On the Modern Management > Getting Started > Managing Android Devices page, navigate to the Enrollment Policy section, click New Enrollment Policy to display the Create New Policy wizard.
Alternatively, from the left hand side navigation pane of ZCC, navigate to Policies > New > Policy.
On the Select Platform page, select Mobile and then click Next.
On the Select Policy Category page, select General Mobile Policies and then click Next.
On the Select Policy Type page, select Mobile Enrollment Policy and then click Next.
On the Define Details page, specify a name for the policy, select the folder in which to place the policy and then click Next.
On the Configure Device Ownership page:
You can select the ownership type for the device, such as Corporate or Personal. The ownership is categorized based on the enrollment methods:
Apple Device Enrollment Program
Apple Configurator
ZENworks User Portal
ZENworks Agent App
You can also enable the Allow the device user to select ownership type option to allow users who are enrolling their devices using the ZENworks User Portal or the ZENworks Agent App, select the appropriate ownership type of the device,
Mobile policies enable you to provide two groups of settings, one group that is applied to corporate-owned devices and a second group that is applied to personally-owned devices.
For example, the Mobile Security policy lets you configure different password, encryption, and lockout settings for corporate-owned devices versus personally-owned devices.
Click Next.
On the Configure Device Management page:
The default settings allow the user to choose the management level (Managed Device or Email Only) during enrollment.
NOTE:This option is applicable for enrollment using the ZENworks End User Portal.
The device management options are explained below:
Yes, allow users to enroll their devices as fully managed devices: Enables users to enroll their devices as a Managed Device only.
Do not show option for ActiveSync - only enrollment: Removes the ActiveSync Only (Email Only) enrollment option, forcing devices to enroll as fully managed devices.
No, allow users to enroll their devices as ActiveSync -only: Removes the fully managed option, forcing devices to enroll as ActiveSync Only (Email Only) devices.
Click Next.
On the Configure Mobile Enrollment Rules page, note the folder and naming settings for the default All Devices rule in the list, then click Next.
Enrollment rules determine the enrolling device’s display name and folder placement in ZENworks Control Center.
The predefined All Devices rule allows all devices to enroll, uses the device model and user’s name for the device name, and places the device in the Mobile Devices folder. If the default rule does not meet your needs, you can modify or remove the All Devices rule and add additional rules as needed. For example, you can create a rule to place all Android devices in one folder and all iOS devices in another.
NOTE:Due to changes in the Google privacies, the Work Profile devices running on Android 11 and above are unable to access device identifiers such as Wi-Fi Mac Address, Serial Number, and IMEI.
The device enrollment on Android 11 and above, Work Profile is not supported if any of these device identifiers are used as a criterion for device enrollment.
Suggested alternative: It is recommended to use a combination of the following identifiers on the Android 11 and above Work Profile for device enrollment:
OS versions
Device model
On the Configure the Un-enrollment Settings page you can configure the un-enrollment settings, which will take effect when users un-enroll their devices from the ZENworks Server or the management zone. Select any one of the following for a corporate-owned device or a personally-owned device and click Next:
Retire Device: The device is retained in the zone, however the status is set as retired. When the device is retired, ZENworks does not manage the device anymore, but the device data and history is retained.
Delete Device: The device is removed from the zone.
NOTE:These settings are not applied when the user removes the work profile from Android devices enrolled in the work profile mode.
On the Summary page, you can perform the following actions:
Create as Sandbox: Creates a Sandbox-only version of the policy. A Sandbox version of a policy enables you to test it on your device before actually deploying it
Define Additional Properties: Enables you to edit the default settings configured in the policy.
Click Finish to complete creating the policy.