MDM Operation Manual

Comprehensive guide for deploying and managing Android devices using Google AMAPI and Custom AOSP tools.

1 Enrollment: Fully Managed (Corporate Owned)

This mode gives the MDM 100% complete control over the device. There is no personal space for the user.

  1. Go to the AMAPI (Google) tab.
  2. Ensure the Management Mode is set to Fully Managed.
  3. Click + Create Enrollment Token.
  4. Take a Factory Reset Android device (Android 7.0+).
  5. On the very first "Welcome" screen, tap the empty white space rapidly 6 times.
  6. Scan the QR code. The device will auto-configure and lock itself.

2 Enrollment: Work Profile (BYOD)

Use this mode for employee-owned devices. It creates a secure, encrypted "work briefcase" container. The MDM can only control apps and data inside that container; personal data remains invisible and untouched.

  1. Go to the AMAPI (Google) tab.
  2. Change the Management Mode to Work Profile (BYOD) and generate a Token.
  3. Do NOT factory reset the phone. Turn on the employee's personal phone normally.
  4. Open the standard Google Play Store on their phone and download the Android Device Policy app.
  5. Open the app, accept the prompts, and scan the QR code. Android will automatically generate the work container.

3 Enrollment: Dedicated Device (Kiosk Mode)

This mode completely locks the device to a single application, removing the home button and notification shade (perfect for point-of-sale terminals or digital signage).

  1. Go to the Apps tab.
  2. Add your desired app to the policy and change its install type to KIOSK (Dedicated App).
  3. Go to the AMAPI tab and click Push Policy to AMAPI. (The MDM will automatically detect the Kiosk setting and inject the strict lock-down policy commands).
  4. Ensure the Management Mode is set to Fully Managed and generate your token.
  5. Enroll a Factory Reset device by tapping the screen 6 times and scanning the code.

4 Enrollment: AOSP Custom Agent (Google-Free)

This method bypasses Google entirely. It relies on the open-source Android OS to download your custom agent directly from your private local server.

  1. Go to the Apps tab and upload your custom DPC APK (e.g., izidpc.apk) to the Local Server File Hosting section.
  2. Go to the AOSP (Custom) tab.
  3. Select your uploaded izidpc.apk from the dropdown menu.
  4. Ensure the Admin Component Name matches your custom Java code exactly (e.g., net.hicam.izidpc/.AdminReceiver).
  5. Click Generate Custom AOSP QR Code. The MDM will cryptographically sign your APK link using a Base64 SHA-256 hash.
  6. Tap a Factory Reset device 6 times on the welcome screen.
  7. Scan the QR code. The device will skip Google Play, download your custom APK directly, make it the Device Owner, and begin polling /api?action=dpc_sync for your policies.

Critical: The Whitelist

Regardless of which method you use, if a device's Hardware Serial Number is not present and set to ACTIVE in your Whitelist tab, the MDM will flag it as UNAUTHORIZED on the Dashboard.