Android Enrollment Profiles in MDM

Topic

This article discusses enrollment profiles for Android OS in NinjaOne MDM.

Environment

NinjaOne Mobile Device Management (MDM)
Android OS

Description

Enrollment profiles are a reusable configuration for creating enrollment tokens, enabling users to enroll their Android enterprise devices in NinjaOne MDM. Additionally, enrollment profiles retain all generated tokens for review, auditing, and reuse.

Enrollment profiles allow organizations to create customized tokens with embedded WiFi, provisioning options, and more.

Navigating to Enrollment Profile Settings

Follow these steps to navigate to the Enrollment Profiles page.

In NinjaOne, click Administration, then select Apps and click the NinjaOne MDM Android app.

**Figure 1:** Administration → Apps→ NinjaOne MDM Android (click to enlarge)

On the NinjaOne MDM Android page, click Enrollment profiles.

**Figure 2:** Enrollment profiles (click to enlarge)

Creating a New Enrollment Profile

On the Enrollment profiles page, click Add Enrollment profile. The New enrollment profile page will open.

Figure 3: Enrollment profiles → Add Enrollment profile (click to enlarge)

Configure General Settings

On the New enrollment profile page, make sure the General tab is selected, then configure the following settings:

Setting	Description
Profile name	Enter a descriptive name for your profile.
Restrict the enrollment profile settings to designated Android Enterprise connections	By default, enrollment profiles are available to all Android Enterprise connections. This optional setting can limit visibility of an enrollment profile to specific connections.
Usage type	This option specifies who owns the device: the end user, the company, or no specific user. End user device - allow personal usage: You can use this setting on both personally owned and company owned (COPE) devices. Permitting personal usage will create a work profile on the device to separate work and personal functionality. End user device - no personal usage allowed: This setting is for company owned devices, with no separate personal profiles assigned. Dedicated device - no specific user: Dedicated devices are not meant as end user assigned devices. Device usage of this type could be a kiosk station, point of sale, scanner, or other.
Locale	This option allows you to set the device's language and regional formats to the user's preferences.
Timezone	Select the time zone for the user's primary operating location.

**Figure 4:** General settings (click to enlarge)

Configure Token Expiration Settings

Token expiration settings allow you to control the duration for which the enrollment token remains active before it expires. When tokens expire, NinjaOne automatically removes them and generates an activity, alerting technicians to their removal.

Setting	Description
Token never expires	The token has no expiration date and can enroll devices indefinitely.
Set-up token expiration	Use this control to specify the number of days before the token expires.
One-time use	The token can be used once for device enrollment. After a user scans the QR code, the system will delete it.

**Figure 5:** Token expiration settings (click to enlarge)

Configure Provisioning Settings

Provisioning settings enable you to control how NInjaOne MDM initially configures user devices during enrollment, allowing you to optimize provisioning speed while maintaining security.

Setting	Description
Enable system apps	This setting enables all system apps to be pre-loaded on a device, giving an experience similar to setting the device up without management.
Use mobile network for provisioning:	Enable this option to force device provisioning over the user's cellular network.
Allow offline provisioning	This setting lets provisioning take place without an active internet connection. This feature is limited-use; contact NinjaOne Support for assistance.
Skip encryption	This option enables bypassing the encryption requirement for devices without default-enabled encryption.
Keep screen on (Android version 13 only)	Activate this toggle to keep the display active and prevent the device from entering sleep mode during the provisioning process.
Skip education screens	This option lets you bypass the tutorial screens and UI tours commonly shown when new applications are used for the first time.

**Figure 6:** Provisioning settings (click to enlarge)

Configure WiFi SSID Settings

These settings determine how NinjaOne configures the WiFi network, credentialing, and security information on provisioned devices.

Setting	Description
Network Configuration	Use the drop-down menu to select Standard or Advanced. Standard: This option lets you control the encryption type and the SSID information. Advanced: This selection lets you control all the standard parameters, plus proxy host configuration and proxy auto configuration (PAC).
Security	Choose the encryption type: WEP, WPA, or none.
SSID Name	The SSID name is the name of the network to which the devices will connect. NinjaOne should pre-load this field when you open Wi-Fi SSID Settings.
Skip encryption	(Advanced configuration feature only) Activate this setting to avoid the encryption process when setting up the device.
Hide SSID	(Advanced configuration feature only) Select this checkbox to prevent the SSID name from appearing in nearby lists of available networks.
PAC URL and Proxy Host	(Advanced configuration feature only) Use these options to define a proxy connection. PAC URL: If you are using a Proxy Auto Configuration (PAC) file to determine which web addresses route through a proxy server, enter its URL and proxy port number here. You cannot save the PAC URL without including the proxy port number. Proxy host: Enter the URL and proxy port number through which NinjaOne MDM should send web traffic. If you define a proxy host, you must also include a proxy port number. Proxy bypass URLs: Enter the URLs you wish traffic to reach directly, without passing through the proxy server.

**Figure 7:** Wi-Fi SSID settings (click to enlarge)

Modifying Enrollment Profiles

After saving your token's enrollment profile settings, they will appear on NinjaOne MDM's Enrollment profiles page.

To avoid data continuity issues, you cannot edit profiles in which tokens have been created without first removing the tokens.

To choose an edit action, place your cursor over any profile, then click the actions (ellipsis) menu.

**Figure 8:** The actions (ellipsis) menu (click to enlarge)

You can perform the following actions:

Edit: This setting will reopen the General tab on the Enrollment Profiles page, allowing you to reconfigure the profile information you set up in the Creating a New Enrollment Profile section of this article.
View Tokens: Examine the token information that controls the enrollment profile.
Copy: Copy the enrollment profile for use on additional devices.
Delete: Delete the enrollment profile.