

5. Go through the terms and conditions and tap Accept & Continue.

Once you accept and continue, setting up of Work Profile will progress.

Once done, SureMDM will create a secured Android Enterprise container on the device. The device user can verify this with a small orange briefcase badge appearing on SureMDM Nix Agent.

Note: For devices older than Android 6.0, the user needs to encrypt the device to complete the enrollment process. You can follow on-screen instructions to do so.


Steps to approve applications to your Play for Work account

1. Login to https://play.google.com/work with your registered Gmail ID.

2. Search and select for any public app and click Approve to approve it for your enterprise.

Note: To approve any in-house private app, read here.


Steps to create and push Work Profiles using SureMDM Web Console

1. Login to SureMDM Web Console and click Profiles.

2. On the Profiles screen, go to Android tab and click Add.

3. On the Work Profile prompt, give a name to the profile and make desired changes under following three options:

  • Password Policy – Set password policy for the device user.
  • System Settings – Set policies to enable or disable certain system settings like USB debugging, install from unknown sources and more.
  • Application Policy – Click Add to add an application from your Play for Work list of approved applications.

4. Click Save to complete.

5. Now, go back to SureMDM Home, select the device or a group and click Apply.

Note: You can also make any Profile as default. This gets auto applied to any newly enrolled device in SureMDM.


Enroll SureMDM with Android Enterprise using Managed Google Account

The following steps are for enrolling SureMDM with Android Enterprise using managed Google account:

  • Enroll SureMDM with Android Enterprise
  • Activate Android Enterprise’s BYOD profile on the device

Steps to enroll SureMDM with Android Enterprise

1. Login to SureMDM Web Console.

2. On SureMDM Home Screen, click Profiles > Android > Enroll Android Enterprise.

3. On the Enterprise Enrollment prompt, select Enroll Using Your Managed Google Account.

4. Enter Google Managed Domain and Token ID and click Enroll.

Note: To generate Token ID, follow these steps:

1. Browse to admin.google.com in abrowser.
2. Enter G Suite admin domain ID and Password.
3. Click Login. Google Admin console will appear.
4. In the Google admin console, click Security option.
5. In the Security window, click Show more.
6. Click Manage EMM provider for Android > Generate Token.

Token will be generated.
Copy the generated token and paste it in Token ID field in SureMDM Web Console.


Once Android Enterprise gets enrolled to the MDM account,  two new options are visible in Profiles > Android screen.

i. Android Enterprise Apps

Under Android Enterprise Apps, there are following options:

  • Login to Google Play for Work – This option displays list of Enterprise Approved Apps.  To approve apps, go to Google Play for Work, log in using the same Gmail account enrolled with Android Enterprise and start approving apps.
  • Configure Store Layout – Admin can use the basic layout or create a new page to display all Enterprise Approved Apps.

ii. Settings

This option allows to change store layout, keep track of Enterprise Approved Apps and licenses, direct enrollment of devices in Dedicated Devices (formerly called COSU- Corporate Owned Single Use) using QR code enrollment and option to unenroll from Android Enterprise.

Steps to activate Android Enterprise’s BYOD profile on the device

1. On the device, navigate to Settings > Users and accounts > Add Account.

2. Enter domain User Name and Password. These are the credentials that are registered for Android Enterprise.

3. Go through the Terms of Service and tap I agree to continue.

SureMDM Agent app will be displayed for Google account.

4. Tap Install.

SureMDM Agent app will start downloading.

5. Go through the terms and conditions and tap Accept & Continue.

Once you accept and continue, setting up of Work Profile will progress.

Once done, SureMDM will create a secured Android Enterprise container on the device. The device user can verify this with a small orange briefcase badge appearing on SureMDM Nix Agent.

Once these setup steps are taken care of, business apps and data in the enrolled device are secured without compromising on your employees’ productivity, privacy and satisfaction.

To read more about SureMDM, click here.

Related Articles