Talking Points

• VMware AirWatch 
• Work Managed Device / Device Owner Mode (DO) is for corporate owned device use cases, where ONLY the managed persona will exist on the device –  there is no consumer device persona.
• In device owner mode administrators have complete control of the device. This type of deployment is used for institutionally-owned devices that need to be locked down or in kiosk mode. 
• There are currently four methods to enroll into work managed/device owner mode:
  
  • AirWatch Relay App - Admins NFC "bump" configure employee's new device. 
  • "Hashtag enrollment" or DPC identifier device provisioning (Android 6.0+) - Users enter unique "afw#airwatch" identifier during device's initial setup which sets work managed mode on the device. 
  • QR code enrollment (Android 7.0+) - From reset device's setup screen, QR code is scanned to put device in device owner mode. 
    Note: device needs scanning function during start-up.  Please consult the Android platform guide for more information. 
  • Zero-touch enrollment - Purchased devices can be shipped to users with management and settings pre-configured, enabling employees to use devices right out of the box.
    Note: Due to the requirement of accessing the zero‑touch online admin platform to set up specific device serial numbers, zero-touch is not available as a scripted demo in TestDrive.

Please reference the platform guide for more information on work managed/device owner mode.

AirWatch Relay App

Using AirWatch Relay to enroll as a device into Work Managed Device requires two Android 5.0+ devices—Samsung or Google device recommended—with NFC enabled: one admin device that runs the AirWatch Relay app and the user's device ("staging" device).  The user’s device must be factory reset.   

Note!

• Demo is intended to show the restrictive nature of device owner mode in a corporate controlled use case. 
• SAML is not supported by the AirWatch Relay app.

Using the Relay app, two NFC bumps put the staging device in DO mode. 

• Bump One – Sets up Wi-Fi, encrypts device, and then downloads the agent

• Bump Two – Enrolls the device out of box or factory reset device.

Enrollment credentials (basic account):

Server: airwatch.vmtestdrive.com Group ID: vado User: vado Password: vado

In the Relay app, configure Bump One and Bump Two:

Bump One (with Wi-Fi example):

Bump Two:

If the reset device is not already encrypted, you’ll go through encryption, then the process will resume for bump 2.  

After a successful bump 2, using the above basic user credentials, the device will enroll into the “Company Owned” OG.

"Hashtag Enrollment" (DPC Identifier Device Provisioning)

1. Reset Android 6.0+ device. Samsung or Google device recommended. 

2. Setup Wi-Fi.

3. At the Google ID screen, enter the AirWatch EMM DPC identifier: afw#airwatch

4. Proceed through next screens, installing the AirWatch Agent...

5. Enroll with service details, entering the below values for server and group ID...

6. Enter the user credentials for the work managed device...

   Username: vado

   Password: vado

7. Note the "setting the device owner" screen.  At this moment the DPC configuration is setting up as device owner, taking control of the entire device...

8. Once enrolled, show the "Work Managed Device" status in the AirWatch Agent.