This section outlines the prerequisites for enabling NinjaOne MDM. It also explains key terminology and describes the frameworks that NinjaOne utilizes to provide its MDM services.
Understanding usage types
The first step in managing a mobile device in NinjaOne is to enroll it into the system, which is done based on the device’s usage type: BYOD (Bring Your Own Device) mode, COPE (Company-owned, personally enabled) mode, or company-owned mode. Additionally, company-owned devices can be enrolled for use in kiosks. The process for enrolling devices in NinjaOne varies depending on the selected usage type. Below is an explanation of these usage types:
- BYOD: In this mode, personal devices are enrolled to enable work-related management without compromising user privacy. NinjaOne creates a separate, secure container or profile for corporate data and apps, leaving personal data untouched. This ensures data security and compliance while preserving user control over their device. IT administrators only manage the work profile.
- COPE: COPE mode is similar to BYOD mode, but the company, not the user, owns the device. A separate work profile is installed for corporate data and applications, and a personal profile is also installed for personal use. COPE offers greater security and control for companies than BYOD, but it involves higher upfront costs since the company provides the devices.
- Company-Owned: In company-owned mode, devices are fully managed by the organization. IT administrators have comprehensive control over device settings, security policies, app installations, and data access. This mode enables enforcement of strict compliance measures, remote wipe capabilities, and custom configuration to meet business requirements, ensuring maximum security and effective management.
- Kiosk: Kiosk mode is not a usage type but rather a special working mode for company-owned devices that restricts a device to run only specific apps or functions, transforming it into a dedicated-purpose device. This mode is ideal for single-app or multi-app setups, such as public displays, POS systems, or self-service kiosks. It enhances security by preventing users from accessing features or settings outside the allowed scope, ensuring the device is used strictly for its intended purpose.
Device management frameworks
NinjaOne MDM Android leverages Android Enterprise (AE) services to manage and secure Android devices. AE is a Google-led program providing management tools and frameworks to help businesses securely manage and deploy Android devices. This program is designed for organizations that need to control a fleet of Android devices, such as smartphones and tablets, used by their workforce. AE offers features that enhance both security and productivity, making it especially useful for environments where device management, data protection, and app control are critical.
Similarly, NinjaOne MDM Apple uses the Apple Push Notification Service (APNs), and Automated Device Enrollment (ADE) to manage and secure iOS devices. These Apple services and features enable streamlined device enrollment, centralized management, and policy enforcement. Through these integrations, NinjaOne MDM supports features like remote configuration, app distribution, and security controls, ensuring consistent management and data protection across iPhones and iPads in an organization.
Enrolling in such frameworks is a prerequisite for using NinjaOne MDM. These integrations empower businesses to manage their mobile device fleets with enhanced control, security, and productivity. NinjaOne simplifies the enrollment process while enabling its MDM services.
MDM Android prerequisites
Each company whose devices are going to be managed by NinjaOne MDM requires a unique work email account for enrollment in Android Enterprise. Generic email accounts such as Google, Yahoo, or Hotmail are not permitted. Since NinjaOne supports managing multiple organizations or companies within a single tenant, each company must have its own Android Enterprise account.
MDM Apple prerequisites
- An Apple ID is required to obtain an Apple certificate for the APNs, which is intended for managing devices in BYOD mode. NinjaOne recommends creating a service account to use on behalf of your company.
- An Apple Business Manager (ABM) or Apple School Manager (ASM) account is required for ADE, which is intended for managing Apple devices in Supervised mode, whether through manual enrollment or zero-touch deployment. Supervised mode is the term used by Apple for managing company-owned devices.
- Obtaining an ABM or ASM account is the responsibility of the company owner and may require some time. NinjaOne recommends starting this process well in advance. More information can be found in the ABM User Guide or the ASM User Guide.